ZyXEL Communications P-660HWP-D1 Скачать руководство пользователя страница 179 | Manualshive

Страница: 179 / 374

ZyXEL Communications P-660HWP-D1 Скачать руководство пользователя страница 179

Chapter 11 Firewall Configuration

P-660HWP-D1 User’s Guide

179

11.10.2 Half-Open Sessions

An unusually high number of half-open sessions (either an absolute number or measured as
the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, “half-
open” means that the session has not reached the established state-the TCP three-way
handshake has not yet been completed (see

Figure 87 on page 152

). For UDP, “half-open”

means that the firewall has detected no return traffic.
The P-660HWP-D1 measures both the total number of existing half-open sessions and the rate
of session establishment attempts. Both TCP and UDP half-open sessions are counted in the
total number and rate measurements. Measurements are made once a minute.
When the number of existing half-open sessions rises above a threshold (

max-incomplete

high

), the P-660HWP-D1 starts deleting half-open sessions as required to accommodate new

connection requests. The P-660HWP-D1 continues to delete half-open requests as necessary,
until the number of existing half-open sessions drops below another threshold (

max-

incomplete low

).

When the rate of new connection attempts rises above a threshold (

one-minute high

), the P-

660HWP-D1 starts deleting half-open sessions as required to accommodate new connection
requests. The P-660HWP-D1 continues to delete half-open sessions as necessary, until the rate
of new connection attempts drops below another threshold (

one-minute low

). The rate is the

number of new attempts detected in the last one-minute sample period.

11.10.2.1 TCP Maximum Incomplete and Blocking Time

An unusually high number of half-open sessions with the same destination host address could
indicate that a Denial of Service attack is being launched against the host.
Whenever the number of half-open sessions with the same destination host address rises above
a threshold (

TCP Maximum Incomplete

), the P-660HWP-D1 starts deleting half-open

sessions according to one of the following methods:

• If the

Blocking Time

timeout is 0 (the default), then the P-660HWP-D1 deletes the oldest

existing half-open session for the host for every new connection request to the host. This
ensures that the number of half-open sessions to a given host will never exceed the
threshold.

• If the

Blocking Time

timeout is greater than 0, then the P-660HWP-D1 blocks all new

connection requests to the host giving the server time to handle the present connections.
The P-660HWP-D1 continues to block all new connection requests until the

Blocking

Time

expires.

11.10.3 Configuring Firewall Thresholds

The P-660HWP-D1 also sends alerts whenever

TCP Maximum Incomplete

is exceeded. The

global values specified for the threshold and timeout apply to all TCP connections.
Click

Firewall

, and

Threshold

to bring up the next screen.

«
...
177
178
179
180
181
...
»

Содержание P-660HWP-D1

Страница 1: ...www zyxel com P 660HWP D1 802 11g HomePlug AV ADSL2 Security Gateway User s Guide Version 3 40 6 2007 Edition 1...

Страница 2: ......

Страница 3: ...Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the P 660HWP D1 Supporting D...

Страница 4: ...ld choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more c...

Страница 5: ...de 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The P 660HWP D1 icon is not an exact representation of your device P 660HWP D1 Computer Notebook computer Se...

Страница 6: ...Y an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to...

Страница 7: ...Safety Warnings P 660HWP D1 User s Guide 7...

Страница 8: ...Safety Warnings P 660HWP D1 User s Guide 8...

Страница 9: ...up 73 LAN Setup 91 Wireless LAN 103 Powerline 127 Network Address Translation NAT 135 Security 147 Firewalls 149 Firewall Configuration 161 Content Filtering 183 Certificates 187 Advanced 209 Static R...

Страница 10: ...Contents Overview P 660HWP D1 User s Guide 10...

Страница 11: ...ood Habits for Managing the P 660HWP D1 35 1 4 LEDs 35 1 5 Hardware Connections 37 1 5 1 Connecting a POTS Splitter 37 1 5 2 Telephone Microfilters 37 1 5 3 P 660HWP D1 With ISDN 38 Chapter 2 Introduc...

Страница 12: ...ess 63 3 2 3 Manually assign a WPA PSK key 66 3 2 4 Manually assign a WEP key 66 Chapter 4 Bandwidth Management Wizard 69 4 1 Introduction 69 4 2 Bandwidth Management Wizard Setup 69 Part III Network...

Страница 13: ...Multicast 94 6 2 4 Any IP 95 6 3 Configuring LAN IP 96 6 3 1 Configuring Advanced LAN Setup 97 6 4 DHCP Setup 98 6 5 LAN Client List 99 6 6 LAN IP Alias 100 Chapter 7 Wireless LAN 103 7 1 Wireless Net...

Страница 14: ...Networks 129 8 3 Configuring Local Settings 130 8 4 Configuring Remote Settings 131 8 5 Powerline Network Status 132 Chapter 9 Network Address Translation NAT 135 9 1 NAT Overview 135 9 1 1 NAT Defini...

Страница 15: ...156 10 5 4 UDP ICMP Security 157 10 5 5 Upper Layer Protocols 157 10 6 Guidelines for Enhancing Security with Your Firewall 158 10 6 1 Security In General 158 10 7 Packet Filtering Vs Firewall 159 10...

Страница 16: ...s of Certificates 188 13 2 Self signed Certificates 188 13 3 Verifying a Certificate 188 13 3 1 Checking the Fingerprint of a Certificate on Your Computer 188 13 4 Configuration Summary 189 13 5 My Ce...

Страница 17: ...idth Usage Example 218 15 6 3 Bandwidth Management Priorities 219 15 7 Over Allotment of Bandwidth 219 15 8 Configuring Summary 220 15 9 Bandwidth Management Rule Setup 221 15 10 DiffServ 222 15 10 1...

Страница 18: ...1 Installing UPnP in Windows Me 245 18 3 2 Installing UPnP in Windows XP 246 18 4 Using UPnP in Windows XP Example 247 18 4 1 Auto discover Your UPnP enabled Network Device 248 18 4 2 Web Configurato...

Страница 19: ...are Connections and LEDs 289 23 2 P 660HWP D1 Access and Login 290 23 3 Internet Access 291 23 4 Powerline Issues 293 Part VII Appendices and Index 295 Appendix A Product Specifications and Wall Mount...

Страница 20: ...Table of Contents P 660HWP D1 User s Guide 20...

Страница 21: ...Status Packet Statistics 52 Figure 19 System General 54 Figure 20 Wizard Welcome 57 Figure 21 Internet Access Wizard Setup ISP Parameters 58 Figure 22 Internet Connection with PPPoE 59 Figure 23 Inter...

Страница 22: ...urity 109 Figure 58 Wireless Static WEP Encryption 110 Figure 59 Wireless WPA PSK WPA2 PSK 111 Figure 60 Wireless WPA WPA2 112 Figure 61 Advanced 114 Figure 62 OTIST 116 Figure 63 Example Wireless Cli...

Страница 23: ...nt Filter Keyword 183 Figure 104 Content Filter Schedule 184 Figure 105 Content Filter Trusted 185 Figure 106 Certificates on Your Computer 188 Figure 107 Certificate Details 189 Figure 108 Certificat...

Страница 24: ...s Optional Networking Components Wizard 247 Figure 144 Networking Services 247 Figure 145 Network Connections 248 Figure 146 Internet Connection Properties 249 Figure 147 Internet Connection Propertie...

Страница 25: ...re 187 Windows XP Internet Protocol TCP IP Properties 325 Figure 188 Macintosh OS 8 9 Apple Menu 326 Figure 189 Macintosh OS 8 9 TCP IP 326 Figure 190 Macintosh OS X Apple Menu 327 Figure 191 Macintos...

Страница 26: ...List of Figures P 660HWP D1 User s Guide 26...

Страница 27: ...1 64 Table 16 Wireless LAN Setup Wizard 2 65 Table 17 Manually assign a WPA key 66 Table 18 Manually assign a WEP key 67 Table 19 Bandwidth Management Wizard General Information 70 Table 20 Internet C...

Страница 28: ...l Rules 166 Table 61 Firewall Edit Rule 169 Table 62 Customized Services 170 Table 63 Firewall Configure Customized Services 171 Table 64 Predefined Services 175 Table 65 Firewall Anti Probing 178 Tab...

Страница 29: ...e 95 Services and Port Numbers 225 Table 96 Bandwidth Management Monitor 226 Table 97 Dynamic DNS 228 Table 98 Remote Management WWW 233 Table 99 Remote Management Telnet 234 Table 100 Remote Manageme...

Страница 30: ...7 Wireless Firmware Specifications 299 Table 138 Standards Supported 300 Table 139 IEEE 802 11g 307 Table 140 Wireless Security Levels 308 Table 141 Comparison of EAP Authentication Types 311 Table 14...

Страница 31: ...31 PART I Introduction Introducing the P 660HWP D1 33 Introducing the Web Configurator 41...

Страница 32: ...32...

Страница 33: ...one Service Model names ending in 3 denote a device that works over ISDN Integrated Services Digital Network The DSL RJ 11 ADSL over POTS models or RJ 45 ADSL over ISDN models connects to your ADSL or...

Страница 34: ...follows Figure 2 LAN to LAN Application Example The P 660HWP D1 is compatible with the ADSL ADSL2 ADSL2 standards Maximum data rates attainable for each standard are shown in the next table If your P...

Страница 35: ...SPTGEN file This is especially convenient if you need to configure many devices of the same type TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for...

Страница 36: ...HWP D1 is ready but is not sending receiving data through the wireless LAN Blinking The P 660HWP D1 is sending receiving data through the wireless LAN Off The wireless LAN is not ready or has failed D...

Страница 37: ...ephone 2 Connect the side labeled Modem or DSL to your P 660HWP D1 3 Connect the side labeled Line to the telephone wall jack 1 5 2 Telephone Microfilters Telephone voice transmissions take place in t...

Страница 38: ...2 Connect a cable from the double jack end of the Y Connector to the wall side of the microfilter 3 Connect another cable from the double jack end of the Y Connector to the P 660HWP D1 4 Connect the...

Страница 39: ...Chapter 1 Introducing the P 660HWP D1 P 660HWP D1 User s Guide 39 Figure 7 P 660HWP D1 with ISDN...

Страница 40: ...Chapter 1 Introducing the P 660HWP D1 P 660HWP D1 User s Guide 40...

Страница 41: ...windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See the chapter on troubleshootin...

Страница 42: ...dministrator access enter the default admin password 1234 to configure the wizards and the advanced features 2 Click Login to proceed to a screen asking you to change your password or click Cancel to...

Страница 43: ...ange Password at Login 4 Select Go to Wizard setup and click Apply to display the wizard main screen Otherwise select Go to Advanced setup and click Apply to display the Status screen Figure 11 Select...

Страница 44: ...set Button 1 Make sure the POWER LED is on not blinking 2 Press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defau...

Страница 45: ...p Use this screen to configure your traffic redirect properties and WAN backup settings LAN IP Use this screen to configure LAN TCP IP settings enable Any IP and other advanced properties DHCP Setup U...

Страница 46: ...range of users on the LAN from content filtering on your P 660HWP D1 Certificates My Certificates Use this screen to show a list of the P 660HWP D1 s certificates Trusted CA s Use this screen to show...

Страница 47: ...e s and from which IP address es users can send DNS queries to the P 660HWP D1 ICMP Use this screen to change your anti probing settings UPnP General Use this screen to enable UPnP on the P 660HWP D1...

Страница 48: ...WP D1 s model name MAC Address This is the MAC Media Access Control or Ethernet address unique to your P 660HWP D1 ZyNOS Firmware Version This is the ZyNOS firmware version and the date created ZyNOS...

Страница 49: ...ys what percent of the P 660HWP D1 s heap memory is in use The bar turns from green to red when the maximum is being approached Interface Status Interface This displays the P 660HWP D1 port types Stat...

Страница 50: ...gure 15 Status WLAN Status The following table describes the labels in this screen Table 5 Status Any IP Table LABEL DESCRIPTION This is the index number of the host computer IP Address This field dis...

Страница 51: ...bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use Figure 16 Status Bandwidth Status 2 4 6 Status Powerline Statistics Click the Powerl...

Страница 52: ...eld is configurable Not all fields are available on all models Figure 18 Status Packet Statistics The following table describes the fields in this screen Table 7 Status Packet Statistics LABEL DESCRIP...

Страница 53: ...ts This field displays the number of packets received on this port Errors This field displays the number of error packets on this port Tx B s This field displays the number of bytes transmitted in the...

Страница 54: ...Chapter 2 Introducing the Web Configurator P 660HWP D1 User s Guide 54 Figure 19 System General...

Страница 55: ...55 PART II Wizards Wizard Setup for Internet Wireless Access 57 Bandwidth Management Wizard 69...

Страница 56: ...56...

Страница 57: ...screens to configure your system for Internet Wireless access with the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Wire...

Страница 58: ...ist box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483...

Страница 59: ...Connection with RFC 1483 Table 9 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain ide...

Страница 60: ...static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Select Obtain an IP Address Automat...

Страница 61: ...ck Apply to save your changes to the P 660HWP D1 Exit Click Exit to close the wizard screen without saving your changes Table 12 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the lo...

Страница 62: ...tep 2 of the wizard where you can configure your wireless settings Select No to finish the wizard Reconfigure Select Reconfigure to try to log on with a different user name and password The P 660HWP D...

Страница 63: ...the INTERNET WIRELESS Wizard After checking your connections click this to restart the Wizard Continue to Wireless Setup Wizard Select Yes to continue to Step 2 of the wizard where you can configure y...

Страница 64: ...0HWP D1 s SSID and WPA PSK security settings to wireless clients that support OTIST and are within transmission range You must also activate and start OTIST on the wireless client at the same time The...

Страница 65: ...lly assign a WPA PSK key to configure a pre shared key WPA PSK Choose this option only if your wireless clients support WPA See Section 3 2 3 on page 66 for more information Select Manually assign a W...

Страница 66: ...LAN setup screen to set up a Pre Shared Key Figure 31 Manually assign a WPA key The following table describes the labels in this screen 3 2 4 Manually assign a WEP key Choose Manually assign a WEP ke...

Страница 67: ...Management page to start the Bandwidth Management wizard or click Go to Advanced Setup page to configure advanced settings Table 18 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are use...

Страница 68: ...ch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of P 660HWP D1 features If y...

Страница 69: ...WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements This helps keep one service from using all of the available bandwidth and shutting out other users...

Страница 70: ...your configuration Figure 37 Bandwidth Management Wizard Complete Table 19 Bandwidth Management Wizard General Information LABEL DESCRIPTION Active Select the Active check box to have the P 660HWP D1...

Страница 71: ...71 PART III Network WAN Setup 73 LAN Setup 91 Wireless LAN 103 Powerline 127 Network Address Translation NAT 135...

Страница 72: ...72...

Страница 73: ...Point to Point Protocol over Ethernet provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal...

Страница 74: ...minant in environments where dynamic creation of large numbers of ATM VCs is fast and economical 5 1 2 2 LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying...

Страница 75: ...s your choices for IP address and ENET ENCAP gateway 5 1 5 1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and ENET ENCAP Gateway fields are not applicab...

Страница 76: ...Section 5 8 on page 88 For example if the normal route has a metric of 1 and the traffic redirect route has a metric of 2 and dial backup route has a metric of 3 then the normal route acts as the pri...

Страница 77: ...onstant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that con...

Страница 78: ...ransfer 5 4 Zero Configuration Internet Access Once you turn on and connect the P 660HWP D1 to a telephone jack it automatically detects the Internet connection settings such as the VCI VPI numbers an...

Страница 79: ...entification purposes only Mode Select Routing default from the drop down list box if your ISP allows multiple computers to share an Internet account Otherwise select Bridge Encapsulation Select the m...

Страница 80: ...Select this if your ISP gave you a fixed IP address Enter the IP address you were given in the IP Address field IP Address If your ISP gave you an IP address to use enter it here Subnet Mask ENET ENC...

Страница 81: ...ish membership in a multicast group The P 660HWP D1 supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed alwa...

Страница 82: ...the VCI VPI numbers and the encapsulation method from the ISP and make the necessary configuration changes Select No to disable this feature You must manually configure the P 660HWP D1 for Internet ac...

Страница 83: ...ect the check box to enable it Name This is the descriptive name for this connection VPI VCI This is the VPI and VCI values used for this connection Encapsulation This is the method of encapsulation u...

Страница 84: ...rnet account If you select Bridge the P 660HWP D1 will forward any packet that it does not route to this remote node otherwise the packets are discarded Encapsulation Select the method of encapsulatio...

Страница 85: ...use enter it here Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting Gateway IP address Specify a gateway...

Страница 86: ...membership in a multicast group The P 660HWP D1 supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always o...

Страница 87: ...address or in bridge mode Select Yes to set the P 660HWP D1 to automatically detect the Internet connection settings such as the VCI VPI numbers and the encapsulation method from the ISP and make the...

Страница 88: ...HWP D1 User s Guide 88 Figure 45 Traffic Redirect LAN Setup 5 8 Configuring WAN Backup To change your P 660HWP D1 s WAN backup settings click Network WAN WAN Backup Setup The screen appears as shown F...

Страница 89: ...for the P 660HWP D1 to wait between checks Allow more time if your destination IP address handles lots of traffic Timeout Type the number of seconds 3 recommended for your P 660HWP D1 to wait for a p...

Страница 90: ...Chapter 5 WAN Setup P 660HWP D1 User s Guide 90...

Страница 91: ...rea usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 6 3 on page 96 to configure the LAN screens 6 1 1 LANs...

Страница 92: ...dresses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISP s choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the...

Страница 93: ...ddress Translation NAT feature of the P 660HWP D1 The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless yo...

Страница 94: ...P packets but will not accept any RIP packets received None the P 660HWP D1 will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadca...

Страница 95: ...P D1 In cases where your computer is required to use a static IP address in another network you may need to manually configure the network settings of the computer every time you want to access the In...

Страница 96: ...nds packets to its default gateway which is not the P 660HWP D1 by looking at the MAC address in its ARP table 2 When the computer cannot locate the default gateway an ARP request is broadcast on the...

Страница 97: ...Mask Type the subnet mask assigned to you by your ISP if given Apply Click Apply to save your changes to the P 660HWP D1 Cancel Click Cancel to begin configuring this screen afresh Advanced Setup Clic...

Страница 98: ...s Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to connect to and communicate with a LAN For some dial up services such as PPPo...

Страница 99: ...of the actual remote DHCP server in the Remote DHCP Server field in this case When DHCP is used the following items need to be set IP Pool Starting Address This field specifies the first of the contig...

Страница 100: ...ble entry row Status This field displays whether the client is connected to the P 660HWP D1 Host Name This field displays the computer host name IP Address This field displays the IP address relative...

Страница 101: ...AN s logical networks subnets Make sure that the subnets of the logical networks do not overlap The following figure shows a LAN divided into subnets A B and C Figure 53 Physical Network Partitioned L...

Страница 102: ...routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets receiv...

Страница 103: ...ess network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your P 660HWP D1 is the AP...

Страница 104: ...B adapter or a wireless CardBus card 3 a RADIUS server only if you want to use IEEE802 1x WPA or WPA2 To have two or more computers communicate with each other wirelessly without an AP or wireless rou...

Страница 105: ...irly weak however because there are ways for unauthorized devices to get the SSID In addition unauthorized devices can still see the information that is sent in the wireless network 7 3 2 MAC Address...

Страница 106: ...ore there are ways for unauthorized wireless users to get a valid user name and password Then they can use that user name and password to use the wireless network Local user databases also have an add...

Страница 107: ...to protect the information in the wireless network The longer the key the stronger the encryption Every wireless client in the wireless network must have the same key 7 3 5 One Touch Intelligent Secu...

Страница 108: ...printable 7 bit English keyboard characters for the wireless LAN Note If you are configuring the P 660HWP D1 from a computer connected to the wireless LAN and you change the P 660HWP D1 s SSID or WEP...

Страница 109: ...ireless clients and the access points must use the same WEP key Your P 660HWP D1 allows you to configure up to four 64 bit 128 bit or 256 bit WEP keys but only one key can be enabled at any one time I...

Страница 110: ...Passphrase up to 32 printable characters and clicking Generate The P 660HWP D1 automatically generates a WEP key WEP Key The WEP keys are used to encrypt data Both the P 660HWP D1 and the wireless cli...

Страница 111: ...less clients have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless c...

Страница 112: ...management sends a new group key out to all clients The re keying process is the WPA 2 equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Settin...

Страница 113: ...all stations in a WLAN on a periodic basis Setting of the Group Key Update Timer is also supported in WPA PSK WPA2 PSK mode The default is 1800 seconds 30 minutes Authentication Server IP Address Ente...

Страница 114: ...thin an area decrease the output power of the P 660HWP D1 to reduce interference with other APs The options are Maximum Middle and Minimum Preamble Select Long preamble if you are unsure what preamble...

Страница 115: ...The AP and wireless client s MUST use the same Setup key 7 5 1 1 AP You can enable OTIST using the RESET button or the web configurator 7 5 1 1 1 Reset button If you use the RESET button the default...

Страница 116: ...st also make the same change on the wireless client s Yes If you want OTIST to automatically generate a WPA PSK you must Change your security to any security other than WPA PSK in the Wireless LAN Gen...

Страница 117: ...ireless clients and AP in any order but they must all be within range and have OTIST enabled 1 In the AP a web configurator screen pops up showing you the security settings to transfer You can use the...

Страница 118: ...oses its wireless connection for more than ten seconds it will search for an OTIST enabled AP for up to one minute If you manually have the wireless client search for an OTIST enabled AP there is no t...

Страница 119: ...he devices to configure this screen To change your P 660HWP D1 s MAC filter settings click Network Wireless LAN MAC Filter The screen appears as shown Figure 69 MAC Address Filter The following table...

Страница 120: ...ess MAC Address Enter the MAC addresses of the wireless client that are allowed or denied access to the P 660HWP D1 in these address fields Enter the MAC addresses in a valid MAC address format that i...

Страница 121: ...r further information about port numbers Next to the name of the service two fields appear in brackets The first field indicates the IP protocol type TCP UDP or ICMP The second field indicates the IP...

Страница 122: ..._TUNNEL AH 0 The IPSEC AH Authentication Header tunneling protocol uses this service IPSEC_TUNNEL ESP 0 The IPSEC ESP Encapsulation Security Protocol tunneling protocol uses this service IRC TCP UDP 6...

Страница 123: ...Transfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TC...

Страница 124: ...which you want to apply WMM QoS This is the number of an individual application entry Name This field displays a description given to an application entry Service This field displays either FTP WWW E...

Страница 125: ...of messages sent through a computer network to specific groups or individuals Here are some default ports for e mail POP3 port 110 IMAP port 143 SMTP port 25 HTTP port 80 WWW The World Wide Web is an...

Страница 126: ...User s Guide 126 Apply Click Apply to save your changes back to the P 660HWP D1 Cancel Click Cancel to return to the previous screen without saving your changes Table 43 Application Priority Configur...

Страница 127: ...g section shows you a typical application Figure 72 Expand Your Network 1 Connect your P 660HWP D1 to the Internet 2 Then plug your P 660HWP D1 into a power outlet and turn it on The P 660HWP D1 is re...

Страница 128: ...network name may be called the network password By default all HomePlug AV powerline adapters are configured with the network name HomePlugAV This allows all HomePlug AV powerline adapters and the P...

Страница 129: ...network name for example Password1 to this powerline adapter Add additional powerline adapters to your network by plugging them into your powerline outlets and assigning them the same network name Pa...

Страница 130: ...ocal station Figure 75 Network Powerline Local Setting The following table describes the labels in this screen Table 44 Network Powerline Local Setting Password 1 Password 2 Password 2 Password 1 LABE...

Страница 131: ...s that you want to be part of your powerline network The network name can be from 1 to 64 alphanumeric characters in length spaces are not allowed DAK Password DAK Password is the password used to ver...

Страница 132: ...ions In The Same Network This field shows the MAC addresses of the HomePlug AV adapters on your network These adapters all share the Network Name entered in the Local Settings section Select one of th...

Страница 133: ...pairs of hexadecimal characters hexadecimal characters are 0 9 and a f In the case of the P 660HWP D1 this label is on the bottom of the device TEI TEI refers to Terminal Equipment Identifier In this...

Страница 134: ...nsmits data to another adapter on your powerline network The rate is given in the following format application data transmission rate raw data transmission rate Application data reflects more accurate...

Страница 135: ...st when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the locati...

Страница 136: ...ting intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 9 1 3 How NAT Works Each packet has two addresses a sour...

Страница 137: ...e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the...

Страница 138: ...un friendly because they embed IP addresses and port numbers in their packets data payload Some NAT routers may include a SIP Application Layer Gateway ALG An Application Layer Gateway ALG manages a s...

Страница 139: ...limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may...

Страница 140: ...Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 9 5 1 Default Server IP Address In add...

Страница 141: ...s as a single host on the Internet Figure 81 Multiple Servers Behind NAT Example 9 6 Configuring Port Forwarding The Port Forwarding screen is available only when you select SUA Only in the NAT Genera...

Страница 142: ...or in the remote management setup Port Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click thi...

Страница 143: ...DESCRIPTION Active Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter t...

Страница 144: ...is the starting Inside Global IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for Many to One and Server mapping types Global End IP This is the...

Страница 145: ...o Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outs...

Страница 146: ...Translation NAT P 660HWP D1 User s Guide 146 Apply Click Apply to save your changes to the P 660HWP D1 Cancel Click Cancel to begin configuring this screen afresh Table 54 Edit Address Mapping Rule co...

Страница 147: ...147 PART IV Security Firewalls 149 Firewall Configuration 161 Content Filtering 183 Certificates 187...

Страница 148: ...148...

Страница 149: ...only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In add...

Страница 150: ...to assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level acces...

Страница 151: ...ific functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP po...

Страница 152: ...series of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 6 Weaknesses in the TCP IP specification leave it o...

Страница 153: ...r floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadca...

Страница 154: ...king a router or firewall into thinking that the communications are coming from within the trusted network To engage in IP spoofing a hacker must modify the packet headers so that it appears that the...

Страница 155: ...packet leaves the LAN network through the firewall s WAN interface The TCP packet is the first in a session and the packet s application layer protocol is configured for a firewall rule inspection 1 T...

Страница 156: ...ow certain types of traffic from the Internet to specific hosts on the LAN Allow access to a Web server to everyone but competitors Restrict use of certain protocols such as Telnet to authorized users...

Страница 157: ...ve Specifically only outgoing echoes will allow incoming echo replies outgoing address mask requests will allow incoming address mask replies and outgoing timestamp requests will allow incoming timest...

Страница 158: ...icularly vulnerable because they provide more opportunities for hackers to crack your system Turn your computer off when not in use Never give out a password or any sensitive information to an unsolic...

Страница 159: ...ilters can not distinguish traffic originating from an inside host or an outside host by IP address To block allow IP trace route 10 7 2 Firewall The firewall inspects packet contents as well as their...

Страница 160: ...ish traffic originating from an inside host or an outside host by IP address The firewall performs better than filtering if you need to check many rules Use the firewall if you need routine e mail rep...

Страница 161: ...ravel of packets to which they apply By default the P 660HWP D1 s stateful packet inspection allows packets traveling in the following directions LAN to LAN Router This allows computers on the LAN to...

Страница 162: ...recedence and override the P 660HWP D1 s default rules 11 3 Rule Logic Overview Study these points carefully before configuring rules 11 3 1 Rule Checklist State the intent of the rule For example Thi...

Страница 163: ...an ICMP destination unreachable message to the sender 11 3 3 2 Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See Secti...

Страница 164: ...ou will need to create custom rules to allow it 11 4 2 Alerts Alerts are reports on events such as attacks that you may want to know about right away You can choose to generate an alert when a rule is...

Страница 165: ...s the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LA...

Страница 166: ...figure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in...

Страница 167: ...can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move u...

Страница 168: ...Chapter 11 Firewall Configuration P 660HWP D1 User s Guide 168 Figure 93 Firewall Edit Rule...

Страница 169: ...he Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Dele...

Страница 170: ...omized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action displays the following screen Apply Click Apply to save yo...

Страница 171: ...ices LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Config...

Страница 172: ...becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index n...

Страница 173: ...ample Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom service...

Страница 174: ...wall Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService co...

Страница 175: ...m service ports may also be configured using the Edit Customized Services function discussed previously Table 64 Predefined Services SERVICE DESCRIPTION AIM NEW_ICQ TCP 5190 AOL s Internet Messenger s...

Страница 176: ...from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_...

Страница 177: ...n user Refer to Section 10 1 on page 149 for more information Click Security Firewall Anti Probing to display the screen as shown Figure 101 Firewall Anti Probing SSH TCP UDP 22 Secure Shell Remote Lo...

Страница 178: ...wall rules Table 65 Firewall Anti Probing LABEL DESCRIPTION Respond to PING on The P 660HWP D1 does not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming L...

Страница 179: ...The P 660HWP D1 continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts detec...

Страница 180: ...eleting half open sessions When the rate of new connection attempts rises above this number the P 660HWP D1 deletes half open sessions as required to accommodate new connection attempts 100 half open...

Страница 181: ...sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address Enter a number between 1 and 256 As a general...

Страница 182: ...Chapter 11 Firewall Configuration P 660HWP D1 User s Guide 182...

Страница 183: ...D1 performs content filtering You can also specify trusted IP addresses on the LAN for which the P 660HWP D1 will not perform content filtering 12 2 Configuring Keyword Blocking Use this screen to blo...

Страница 184: ...ist of all the keywords that you have configured the P 660HWP D1 to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the keywords fr...

Страница 185: ...o Block Select this option to filter websites according to the day s and time s configured Active Select the check box to have the content filtering active on the selected day Start TIme Enter the sta...

Страница 186: ...Chapter 12 Content Filtering P 660HWP D1 User s Guide 186...

Страница 187: ...secure Public key encryption for authentication works as follows 1 Tim wants to send a private message to Jenny Tim generates a public private key pair What is encrypted with one key can only be decr...

Страница 188: ...13 2 Self signed Certificates You can have the P 660HWP D1 act as a certification authority and sign its own certificates 13 3 Verifying a Certificate Before you import a trusted CA or trusted remote...

Страница 189: ...certificates on the P 660HWP D1 Figure 108 Certificate Configuration Overview Use the My Certificate screens to generate and export self signed certificates or certification requests and import the P...

Страница 190: ...e The factory default certificate is common to all P 660HWP D1s that use certificates ZyXEL recommends that you use this button to replace the factory default certificate with one that uses your P 660...

Страница 191: ...ith an in depth list of information about the certificate or certification request Click the export icon to save the certificate to a computer For a certification request click the export icon and the...

Страница 192: ...you must select this check box in another self signed certificate s details screen This automatically clears the check box in the details screen of the certificate that was previously set to sign the...

Страница 193: ...certificate is about to expire or has already expired Key Algorithm This field displays the type of algorithm that was used to generate the certificate s key pair the P 660HWP D1 uses RSA encryption...

Страница 194: ...ficates My Certificates Create Back Click Back to go the previous screen Export Click Export to export a file containing your certificate details Apply Click Apply to save your changes back to the P 6...

Страница 195: ...rtificate owner is located You may use any character including spaces but the P 660HWP D1 drops trailing spaces Key Length Select a number from the drop down list box to determine how many bits the ke...

Страница 196: ...TCP based enrollment protocol that was developed by VeriSign and Cisco Certificate Management Protocol CMP is a TCP based enrollment protocol that was developed by the Public Key Infrastructure X 509...

Страница 197: ...X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines the general syntax for data including digital signatures that may be encrypted The P 660HWP D1 currently allows t...

Страница 198: ...t This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that e...

Страница 199: ...icon to open a screen with an in depth list of information about the certificate Use the export icon to save the certificate to a computer Click the icon and then Save in the File Download screen The...

Страница 200: ...gned means that a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate w...

Страница 201: ...o displays the domain names or IP addresses of the servers MD5 Fingerprint This is the certificate s message digest that the P 660HWP D1 calculated using the MD5 algorithm You can use this value to ve...

Страница 202: ...te that is signed by one of the certification authorities on the Trusted CAs screen since the P 660HWP D1 automatically accepts any valid certificate signed by a trusted certification authority as bei...

Страница 203: ...rtificates This field displays the certificate index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Subject This field dis...

Страница 204: ...ts screen Click the details icon to open the Trusted Remote Host Details screen You can use this screen to view in depth information about the trusted remote host s certificate and or change the certi...

Страница 205: ...issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self signed certificate that the P 660HWP D1 uses to sign remote host certific...

Страница 206: ...uthority s certificate and Path Length Constraint 1 means that there can only be one certification authority in the certificate s path MD5 Fingerprint This is the certificate s message digest that the...

Страница 207: ...n about a directory server that the P 660HWP D1 can access Table 81 Security Certificates Directory Servers LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the P 660HWP...

Страница 208: ...dotted decimal notation or the domain name of the directory server Server Port This field displays the default server port number of the protocol that you select in the Access Protocol field You may...

Страница 209: ...209 PART V Advanced Static Route 211 Bandwidth Management 215 Dynamic DNS Setup 227 Remote Management Configuration 231 Universal Plug and Play UPnP 243...

Страница 210: ...210...

Страница 211: ...ance the P 660HWP D1 knows about network N2 in the following figure through remote node Router 1 However the P 660HWP D1 is unable to route a packet to network N3 because it doesn t know that there is...

Страница 212: ...check box Name This is the name that describes or identifies this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number G...

Страница 213: ...on Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical t...

Страница 214: ...Chapter 14 Static Route P 660HWP D1 User s Guide 214...

Страница 215: ...raffic that comes into an interface Bandwidth management applies to all traffic flowing out of the router regardless of the traffic s source Traffic redirect or IP alias may cause LAN to LAN traffic t...

Страница 216: ...he P 660HWP D1 has two types of scheduler fairness based and priority based 15 5 1 Priority based Scheduler With the priority based scheduler the P 660HWP D1 forwards traffic from bandwidth classes ac...

Страница 217: ...eted or unused by the classes depending on how many bandwidth classes require more bandwidth and on their priority levels When only one class requires more bandwidth the P 660HWP D1 gives extra bandwi...

Страница 218: ...he amount of bandwidth that each class gets Suppose that all of the classes except for the administration class need more bandwidth Each class gets up to its budgeted bandwidth The administration clas...

Страница 219: ...available bandwidth This could stop lower priority traffic from being sent The following is an example Table 88 Fairness based Allotment of Unused and Unbudgeted Bandwidth Example BANDWIDTH CLASSES AN...

Страница 220: ...l interfaces Select an interface s check box to enable bandwidth management on that interface Bandwidth management applies to all traffic flowing out of the router through the interface regardless of...

Страница 221: ...ndwidth among the bandwidth classes that require bandwidth Do not select this if you want to reserve bandwidth for traffic that does not match a bandwidth class or you want to limit the speed of this...

Страница 222: ...Serv Differentiated Service Field The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds...

Страница 223: ...Configuration Click the Edit icon or select User Defined from the Service drop down list in the Rule Setup screen to configure a bandwidth management rule Use bandwidth rules to allocate specific amou...

Страница 224: ...the lowest priority mark will be dropped when the line is busy Filter Configuration Service This field simplifies bandwidth class configuration by allowing you to select a predefined application When...

Страница 225: ...ct the protocol TCP or UDP or select User defined and enter the protocol service type number 0 means any protocol number TOS Type of Service TOS defines the DS Differentiated Service field in the IP h...

Страница 226: ...width rules The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use The screen refreshes every few seconds Figure 128...

Страница 227: ...ow your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a...

Страница 228: ...Type the domain name assigned to your P 660HWP D1 by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the pa...

Страница 229: ...P address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the P 660HWP D1 and the DDNS serv...

Страница 230: ...Chapter 16 Dynamic DNS Setup P 660HWP D1 User s Guide 230...

Страница 231: ...s You may manage your P 660HWP D1 from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you choose WAN only or LAN WAN you still need to configure a firewall rule...

Страница 232: ...nagement session running at one time There is a firewall rule that blocks it 17 1 2 Remote Management and NAT When NAT is enabled Use the P 660HWP D1 s WAN IP address when configuring from the WAN Use...

Страница 233: ...ficate that the P 660HWP D1 will use to identify itself The P 660HWP D1 is the SSL server and must always authenticate itself to the SSL client the computer which requests the HTTPS connection with th...

Страница 234: ...pears as shown Table 99 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that ser...

Страница 235: ...ly available if TCP IP is configured Table 100 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in o...

Страница 236: ...formation Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based...

Страница 237: ...DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 6 whyReboot defined in ZYXEL MIB A trap...

Страница 238: ...using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the P 660HWP D1 using this service Select All to allow any computer to access the P 660...

Страница 239: ...ponse packet from being sent This keeps outsiders from discovering your P 660HWP D1 when unsupported ports are probed Table 103 Remote Management DNS LABEL DESCRIPTION Port The DNS service port number...

Страница 240: ...cation user Respond to Ping on The P 660HWP D1 will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming...

Страница 241: ...ON wan tr069 All TR 069 related commands must be preceded by wan tr069 load Start configuring TR 069 on your P 660HWP D1 active 0 no 1 yes Enable disable TR 069 operation acsUrl URL Set the IP address...

Страница 242: ...Chapter 17 Remote Management Configuration P 660HWP D1 User s Guide 242...

Страница 243: ...work will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 18 1 2 NAT Traversal UPnP NAT traversal automates the pro...

Страница 244: ...PnP to display the screen shown next See Section 18 1 on page 243 for more information Figure 139 Configuring UPnP The following table describes the fields in this screen Table 106 Configuring UPnP LA...

Страница 245: ...Components selection box Click Details Figure 140 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selectio...

Страница 246: ...mpted 18 3 2 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click start and Control Panel 2 Double click Network Connections 3 In the Network Connections wind...

Страница 247: ...elect the Universal Plug and Play check box Figure 144 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 18 4 Using UPnP in Windows XP...

Страница 248: ...P 660HWP D1 18 4 1 Auto discover Your UPnP enabled Network Device 1 Click start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and s...

Страница 249: ...d Play UPnP P 660HWP D1 User s Guide 249 Figure 146 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 147 Internet Connection...

Страница 250: ...d When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 5 Select Show icon in notification area when connected option and click OK An icon dis...

Страница 251: ...n access the web based configurator on the P 660HWP D1 without finding out the IP address of the P 660HWP D1 first This comes helpful if you do not know the IP address of the P 660HWP D1 Follow the st...

Страница 252: ...D1 User s Guide 252 Figure 151 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your P 660HWP D1 and select I...

Страница 253: ...253 Figure 152 Network Connections My Network Places 6 Right click on the icon for your P 660HWP D1 and select Properties A properties window displays with basic information about the P 660HWP D1 Fig...

Страница 254: ...Chapter 18 Universal Plug and Play UPnP P 660HWP D1 User s Guide 254...

Страница 255: ...255 PART VI Maintenance and Troubleshooting System 257 Logs 263 Tools 281 Diagnostic 287 Troubleshooting 289...

Страница 256: ...256...

Страница 257: ...ndows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it a...

Страница 258: ...ype how many minutes a management session can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts...

Страница 259: ...the existing password you use to access the system for configuring advanced features New Password Type your new system password up to 30 characters Note that as you type a password the screen display...

Страница 260: ...d Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the P 660HWP D1 get the time and date from the time server you specif...

Страница 261: ...e zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here ar...

Страница 262: ...Chapter 19 System P 660HWP D1 User s Guide 262...

Страница 263: ...arrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may...

Страница 264: ...SCRIPTION Display The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categor...

Страница 265: ...subject line of the log e mail message that the P 660HWP D1 sends Not all ZyXEL models have this field Send Log To The P 660HWP D1 sends logs to the e mail address specified in this field If this fiel...

Страница 266: ...is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to select which day of the week to send the logs Time for Sen...

Страница 267: ...rc port 00520 dest port 00520 1 02 End of Firewall Log Table 111 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information fr...

Страница 268: ...using HTTPS protocol HTTPS login failed Someone has failed to log on to the router s web configurator interface using HTTPS protocol Table 112 System Error Logs LOG MESSAGE DESCRIPTION s exceeds the m...

Страница 269: ...session time out sent TCP RST The router sent a TCP reset packet when a dynamic firewall session timed out The default timeout values are as follows ICMP idle timeout 3 minutes UDP idle timeout 3 min...

Страница 270: ...hannel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the reference count number of the call dev is the device type 3 is for dial up 6 is for P...

Страница 271: ...esponded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache but does not kno...

Страница 272: ...rewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack For type and code details see Table 127 on page 278 illegal command TCP The firewall de...

Страница 273: ...A process done The phase 1 IKE SA process has been completed Duplicate requests with the same cookie The router received multiple requests from the same peer while still processing the first IKE packe...

Страница 274: ...ID contents do not match Configured Peer ID Content Configured Peer ID Content The phase 1 ID contents do not match and the configured Peer ID Content is displayed Incoming ID Content Incoming Peer ID...

Страница 275: ...1 hash mismatch The listed rule s IKE phase 1 hash did not match between the router and the peer Rule d Phase 1 preshared key mismatch The listed rule s IKE phase 1 pre shared key did not match betwe...

Страница 276: ...ame as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd ARL size issuer name The router received an ARL Authority Revocation List with size and issuer name...

Страница 277: ...pecific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decodin...

Страница 278: ...ed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams...

Страница 279: ...ured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined...

Страница 280: ...Chapter 20 Logs P 660HWP D1 User s Guide 280...

Страница 281: ...er a successful upload the system will reboot Only use firmware for your device s specific model Refer to the label on the bottom of your device Click Maintenance Tools to open the Firmware screen Fol...

Страница 282: ...ems you may see the following icon on your desktop Figure 161 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was...

Страница 283: ...Tools Configuration Backup configuration allows you to back up save the P 660HWP D1 s current configuration to a file on your computer Once your P 660HWP D1 is configured and functioning properly it i...

Страница 284: ...work disconnect In some operating systems you may see the following icon on your desktop Upload Restore your router to a previous configuration by uploading a previously saved configuration file from...

Страница 285: ...166 Configuration Restore Error 21 2 3 Back to Factory Defaults Pressing the RESET button in this section clears all user entered configuration information and returns the P 660HWP D1 to its factory...

Страница 286: ...Chapter 21 Tools P 660HWP D1 User s Guide 286...

Страница 287: ...nostic Click Maintenance Diagnostic to open the screen shown next Figure 168 Diagnostic General The following table describes the fields in this screen Table 133 Diagnostic General LABEL DESCRIPTION T...

Страница 288: ...VCIs before you begin this test The P 660HWP D1 sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the P 660HWP D1 The ATM loopback test is useful for troubleshooting...

Страница 289: ...re using the power adaptor or cord included with the P 660HWP D1 3 Make sure the power adaptor or cord is connected to the P 660HWP D1 and plugged in to an appropriate power source Make sure the power...

Страница 290: ...e or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 6 2 1 on page 93 use t...

Страница 291: ...entered the user name and password correctly The default password is 1234 This field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is us...

Страница 292: ...Address Translation NAT make sure that Enable SIP ALG is activated in the NAT General screen See Section 9 3 on page 138 4 Ensure STUN is turned off on your VoIP device 5 If you are using a new VoIP a...

Страница 293: ...1 and see if the Link LED lights up This checks whether the P 660HWP D1 can detect the powerline adapters on your electrical circuit V I cannot access my powerline network 1 Make sure that the devices...

Страница 294: ...Chapter 23 Troubleshooting P 660HWP D1 User s Guide 294 4 Avoid wiring that is old low quality or with a long wiring path as this may affect the quality of your powerline signal...

Страница 295: ...ns and Wall Mounting 297 Wireless LANs 303 Setting up Your Computer s IP Address 317 IP Subnetting 333 Command Interpreter 341 Firewall Commands 345 Pop up Windows JavaScripts and Java Permissions 351...

Страница 296: ...296...

Страница 297: ...ature 0 C 40 C Storage Temperature 20 60 C Operation Humidity 20 85 RH Storage Humidity 10 90 RH Distance between the centers of the holes for wall mounting on the device s back 215 5 mm Screw size fo...

Страница 298: ...omePlug 1 0 devices but do not detect each other The range of a HomePlug AV network is 300 meters 984 feet HomePlug AV is compatible with all OSs IP Multicast IP multicast is used to send traffic to a...

Страница 299: ...s is done without changing the network settings such as IP address and subnet mask of the computer Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the P 660HWP D1 canno...

Страница 300: ...l version 2 RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1631 IP Network Address Translator NAT RFC 1661 The Point to Point Protocol PPP RFC 1723 RIP 2 Routing Information Prot...

Страница 301: ...ack of the P 660HWP D1 with the screws on the wall Hang the P 660HWP D1 on the screws IEEE 802 1x Port Based Network Access Control ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL standard...

Страница 302: ...l Mounting P 660HWP D1 User s Guide 302 Figure 170 Wall mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting All measurements are in millimeters mm...

Страница 303: ...endent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 172 Peer to Peer Communication in an Ad hoc Net...

Страница 304: ...red connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired networ...

Страница 305: ...overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels a...

Страница 306: ...equested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if th...

Страница 307: ...t and to provide more efficient communications Select Dynamic to have the AP automatically use short preamble when wireless adapters support it otherwise the AP uses long preamble The AP and the wirel...

Страница 308: ...ntages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting mana...

Страница 309: ...nt and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped...

Страница 310: ...wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchan...

Страница 311: ...stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients s...

Страница 312: ...with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt dat...

Страница 313: ...hentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 The RADIUS server distributes...

Страница 314: ...RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals fr...

Страница 315: ...isotropic antenna An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions dBi represents the true gain that the antenna provides Types of Ant...

Страница 316: ...o on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the co...

Страница 317: ...a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are...

Страница 318: ...en click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft...

Страница 319: ...elect Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 179 Windows 95 98 Me T...

Страница 320: ...the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your P 660HWP D1 and restart your computer when prompted Verifying Settings 1 Click Sta...

Страница 321: ...D1 User s Guide 321 Figure 181 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 182 Windows XP Control Panel 3 Ri...

Страница 322: ...b in Win XP and then click Properties Figure 184 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic...

Страница 323: ...dd In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default ga...

Страница 324: ...he General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Страница 325: ...k Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your P 660HWP D1 and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and...

Страница 326: ...acintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 189 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list...

Страница 327: ...nfiguration 7 Turn on your P 660HWP D1 and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu an...

Страница 328: ...k in the Subnet mask box Type the IP address of your P 660HWP D1 in the Router address box 5 Click Apply Now and close the window 6 Turn on your P 660HWP D1 and restart your computer if prompted Verif...

Страница 329: ...ow to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 192 Red Hat 9 0 KDE Network Configura...

Страница 330: ...0 KDE Network Configuration DNS 5 Click the Devices tab 6 Click the Activate button to apply the changes The following screen displays Click Yes to save the changes in all screens Figure 195 Red Hat 9...

Страница 331: ...the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 198 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration f...

Страница 332: ...root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717...

Страница 333: ...he first two octets make up the network number and the two remaining octets make up the host ID In a class C address the first three octets make up the network number and the last octet is the host ID...

Страница 334: ...ation A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bi...

Страница 335: ...derstood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 The first three octets of the address make up th...

Страница 336: ...e first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second su...

Страница 337: ...dcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Table 151 Subnet 2 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000...

Страница 338: ...tets see Table 143 on page 333 available for subnetting The following table is a summary for class B subnet planning Table 154 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST...

Страница 339: ...128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 14 255 255 255 2...

Страница 340: ...Appendix D IP Subnetting P 660HWP D1 User s Guide 340...

Страница 341: ...e same subnet In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default P 660HWP D1 IP address and click OK 3 A login screen displays Enter the default...

Страница 342: ...g Parameters Example 4 Use sys logs category followed by a log category and a parameter to decide what to record Use 0 to not record logs for that category 1 to record only logs for that category 2 to...

Страница 343: ...s display access time source destination notes message 0 06 08 2004 05 58 21 172 21 4 154 224 0 1 24 ACCESS BLOCK Firewall default policy IGMP W to W 1 06 08 2004 05 58 20 172 21 3 56 239 255 255 250...

Страница 344: ...Appendix E Command Interpreter P 660HWP D1 User s Guide 344...

Страница 345: ...of all the firewall settings including e mail attack and the sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default per...

Страница 346: ...e mail hour 0 23 This command sets the hour when the firewall log is sent through e mail if the P 660HWP D1 is set to send it on an hourly daily or weekly basis config edit firewall e mail minute 0 59...

Страница 347: ...h the same destination where the P 660HWP D1 starts dropping half open sessions to that destination Sets config edit firewall set set name desired name This command sets a name to identify a specified...

Страница 348: ...CMP Config edit firewall set set rule rule log none match not match both This command sets the P 660HWP D1 to log traffic that matches the rule doesn t match both or neither Config edit firewall set s...

Страница 349: ...nd to enter various non consecutive port numbers config edit firewall set set rule rule TCP destport range start port end port This command sets a rule to have the P 660HWP D1 check for TCP traffic wi...

Страница 350: ...Commands P 660HWP D1 User s Guide 350 config delete firewall set set rule rule This command removes the specified rule in a firewall configuration set Table 157 Firewall Commands continued FUNCTION C...

Страница 351: ...rnet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking...

Страница 352: ...web pop up blockers you may have enabled Figure 204 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up wi...

Страница 353: ...de 353 Figure 205 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mov...

Страница 354: ...lay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 207 Internet Options Security 2 Click the Cust...

Страница 355: ...tings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permiss...

Страница 356: ...Permissions P 660HWP D1 User s Guide 356 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Cl...

Страница 357: ...ce Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and ma...

Страница 358: ...nna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation dista...

Страница 359: ...lacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability...

Страница 360: ...Appendix H Legal Information P 660HWP D1 User s Guide 360...

Страница 361: ...mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL...

Страница 362: ...448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mai...

Страница 363: ...agawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk...

Страница 364: ...krzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova...

Страница 365: ...il ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 F...

Страница 366: ...Appendix I Customer Support P 660HWP D1 User s Guide 366...

Страница 367: ...st 288 attack alert 180 attack types 154 attacks 263 auxiliary gateway 299 B backup gateway 299 backup settings 283 backup type 89 bandwidth 69 budget 222 bandwidth management 69 215 bandwidth manager...

Страница 368: ...r see DSLAM dimensions 297 disclaimer 357 DNS 92 238 domain name 92 140 257 258 Domain Name System see DNS DoS 150 151 179 basics 151 types 152 downstream 33 34 DS Field 222 DS field 222 DSCPs 222 DSL...

Страница 369: ...53 177 ICMP echo 153 IEEE 802 11g 307 IGMP 94 95 Independent Basic Service Set See IBSS 303 initialization vector IV 312 Integrated Services Digital Network see ISDN Internet access 34 57 wizard setup...

Страница 370: ...rsal 243 navigating the web configurator 44 NetBIOS commands 154 Network Address Translation see NAT network disconnect icon 282 284 network management 140 NMK changing 128 NNTP 140 O one minute high...

Страница 371: ...283 saving the state 154 scheduler 216 fairness based 217 priority based 216 SCR 77 81 86 screws 301 security general 158 ramifications 162 Server 138 server 137 138 260 service 163 service set 108 Se...

Страница 372: ...cal user database 106 RADIUS server 106 weaknesses 106 user name 228 V Vantage CNM Access 299 Variable Bit Rate see VBR VBR 81 86 VC 74 VC based multiplexing 74 VCI 75 Virtual Channel Identifier see V...

Страница 373: ...ple 313 WPA compatibility 107 WPA2 311 user authentication 312 vs WPA2 PSK 312 wireless client supplicant 313 with RADIUS application example 313 WPA2 Pre Shared Key 311 WPA2 PSK 311 312 application e...

Страница 374: ...Index P 660HWP D1 User s Guide 374...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды