manualshive.com logo in svg

ZyXEL Communications P-660HW-T - V2, Руководство пользователя

Загрузите бесплатное руководство пользователя для продукта ZyXEL Communications P-660HW-T - V2 на нашем веб-сайте. Получите все необходимые инструкции и руководства по использованию этого устройства. Начните использовать ваш продукт с полным пониманием его функций и возможностей.

Поделиться
Скачать
background image

P-660HW-T v2 User’s Guide

Chapter 9 Firewalls

145

• Allow certain types of traffic from the Internet to specific hosts on the LAN.
• Allow access to a Web server to everyone but competitors.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.

These custom rules work by evaluating the network traffic’s Source IP address, Destination IP 
address, IP protocol type, and comparing these to rules set by the administrator.

Note: 

The ability to define firewall rules is a very powerful tool. Using custom rules, it 
is possible to disable all firewall protection or block all access to the Internet. 
Use extreme caution when creating or deleting firewall rules. Test changes 
after creating them to make sure they work correctly.

Below is a brief technical description of how these connections are tracked. Connections may 
either be defined by the upper protocols (for instance, TCP), or by the ZyXEL Device itself (as 
with the "virtual connections" created for UDP and ICMP). 

9.5.3  TCP Security

The ZyXEL Device uses state information embedded in TCP packets. The first packet of any 
new connection has its SYN flag set and its ACK flag cleared; these are "initiation" packets. 
All packets that do not have this flag structure are called "subsequent" packets, since they 
represent data that occurs later in the TCP stream. 

If an initiation packet originates on the WAN, this means that someone is trying to make a 
connection from the Internet into the LAN. Except in a few special cases (see "Upper Layer 
Protocols" shown next), these packets are dropped and logged.

If an initiation packet originates on the LAN, this means that someone is trying to make a 
connection from the LAN to the Internet. Assuming that this is an acceptable part of the 
security policy (as is the case with the default policy), the connection will be allowed. A cache 
entry is added which includes connection information such as IP addresses, TCP ports, 
sequence numbers, etc.

When the ZyXEL Device receives any subsequent packet (from the Internet or from the LAN), 
its connection information is extracted and checked against the cache. A packet is only 
allowed to pass through if it corresponds to a valid connection (that is, if it is a response to a 
connection which originated on the LAN).

9.5.4  UDP/ICMP Security

UDP and ICMP do not themselves contain any connection information (such as sequence 
numbers). However, at the very minimum, they contain an IP address pair (source and 
destination). UDP also contains port pairs, and ICMP has type and code information. All of 
this data can be analyzed in order to build "virtual connections" in the cache. 

For instance, any UDP packet that originates on the LAN will create a cache entry. Its IP 
address and port pairs will be stored. For a short period of time, UDP packets from the WAN 
that have matching IP and UDP information will be allowed back in through the firewall.

Содержание P-660HW-T - V2

Страница 1: ...P 660HW T v2 802 11g Wireless ADSL 2 4 port Gateway User s Guide Version 3 40 Edition 1 12 2006...

Страница 2: ......

Страница 3: ...XEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it con...

Страница 4: ...nce to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient...

Страница 5: ...2 4 GHz network throughout the EC region and Switzerland with restrictions in France This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conforme...

Страница 6: ...ing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Euro...

Страница 7: ...P 660HW T v2 User s Guide Safety Warnings 7 This product is recyclable Dispose of it properly...

Страница 8: ...ment as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or f...

Страница 9: ...Modrany Cesk Republika info cz zyxel com 420 241 091 359 DENMARK support zyxel dk 45 39 55 07 00 www zyxel dk ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark sales zyxel dk 45 39 55 07 07 FI...

Страница 10: ...rt zyxel es 34 902 195 420 www zyxel es ZyXEL Communications Arte 21 5 planta 28033 Madrid Spain sales zyxel es 34 913 005 345 SWEDEN support zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications...

Страница 11: ...ess Features 36 1 3 Applications for the ZyXEL Device 37 1 3 1 Protected Internet Access 37 1 3 2 LAN to LAN Application 38 1 4 Front Panel LEDs 38 1 5 Hardware Connection 39 Chapter 2 Introducing the...

Страница 12: ...d Setup 70 Chapter 5 WAN Setup 75 5 1 WAN Overview 75 5 1 1 Encapsulation 75 5 1 1 1 ENET ENCAP 75 5 1 1 2 PPP over Ethernet 75 5 1 1 3 PPPoA 76 5 1 1 4 RFC 1483 76 5 1 2 Multiplexing 76 5 1 2 1 VC ba...

Страница 13: ...3 6 1 Wireless Network Overview 93 6 2 Wireless Security Overview 94 6 2 1 SSID 94 6 2 2 MAC Address Filter 94 6 2 3 User Authentication 95 6 2 4 Encryption 95 6 2 5 One Touch Intelligent Security Tec...

Страница 14: ...NAT Does 126 8 1 3 How NAT Works 126 8 1 4 NAT Application 127 8 1 5 NAT Mapping Types 127 8 2 SUA Single User Account Versus NAT 128 8 3 NAT General Setup 128 8 4 Port Forwarding 129 8 4 1 Default S...

Страница 15: ...ring 147 9 7 1 1 When To Use Filtering 148 9 7 2 Firewall 148 9 7 2 1 When To Use The Firewall 148 Chapter 10 Firewall Configuration 149 10 1 Access Methods 149 10 2 Firewall Policies Overview 149 10...

Страница 16: ...ndwidth Management Overview 179 13 2 Application based Bandwidth Management 179 13 3 Subnet based Bandwidth Management 179 13 4 Application and Subnet based Bandwidth Management 180 13 5 Scheduler 180...

Страница 17: ...aps 201 15 6 3 Configuring SNMP 201 15 7 Configuring DNS 202 15 8 Configuring ICMP 203 15 9 TR 069 204 Chapter 16 Universal Plug and Play UPnP 207 16 1 Introducing Universal Plug and Play 207 16 1 1 H...

Страница 18: ...n 247 19 2 1 Backup Configuration 247 19 2 2 Restore Configuration 248 19 2 3 Back to Factory Defaults 249 19 3 Restart 249 Chapter 20 Diagnostic 251 20 1 General Diagnostic 251 20 2 DSL Line Diagnost...

Страница 19: ...Me 281 Windows 2000 NT XP 284 Macintosh OS 8 9 289 Macintosh OS X 291 Linux 292 Appendix F IP Subnetting 297 Introduction to IP Addresses 297 Subnet Masks 298 Subnetting 299 Example Two Subnets 300 E...

Страница 20: ...323 Fragmentation Threshold 324 Preamble Type 325 IEEE 802 11g Wireless LAN 325 Wireless Security Overview 326 RADIUS 326 Types of Authentication 327 Dynamic WEP Key Exchange 329 WPA and WPA2 329 Secu...

Страница 21: ...igure 19 Internet Access Wizard Setup ISP Parameters 58 Figure 20 Internet Connection with PPPoE 59 Figure 21 Internet Connection with RFC 1483 59 Figure 22 Internet Connection with ENET ENCAP 60 Figu...

Страница 22: ...re 56 Security Key 107 Figure 57 OTIST in Progress AP 107 Figure 58 OTIST in Progress Client 107 Figure 59 No AP with OTIST Found 108 Figure 60 Start OTIST 108 Figure 61 MAC Address Filter 109 Figure...

Страница 23: ...dth Management Example 180 Figure 102 Bandwidth Management Summary 184 Figure 103 Bandwidth Management Rule Setup 186 Figure 104 Bandwidth Management Rule Configuration 187 Figure 105 Bandwidth Manage...

Страница 24: ...Figure 147 Configuration Text File Format Column Descriptions 263 Figure 148 Invalid Parameter Entered Command Line Example 264 Figure 149 Valid Parameter Entered Command Line Example 264 Figure 150 I...

Страница 25: ...Example 306 Figure 178 Connecting a POTS Splitter 317 Figure 179 Connecting a Microfilter 318 Figure 180 Connecting a Microfilter and Y Connector 318 Figure 181 ZyXEL Device with ISDN 319 Figure 182...

Страница 26: ...P 660HW T v2 User s Guide 26 List of Figures...

Страница 27: ...ually assign a WEP key 67 Table 17 Media Bandwidth Management Setup Services 69 Table 18 Bandwidth Management Wizard General Information 71 Table 19 Bandwidth Management Wizard Configuration 72 Table...

Страница 28: ...168 Table 60 Content Filter Keyword 172 Table 61 Content Filter Schedule 173 Table 62 Content Filter Trusted 173 Table 63 Static Route 176 Table 64 Static Route Edit 177 Table 65 Application and Subn...

Страница 29: ...3 Certificate Path Verification Failure Reason Codes 239 Table 104 802 1X Logs 240 Table 105 ACL Setting Notes 241 Table 106 ICMP Notes 242 Table 107 Syslog Logs 243 Table 108 RFC 2408 ISAKMP Payload...

Страница 30: ...lternative Subnet Mask Notation 299 Table 134 Two Subnets Example 300 Table 135 Subnet 1 300 Table 136 Subnet 2 300 Table 137 Subnet 1 301 Table 138 Subnet 2 301 Table 139 Subnet 3 302 Table 140 Subne...

Страница 31: ...EL Device Not all features can be configured through all interfaces Syntax Conventions Enter means for you to type one or more characters Select or Choose means for you to use one predefined choice Mo...

Страница 32: ...estions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan T...

Страница 33: ...ing in 1 for example P 660HW T1 denote a device that works over the analog telephone system POTS Plain Old Telephone Service Model names ending in 3 denote a device that works over ISDN Integrated Ser...

Страница 34: ...count user name and password is required or the ZyXEL Device cannot connect to the ISP you will be redirected to web screen s for information input or troubleshooting Any IP The Any IP feature allows...

Страница 35: ...ion terminates after a period of no traffic that you configure and PPPoE Dial on Demand the PPPoE connection is brought up only when an Internet access request is made Network Address Translation NAT...

Страница 36: ...ter makes your ZyXEL Device a cost effective and viable network solution You can connect up to four computers to the ZyXEL Device without the cost of a hub Use a hub to add more than four computers to...

Страница 37: ...high density of APs within a coverage area In this case you can lower the output power of each access point thus enabling you to place access points closer together Wireless LAN MAC Address Filtering...

Страница 38: ...s 1 3 2 LAN to LAN Application You can use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line A typical LAN to LAN application example is shown as follows Figure 2 LA...

Страница 39: ...r has malfunctioned ETHERNET 1 2 3 4 Green On The ZyXEL Device has a successful Ethernet connection Blinking The ZyXEL Device is sending receiving data Off The ZyXEL Device is not connected to the LAN...

Страница 40: ...P 660HW T v2 User s Guide 40 Chapter 1 Getting To Know Your ZyXEL Device...

Страница 41: ...ult in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshooting if you need to make sure these functions are allowed in Intern...

Страница 42: ...admin password it is highly recommended you change the default admin password Enter a new password between 1 and 30 characters retype it to confirm and click Apply Alternatively click Ignore to proce...

Страница 43: ...ZyXEL Device to reload the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 2 3 1 Using the Reset Butt...

Страница 44: ...application or packet type Logout Click this icon to exit the web configurator Status This screen shows the ZyXEL Device s general device system and interface status information Use this screen to ac...

Страница 45: ...onfigure network address translation mapping rules Security Firewall General Use this screen to activate deactivate the firewall and the direction of network traffic to which to apply the rule Rules T...

Страница 46: ...face s and from which IP address es users can send DNS queries to the ZyXEL Device ICMP Use this screen to change your anti probing settings UPnP Use this screen to enable UPnP on the ZyXEL Device Mai...

Страница 47: ...ral screen It is for identification purposes Model Number This is your ZyXEL Device s model name MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device ZyNOS...

Страница 48: ...n kilobytes The bar displays what percent of the ZyXEL Device s heap memory is in use The bar turns from green to red when the maximum is being approached Interface Status Interface This displays the...

Страница 49: ...ently associated to the ZyXEL Device Bandwidth Status Use this screen to view the ZyXEL Device s bandwidth usage and allotments Packet Statistics Use this screen to view port status and packet specifi...

Страница 50: ...h rules The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use Figure 11 Status Bandwidth Status Table 6 Status WLAN...

Страница 51: ...EL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up Current Date Time This field displays your ZyXEL Device s present date and time CPU Usage This field specif...

Страница 52: ...AN port it displays the transmission rate when WLAN is enabled or N A when WLAN is disabled TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays the num...

Страница 53: ...P 660HW T v2 User s Guide Chapter 2 Introducing the Web Configurator 53 Figure 13 System General...

Страница 54: ...P 660HW T v2 User s Guide 54 Chapter 2 Introducing the Web Configurator...

Страница 55: ...ss with the information given to you by your ISP Note See the advanced menu chapters for background information on these fields 3 2 Internet Access Wizard Setup 1 After you enter the admin password to...

Страница 56: ...pe you use If the wizard does not detect a connection type and the following screen appears see Figure 16 on page 56 check your hardware connections and click Restart the Internet Wireless Setup Wizar...

Страница 57: ...count information Enter the username password and or service name exactly as provided 2 Click Next and see Section 3 3 on page 62 for wireless connection wizard setup Figure 18 Auto Detection PPPoE 3...

Страница 58: ...Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE Multiplexing Select the multiplexing method used by your ISP from the Multi...

Страница 59: ...screen Figure 21 Internet Connection with RFC 1483 Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned If assigned a name in the form u...

Страница 60: ...N Obtain an IP Address Automatically A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Intern...

Страница 61: ...Click Back to go back to the previous wizard screen Apply Click Apply to save your changes to the ZyXEL Device Exit Click Exit to close the wizard screen without saving your changes Table 12 Internet...

Страница 62: ...ted or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 25 Connection Test Failed 2 3 3 Wireless Connection Wizard Setup After you configure the Internet...

Страница 63: ...User s Guide Chapter 3 Wizard Setup for Internet Access 63 Figure 26 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST Click Next to continue Figure 27 Wireless LAN S...

Страница 64: ...EL Device s SSID and WPA PSK security settings to wireless clients that support OTIST and are within transmission range You must also activate and start OTIST on the wireless client at the same time T...

Страница 65: ...not already in use by a neighboring device Security Select Automatically assign a WPA key Recommended to have the ZyXEL Device create a pre shared key WPA PSK automatically only if your wireless clie...

Страница 66: ...ers Figure 30 Manually assign a WEP key Table 15 Manually assign a WPA key LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case sensitive ASCII characters You can set up the most secure wireless co...

Страница 67: ...omplete and save the wizard setup Table 16 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same WEP k...

Страница 68: ...r web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features If you ca...

Страница 69: ...80 FTP File Transfer Protocol enables fast transfer of files including large files that may not be possible by e mail FTP uses port number 21 NetMeeting H 323 A multimedia communications product from...

Страница 70: ...is transported primarily over UDP but can also be transported over TCP using the default port number 5060 Telnet Telnet is the login and terminal emulation protocol common on the Internet and in UNIX...

Страница 71: ...ces that you want to apply bandwidth management and select the priorities that you want to apply to the services listed Table 18 Bandwidth Management Wizard General Information LABEL DESCRIPTION Activ...

Страница 72: ...s as having the same priority then bandwidth is divided equally amongst those services Services not specified in bandwidth management are allocated bandwidth after all specified services receive their...

Страница 73: ...User s Guide Chapter 4 Bandwidth Management Wizard 73 5 Follow the on screen instructions and click Finish to complete the wizard setup and save your configuration Figure 37 Bandwidth Management Wiza...

Страница 74: ...P 660HW T v2 User s Guide 74 Chapter 4 Bandwidth Management Wizard...

Страница 75: ...s in the ENET ENCAP Gateway field in the second wizard screen You can get this information from your ISP 5 1 1 2 PPP over Ethernet PPPoE Point to Point Protocol over Ethernet provides access control a...

Страница 76: ...tiplexing Please refer to the RFC for more detailed information 5 1 2 Multiplexing There are two conventions to identify what protocols the virtual circuit VC is carrying Be sure to use the multiplexi...

Страница 77: ...mber or more of VCs than the number of protocols then select RFC 1483 encapsulation and VC based multiplexing 5 1 4 VPI and VCI Be sure to use the correct Virtual Path Identifier VPI and Virtual Chann...

Страница 78: ...ation of the IP address of a host in a packet for example the source address of an outgoing packet used within one network to a different IP address known within another network 5 2 Metric The metric...

Страница 79: ...can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is n...

Страница 80: ...conferencing Video conferencing requires real time data transfers and the bandwidth requirement varies in proportion to the video image s changing dynamics The VBR nRT non real time Variable Bit Rate...

Страница 81: ...encapsulation See Section 5 1 on page 75 for more information Figure 39 Internet Connection PPPoE The following table describes the labels in this screen Table 20 Internet Connection LABEL DESCRIPTION...

Страница 82: ...field A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet If you use the encapsulation...

Страница 83: ...Click this button to display the Advanced Internet Connection Setup screen and edit more details of your WAN setup Table 20 Internet Connection continued LABEL DESCRIPTION Table 21 Advanced Internet...

Страница 84: ...e Maximum Burst Size MBS refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 Zero Configuration This feature is not applicable available when...

Страница 85: ...connection Select the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of e...

Страница 86: ...me Enter a unique descriptive name of up to 13 ASCII characters for this connection Mode Select Routing from the drop down list box if your ISP allows multiple computers to share an Internet account I...

Страница 87: ...the ISP assigns you a different one each time you connect to the Internet If you use the encapsulation type except RFC 1483 select Obtain an IP Address Automatically when you have a dynamic IP address...

Страница 88: ...24 More Connections Advanced Setup LABEL DESCRIPTION RIP Multicast Setup RIP Direction Select the RIP direction from None Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2...

Страница 89: ...figure filters that allow packets from the protected LAN Subnet 1 to the backup gateway Subnet 2 Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell Rate P...

Страница 90: ...90 Chapter 5 WAN Setup Figure 45 Traffic Redirect LAN Setup 5 8 Configuring WAN Backup To change your ZyXEL Device s WAN backup settings click Network WAN WAN Backup Setup The screen appears as shown...

Страница 91: ...ZyXEL Device to wait between checks Allow more time if your destination IP address handles lots of traffic Timeout Type the number of seconds 3 recommended for your ZyXEL Device to wait for a ping re...

Страница 92: ...P 660HW T v2 User s Guide 92 Chapter 5 WAN Setup...

Страница 93: ...this wireless network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Devic...

Страница 94: ...has a unique identification number called a MAC address 1 A MAC address is usually written using twelve hexadecimal characters2 for example 00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for...

Страница 95: ...s sent in the wireless network even if they cannot use the wireless network Furthermore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that user...

Страница 96: ...WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option in the ZyXEL Device Many types of encryption use a key...

Страница 97: ...wireless LAN Note If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device s SSID or WEP settings you will lose your wireless connection wh...

Страница 98: ...crypts unicast and multicast communications in a network Both the wireless clients and the access points must use the same WEP key Your ZyXEL Device allows you to configure up to four 64 bit 128 bit o...

Страница 99: ...r a Passphrase up to 32 printable characters and clicking Generate The ZyXEL Device automatically generates a WEP key WEP Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wirele...

Страница 100: ...XEL Device is using WPA2 PSK or WPA2 Pre Shared Key The encryption mechanisms used for WPA WPA2 and WPA PSK WPA2 PSK are the same The only difference between the two is that WPA PSK WPA2 PSK uses a si...

Страница 101: ...nnected to the wireless network for example using an authentication server If the wireless network is not keeping track of this information you can usually set this value higher to reduce the number o...

Страница 102: ...2 ReAuthentication Timer In Seconds Specify how often wireless clients have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default t...

Страница 103: ...up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyXEL Device The key must be the same on the external authentication server and your ZyXEL D...

Страница 104: ...ZyXEL Device to reduce interference with other APs The options are Maximum Middle and Minimum Preamble Select Long preamble if you are unsure what preamble mode the wireless adapters support and to p...

Страница 105: ...ings Note The AP and wireless client s MUST use the same Setup key 6 5 1 1 AP You can enable OTIST using the RESET button or the web configurator 6 5 1 1 1 Reset button If you use the RESET button the...

Страница 106: ...lso make the same change on the wireless client s Yes If you want OTIST to automatically generate a WPA PSK you must Change your security to any security other than WPA PSK in the Wireless LAN General...

Страница 107: ...1 In the AP a web configurator screen pops up showing you the security settings to transfer You can use the key in this screen to set up WPA PSK encryption manually for non OTIST devices in the wirele...

Страница 108: ...ust still click Start in the AP OTIST web configurator screen or hold in the RESET button for one to five seconds for the AP to transfer settings 4 If you change the SSID or the keys on the AP after u...

Страница 109: ...ction for the list of MAC addresses in the MAC Address table Select Deny to block access to the ZyXEL Device MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow to permit...

Страница 110: ...er s Guide 110 Chapter 6 Wireless LAN Apply Click Apply to save your changes to the ZyXEL Device Cancel Click Cancel to reload the previous configuration for this screen Table 34 MAC Address Filter LA...

Страница 111: ...mediate area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 7 3 on page 117 to configure the LAN screens...

Страница 112: ...t is for an ISP to tell a customer the DNS server addresses usually in the form of an information sheet when s he signs up If your ISP gives you the DNS server addresses enter them in the DNS Server f...

Страница 113: ...r instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you...

Страница 114: ...or more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 7 2 2 RIP Setup RIP Routing Infor...

Страница 115: ...cted networks to gather group membership After that the ZyXEL Device periodically updates this information IP multicasting can be enabled disabled on the ZyXEL Device LAN and or WAN interfaces in the...

Страница 116: ...to access the Internet for the first time through the ZyXEL Device 1 When a computer which is in a different subnet first attempts to access the Internet it sends packets to its default gateway which...

Страница 117: ...nced Setup button in the LAN IP screen The screen appears as shown Table 35 LAN IP LABEL DESCRIPTION TCP IP IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation for example...

Страница 118: ...mic IP addresses or static IP addresses in the same subnet as the ZyXEL Device s LAN IP address can connect to the ZyXEL Device or access the Internet through the ZyXEL Device Windows Networking NetBI...

Страница 119: ...set to Relay the ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP address of the actual remote DHCP server in...

Страница 120: ...lient List The screen appears as shown Figure 67 LAN Client List Primary DNS Server Secondary DNS Server This field is not available when you set DHCP to Relay Enter the IP addresses of the DNS server...

Страница 121: ...ess of a computer on your LAN Add Click Add to add a static DHCP entry This is the index number of the static IP table entry row Status This field displays whether the client is connected to the ZyXEL...

Страница 122: ...ble 39 LAN IP Alias LABEL DESCRIPTION IP Alias 1 2 Select the check box to configure another LAN network for the ZyXEL Device IP Address Enter the IP address of your ZyXEL Device in dotted decimal not...

Страница 123: ...IP packets that the ZyXEL Device sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless y...

Страница 124: ...P 660HW T v2 User s Guide 124 Chapter 7 LAN Setup...

Страница 125: ...efers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that insi...

Страница 126: ...additional benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP a...

Страница 127: ...ddress to one global IP address Many to One In Many to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address trans...

Страница 128: ...ypes as outlined in Table 41 on page 128 Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXE...

Страница 129: ...ons such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessi...

Страница 130: ...ISP 8 4 1 Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in t...

Страница 131: ...s the WAN IP address The NAT network appears as a single host on the Internet Figure 73 Multiple Servers Behind NAT Example 8 5 Configuring Port Forwarding Note The Port Forwarding screen is available...

Страница 132: ...ed here or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add C...

Страница 133: ...6 and 7 become new rules 4 5 and 6 To change your ZyXEL Device s address mapping settings click Network NAT Address Mapping to open the following screen Table 45 Port Forwarding Rule Setup LABEL DESCR...

Страница 134: ...nding Inside Global IP Address IGA This field is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numb...

Страница 135: ...oad mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type...

Страница 136: ...warding screen to edit a server mapping set that you have selected in the Server Mapping Set field Back Click Back to return to the previous screen Apply Click Apply to save your changes to the ZyXEL...

Страница 137: ...ver be the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security po...

Страница 138: ...alls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integri...

Страница 139: ...pre configured to automatically detect and thwart all known DoS attacks 9 4 1 Basics Computers share information over the Internet using a common language called TCP IP TCP IP in turn is a set of app...

Страница 140: ...hang or reboot Teardrop attack exploits weaknesses in the re assembly of IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragment...

Страница 141: ...ackers flood SYN packets into the network with a spoofed source IP address of the targeted system This makes it appear as if the host computer sent the packets to itself making the system unavailable...

Страница 142: ...BIOS commands are the following all others are illegal All SMTP commands are illegal except for those displayed in the following tables Table 49 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTA...

Страница 143: ...d through the router or firewall The ZyXEL Device blocks all IP Spoofing attempts 9 5 Stateful Inspection With stateful inspection fields of the packets are compared to packets that are already known...

Страница 144: ...entry that is inserted at the beginning of the WAN interface s inbound extended access list This temporary access list entry is designed to permit inbound packets of the same connection as the outbou...

Страница 145: ...on packet originates on the WAN this means that someone is trying to make a connection from the Internet into the LAN Except in a few special cases see Upper Layer Protocols shown next these packets a...

Страница 146: ...ted In order to achieve this the ZyXEL Device inspects the application level FTP data Specifically it searches for outgoing PORT commands and when it sees these it adds a cache entry for the anticipat...

Страница 147: ...r company Be careful of files e mailed to you from strangers One common way of getting BackOrifice on a system is to include it as a Trojan horse with other files Change your passwords regularly Also...

Страница 148: ...he outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering i e sma...

Страница 149: ...ackets to which they apply Note The LAN includes both the LAN port and the WLAN By default the ZyXEL Device s stateful packet inspection allows packets traveling in the following directions LAN to LAN...

Страница 150: ...Note Study these points carefully before configuring rules 10 3 1 Rule Checklist State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a r...

Страница 151: ...ct the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Section 10 8 on page 163 for more information on predefined services 10 3 3 3 Sou...

Страница 152: ...you will need to create custom rules to allow it 10 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule i...

Страница 153: ...is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example...

Страница 154: ...ng read only fields summarize the rules you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the...

Страница 155: ...o Log This field shows you whether a log is created when packets match this rule Yes or not No Modify Click the Edit icon to go to the screen where you can edit the rule Click the Remove icon to delet...

Страница 156: ...P 660HW T v2 User s Guide 156 Chapter 10 Firewall Configuration Figure 85 Firewall Edit Rule...

Страница 157: ...e Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delet...

Страница 158: ...stomized Services The following table describes the labels in this screen Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to exit this screen without saving...

Страница 159: ...Click Security Firewall Rules 2 Select WAN to LAN in the Packet Direction field Table 56 Firewall Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port S...

Страница 160: ...e becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index...

Страница 161: ...ple Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Note Custom serv...

Страница 162: ...ewall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService c...

Страница 163: ...ries are supported Custom service ports may also be configured using the Edit Customized Services function discussed previously Table 57 Predefined Services SERVICE DESCRIPTION AIM NEW_ICQ TCP 5190 AO...

Страница 164: ...whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723...

Страница 165: ...bing to display the screen as shown Figure 93 Firewall Anti Probing SSDP UDP 1900 Simole Service Discovery Protocol SSDP is a discovery service searching for Universal Plug and Play devices on your ho...

Страница 166: ...Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do...

Страница 167: ...l the number of existing half open sessions drops below another threshold max incomplete low When the rate of new connection attempts rises above a threshold one minute high the ZyXEL Device starts de...

Страница 168: ...ing half open sessions The ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below this number 80 existing half open sessions One Minute...

Страница 169: ...eting half open sessions with the number of existing half open sessions drops below 80 TCP Maximum Incomplete This is the number of existing half open TCP sessions with the same destination host IP ad...

Страница 170: ...P 660HW T v2 User s Guide 170 Chapter 10 Firewall Configuration...

Страница 171: ...the ZyXEL Device performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 11 2 Configuring Keyword Blocking Use th...

Страница 172: ...ist of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords f...

Страница 173: ...k box to have the content filtering active on the selected day Start TIme Enter the start time when you want the content filtering to take effect in hour minute format End Time Enter the end time when...

Страница 174: ...P 660HW T v2 User s Guide 174 Chapter 11 Content Filtering...

Страница 175: ...yond For instance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t kno...

Страница 176: ...heck box Name This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Ga...

Страница 177: ...on Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical t...

Страница 178: ...P 660HW T v2 User s Guide 178 Chapter 12 Static Route...

Страница 179: ...he bandwidth of traffic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN...

Страница 180: ...he ZyXEL Device has two types of scheduler fairness based and priority based 13 5 1 Priority based Scheduler With the priority based scheduler the ZyXEL Device forwards traffic from bandwidth classes...

Страница 181: ...geted or unused by the classes depending on how many bandwidth classes require more bandwidth and on their priority levels When only one class requires more bandwidth the ZyXEL Device gives extra band...

Страница 182: ...nbudgeted Bandwidth The following table shows the priorities of the bandwidth classes and the amount of bandwidth that each class gets Suppose that all of the classes except for the administration cla...

Страница 183: ...6 3 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface Table 68 Fairness based Allotmen...

Страница 184: ...eeting do not use all of their allocated bandwidth Suppose you try to browse the web too In this case VoIP NetMeeting and FTP all have higher priority so they get to use the bandwidth first You can on...

Страница 185: ...ce s actual transmission speed For example set the WAN interface speed to 1000 kbps if your Internet connection has an upstream transmission speed of 1 Mbps You can set this number higher than the int...

Страница 186: ...umber of an individual bandwidth management rule Active This displays whether the rule is enabled Select this check box to have the ZyXEL Device apply this bandwidth management rule Enable a bandwidth...

Страница 187: ...Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule Enable a bandwidth management rule to give traffic that matches the rule priority over tra...

Страница 188: ...cket based network that does not provide a guaranteed quality of service Select H 323 from the drop down list box to configure this bandwidth filter for traffic that uses H 323 Select User defined fro...

Страница 189: ...epresents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use Figure 105 Bandwidth Management Monitor Table 74 Services and Port Numbers SERVICES PORT N...

Страница 190: ...P 660HW T v2 User s Guide 190 Chapter 13 Bandwidth Management...

Страница 191: ...f they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still...

Страница 192: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the p...

Страница 193: ...P address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS ser...

Страница 194: ...P 660HW T v2 User s Guide 194 Chapter 14 Dynamic DNS Setup...

Страница 195: ...ia Internet WAN only ALL LAN and WAN LAN only Neither Disable Note When you choose WAN only or LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a ser...

Страница 196: ...2 Remote Management and NAT When NAT is enabled Use the ZyXEL Device s WAN IP address when configuring from the WAN Use the ZyXEL Device s LAN IP address when configuring from the LAN 15 1 3 System Ti...

Страница 197: ...ay change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which...

Страница 198: ...t LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select...

Страница 199: ...only available if TCP IP is configured Table 78 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in...

Страница 200: ...nformation Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol base...

Страница 201: ...E DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 6 whyReboot defined in ZYXEL MIB A trap...

Страница 202: ...ce using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the Zy...

Страница 203: ...ponse packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 81 Remote Management DNS LABEL DESCRIPTION Port The DNS service port number...

Страница 204: ...Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do not respond to reque...

Страница 205: ...tion wan tr069 All TR 069 related commands must be preceded by wan tr069 load Start configuring TR 069 on your ZyXEL Device active 0 no 1 yes Enable disable TR 069 operation acsUrl URL Set the IP addr...

Страница 206: ...P 660HW T v2 User s Guide 206 Chapter 15 Remote Management Configuration...

Страница 207: ...w do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon S...

Страница 208: ...lticast messages only on the LAN All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP if this is not your intention You must have IIS Internet...

Страница 209: ...ut entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allo...

Страница 210: ...p Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 118 Add Remove Programs Windows Setup Communication Components 4 Clic...

Страница 211: ...ons 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 119 Network Connections 4 The Windows Optional Networking Components Wizard win...

Страница 212: ...you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL...

Страница 213: ...re 122 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 123 Internet Connection Properties 4 You may e...

Страница 214: ...perties Advanced Settings Add Note When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connecte...

Страница 215: ...access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the...

Страница 216: ...l Plug and Play UPnP Figure 128 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select...

Страница 217: ...217 Figure 129 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Fi...

Страница 218: ...P 660HW T v2 User s Guide 218 Chapter 16 Universal Plug and Play UPnP...

Страница 219: ...ame In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and e...

Страница 220: ...ty over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out...

Страница 221: ...on the ZyXEL Device Old Password Type the default admin password 1234 or the existing password you use to access the system for configuring advanced features New Password Type your new system password...

Страница 222: ...Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time server yo...

Страница 223: ...e zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here ar...

Страница 224: ...P 660HW T v2 User s Guide 224 Chapter 17 System...

Страница 225: ...log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and aler...

Страница 226: ...play in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categories that you selected in the Log Settings page Time This field displays the tim...

Страница 227: ...s The following table describes the fields in this screen Table 88 Log Settings LABEL DESCRIPTION E mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e m...

Страница 228: ...week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to selec...

Страница 229: ...131 To 192 168 1 255 match forward 10 05 17 UDP src port 00520 dest port 00520 1 02 128 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 30 UDP src port 00520 dest port 00520 1 02 End o...

Страница 230: ...P packet that was too large Configuration Change PC 0x x Task ID 0x x The router is saving configuration changes Successful SSH login Someone has logged on to the router s SSH server SSH login failed...

Страница 231: ...a web site that the user requested Table 92 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack the...

Страница 232: ...and rule number and was blocked or forwarded according to the rule Table 94 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy ICMP Packet Direction type d code d ICMP access matched the defau...

Страница 233: ...ol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening The PPP connection s Challenge Handshake Authentication Protocol stage is opening ppp...

Страница 234: ...he web content Waiting content filter server timeout The external content filtering server did not respond within the timeout period DNS resolving failed The ZyXEL Device cannot get the IP address of...

Страница 235: ...l classified an ICMP packet with no source routing entry as an IP spoofing attack vulnerability ICMP type d code d The firewall detected an ICMP vulnerability attack For type and code details see Tabl...

Страница 236: ...ase 2 parameters don t match Please check all protocols settings Ex One device being configured for 3DES and the other being configured for DES causes the connection to fail Local remote IPs of incomi...

Страница 237: ...ximum Segment Size value after establishing a tunnel Rule d input idle time out disconnect The tunnel for the listed rule was dropped because there was no inbound traffic within the idle timeout perio...

Страница 238: ...re failed Rule d Sending IKE request IKE sent an IKE request for the listed rule Rule d Receiving IKE request IKE received an IKE request for the listed rule Swap rule to rule d The router changed to...

Страница 239: ...whose address and port are recorded in the Source field Failed to decode the received user cert The router received a corrupted user certificate from the LDAP server whose address and port are recorde...

Страница 240: ...ial numbers 23 Time interval is not continuous 24 Time information not available 25 Database method failed due to timeout 26 Database method failed 27 Path was not verified 28 Maximum path length reac...

Страница 241: ...y supports EAP MD5 No response from RADIUS Pls check RADIUS Server There is no response message from the RADIUS server please check the RADIUS server Use Local User Database to authenticate user The l...

Страница 242: ...ed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams...

Страница 243: ...gured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined...

Страница 244: ...P 660HW T v2 User s Guide 244 Chapter 18 Logs...

Страница 245: ...nutes After a successful upload the system will reboot Only use firmware for your device s specific model Refer to the label on the bottom of your device Click Maintenance Tools to open the Firmware s...

Страница 246: ...systems you may see the following icon on your desktop Figure 138 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload...

Страница 247: ...Backup Configuration Backup configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly...

Страница 248: ...following icon on your desktop Figure 142 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as th...

Страница 249: ...s You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to the chapter about introducing the web configurator for more information on the RESET...

Страница 250: ...P 660HW T v2 User s Guide 250 Chapter 19 Tools...

Страница 251: ...General Diagnostic Click Maintenance Diagnostic to open the screen shown next Figure 145 Diagnostic General The following table describes the fields in this screen Table 111 Diagnostic General LABEL D...

Страница 252: ...VCIs before you begin this test The ZyXEL Device sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshooti...

Страница 253: ...ropriate power source Make sure that the ZyXEL Device and the power source are both turned on Turn the ZyXEL Device off and on If the error persists you may have a hardware problem In this case you sh...

Страница 254: ...ntication may be through the user name and password the MAC address or the host name The username and password apply to PPPoE and PPPoA encapsulation only Make sure that you have entered the correct S...

Страница 255: ...Make sure that there is not a Telnet session running Use the ZyXEL Device s WAN IP address when configuring from the WAN Refer to the instructions on checking your WAN connection Use the ZyXEL Device...

Страница 256: ...P 660HW T v2 User s Guide 256 Chapter 21 Troubleshooting...

Страница 257: ...Subnet Mask 255 255 255 0 24 bits Default Password 1234 DHCP Pool 192 168 1 33 to 192 168 1 64 Dimensions W x D x H 180 x 128 x 36 mm Power Specification 12V AC 1A Built in Switch Four auto negotiati...

Страница 258: ...protocol Transparent bridging for unsupported network layer protocols DHCP Server Client Relay RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC 1213 IP Multicasting IGMP v1 and v2 IGM...

Страница 259: ...and logs NAT SUA Port Forwarding 1024 NAT sessions Multimedia application PPTP under NAT SUA IPSec passthrough SIP ALG passthrough VPN passthrough Content Filtering Web page blocking by URL keyword St...

Страница 260: ...P 660HW T v2 User s Guide 260 Appendix A Product Specifications...

Страница 261: ...d than uploaded For example a simple button click in a web browser can start an extended download that includes graphics and text As data rates increase the carrying distance decreases That means that...

Страница 262: ...at your service provider are not affected by other users With cable modems transmission speeds drop significantly as more users go on line because the line is shared 3 ADSL can be always on connected...

Страница 263: ...d it again to the same device or another one See the following sections for details The Configuration Text File Format All Internal SPTGEN text files conform to the following format field identificati...

Страница 264: ...on page 263 Figure 148 Invalid Parameter Entered Command Line Example The ZyXEL Device will display the following if you enter parameter s that are valid Figure 149 Valid Parameter Entered Command Lin...

Страница 265: ...our computer to the ZyXEL Device using the put command computer to the ZyXEL Device 4 Exit this FTP application Figure 151 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0...

Страница 266: ...0 10000001 System Name Str Your Device 10000002 Location Str 10000003 Contact Person s Name Str 10000004 Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 121 Menu 3 Menu 3 1 General Ethernet S...

Страница 267: ...mary DNS Server 0 0 0 0 30200005 Secondary DNS Server 0 0 0 0 30200006 Remote DHCP Server 0 0 0 0 30200008 IP Address 172 21 2 200 30200009 IP Subnet Mask 16 30200010 RIP Direction 0 None 1 Both 2 In...

Страница 268: ...going protocol filters Set 4 256 30201014 IP Alias 2 0 No 1 Yes 0 30201015 IP Address 0 0 0 0 30201016 IP Subnet Mask 0 30201017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 R...

Страница 269: ...P 0 30500007 Default Key 1 2 3 4 0 30500008 WEP Key1 30500009 WEP Key2 30500010 WEP Key3 30500011 WEP Key4 30500012 Wlan Active 0 Disable 1 Enable 0 30500013 Wlan 4X Mode 0 Disable 1 Enable 0 MENU 3 5...

Страница 270: ...ord Str 1234 40000011 Single User Account 0 No 1 Yes 1 40000012 IP Address Assignment 0 Static 1 D ynamic 1 40000013 IP Address 0 0 0 0 40000014 Remote IP address 0 0 0 0 40000015 Remote IP subnet mas...

Страница 271: ...Static Route set 1 Active 0 No 1 Yes 0 120101003 IP Static Route set 1 Destination IP address 0 0 0 0 120101004 IP Static Route set 1 Destination IP subnetmask 0 120101005 IP Static Route set 1 Gatew...

Страница 272: ...150000012 SUA Server 4 Active 0 No 1 Yes 0 150000013 SUA Server 4 Protocol 0 All 6 TCP 17 U DP 0 150000014 SUA Server 4 Port Start 0 150000015 SUA Server 4 Port End 0 150000016 SUA Server 4 Local IP...

Страница 273: ...6 TCP 17 U DP 0 150000044 SUA Server 10 Port Start 0 150000045 SUA Server 10 Port End 0 150000046 SUA Server 10 Local IP address 0 0 0 0 150000047 SUA Server 11 Active 0 No 1 Yes 0 150000048 SUA Serve...

Страница 274: ...ter Set 1 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210101014 IP Filter Set 1 Rule 1 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 1 2 set 1 rule 2 FIN FN PVA INPUT 210102001 IP Filte...

Страница 275: ...3 IP Filter Set 2 Rule 1 Protocol 6 210201004 IP Filter Set 2 Rule 1 Dest IP address 0 0 0 0 210201005 IP Filter Set 2 Rule 1 Dest Subnet Mask 0 210201006 IP Filter Set 2 Rule 1 Dest Port 137 21020100...

Страница 276: ...et 2 Rule 2 Src Subnet Mask 0 210202010 IP Filter Set 2 Rule 2 Src Port 0 210202011 IP Filter Set 2 Rule 2 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210202013 IP Filter Set 2 Rule 2...

Страница 277: ...o Authentication Required 2 230400002 ReAuthentication Timer in second 555 230400003 Idle Timeout in second 999 230400004 Authentication Databases 0 Local User Database Only 1 RADIUS Only 2 Local RADI...

Страница 278: ...Access 0 all 1 none 2 L an 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Server Access 0 all 1 none 2 L an 3 Wan 0 241100009 WEB Server Secured IP...

Страница 279: ...en the centers of the holes matches what is listed in the product specifications appendix Note Be careful to avoid damaging pipes or cables located inside the wall when drilling holes for the screws 3...

Страница 280: ...P 660HW T v2 User s Guide 280 Appendix D Wall mounting Instructions...

Страница 281: ...equires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropria...

Страница 282: ...Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you n...

Страница 283: ...dapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP addre...

Страница 284: ...the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click St...

Страница 285: ...ter s IP Address 285 Figure 156 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 157 Windows XP Control Panel 3 R...

Страница 286: ...nections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 159 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Pr...

Страница 287: ...ure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two...

Страница 288: ...he General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Страница 289: ...k Connections window Network and Dial up Connections in Windows 2000 NT 11Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and...

Страница 290: ...Address Figure 163 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 164 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from...

Страница 291: ...e changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Cl...

Страница 292: ...k in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyXEL Device and restart your computer if prompted Ver...

Страница 293: ...ck the Red Hat button located on the bottom left corner select System Setting and click Network Figure 167 Red Hat 9 0 KDE Network Configuration Devices 2 Double click on the profile of the network ca...

Страница 294: ...work Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 170 Red Hat 9 0 KDE Ne...

Страница 295: ...55 0 Figure 172 Red Hat 9 0 Static IP Address Setting in ifconfig eth0 2 If you know your DNS server IP address es enter the DNS server information in the resolv conf file in the etc directory The fol...

Страница 296: ...g down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 ine...

Страница 297: ...e remaining three octets are the host ID In a class B address the first two octets make up the network number and the two remaining octets make up the host ID In a class C address the first three octe...

Страница 298: ...ber of subnets you can have in a network Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation...

Страница 299: ...mply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25...

Страница 300: ...ts you can have The remaining number of host ID bits after borrowing determines the number of hosts you can have on each subnet Table 134 Two Subnets Example IP SUBNET MASK NETWORK NUMBER HOST ID IP A...

Страница 301: ...ets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host...

Страница 302: ...Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 140 Subnet 4 IP SUBNET MAS...

Страница 303: ...9 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 142 Class C Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255...

Страница 304: ...25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 32768 1 Table 143...

Страница 305: ...P address are on the same subnet In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default ZyXEL Device IP address and click OK 3 A login screen display...

Страница 306: ...ailable for the category Figure 177 Displaying Log Parameters Example 4 Use sys logs category followed by a log category and a parameter to decide what to record Use 0 to not record logs for that cate...

Страница 307: ...ogs category access 3 ras sys logs save ras sys logs display access time source destination notes message 0 06 08 2004 05 58 21 172 21 4 154 224 0 1 24 ACCESS BLOCK Firewall default policy IGMP W to W...

Страница 308: ...P 660HW T v2 User s Guide 308 Appendix G Command Interpreter...

Страница 309: ...nd shows the of all the firewall settings including e mail attack and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name...

Страница 310: ...ail hour 0 23 This command sets the hour when the firewall log is sent through e mail if the ZyXEL Device is set to send it on an hourly daily or weekly basis config edit firewall e mail minute 0 59 T...

Страница 311: ...h the same destination where the ZyXEL Device starts dropping half open sessions to that destination Sets config edit firewall set set name desired name This command sets a name to identify a specifie...

Страница 312: ...MP Config edit firewall set set rule rule log none match not match both This command sets the ZyXEL Device to log traffic that matches the rule doesn t match both or neither Config edit firewall set s...

Страница 313: ...and to enter various non consecutive port numbers config edit firewall set set rule rule TCP destport range start port end port This command sets a rule to have the ZyXEL Device check for TCP traffic...

Страница 314: ...Guide 314 Appendix H Firewall Commands config delete firewall set set rule rule This command removes the specified rule in a firewall configuration set Table 144 Firewall Commands continued FUNCTION...

Страница 315: ...ted calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of Ne...

Страница 316: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fi...

Страница 317: ...all the POTS splitter at the point where the telephone line enters your residence as shown in the following figure Figure 178 Connecting a POTS Splitter 1 Connect the side labeled Phone to your teleph...

Страница 318: ...e microfilter Figure 179 Connecting a Microfilter You can also use a Y Connector with a microfilter in order to connect both your modem and a telephone to the same wall jack without using a POTS split...

Страница 319: ...crofilters 319 ZyXEL Device With ISDN This section relates to people who use their ZyXEL Device with ADSL over ISDN digital telephone service only The following is an example installation for the ZyXE...

Страница 320: ...P 660HW T v2 User s Guide 320 Appendix J Splitters and Microfilters...

Страница 321: ...work or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 182 Peer to Peer Communication in...

Страница 322: ...ired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired netwo...

Страница 323: ...ent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your r...

Страница 324: ...nsmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without...

Страница 325: ...mode the wireless adapters support and to provide more reliable communications in busy wireless networks Select Short preamble if you are sure the wireless adapters support it and to provide more effi...

Страница 326: ...ate with it RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS serv...

Страница 327: ...messages are exchanged between the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS serve...

Страница 328: ...a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate...

Страница 329: ...2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and...

Страница 330: ...cally generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Mes...

Страница 331: ...A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely available supplicant is the WPA patc...

Страница 332: ...PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and only allows it to join the network i...

Страница 333: ...curity features Table 149 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dynamic W...

Страница 334: ...P 660HW T v2 User s Guide 334 Appendix K Wireless LANs...

Страница 335: ...have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your dev...

Страница 336: ...ons 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer sel...

Страница 337: ...pts and Java Permissions 337 Figure 190 Internet Options 2 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Cl...

Страница 338: ...up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check tha...

Страница 339: ...ions 339 Figure 192 Internet Options 3 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java apple...

Страница 340: ...193 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 U...

Страница 341: ...vaScripts and Java Permissions 341 Figure 194 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet und...

Страница 342: ...P 660HW T v2 User s Guide 342 Appendix L Pop up Windows JavaScripts and Java Permissions Figure 195 Java Sun...

Страница 343: ...between two Ethernet devices Some companies have more than one route to one or more ISPs If the alternate gateway is on the LAN and it s IP address is in the same subnet the triangle route problem ma...

Страница 344: ...al LAN interfaces with the ZyXEL Device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL Devi...

Страница 345: ...nternet access 37 ARP 116 asymmetrical 261 ATM Adaptation Layer 5 see AAL5 ATM loopback test 252 attack alert 168 attack types 142 attacks 225 auto negotiating 258 auxiliary gateway 34 B backup 247 ba...

Страница 346: ...19 258 DHCP pool 257 diagnostic DSL line 252 general 251 dial on demand 35 digital 33 Digital Subscriber Line see DSL Digital Subscriber Line Access Multiplexer see DSLAM dimensions 257 disclaimer 3 D...

Страница 347: ...on threshold 324 FTP 69 130 195 198 restrictions 195 full rate 317 G global products 31 graphics key 32 H half open sessions 167 help 44 hidden node 323 hide SSID 94 host 220 221 host name 219 HTTP 13...

Страница 348: ...BS max incomplete high 167 max incomplete low 167 MBS 79 84 89 media access control see MAC Media Bandwidth Management 35 Message Integrity Check see MIC metric 78 MIB 200 MIC 330 microfilter 317 mult...

Страница 349: ...k start guide 41 R radio interference 323 Radio Frequency see RF RADIUS 326 shared secret key 327 RADIUS message types 327 RADIUS messages 327 RADIUS server 95 reboot 249 registration 31 product 8 rel...

Страница 350: ...porting disk 31 Sustain Cell Rate see SCR switch 36 257 symmetrical 261 SYN Flood 140 141 SYN ACK 141 syntax conventions 31 syslog 162 system errors 225 system name 219 220 System Parameter Table Gene...

Страница 351: ...p 90 WAN setup 75 WAN to LAN rules 152 warranty 8 note 8 web configurator 31 41 43 44 146 151 screen summary 44 WEP 37 98 encryption 100 Wide Area Network see WAN Wi Fi Protected Access see WPA Wired...

Отзывы:

Нет отзывов

Похожие инструкции для P-660HW-T - V2

Xtrend ET5000 User Manual preview
ET5000
Бренд: Xtrend Страницы: 68
TANDBERG Codian GW 3201 Series Getting Started preview
Codian GW 3201 Series
Бренд: TANDBERG Страницы: 18
WAGO 758-918 Manual preview
758-918
Бренд: WAGO Страницы: 76
Matrix simado gfx11 System Manual preview
simado gfx11
Бренд: Matrix Страницы: 88
MSA fieldserver EZ Series Operating Manual preview
fieldserver EZ Series
Бренд: MSA Страницы: 61
Sangoma Netborder SS7 Quick Start Manual preview
Netborder SS7
Бренд: Sangoma Страницы: 4
Lantronix G528 Quick Start Manual preview
G528
Бренд: Lantronix Страницы: 2
Asus Aaeon UP-GWS01 User Manual preview
Aaeon UP-GWS01
Бренд: Asus Страницы: 21
Asus AAM6KBDBX User Manual preview
AAM6KBDBX
Бренд: Asus Страницы: 42
Asus AAEON SRG-ADIO User Manual preview
AAEON SRG-ADIO
Бренд: Asus Страницы: 53
Asus Aaeon UPC-GWS01 User Manual preview
Aaeon UPC-GWS01
Бренд: Asus Страницы: 21
Asus HG100 User Manual preview
HG100
Бренд: Asus Страницы: 160
Asus AAEON SPG-M041 User Manual preview
AAEON SPG-M041
Бренд: Asus Страницы: 38
Asus DSL-N10 User Manual preview
DSL-N10
Бренд: Asus Страницы: 52
Honeywell RedLINK Installation Manual preview
RedLINK
Бренд: Honeywell Страницы: 60
Honeywell OW-CDX050 User Manual preview
OW-CDX050
Бренд: Honeywell Страницы: 134
Samsung HHG-3004H2 User Manual preview
HHG-3004H2
Бренд: Samsung Страницы: 20
Samsung DRGW User Manual preview
DRGW
Бренд: Samsung Страницы: 17

Бренды по названию

Популярные бренды

Загрузить еще бренды