ZyXEL Communications P-660W-T1 v2 Скачать руководство пользователя страница 127 | Manualshive

Страница: 127 / 244

background image

Chapter 11 Firewall Configuration

P-660W-Tx v2 User’s Guide

127

11.7.2.1 Rule Checklist

State the intent of the rule. For example, “This restricts all IRC access from the LAN to the
Internet.” Or, “This allows a remote Lotus Notes server to synchronize over the Internet to an
inside Notes server.”

1

Is the intent of the rule to forward or block traffic?

2

What direction of traffic does the rule apply to?

3

What IP services will be affected?

4

What computers on the LAN are to be affected (if any)?

5

What computers on the Internet will be affected? The more specific, the better. For
example, if traffic is being allowed from the Internet to the LAN, it is better to allow
only certain machines on the Internet to access the LAN.

11.7.2.2 Security Ramifications

Once the logic of the rule has been defined, it is critical to consider the security ramifications
created by the rule:

1

Does this rule stop LAN users from accessing critical resources on the Internet? For
example, if IRC is blocked, are there users that require this service?

2

Is it possible to modify the rule to be more specific? For example, if IRC is blocked for
all users, will a rule that blocks just certain users be more effective?

3

Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to
the LAN, Internet users may be able to connect to computers with running FTP servers.

4

Does this rule conflict with any existing rules?

5

Once these questions have been answered, adding rules is simply a matter of plugging
the information into the correct fields in the web configurator screens.

11.7.2.3 Key Fields For Configuring Rules

Action

Should the action be to

Block

or

Forward

? “Block” means the firewall silently discards the

packet.

Service

Select the service from the

Service

scrolling list box. If the service is not listed, it is necessary

to first define it. See

Section 11.4.2 on page 121

for more information on predefined services.

Source Address

What is the connection’s source address; is it on the LAN, WAN? Is it a single IP, a range of
IPs or a subnet?

Destination Address

What is the connection’s destination address; is it on the LAN, WAN? Is it a single IP, a range
of IPs or a subnet?

«
...
125
126
127
128
129
...
»

Содержание P-660W-T1 v2

Страница 1: ...www zyxel com P 660W Tx v2 ADSL Router over POTS ISDN User s Guide Version 3 40 06 2008 Edition 2 DEFAULT LOGIN IP Address http 192 168 1 1 Password 1234 ...

Страница 2: ......

Страница 3: ...reens and supplementary information Command Reference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the ZyXEL Device It is recommended you use the web configurator to configure the ZyXEL Device Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support docume...

Страница 4: ...phics in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate ...

Страница 5: ... text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click Maintenance in the navigation panel then the Log sub m...

Страница 6: ...Document Conventions P 660W Tx v2 User s Guide 6 Table 1 Common Icons ZyXEL Device Computer Notebook Server Printer Telephone Switch Router Internet Cloud Firewall Modem Wireless Signal Television DSLAM ...

Страница 7: ...the appropriate wire gauge see Chapter 19 on page 193 for details for your device Connect it to a power supply of the correct voltage see Chapter 19 on page 193 for details Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electroc...

Страница 8: ...Safety Warnings P 660W Tx v2 User s Guide 8 ...

Страница 9: ...LAN Setup 53 Wireless LAN 63 WAN Setup 81 Network Address Translation NAT Screens 93 Dynamic DNS Setup 105 Time and Date 107 Firewall Configuration 109 Content Filtering 131 Remote Management Configuration 135 Universal Plug and Play UPnP 139 Logs Screens 151 Media Bandwidth Management Advanced Setup 157 Maintenance 169 Maintenance 171 Troubleshooting and Specifications 185 Troubleshooting 187 Pro...

Страница 10: ...Contents Overview P 660W Tx v2 User s Guide 10 ...

Страница 11: ...evice 27 1 1 Overview 27 1 2 Ways to Manage the ZyXEL Device 28 1 3 Good Habits for Managing the ZyXEL Device 28 1 4 LEDs 28 Chapter 2 Introducing the Web Configurator 31 2 1 Web Configurator Overview 31 2 1 1 Accessing the Web Configurator 31 2 1 2 Resetting the ZyXEL Device 32 2 1 3 Navigating the Web Configurator 32 2 2 Change Login Password 35 Part II Setup Wizard 37 Chapter 3 Connection Setup...

Страница 12: ...WANs and the ZyXEL Device 57 5 4 2 DHCP Setup 58 5 4 3 DNS Server Address 58 5 4 4 LAN TCP IP 58 5 4 5 RIP Setup 60 5 4 6 Multicast 60 5 4 7 Any IP 61 Chapter 6 Wireless LAN 63 6 1 Overview 63 6 1 1 What You Can Do in the Wireless LAN Screens 63 6 1 2 What You Need to Know About Wireless LAN 63 6 1 3 Before You Start 64 6 2 The Main Wireless LAN Screen 64 6 3 The Wireless Screen 65 6 3 1 No Securi...

Страница 13: ...p Connection PPP 89 7 5 6 Traffic Shaping 90 7 5 7 Zero Configuration Internet Access 90 7 5 8 Traffic Redirect 91 7 5 9 Metric 92 Chapter 8 Network Address Translation NAT Screens 93 8 1 Overview 93 8 1 1 What You Can Do in the NAT Screen 93 8 1 2 What You Need to Know About NAT 93 8 2 The NAT Mode Screen 94 8 2 1 Configuring SUA Server Set 95 8 2 2 Configuring Address Mapping Rules 96 8 2 3 Edit...

Страница 14: ...en 116 11 4 1 Configuring Firewall Rules 118 11 4 2 Predefined Services 121 11 4 3 Editing Customized Services 121 11 4 4 Configuring a Customized Service 122 11 5 The Anti Probing Screen 122 11 6 The Threshold Screen 123 11 7 Firewall Configuration Technical Reference 125 11 7 1 Firewall Policies Overview 125 11 7 2 Rule Logic Overview 126 11 7 3 Connection Direction 128 11 7 4 DoS Thresholds 128...

Страница 15: ... 150 14 5 1 NAT Traversal 150 14 5 2 Cautions with UPnP 150 14 5 3 UPnP and ZyXEL 150 Chapter 15 Logs Screens 151 15 1 Overview 151 15 1 1 What You Can Do in the Log Screens 151 15 1 2 What You Need to Know About Logs 151 15 2 The Log Settings Screen 151 15 3 The View Logs Screen 153 15 3 1 Email Log Example 154 Chapter 16 Media Bandwidth Management Advanced Setup 157 16 1 Overview 157 16 2 What Y...

Страница 16: ...creen 176 17 5 1 Association List 176 17 6 Diagnostic Screens 177 17 6 1 General Diagnostic 177 17 6 2 DSL Line Diagnostic 178 17 7 Firmware Screen 180 17 8 FTP Command Line Examples 181 17 8 1 Filename Conventions 181 17 8 2 FTP Command Line Procedure 182 17 8 3 GUI based FTP Clients 182 17 8 4 FTP Restrictions 183 Part V Troubleshooting and Specifications 185 Chapter 18 Troubleshooting 187 18 1 ...

Страница 17: ...ons 197 19 3 Power Adaptor Specifications 198 Part VI Appendices and Index 199 Appendix A Pop up Windows JavaScripts and Java Permissions 201 Appendix B Wireless LANs 209 Appendix C Common Services 223 Appendix D Legal Information 227 Appendix E Customer Support 233 Index 239 ...

Страница 18: ...Table of Contents P 660W Tx v2 User s Guide 18 ...

Страница 19: ...on Tests 45 Figure 14 MBM Wizard Media Bandwidth Management 48 Figure 15 MBM Wizard Media Bandwidth Management 49 Figure 16 LAN Setup 55 Figure 17 LAN Static DHCP 57 Figure 18 LAN and WAN IP Addresses 58 Figure 19 Any IP Example 61 Figure 20 Wireless LAN 65 Figure 21 Wireless LAN Wireless 66 Figure 22 Wireless No Security 67 Figure 23 Wireless Static WEP 68 Figure 24 Wireless WPA PSK 69 Figure 25 ...

Страница 20: ...igure 58 Firewall Anti Probing 123 Figure 59 Firewall Threshold 124 Figure 60 Content Filtering 132 Figure 61 Content Filter Keyword 132 Figure 62 Content Filter Schedule 133 Figure 63 Content Filter Trusted 134 Figure 64 Remote Management From the WAN 135 Figure 65 Remote Management 136 Figure 66 Configuring UPnP 140 Figure 67 Add Remove Programs Windows Setup Communication 141 Figure 68 Add Remo...

Страница 21: ...ure 97 Association List 177 Figure 98 Diagnostic General 178 Figure 99 Diagnostic DSL Line 179 Figure 100 Firmware Upgrade 180 Figure 101 Network Temporarily Disconnected 181 Figure 102 Error Message 181 Figure 103 Wall mounting Example 197 Figure 104 Masonry Plug and M4 Tap Screw 198 Figure 105 Pop up Blocker 201 Figure 106 Internet Options Privacy 202 Figure 107 Internet Options Privacy 203 Figu...

Страница 22: ...List of Figures P 660W Tx v2 User s Guide 22 ...

Страница 23: ... LAN Static DHCP 57 Table 15 Wireless LAN 65 Table 16 Wireless LAN Wireless 66 Table 17 Wireless No Security 67 Table 18 Wireless Static WEP 68 Table 19 Wireless WPA PSK WPA2 PSK 70 Table 20 Wireless WPA WPA2 71 Table 21 Wireless LAN MAC Filter 74 Table 22 Wireless LAN WDS 75 Table 23 Types of Encryption for Each Type of Authentication 79 Table 24 Additional Wireless Terms 80 Table 25 WAN 82 Table...

Страница 24: ...162 Table 57 Media Bandwidth Management Summary 163 Table 58 Media Bandwidth Management Class Setup 164 Table 59 Media Bandwidth Management Class Configuration 165 Table 60 Media Bandwidth Management Statistics 167 Table 61 Media Bandwidth Management Monitor 168 Table 62 System Status 172 Table 63 System Status Show Statistics 174 Table 64 DHCP Table 175 Table 65 Any IP Table 176 Table 66 Associat...

Страница 25: ...25 PART I Introduction Introducing the ZyXEL Device 27 Introducing the Web Configurator 31 ...

Страница 26: ...26 ...

Страница 27: ...plete list of features In the ZyXEL Device product name W denotes an included wireless LAN card that provides wireless connectivity Models ending in 1 for example P 660W T1 denote a device that works over the analog telephone system POTS Plain Old Telephone Service Models ending in 3 denote a device that works over ISDN Integrated Services Digital Network Figure 1 High speed Internet Access with t...

Страница 28: ...word that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the ZyXEL Device becomes unstable or even crashes If you forget your password you will have to reset the ZyXEL De...

Страница 29: ...yXEL Device is sending receiving data through the wireless LAN Off The wireless LAN is not ready or has failed DSL Green Fast Blinking The ZyXEL Device is trying to detect the DSL signal Slow Blinking The ZyXEL Device is initializing the DSL line On The DSL link is successful Off The DSL link is down INTERNET Green On The ZyXEL Device has a successful connection to the Internet Blinking There is d...

Страница 30: ...Chapter 1 Introducing the ZyXEL Device P 660W Tx v2 User s Guide 30 ...

Страница 31: ...ripts enabled by default Java permissions enabled by default See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator Note Even though you can connect to the ZyXEL Device wirelessly it is recommended that you connect your computer to a LAN port for initial configuration 1 Make sure your ZyXEL Device hardware i...

Страница 32: ...tivity Simply log back into the ZyXEL Device if this happens to you 2 1 2 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator you will need to use the RESET button at the back of the ZyXEL Device to reload the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 2 ...

Страница 33: ...nnection Setup Use these screens for initial configuration including general setup ISP parameters for Internet Access and WAN IP DNS Server MAC address assignment Media Bandwidth Mgnt Use these screens to limit bandwidth usage by application Advanced Setup Password Use this screen to change your password LAN LAN Setup Use this screen to configure LAN settings Static DHCP Use this screen to configu...

Страница 34: ...hange your ZyXEL Device s log settings View Log Use this screen to view the logs for the categories that you selected Media Bandwidth Management Summary Use this screen to assign bandwidth limits to specific types of traffic Class Setup Use this screen to define a bandwidth class Monitor Use this screen to view bandwidth class statistics Maintenance System Status This screen contains administrativ...

Страница 35: ...ssword in the Site Map screen to display the screen as shown next Figure 5 Password The following table describes the fields in this screen Table 4 Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field New Password Type the new password in this field Retype to Confirm Type the new password again in this field Apply Cli...

Страница 36: ...Chapter 2 Introducing the Web Configurator P 660W Tx v2 User s Guide 36 ...

Страница 37: ...37 PART II Setup Wizard Connection Setup Wizard 39 Media Bandwidth Management Wizard 47 ...

Страница 38: ...38 ...

Страница 39: ...ens in the web configurator 3 1 Introduction Use the Connection Wizard screens to configure your system for Internet access with the information given to you by your ISP Internet Service Provider Note See the advanced menu chapters for background information on these fields 3 1 1 Internet Access Wizard Setup 1 In the Site Map screen click Connection Setup to display the first wizard screen ...

Страница 40: ...drop down list box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode field select either PPPoA or RFC 1483 If you select Routing in the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE Multiplex Select the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based Virtual Circuit ID VPI Virtual Path Identif...

Страница 41: ...ct to the Internet Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the text box below Connection Select Connect on Demand when you don t want the connection up all the time and specify an idle time out in seconds in the Max Idle Timeout field The default setting selects Connection on Demand with ...

Страница 42: ...own list box Refer to the NAT chapter for more details Back Click Back to go back to the first wizard screen Next Click Next to continue to the next wizard screen Table 8 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Interne...

Страница 43: ...Address This option is available if you select Routing in the Mode field A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Click Obtain an IP Address Automatically if you have a dynamic IP address otherwise click Static IP Address and type your ISP assigned IP address in the IP Addre...

Страница 44: ...t to change your ZyXEL Device LAN settings click Change LAN Configuration to display the screen as shown next Figure 12 Internet Access Wizard Setup LAN Configuration Network Address Translation This option is available if you select Routing in the Mode field Select None SUA Only or Full Feature from the drop sown list box Refer to the NAT chapter for more details Back Click Back to go back to the...

Страница 45: ...vice in dotted decimal notation for example 192 168 1 1 factory default If you changed the ZyXEL Device s LAN IP address you must use the new IP address if you want to access the web configurator again LAN Subnet Mask Enter a subnet mask in dotted decimal notation DHCP DHCP Server From the DHCP Server drop down list box select On to allow your ZyXEL Device to assign IP addresses an IP default gate...

Страница 46: ...Chapter 3 Connection Setup Wizard P 660W Tx v2 User s Guide 46 ...

Страница 47: ... of network traffic For example you can allocate a high priority to XBox Live traffic Use the Media Bandwidth Management MBM Wizard screens to configure bandwidth management on your ZyXEL Device See Chapter 16 on page 157 for background information on Media Bandwidth Management 4 1 1 Media Bandwidth Management Wizard 1 In the Site Map screen click Media Bandwidth Management Wizard to display the f...

Страница 48: ...ply bandwidth management Select the traffic type s to which you want to allocate priority You can select the following XBox Live a game playing device used for gaming on the Internet as well as playing media files such as videos VoIP SIP Voice over IP this allows you to make calls over the Internet using a SIP server FTP File Transfer Protocol a service used for downloading files E Mail the email ...

Страница 49: ...h Mid Low and Others Give voice and video applications a high priority as quality is affected by transmission delays VoIP is a voice service and XBox Live is a video service so they should receive a high priority Give Internet browsing a medium level priority as quality is not noticeably affected by brief delays Give data transfer services such as eMule FTP or E Mail a low priority as quality is n...

Страница 50: ...Chapter 4 Media Bandwidth Management Wizard P 660W Tx v2 User s Guide 50 ...

Страница 51: ... 81 Network Address Translation NAT Screens 93 Dynamic DNS Setup 105 Time and Date 107 Firewall Configuration 109 Content Filtering 131 Remote Management Configuration 135 Universal Plug and Play UPnP 139 Logs Screens 151 Media Bandwidth Management Advanced Setup 157 ...

Страница 52: ...52 ...

Страница 53: ...and subnet mask of your ZyXEL Device You can also edit your ZyXEL Device s RIP Multicast and Any IP from this screen Use the Static DHCP screen Section 5 2 on page 54 to configure the static DHCP settings of your ZyXEL Device 5 1 2 What You Need To Know About LAN IP Address IP addresses identify individual devices on a network Every networking device including computers servers routers printers et...

Страница 54: ...t Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data There are two versions 1 and 2 IGMP version 2 is an improvement over version 1 but IGMP version 1 is still in wide use DNS DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important b...

Страница 55: ...the remote server and the clients Enter the IP address of the actual remote DHCP server in the Remote DHCP Server field in this case When DHCP is used the following items need to be set Client IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP address pool Size of Client IP Pool This field specifies the size or count of the IP address pool Primary DNS Ser...

Страница 56: ...otocol used to establish membership in a multicast group The ZyXEL Device supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it Any IP Setup Select the Active check box to enable the Any IP feature This allows a computer to access the Internet via the ZyXEL Device without changing the network settings such as IP address and subnet mask of the computer even when the IP addresse...

Страница 57: ...one inside the LAN network and the other outside the WAN network as shown next Table 14 LAN Static DHCP LABEL DESCRIPTION This is the index number for the entries in this table MAC Address Type the MAC address of the device for which you are configuring the IP address Use hexadecimal characters in the following format 0A A0 00 BB CC DD IP Address Type the IP address for the device you are configur...

Страница 58: ...igured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 5 4 3 DNS Server Address There are two ways that an ISP disseminates the DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP ...

Страница 59: ...t make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the ...

Страница 60: ...verybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please ...

Страница 61: ...omputer to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential house where a ZyXEL Device is installed you can still use the computer to access the Internet without changing the network settings even when the IP addresses of the computer and the ZyXEL Device are not...

Страница 62: ...eway an ARP request is broadcast on the LAN 3 The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address 4 The computer updates the MAC address for the default gateway to the ARP table Once the ARP table is updated the computer is able to access the Internet through the ZyXEL Device 5 When the ZyXEL Device receives packets from the computer it creates an entry i...

Страница 63: ...Distribution System in which the ZyXEL Device acts as a bridge with other ZyXEL access points You don t necessarily need to use all these screens to set up your wireless connection For example you may just want to use the Wireless screen to set up a network name a wireless radio channel and some security 6 1 2 What You Need to Know About Wireless LAN Wireless Basics Wireless is essentially radio c...

Страница 64: ... 76 for technical reference information about wireless LAN See the appendices for more detailed information about wireless networks 6 1 3 Before You Start Before you start using these screens ask yourself the following questions See Section 6 1 2 on page 63 if some of the terms used here do not make sense to you What wireless standards do the other wireless devices in your network support IEEE 802...

Страница 65: ...lick Advanced Setup Wireless LAN Wireless to open the Wireless screen Table 15 Wireless LAN LINK DESCRIPTION Wireless Click this link to go to a screen where you can configure wireless settings MAC Filter Click this link to go to a screen where you can restrict access to your wireless network by MAC address The MAC address is unique in every wireless client and it is usually written in twelve hexa...

Страница 66: ...e range of radio frequencies used by wireless devices is called a channel Select a wireless channel if interference from other nearby devices is a problem The ZyXEL Device and other wireless devices in your wireless network must use the same channel RTS CTS Threshold The RTS Request To Send threshold number of bytes is for enabling RTS CTS Data with its frame size larger than this value will perfo...

Страница 67: ...urity Mode list 6 3 2 WEP Encryption WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private It encrypts unicast and multicast communications in a network Both the wireless stations and the access points must use the same WEP key Your ZyXEL Device allows you to configure up to four 64 bit 128 bit or 256 bit WEP keys b...

Страница 68: ...The following table describes the security labels in the screen when you select Static WEP from the Security Mode list Table 18 Wireless Static WEP LABEL DESCRIPTION Security Mode Select Static WEP from the drop down list Passphrase Enter a passphrase password phrase of up to 63 case sensitive printable characters and click Generate to have the ZyXEL Device create four different WEP keys At the ti...

Страница 69: ... the same WEP key If you want to manually set the WEP keys type the key in this field The length of the key corresponds to the security strength For 64 bit security type 5 ASCII characters or 10 hexadecimal characters 0 9 A F For 128 bit security type 13 ASCII characters or 26 hexadecimal characters 0 9 A F Back Click Back to go to the main wireless LAN setup screen Apply Click Apply to save your ...

Страница 70: ...spaces and symbols ReAuthentication Timer in seconds Specify how often wireless stations have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeou...

Страница 71: ...eck box to have both WPA2 and WPA wireless clients be able to communicate with the ZyXEL Device even when the ZyXEL Device is using WPA2 PSK or WPA2 Note WPA WPA2 requires a RADIUS server to support the encryption ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default...

Страница 72: ...ed decimal notation Port Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the ZyXEL Device The key ...

Страница 73: ...0 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen To change your ZyXEL Device s MAC filter settings click Advanced Setup Wireless LAN MAC Filter to open the MAC Filter screen The screen appears as shown Be careful not to list your computer s MAC address and set the Action field to Deny Association when managing the ZyXEL Device via a wireless connection Th...

Страница 74: ...CRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Action Define the filter action for the list of MAC addresses in the MAC Address table Select Deny Association to block access to the ZyXEL Device MAC addresses not listed will be allowed to access the ZyXEL Device Select Allow Association to permit access to the ZyXEL Device MAC addresses not listed will be den...

Страница 75: ...ecurity ZyAIR Series Compatible Temporal Key Integrity Protocol If you clear this option the data sent between APs is not encrypted Anyone can read it This is the index number of the access point AP with which you are setting up a WDS connection Active Select this to enable a WDS connection with this AP Remote Bridge MAC Address Type the MAC address of the AP with which you are setting up a WDS co...

Страница 76: ... wireless network operates in one of two ways An infrastructure type of network has one or more access points and one or more wireless clients The wireless clients connect to the access points An ad hoc type of network is one in which there is no access point Wireless clients connect to one another in order to exchange information The following figure provides an example of a wireless network Figu...

Страница 77: ...he can steal information or introduce malware malicious software intended to compromise the network For these reasons a variety of security systems have been developed to ensure that only authorized people can use a wireless data network or understand the data carried on it These security standards do two things First they authenticate This means that only people presenting the right credentials o...

Страница 78: ...r s Guide or other documentation You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network If a wireless client is allowed to use the wireless network it still has to have the correct settings SSID channel and security If a wireless client is not allowed to use the wireless network it does not matter if it has the correct settin...

Страница 79: ...o access the wireless network you can choose no encryption Static WEP WPA PSK or WPA2 PSK Usually you should set up the strongest encryption that every wireless client in the wireless network supports For example suppose the AP does not have a local user database and you do not have a RADIUS server Therefore there is no user authentication Suppose the wireless network has two wireless clients Devi...

Страница 80: ...ectric motors or microwaves Problems with absorption occur when physical objects such as thick walls are between the two radios muffling the signal 6 6 4 Additional Wireless Terms The following table describes wireless network terms and acronyms used in the ZyXEL Device s Web Configurator Table 24 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a lar...

Страница 81: ...e WAN Setup or WAN Backup screens Use the WAN Setup screen Section 7 3 on page 82 to configure the WAN settings on the ZyXEL Device for Internet access Use the WAN Backup screen Section 7 4 on page 86 to set up a backup gateway that helps forward traffic to its destination when the default WAN connection is down 7 1 2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to in...

Страница 82: ... See Section 7 5 on page 87 for technical background information on WAN 7 1 3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address Get this information from your ISP 7 2 The Main WAN Screen Click WAN in the navigation panel to display the main WAN screen Figure 31 WAN The following table describes the links in this screen 7 3 The WAN Setup Screen...

Страница 83: ...Chapter 7 WAN Setup P 660W Tx v2 User s Guide 83 Figure 32 WAN Setup PPPoE ...

Страница 84: ... as e mail Select VBR Variable Bit Rate for bursty traffic and bandwidth sharing with other applications Cell Rate Cell rate configuration often helps eliminate traffic congestion that slows transmission of real time data such as audio and video connections Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell Rate PCR This is the maximum rate at which th...

Страница 85: ...ecimal notation Refer to the appendices to calculate a subnet mask If you are implementing subnetting ENET ENCAP Gateway ENET ENCAP encapsulation only You must specify a gateway IP address supplied by your ISP when you select ENET ENCAP in the Encapsulation field Zero Configuration This feature is not applicable available when you configure the ZyXEL Device to use a static WAN IP address or in bri...

Страница 86: ... in the Check WAN IP Address fields Check WAN IP Address1 3 Configure this field to test your ZyXEL Device s WAN accessibility Type the IP address of a reliable nearby computer for example your ISP s DNS server address Note If you activate either traffic redirect or dial backup you must configure at least one IP address here When using a WAN backup connection the ZyXEL Device periodically pings th...

Страница 87: ...your network is busy or congested Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet Active Select this check box to have the ZyXEL Device use traffic redirect if the normal WAN connection goes down If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priori...

Страница 88: ... PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL Device rather than individual computers the computers on the LAN do not need PPPoE software installed since the ZyXEL Device does that part of the task Furthermore with NAT all of the LANs computers will...

Страница 89: ...ture can be enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and Gateway IP Address fields are not applicable N A If you have a static IP then you only need to fill in the IP Address field a...

Страница 90: ... can be sent over the virtual connection SCR may not be greater than the PCR Maximum Burst Size MBS is the maximum number of cells that can be sent at the PCR After MBS is reached cell rates fall below SCR until cell rate averages to the SCR again At this time more cells up to the MBS can be sent at the PCR again If the PCR SCR or MBS is set to the default of 0 the system will assign a maximum val...

Страница 91: ...he following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet 2 Configure filters ...

Страница 92: ... The metric sets the priority for the ZyXEL Device s routes to the Internet If any two of the default routes have the same metric the ZyXEL Device uses the following pre defined priorities Normal route designated by the ISP see Section 7 3 on page 82 Traffic redirect route see Section 7 5 8 on page 91 WAN backup route also called dial backup see Section 7 4 on page 86 For example if the normal rou...

Страница 93: ... denotes where a host is located relative to the ZyXEL Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global Local Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network wh...

Страница 94: ...ic WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device Finding Out More See Section 8 3 on page 98 for technical background information on NAT 8 2 The NAT Mode Screen You must create a firewall rule in addition to setting up SUA NAT to allow traffic from the WAN to be forwarded through the ZyXEL Device Click NAT to open the fo...

Страница 95: ...ified here or in the remote management setup Click NAT select SUA Only and click Edit Details to open the following screen See Section 8 3 7 on page 102 for more information See Table 34 on page 102 for port numbers commonly used for particular services Figure 38 Edit SUA NAT Server Set Edit Details Click this link to go to the NAT Address Mapping Rules screen Apply Click Apply to save your config...

Страница 96: ...nd 7 become new rules 4 5 and 6 Click NAT select Full Feature and click Edit Details to open the following screen Use this screen to change your ZyXEL Device s address mapping settings Figure 39 Address Mapping Rules Table 29 Edit SUA NAT Server Set LABEL DESCRIPTION Start Port No Enter a port number in this field To forward only one port enter the port number again in the End Port No field To for...

Страница 97: ...bal IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for Many to One and Server mapping types Global End IP This is the ending Inside Global IP Address IGA This field is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change for the ...

Страница 98: ...ported only Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP This is the starting...

Страница 99: ...y servers for Many to One and Many to Many Overload mapping see Table 33 on page 101 NAT offers the additional benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 8 3 3 How NAT Works Each p...

Страница 100: ...ing figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyXEL Device can communicate with three distinct WAN networks More examples follow at the end of this chapter Figure 42 NAT Application With IP Alias 8 3 5 NAT Mapping Types NAT supports five types of IP port mapping They are ...

Страница 101: ... the NAT to be accessible to the outside world Port numbers do NOT change for One to One and Many to Many No Overload NAT mapping types The following table summarizes these types 8 3 6 SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of mapping Many to One and Server The ZyXEL Device also supports Full Feature NAT to ma...

Страница 102: ...ult Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen If you do not assign an IP address in Server Set 1 default server the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup Port Forwarding Ser...

Страница 103: ...Chapter 8 Network Address Translation NAT Screens P 660W Tx v2 User s Guide 103 IP address assigned by ISP Figure 43 Multiple Servers Behind NAT Example ...

Страница 104: ...Chapter 8 Network Address Translation NAT Screens P 660W Tx v2 User s Guide 104 ...

Страница 105: ...www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 9 1 1 What You Can Do in the Dynamic DNS Screen Use the Dynamic DNS screen Section 9 2 on page 105 to enable DDNS and configure the DDNS settings on the ZyXEL Device 9 1 2 What You Need to Know About Dynamic D...

Страница 106: ... This is the name of your Dynamic DNS service provider Host Names Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider E mail Address Type your e mail address User Type your user name Password Type the password assigned to you Enable Wildcard Select the check box to enable DYNDNS Wildcard Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel...

Страница 107: ...ion 10 2 on page 107 to configure the ZyXEL Device s time and date settings 10 2 The Time and Date Screen To change your ZyXEL Device s time and date click Time And Date The screen appears as shown Use this screen to configure the ZyXEL Device s time based on your local time zone Figure 45 Time and Date ...

Страница 108: ...rt Date Enter the month and day that your daylight savings time starts on if you selected Daylight Savings End Date Enter the month and day that your daylight savings time ends on if you selected Daylight Savings Synchronize system clock with Time Server now Select this option to have your ZyXEL Device use the time server that you configured above to set its internal system clock Please wait for u...

Страница 109: ...ssion from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 46 Default Firewall Action 11 1 1 What You Can Do in the Firewall Screens Use the main Firewall screen Section 11 2 on page 114 to enter the Default Policy Rule Summary Anti Probing or Threshold screens Use the Default Policy screen Section 11 3 o...

Страница 110: ... Device when unsupported ports are probed ICMP Internet Control Message Protocol ICMP is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user DoS Thresholds For DoS attacks the ZyXEL Device uses thresholds to dete...

Страница 111: ...ut the rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 4 Click Insert to display the firewall rule configuration screen 5 Select Any in the Destination Address box and then click Delete 6 Configure the destination address screen as follows and click Add Figure 48 Firewall Example Edit Rule Destination Address ...

Страница 112: ... Service screen 8 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply Figure 49 Edit Custom Port Example 9 In the Edit Rule screen use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done ...

Страница 113: ...Chapter 11 Firewall Configuration P 660W Tx v2 User s Guide 113 Figure 50 Firewall Example Edit Rule Select Customized Services ...

Страница 114: ... created your custom port On completing the configuration procedure for this Internet firewall rule the Rule Summary screen should look like the following Rule 2 allows a My Service connection from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN Figure 51 Firewall Example Rule Summary My Service 11 2 The Main Firewall Screen Click Firewall to display the main Firewall screen ...

Страница 115: ... Activate the firewall by selecting the Firewall Enabled check box as seen in the following screen Figure 53 Firewall Default Policy Table 37 Firewall Firewall Functions LINK DESCRIPTION Default Policy Click this link to configure the default firewall policy Rule Summary Click this link to configure firewall rules Anti Probing Click this link to configure anti probing rules Threshold Click this li...

Страница 116: ... See the appendix for more on triangle route topology Packet Direction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another computer subnet on the LAN inte...

Страница 117: ... you configure summarized below take priority over the general firewall action settings above Rule This is your firewall rule number The ordering of your rules is important as rules are applied in turn Click a rule s number to go to the Firewall Edit Rule screen to configure or edit a firewall rule Active This field displays whether a firewall is turned on Y or not N Source IP This drop down list ...

Страница 118: ...ther this rule generates an alert Yes or not No when the rule is matched Insert Append Type the index number for where you want to put a rule For example if you type 6 your new rule becomes number 6 and the previous rule 6 if there is one becomes rule 7 Click Insert to add a new firewall rule before the specified index number Click Append to add a new firewall rule after the specified index number...

Страница 119: ...e following table describes the labels in this screen Table 40 Firewall Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule Action for Matched Packet Use the radio button to select whether to discard Block or allow the passage of Forward packets that match this rule ...

Страница 120: ...vailable Services box on the left then click Add to add it to the Selected Services box on the right To remove a service highlight it in the Selected Services box on the right then click Remove Edit Customized Service Click the Edit Customized Services link to bring up the screen that you use to configure a new custom service that is not in the predefined list of services Schedule Day to Apply Sel...

Страница 121: ...mized Services Configure customized services and port numbers not predefined by the ZyXEL Device For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website For further information on these services please read Section 11 4 2 on page 121 Click the Edit Customized Services link while editing a firewall rule to configure a custom service port This ...

Страница 122: ...ll Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configuration Type Click Single to specify one port only or Range to specify a span of ports that define your customized service Port Number Type a single port number or the rang...

Страница 123: ...y probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for unused ports thus leaving the unused ports and the ZyXEL Device unseen By default this option is not selected and the ZyXEL Device will reply with an ICMP Port Unreachable packet for a port probe on its unused UDP ports and a TCP Reset packet for a port probe on its unused TCP ports Note th...

Страница 124: ...eleting half open sessions When the rate of new connection attempts rises above this number the ZyXEL Device deletes half open sessions as required to accommodate new connection attempts 100 half open sessions per minute The above numbers cause the ZyXEL Device to start deleting half open sessions when more than 100 session establishment attempts have been detected in the last minute and to stop d...

Страница 125: ... drops below 80 TCP Maximum Incomplete This is the number of existing half open TCP sessions with the same destination host IP address that causes the firewall to start dropping half open sessions to that same destination host IP address Enter a number between 1 and 256 As a general rule you should choose a smaller number for a smaller network a slower system or limited bandwidth 30 existing half ...

Страница 126: ...aution in doing so If you configure firewall rules without a good understanding of how they work you might inadvertently introduce security risks to the firewall and to the protected network Make sure you test your rules after you configure them For example you may create rules to Block certain types of traffic such as IRC Internet Relay Chat from the LAN to the Internet Allow certain types of tra...

Страница 127: ...Is it possible to modify the rule to be more specific For example if IRC is blocked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with runni...

Страница 128: ...t right away You can choose to generate an alert when an attack is detected in the Edit Rule screen select the Send Alert Message to Administrator When Matched check box or when a rule is matched in the Edit Rule screen When an event generates an alert a message can be immediately sent to an e mail account that you specify in the Log Settings screen see the chapter on logs 11 7 4 DoS Thresholds Fo...

Страница 129: ...rate of new connection attempts rises above a threshold one minute high the ZyXEL Device starts deleting half open sessions as required to accommodate new connection requests The ZyXEL Device continues to delete half open sessions as necessary until the rate of new connection attempts drops below another threshold one minute low The rate is the number of new attempts detected in the last one minut...

Страница 130: ...Chapter 11 Firewall Configuration P 660W Tx v2 User s Guide 130 ...

Страница 131: ...s in the URL Use the Schedule screen Section 12 4 on page 133 to set the days and times for the ZyXEL Device to perform content filtering Use the Trusted screen Section 12 5 on page 134 to exclude a range of users on the LAN from content filtering on your ZyXEL Device 12 1 2 What You Need to Know About Content Filtering URL The URL Uniform Resource Locator identifies and helps locates resources on...

Страница 132: ... To have your ZyXEL Device block Web sites containing keywords in their URLs click Content Filter and Keyword The screen appears as shown Figure 61 Content Filter Keyword Table 45 Content Filter Functions LINK DESCRIPTION Keyword Click this link to display a screen where you can configure your ZyXEL Device to block Web sites containing keywords in their URLs Schedule Click this link to display a s...

Страница 133: ...to remove all of the keywords from the list Keyword Type a keyword in this field You may use any character up to 127 characters Wildcards are not allowed Add Keyword Click Add Keyword after you have typed a keyword Repeat this procedure to add other keywords Up to 64 keywords are allowed When you try to access a web page containing a keyword you will get a message telling you that the content filt...

Страница 134: ...ttings Table 47 Content Filter Schedule continued LABEL DESCRIPTION Table 48 Content Filter Trusted LABEL DESCRIPTION Trusted User IP Range From Type the IP address of a computer or the beginning IP address of a specific range of computers on the LAN that you want to exclude from content filtering To Type the ending IP address of a specific range of users on your LAN that you want to exclude from ...

Страница 135: ...ment of the ZyXEL Device coming in from the WAN Figure 64 Remote Management From the WAN When you configure remote management to allow management from the WAN you still need to configure a firewall rule to allow access You may manage your ZyXEL Device from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable To disable remote management of a service select Disable in th...

Страница 136: ...IP address users can use Telnet FTP or HTTP to manage the ZyXEL Device 13 2 The Remote Management Screen Click Remote Management to open the following screen Figure 65 Remote Management The following table describes the fields in this screen Table 49 Remote Management LABEL DESCRIPTION Server Type Each of these labels denotes a service that you may use to remotely manage the ZyXEL Device Access St...

Страница 137: ...in the corresponding remote management screen You have disabled that service in one of the remote management screens The IP address in the Secured Client IP field does not match the client IP address If it does not match the ZyXEL Device will disconnect the session immediately There is already another remote management session with an equal or higher priority running You may only have one remote m...

Страница 138: ...imeout There is a default system management idle timeout of five minutes three hundred seconds The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period The management session does not time out when a statistics screen is polling ...

Страница 139: ...ge 139 to enable UPnP on the ZyXEL Device allow UPnP enabled applications to automatically configure the ZyXEL Device and allow traffic from UPnP enabled applications to bypass the firewall 14 1 2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will ap...

Страница 140: ...creen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to allow UPnP enabled applications to automatically configure the ZyXEL Device so that they can communicate through the ZyXEL Device for example by using NAT traversal UPnP applications automatica...

Страница 141: ...up Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 68 Add Remove Programs Windows Setup Communication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted ...

Страница 142: ...ns 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 69 Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 70 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal ...

Страница 143: ...hows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Ga...

Страница 144: ...4 Universal Plug and Play UPnP P 660W Tx v2 User s Guide 144 Figure 72 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created ...

Страница 145: ...Chapter 14 Universal Plug and Play UPnP P 660W Tx v2 User s Guide 145 Figure 73 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings ...

Страница 146: ...ies Advanced Settings Figure 75 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray ...

Страница 147: ...tus Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Ot...

Страница 148: ...x v2 User s Guide 148 Figure 78 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The web configurator login screen displays ...

Страница 149: ...e 149 Figure 79 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 80 Network Connections My Network Places Properties Example ...

Страница 150: ...n NAT 14 5 2 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues Network information and configuration may also be obtained and modified by users in some network environments All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP...

Страница 151: ...ettings screen 15 1 2 What You Need to Know About Logs Alerts An alert is a message that is enabled as soon as the event occurs They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in bla...

Страница 152: ...sent Figure 81 Log Settings The following table describes the fields in this screen Table 51 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via e mail Mail Subject Type a title that you want to be in the subject line of th...

Страница 153: ... allows you to log the messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If you select Weekly or Daily specify a time of day when the E mail should be sent If you select Weekly t...

Страница 154: ...logs from all of the log categories that you selected in the Log Settings page Time This field displays the time the log was recorded Message This field states the reason for the log Source This field lists the source IP address and the port number of the incoming packet Destination This field lists the destination IP address and the port number of the incoming packet Notes This field displays add...

Страница 155: ...ward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 17 UDP src port 00520 dest port 00520 1 02 128 Apr ...

Страница 156: ...Chapter 15 Logs Screens P 660W Tx v2 User s Guide 156 ...

Страница 157: ... also allows you to configure the allowed output for an interface to match what the network can handle This helps reduce delays and dropped packets at the next routing device For example you can set the WAN interface speed to 1000kbps if the ADSL connection has an upstream speed of 1Mbps All configuration screens display measurements in kbps kilobits per second but this User s Guide also uses Mbps...

Страница 158: ... the Summary Class Setup or Monitor screens Use the Summary screen Section 16 4 on page 160 to enable and configure bandwidth on the interfaces Use the Class Setup screen Section 16 5 on page 163 to configure bandwidth classes Use the Monitor screen Section 16 6 on page 167 to view bandwidth usage information 16 2 2 Bandwidth Management Usage Examples These examples show bandwidth management allot...

Страница 159: ...ific applications in each subnet are allotted bandwidth Figure 86 Application and Subnet based Bandwidth Management Example 16 3 The Main Media Bandwidth Management Screen Click Media Bandwidth Management to display the main Media Bandwidth Management screen as shown Table 53 Application and Subnet based Bandwidth Management Example TRAFFIC TYPE FROM SUBNET A FROM SUBNET B VoIP 64 kbps 64 kbps Web...

Страница 160: ...gher priority number to provide smoother operation Fairness based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness based scheduler thus preventing one bandwidth class from using all of the interface s bandwidth 16 4 2 Maximize Bandwidth Usage The maximize bandwidth usage option see Section 16 4 on page 160 allows the ZyXEL Device to divide up any...

Страница 161: ...at is not defined in a bandwidth filter 1 Leave some of the interface s bandwidth unbudgeted 2 Do not enable the interface s Maximize Bandwidth Usage option 3 Do not enable bandwidth borrowing on the child classes that have the root class as their parent see Section on page 157 Maximize Bandwidth Usage With Bandwidth Borrowing If you configure both maximize bandwidth usage on the interface and ban...

Страница 162: ...ority 6 If they each require 1536 kbps or more of extra bandwidth the ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally between the sales and marketing departments 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the...

Страница 163: ...llocate using bandwidth management This appears as the bandwidth budget of the interface s root class The recommendation is to set this speed to match what the interface s connection can handle For example set the WAN interface speed to 10000 kbps if the ADSL connection has an upstream speed of 10Mbps Scheduler Select either Priority Based or Fairness Based from the drop down menu to control the t...

Страница 164: ...th budgets for child classes cannot exceed the configured bandwidth budget speed of the parent class 16 5 2 Configuring the Class Setup Screen The class setup screen displays the configured bandwidth classes by individual interface Select an interface and click the buttons to perform the actions described next Click to expand the class tree or click to collapse the class tree Each interface has a ...

Страница 165: ...le describes the labels in this screen Delete Click Delete to delete the class and all its child classes You cannot delete the root class Statistics Click Statistics to display the status of the selected class Table 58 Media Bandwidth Management Class Setup LABEL DESCRIPTION Table 59 Media Bandwidth Management Class Configuration LABEL DESCRIPTION Class Name Use the auto generated name or enter a ...

Страница 166: ...bandwidth filter for FTP traffic H 323 is a standard teleconferencing protocol suite that provides audio data and video conferencing It allows for real time point to point and multipoint communication between client computers over a packet based network that does not provide a guaranteed quality of service Select H 323 from the drop down list box to configure this bandwidth filter for traffic that...

Страница 167: ...This field displays the amount of bandwidth allocated to the class Tx Packets This field displays the total number of packets transmitted Tx Bytes This field displays the total number of bytes transmitted Dropped Packets This field displays the total number of packets dropped Dropped Bytes This field displays the total number of bytes dropped Bandwidth Statistics for the Past 8 Seconds t 8 to t 1 ...

Страница 168: ...ION Interface Select an interface from the drop down list box to view the bandwidth usage of its bandwidth classes Class Name This field displays the name of the class Budget kbps This field displays the amount of bandwidth allocated to the class Current Usage kbps This field displays the amount of bandwidth that each class is using Back Click Back to go to the main Media Bandwidth Management scre...

Страница 169: ...169 PART IV Maintenance Maintenance 171 ...

Страница 170: ...170 ...

Страница 171: ...ess Host Name and MAC Address of all network clients using the DHCP server Use the Any IP Table screen Section 17 4 on page 176 to display current information of all network devices that use the Any IP feature to communicate with the ZyXEL Device Use the Wireless LAN screen Section 17 5 on page 176 to display information about the ZyXEL Device s wireless LAN Use the Diagnostic screens Section 17 6...

Страница 172: ...em Status LABEL DESCRIPTION System Status System Name This is the name of your ZyXEL Device It is for identification purposes ZyNOS Firmware Version This is the ZyNOS firmware version and the date created ZyNOS is ZyXEL s proprietary Network Operating System design DSL FW Version This is the DSL firmware version associated with your ZyXEL Device ...

Страница 173: ...ed in the first Wizard screen LAN Information MAC Address This is the MAC Media Access Control or Ethernet address unique to your ZyXEL Device IP Address This is the LAN port IP address IP Subnet Mask This is the LAN port IP subnet mask DHCP This is the WAN port DHCP role Server Relay or None DHCP Start IP This is the first of the contiguous addresses in the IP address pool DHCP Pool Size This is ...

Страница 174: ... displays the type of port Status For the WAN port this displays the port speed and duplex setting if you re using Ethernet encapsulation and down line is down idle line ppp idle dial starting to trigger a call and drop dropping a call if you re using PPPoE encapsulation For a LAN port this shows the port speed and duplex setting TxPkts This field displays the number of packets transmitted on this...

Страница 175: ...tion here relates to your DHCP status The DHCP table shows current DHCP Client information including IP Address Host Name and MAC Address of all network computers using the DHCP server Figure 95 DHCP Table The following table describes the fields in this screen Set Interval Click this button to apply the new poll interval you entered in the Poll Interval field above Stop Click this button to halt ...

Страница 176: ... with the ZyXEL Device Figure 96 Any IP Table The following table describes the labels in this screen 17 5 Wireless LAN Screen The read only screen displays information about the ZyXEL Device s wireless LAN 17 5 1 Association List This screen displays the MAC address es of the wireless stations that are currently logged in to the network Click Wireless LAN and then Association List to open the scr...

Страница 177: ...ion List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC Media Access Control address of an associated wireless station Every Ethernet device has a unique MAC address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 Association Time This field displays th...

Страница 178: ...7 Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this button to ping the IP address that you entered Reset System Click this button to reboot the ZyXEL Device A warning dialog box is then displayed asking you if you re sure you want to reboot the system Click OK to proceed Back Click this button t...

Страница 179: ...lick this button to view ATM status ATM Loopback Test Click this button to start the ATM loopback test Make sure you have configured at least one PVC with proper VPIs VCIs before you begin this test The ZyXEL Device sends an OAM F5 packet to the DSLAM ATM switch and then returns it loops it back to the ZyXEL Device The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM...

Страница 180: ...o NOT turn off the ZyXEL Device while firmware upload is in progress After you see the Firmware Upload in Process screen wait two minutes before logging into the ZyXEL Device again The ZyXEL Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Table 69 Firmware Upgrade LABEL DESCRIPTION File Path ...

Страница 181: ...s in the screens such as password ZyXEL Device setup IP Setup and so on Once you have customized the ZyXEL Device s settings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension Example FTP Commands ftp put firmware bin ras Table 70 Filename Conven...

Страница 182: ...EL Device for example put firmware bin ras transfers the firmware on your computer firmware bin to the ZyXEL Device and renames it to ras Similarly put config rom config transfers the configuration file on your computer config cfg to the ZyXEL Device and renames it to config Likewise get config config rom transfers the configuration file on the ZyXEL Device to your computer and renames it to confi...

Страница 183: ...ress es in the Remote Management screen does not match the client IP address If it does not match the ZyXEL Device will disconnect the FTP session immediately Initial Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path Table 71 General Commands for GUI based FTP Clients continued COMMAND DESCRIPTION ...

Страница 184: ...Chapter 17 Maintenance P 660W Tx v2 User s Guide 184 ...

Страница 185: ...185 PART V Troubleshooting and Specifications Troubleshooting 187 Product Specifications 193 ...

Страница 186: ...186 ...

Страница 187: ... 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the ZyXEL Device off and on 5 If the problem continues contact the vendor V One of the LEDs does not behave as expected 1 Make sure you understand the n...

Страница 188: ...g the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 18 1 on page 187 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 18 ...

Страница 189: ...34 These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device Log out of the ZyXEL Device in the other session or ask the person who is logged in to log out 3 Turn the ZyXEL Device off and on 4 If this does not work you have to reset the ZyXEL Device to its factory defaults See Section 18 1 o...

Страница 190: ...continues contact your ISP V The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check Section 18 1 on page 187 If the ZyXEL Device is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Check the signal strength If the signal strength is low try moving the...

Страница 191: ... Wireless Router AP Troubleshooting V I cannot access the ZyXEL Device or ping any computer from the WLAN 1 Make sure the wireless LAN is enabled on the ZyXEL Device 2 Make sure the wireless adapter on the wireless station is working properly 3 Make sure the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the ZyXEL Device 4 Make sure...

Страница 192: ...Chapter 18 Troubleshooting P 660W Tx v2 User s Guide 192 ...

Страница 193: ...r AC 100 240V 50 60Hz 1 5A maximum input internal universal power supply DC 48 60V 1 5A max 48 Watt consumption There is no tolerance for the DC input voltage This note is needed for DC powered devices not AC Ethernet Ports Auto negotiating 10 Mbps or 100 Mbps in either half duplex or full duplex mode Auto crossover Use either crossover or straight through Ethernet cables Line Phone Ports RJ 11 te...

Страница 194: ...nts to connect to the ZyXEL Device wirelessly Enable wireless security WEP WPA 2 WPA 2 PSK and or MAC filtering to protect your wireless network Firmware Upgrade Download new firmware when available from the ZyXEL web site and use the web configurator an FTP or a TFTP tool to put it on the ZyXEL Device Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy o...

Страница 195: ... network obtain an IP address and convey its capabilities to other devices on the network RoadRunner Support The ZyXEL Device supports Time Warner s RoadRunner Service in addition to standard cable modem services Firewall You can configure firewall on the ZyXEL Device for secure Internet access When the firewall is on by default all incoming traffic from the Internet to your network is blocked unl...

Страница 196: ...gigahertz GHz band IEEE 802 11g Turbo and Super G modes IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless LAN for Quality of Service ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL standard G dmt G 992 1 G 992 1 Asymmetrical Digital Subscriber Line ADSL T...

Страница 197: ...the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4 Make sure the screws are snugly fastened to the wall They need to hold the weight of the ZyXEL Device with the connection cables 5 Align the holes on the back of the ZyXEL Device with the screws on the wall Hang the ZyXEL Device on the screws Figure 103 Wall mounting Example The following are dim...

Страница 198: ...4 Tap Screw 19 3 Power Adaptor Specifications Table 75 Power Adaptor Specifications AC Power Adaptor Model MU12 2050200 A1 Input Power 100 240 Volts AC 50 60Hz 0 25A Output Power 5 Volts DC 2A Power Consumption 10 W Safety Standards UL UL 1950 CSA CSA 22 2 CE mark EN60950 2001 T Mark C tick QAS ...

Страница 199: ...199 PART VI Appendices and Index Pop up Windows JavaScripts and Java Permissions 201 Wireless LANs 209 Common Services 223 Legal Information 227 Customer Support 233 Index 239 ...

Страница 200: ...200 ...

Страница 201: ...ernet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 105 Pop up Blocker You ...

Страница 202: ...y web pop up blockers you may have enabled Figure 106 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Страница 203: ...uide 203 Figure 107 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 108 Pop up Blocker Settings ...

Страница 204: ...splay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 109 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Cl...

Страница 205: ...ttings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window Figure 111 Security Settings Java ...

Страница 206: ... and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 112 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears ...

Страница 207: ...ipts and Java Permissions P 660W Tx v2 User s Guide 207 Figure 113 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 114 Mozilla Firefox Content Security ...

Страница 208: ...Appendix A Pop up Windows JavaScripts and Java Permissions P 660W Tx v2 User s Guide 208 ...

Страница 209: ...ependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 115 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is t...

Страница 210: ...wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the ...

Страница 211: ...rtially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not with...

Страница 212: ... requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If...

Страница 213: ...port it and to provide more efficient communications Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it otherwise the ZyXEL Device uses long preamble The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802...

Страница 214: ...advantages of IEEE 802 1x are User based identification that allows for roaming Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or th...

Страница 215: ...int and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to th...

Страница 216: ... wireless clients for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the ...

Страница 217: ...at defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use WPA2 for stronger data encryption If you don t have an external RADIUS server you should use WPA2 PSK WPA2 Pre Shared Key that only re...

Страница 218: ...d with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC with TKIP and AES it is more difficult to decrypt data on a Wi Fi network than WEP and difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that ...

Страница 219: ... client s authentication request to the RADIUS server 2 The RADIUS server then checks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management sys...

Страница 220: ...r to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 79 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dyna...

Страница 221: ...tdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions dB...

Страница 222: ...nd in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible For directional antennas point the antenna ...

Страница 223: ...l is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 80 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is ...

Страница 224: ...ogram NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whethe...

Страница 225: ... midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in ...

Страница 226: ...Appendix C Common Services P 660W Tx v2 User s Guide 226 ...

Страница 227: ...ge without notice Your use of the ZyXEL Device is subject to the terms and conditions of any related service providers Use with products that have NAT and or 3G Do not use the ZyXEL Device for illegal purposes Illegal downloading or sharing of files can result in severe civil and criminal penalties You are subject to the restrictions of copyright laws and any other applicable laws and will bear th...

Страница 228: ...the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Taiwanese BSMI Bureau of Standards Metrology and Inspection A Warning Notices Changes or modifications not expressly approved by the party responsible f...

Страница 229: ...ticular installation If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outl...

Страница 230: ...less USB adapters and CardBus cards 注意依據低功率電波輻射性電機管理辦法 for all wireless devices 第十二條經型式認證合格之低功率射頻電機非經許可公司商號或使用者均不得擅自變更頻率加大功率或變更原設計之特性及功能 for all wireless devices 第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信經發現有干擾現象時應立即停用並改善至無干擾時方得繼續使用前項合法通信指依電信規定作業之無線電信低功率射頻電機須忍受合法通信或工業科學及醫療用電波輻射性電機設備之干擾 for all wireless devices 在 5250MHz 5350MHz 頻帶內操作之無線資訊傳輸設備限於室內使用 for IEEE 802 11a wireless devices 本機限在不干擾合法...

Страница 231: ... failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher v...

Страница 232: ...Appendix D Legal Information P 660W Tx v2 User s Guide 232 ...

Страница 233: ...em and the steps you took to solve it is the prefix number you dial to make an international telephone call Corporate Headquarters Worldwide Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan China ZyXEL Communications Beijing Co...

Страница 234: ...xel cz Regular Mail ZyXEL Communications Czech s r o Modranská 621 143 01 Praha 4 Modrany Ceská Republika Denmark Support E mail support zyxel dk Sales E mail sales zyxel dk Telephone 45 39 55 07 00 Fax 45 39 55 07 07 Web www zyxel dk Regular Mail ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark Finland Support E mail support zyxel fi Sales E mail sales zyxel fi Telephone 358 9 4780 8411 ...

Страница 235: ...les E mail sales zyxel in Telephone 91 11 30888144 to 91 11 30888153 Fax 91 11 30888149 91 11 26810715 Web http www zyxel in Regular Mail India ZyXEL Technology India Pvt Ltd II Floor F2 9 Okhla Phase 1 New Delhi 110020 India Japan Support E mail support zyxel co jp Sales E mail zyp zyxel co jp Telephone 81 3 6847 3700 Fax 81 3 6847 3705 Web www zyxel co jp Regular Mail ZyXEL Japan 3F Office T U 1...

Страница 236: ...4 632 0858 Web www zyxel com Regular Mail ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web www p...

Страница 237: ...planta 28033 Madrid Spain Sweden Support E mail support zyxel se Sales E mail sales zyxel se Telephone 46 31 744 7700 Fax 46 31 744 7701 Web www zyxel se Regular Mail ZyXEL Communications A S Sjöporten 4 41764 Göteborg Sweden Taiwan Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 2 27399889 Fax 886 2 27353220 Web http www zyxel com tw Address Room B 21F No 333 Sec...

Страница 238: ... Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 0845 122 0301 UK only Fax 44 1344 303034 Web www zyxel co uk Regular Mail ZyXEL Communication...

Страница 239: ...zard 47 Basic Service Set see BSS blocking time 129 BSS 209 C CA 216 CBR 84 Certificate Authority see CA change password 32 channels 77 211 interference 211 Clear to Send see CTS connection setup wizard 39 contact information 233 content filtering 131 keywords 132 schedule 133 trusted computers 134 Continuous Bit Rate see CBR CTS 212 threshold 80 custom ports configuration 122 customer support 233...

Страница 240: ...vices 121 configuration 122 policies 125 predefined services 121 rules checklist 127 example setup 110 LAN to WAN 128 logic 126 security ramifications 127 summary 116 firmware 180 upload 180 error message 181 fragmentation threshold 212 FTP 102 181 command example 181 file transfer procedure 182 restrictions over WAN 183 H half open sessions 129 hidden node 211 HTTP 102 180 humidity 193 Hypertext ...

Страница 241: ...de 94 traversal 150 Network Address Translation see NAT network management 102 NNTP 102 O one minute high 124 one minute low 124 one minute high 129 P Pairwise Master Key see PMK PCR 84 90 Peak Cell Rate see PCR PMK 218 220 Point to Point Protocol over ATM Adaptation Layer 5 see PPPoA Point to Point Protocol over Ethernet see PPPoE Point to Point Tunneling Protocol see PPTP POP3 102 port forwardin...

Страница 242: ...stain Cell Rate see SCR Sustained Cell Rate see SCR T TCP maximum incomplete 123 125 129 temperature 193 Temporal Key Integrity Protocol see TKIP threshold values 128 max incomplete high 125 max incomplete low 124 one minute high 124 one minute low 124 TCP maximum incomplete 125 time date 107 TKIP 218 traffic redirect 87 91 traffic shaping 90 U UBR 84 Universal Plug and Play see UPnP Unspecified B...

Страница 243: ...ireless security 77 191 213 type 78 wizard 39 media bandwidth management 47 WLAN interference 211 security parameters 220 WPA 70 80 217 key caching 218 pre authentication 218 user authentication 218 vs WPA PSK 218 wireless client supplicant 219 with RADIUS application example 219 WPA2 70 217 user authentication 218 vs WPA2 PSK 218 wireless client supplicant 219 with RADIUS application example 219 ...

Страница 244: ...Index P 660W Tx v2 User s Guide 244 ...

Отзывы:

Нет отзывов

Похожие инструкции для P-660W-T1 v2

SR8800 IM-FW-II

Бренд: H3C Страницы: 107

Бренд: 3Com Страницы: 12

Бренд: H3C Страницы: 16

H3C S3600 Series

Бренд: H3C Страницы: 10

Бренд: H3C Страницы: 42

Бренд: H3C Страницы: 2

H3C S7500E Series

Бренд: H3C Страницы: 34

Бренд: H3C Страницы: 33

Бренд: H3C Страницы: 14

Бренд: H3C Страницы: 56

H3C S7500E Series

Бренд: H3C Страницы: 112

Бренд: H3C Страницы: 15

SR8800 IM-FW-II

Бренд: H3C Страницы: 5

H3C S7500E Series

Бренд: H3C Страницы: 50

Бренд: H3C Страницы: 37

Бренд: H3C Страницы: 4

Бренд: H3C Страницы: 5

Бренд: H3C Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды