ZyXEL Communications P-661HW Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung ZyXEL Communications P-661HW an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von ZyXEL Communications P-661HW, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung ZyXEL Communications P-661HW die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung ZyXEL Communications P-661HW. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung ZyXEL Communications P-661HW sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts ZyXEL Communications P-661HW
- Den Namen des Produzenten und das Produktionsjahr des Geräts ZyXEL Communications P-661HW
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts ZyXEL Communications P-661HW
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von ZyXEL Communications P-661HW zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von ZyXEL Communications P-661HW und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service ZyXEL Communications finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von ZyXEL Communications P-661HW zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts ZyXEL Communications P-661HW, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von ZyXEL Communications P-661HW widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    P-661H/HW Series 802.1 1g Wireless ADSL2+ 4-port Security Gateway User ’ s Guide V ersion 3.40 Edition 1 5/2006[...]

  • Seite 2

    [...]

  • Seite 3

    P-661H/HW Series User’s Guide Copyright 3 Copyright Copyright © 2006 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , magnetic, opt[...]

  • Seite 4

    P-661H/HW Series User’s Guide 4 Certifications Certifications Federal Communications Commissi on (FCC) Interference St atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference rece ived, including [...]

  • Seite 5

    P-661H/HW Series User’s Guide Certifications 5[...]

  • Seite 6

    P-661H/HW Series User’s Guide 6 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • Do NOT open the device or un it. Opening or removi ng covers can expose you to dangerous high vo ltage points or othe r risks. ONL Y qualified serv ice personnel can service the device. Please co[...]

  • Seite 7

    P-661H/HW Series User’s Guide ZyXEL Limited Warranty 7 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product have ind[...]

  • Seite 8

    P-661H/HW Series User’s Guide 8 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. METHOD LOCATION SUPP[...]

  • Seite 9

    P-661H/HW Series User’s Guide Customer Support 9 POLAND info@pl.zyxel.com +48-22-5286603 www .pl.zyxel.com ZyXEL Communications ul.Emilli Plater 53 00-1 13 Warszawa Poland +48-22-5206701 RUSSIA http://zyxel.ru/support +7-095-542- 89-29 www .zyxel.ru ZyXEL Russia Ostrovityanova 37a S tr . Moscow , 1 17279 Russia sales@zyxel.ru +7-095-542-89-25 SP [...]

  • Seite 10

    P-661H/HW Series User’s Guide 10 Customer Suppo rt[...]

  • Seite 11

    P-661H/HW Series User’s Guide Table of Contents 11 T able of Content s Copyright .................................................. ................................................................ 3 Certifications ............................................ ................................................................ 4 Safety W arnings .....[...]

  • Seite 12

    P-661H/HW Series User’s Guide 12 Table of Contents 2.4.3 S tatus: Any IP T able ................... ............. ............ ................. ............ ......... 53 2.4.4 S tatus: WLAN S tatus (Wireles s devices only) ........................... ............... 54 2.4.5 S tatus: VPN S tatus ... ............. ................. ............ .[...]

  • Seite 13

    P-661H/HW Series User’s Guide Table of Contents 13 4.3 T r affic Shaping ............. ............. ............. ................ ............. ................ ............. ..80 4.3.1 A TM Traf fic Classes ............... ............. ................ ............. ................ ......... 81 4.3.1.1 Constant Bit Rate (CBR) ........... ...[...]

  • Seite 14

    P-661H/HW Series User’s Guide 14 Table of Contents 6.2.5 One-T ouch Intelligent Se curity T e chnology (OTIST ) .. ................ ............. 1 12 6.3 Wireless Performance Overview ............... ................ ............. ................ .......... 1 12 6.3.1 Quality of Service (QoS) ..... ................ ................ ............[...]

  • Seite 15

    P-661H/HW Series User’s Guide Table of Contents 15 Chapter 8 Firewalls ......................................... ..................................................... .................. 145 8.1 Firewall Overview ..................... ................ ............. ................ ............. ............. 145 8.2 T ypes of Firewalls ..........[...]

  • Seite 16

    P-661H/HW Series User’s Guide 16 Table of Contents 9.4.2 Alerts ...... ............. ............. ............. ................ ............. ............. ................ 160 9.5 T r iangle Route .............. ............. ................ ............. ................ ............. ............. 160 9.5.1 The “Triangle Route” Problem [...]

  • Seite 17

    P-661H/HW Series User’s Guide Table of Contents 17 12.1.3.1 Encryption ..... ................. ................ ............. ............. ................ ...197 12.1.3.2 Data Confidentiality ........ ...... ....... ............ ................. ............ ....... 198 12.1.3.3 Data Integrity . ............. ............. ................ ...[...]

  • Seite 18

    P-661H/HW Series User’s Guide 18 Table of Contents 13.19 VPN and Remote Management ......... ................ ................ ................ .......... 229 Chapter 14 St atic Route ........................................................ .................................................. 231 14.1 S tatic Route ............. ............. .....[...]

  • Seite 19

    P-661H/HW Series User’s Guide Table of Contents 19 17.3 T elnet .................... ................ ............. ............. ................ ............. ............ .......253 17.4 Configuring T elnet ...... ............. ................ ................ ............. ................ .......... 253 17.5 Configuring FTP ........... ....[...]

  • Seite 20

    P-661H/HW Series User’s Guide 20 Table of Contents Chapter 22 Diagnostic ...................................... ..................................................... .................. 291 22.1 General Diagnostic . ................ ............. ................ ................ ............. ............. 291 22.2 DSL Line Diagnostic . .........[...]

  • Seite 21

    P-661H/HW Series User’s Guide Table of Contents 21 Command Interpreter .................................................................................... ....... 327 Command Syntax ...... ............. ................ ............. ................ ............. ................ ...... 327 Command Usage .......... ................ ............[...]

  • Seite 22

    P-661H/HW Series User’s Guide 22 Table of Contents Appendix L Pop-up Windows, JavaScripts and Java Pe rmissions ..................................... 369 Internet Explorer Pop-up Blockers ......... ....... ...... ............. ................ ............. ......... 369 Java Permissions ................ ............. ................ ...........[...]

  • Seite 23

    P-661H/HW Series User’s Guide List of Figure s 23 List of Figures Figure 1 Protected Internet A ccess Applications ............................ ................. ................ ... 40 Figure 2 LAN-to-LAN Applicat ion Example ............ ................ ............. ................ ............. ... 40 Figure 3 Front Panel ....... ..........[...]

  • Seite 24

    P-661H/HW Series User’s Guide 24 List of Figures Figure 39 Advanced Internet Connection ........ ... ................. ............ ................. ............ ....... 85 Figure 40 More Connections ........ ................ ............. ................ ............. ................ ............. 87 Figure 41 More Connections Edit .... .....[...]

  • Seite 25

    P-661H/HW Series User’s Guide List of Figure s 25 Figure 82 S tateful Inspection . ................ .... ...... ................ ............. ................ ............. .......... 15 1 Figure 83 Ideal Firewall Setup .. ............ ................. ............. ............ ................. ............ ....... 160 Figure 84 “T riangle [...]

  • Seite 26

    P-661H/HW Series User’s Guide 26 List of Figures Figure 125 T wo Phases to Set Up the IPSec S A ................... ............. ................ ............. ... 216 Figure 126 Advanced VPN Policies ................ ............. ................ ................ ................ ....... 219 Figure 127 VPN: Manual Key ....... ................ [...]

  • Seite 27

    P-661H/HW Series User’s Guide List of Figure s 27 Figure 168 Log Settings ............... ................ ............. ................ ............. ................ ............. 2 83 Figure 169 Firmware Upgrade .. ................ ............. ................ ................ ................ ............. 285 Figure 170 Firmware Upload In[...]

  • Seite 28

    P-661H/HW Series User’s Guide 28 List of Figures Figure 21 1 WP A(2)-PSK Authen tication .... ................ ............. ................ ............. ................ 367 Figure 212 Pop-up Blocker ....................... ............. ................ ............. ................ ................ 369 Figure 213 Internet Options ..........[...]

  • Seite 29

    P-661H/HW Series User’s Guide List of Tables 29 List of T ables T able 1 ADSL S tandards ................ ................ ................ ............. ................ ............. .......... 35 T able 2 Front Panel LED s .... ................ ................. ................ ............. ................ ................ 41 T able 3 Web C[...]

  • Seite 30

    P-661H/HW Series User’s Guide 30 List of Tables T able 39 Wireless: WP A-PSK/WP A2 -P SK ............ ................ .......................... ............ ....... 1 16 T able 40 Wireless: WP A/WP A2 ................ ................ ................ ............. ................ ............. 1 18 T able 41 Wireless LAN : Advanced .... .....[...]

  • Seite 31

    P-661H/HW Series User’s Guide List of Tables 31 T able 82 Matching ID T y pe and Content Configuration Example ....... ................ ................ 210 T able 83 Mismatching ID T ype and Content Configuration Example .......... .................... ... 21 1 T able 84 Edit VPN Policies ... ................ ................. ............. ....[...]

  • Seite 32

    P-661H/HW Series User’s Guide 32 List of Tables T able 125 Troubleshooting Accessing the ZyXEL Device ........ ................ ................ .......... 295 T able 126 Dev ice .. ................ ............. ............. ................ ............. ................ ............. ....... ... 297 T able 127 Firmware . ................. ...[...]

  • Seite 33

    P-661H/HW Series User’s Guide Preface 33 Preface Congratulations on you r purchase of th e ZyXEL Devi ce series ADSL 2+ gateway . The ZyXEL Device has a 4-port switch that allows you to conn ect up to 4 computers to the ZyXEL Device without purchasing a switch/hub. Note: Register your product online to receive e-mail notice s of firmware upgrades[...]

  • Seite 34

    P-661H/HW Series User’s Guide 34 Preface User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical W riting T eam, ZyXEL Communications Corp., 6 Innovatio n Road II, Science-Based Industrial Park, Hsinchu, 300, T aiwan. [...]

  • Seite 35

    P-661H/HW Series User’s Guide Chapter 1 Getting To Know Your ZyXEL Device 35 C HAPTER 1 Getting T o Know Y our ZyXEL Device This chapter describes the key features and applications of your ZyXEL Device . 1.1 Introducing the ZyXEL Device The ZyXEL Device is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digi[...]

  • Seite 36

    P-661H/HW Series User’s Guide 36 Chapter 1 Getting To Kn ow Your ZyXEL Device 1.2 Features High Speed Internet Access Y our ZyXEL Device ADSL/ADSL2/ADSL2+ router can s upport downstream transmission rates of up to 24Mbps and upstream transmissi on rates of 3.5Mbps. Actual speeds attained depend on the ADSL service you subscribed to, distance from[...]

  • Seite 37

    P-661H/HW Series User’s Guide Chapter 1 Getting To Know Your ZyXEL Device 37 Media Bandwid th Management ZyXEL ’ s Media Bandwidth Management allows yo u to specify bandwidt h classes based on an application and/or subnet. Y ou can allocate specific amounts of bandwidth capacity (bandwidth budgets) to dif ferent bandwidth classes. Universal Plu[...]

  • Seite 38

    P-661H/HW Series User’s Guide 38 Chapter 1 Getting To Kn ow Your ZyXEL Device IP Alias IP Alias allows you to partition a physical ne twork into logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfa ces via its single physical Ethernet interface with the ZyX EL Device itself as the ga teway for eac[...]

  • Seite 39

    P-661H/HW Series User’s Guide Chapter 1 Getting To Know Your ZyXEL Device 39 Both WP A and WP A2 improv e data encryption by using T empor al Key Integrity Proto col (TKIP), Message Integrity Check (MIC) and IE EE 802.1x. In addition to TKIP , WP A2 also uses Advanced Encr yption Standard (AES) in the Counter mode with Cipher bloc k chaining Mess[...]

  • Seite 40

    P-661H/HW Series User’s Guide 40 Chapter 1 Getting To Kn ow Your ZyXEL Device Figure 1 Protected Internet Access Applications 1.3.2 LAN to LAN Application Y ou can use the ZyXEL Device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN applic ation example is sh own as follows. Figure 2 LAN-to-LAN Applic ati[...]

  • Seite 41

    P-661H/HW Series User’s Guide Chapter 1 Getting To Know Your ZyXEL Device 41 The following table describes the LEDs. 1.5 Hardware Connection Refer to the Quick S tart Guide for information on ha rdware connection. 1.6 Splitters and Microfilters This section describes how to connect ADSL splitters and micr ofilters. See your Quick Start Guide for [...]

  • Seite 42

    P-661H/HW Series User’s Guide 42 Chapter 1 Getting To Kn ow Your ZyXEL Device 1.6.1 Connecting a POTS Splitter When you use the Full Rate (G .dmt) ADSL standa rd, you can use a POTS (Plain Old T elephone Service) splitter to separate th e telephone and ADSL si gnals. This allows simultaneous Internet access and telephone service on the same lin e[...]

  • Seite 43

    P-661H/HW Series User’s Guide Chapter 1 Getting To Know Your ZyXEL Device 43 Figure 5 Connecting a Microfilter[...]

  • Seite 44

    P-661H/HW Series User’s Guide 44 Chapter 1 Getting To Kn ow Your ZyXEL Device[...]

  • Seite 45

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 45 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy ZyXEL Device setup and management via Interne[...]

  • Seite 46

    P-661H/HW Series User’s Guide 46 Chapter 2 Introducing the Web Configurator status only . Click Login to proceed to a screen asking you to change your password or click Cancel to revert to the default password. Figure 6 Password Screen 6 If you entered the user password, skip the next two steps and refer to Section 2.4.2 on page 51 for more infor[...]

  • Seite 47

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 47 Figure 8 Select a Mode Note: The management session automatically time s out when the time period set in the Administrator Inactivity T imer field expires (default five minutes). Simply log back into the ZyXEL Device if this happe ns to you. 2.3 Resetting the ZyXEL Devic[...]

  • Seite 48

    P-661H/HW Series User’s Guide 48 Chapter 2 Introducing the Web Configurator Figure 9 Web Configurator : Main Screen Note: Click the icon (located in the top right corner of most screens) to view embedded help. T able 3 Web Configur ator Screen s Summary LINK/ICON SUB-LINK FUNCTION Wizard INTERNET SETUP Use these screens for initial co nfiguration[...]

  • Seite 49

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 49 LAN IP Use this screen to configure LAN TCP/IP settings, en able Any IP and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a M[...]

  • Seite 50

    P-661H/HW Series User’s Guide 50 Chapter 2 Introducing the Web Configurator VPN Setup Use this screen to configure each VPN tunnel. Monitor Use this screen to look at the current status of each VPN tunnel. VPN Global Setting Use this screen to allow NetBIOS traffic through VPN tunnels. Advanced S tatic Route Use this screen to configure IP static[...]

  • Seite 51

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 51 2.4.2 St atus Screen The following summarizes how to navigate the web configurator from the St a t u s screen. Some fields or links are not available if yo u entered the user password in the login password screen (see Figure 6 on page 46 ). Figure 10 S tatus Screen The f[...]

  • Seite 52

    P-661H/HW Series User’s Guide 52 Chapter 2 Introducing the Web Configurator Default Gateway This is the IP address of the default gateway , if applicable. VPI/VCI This is the Virtual Path Identifier and Vi rtual Channel Identifier that you entered in the Wizard or W AN screen. LAN Informatio n IP Address This is the LAN port IP address. IP Subnet[...]

  • Seite 53

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 53 2.4.3 St atus: Any IP T able Click the Any IP T able hyperlink in the St a t u s scree n. The Any IP table shows current read- only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL[...]

  • Seite 54

    P-661H/HW Series User’s Guide 54 Chapter 2 Introducing the Web Configurator 2.4.4 St atus: WLAN St atus (Wireless devices only) Click WLAN S t atus in the St a t u s screen to open this screen. Use this screen to view the wireless stations that are current ly associated to the ZyXEL Device. Figure 12 S tatus: WLAN S tatus The following table desc[...]

  • Seite 55

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 55 Figure 13 S tatus: VPN S tatus The following table describes the labels in this screen. 2.4.6 St atus: Bandwidth S t atus Select the Bandwidth S tatus hyperlink in the St a t u s screen. V iew the bandwidth usage of the configured bandwidth rules. This is also shown as b[...]

  • Seite 56

    P-661H/HW Series User’s Guide 56 Chapter 2 Introducing the Web Configurator 2.4.7 St atus: Packet St atistics Click the Packet S tatistics hyperlink in the St a t u s screen. Read-only information here includes port status and packet specific statisti cs. Also provided are "system up time" and "poll interval(s)". The Poll Inte[...]

  • Seite 57

    P-661H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 57 2.4.8 Changing Login Password It is highly recommended that you periodic ally change the password for accessing the ZyXEL Device. If you didn’t change the default o ne after you logged in or you want to change to a new password again, then click Maintenance > System[...]

  • Seite 58

    P-661H/HW Series User’s Guide 58 Chapter 2 Introducing the Web Configurator Figure 16 System General The following table describes th e fields in this screen. T able 9 System General: Password LABEL DESCRIPTION Old Password T ype the default password or the existing password you us e to access the system in this field. New Password T ype the new [...]

  • Seite 59

    P-661H/HW Series User’s Guide Chapter 3 Wizards 59 C HAPTER 3 W izards Use these screens to configure Internet access or to configure basic bandwidth management. Note: See the advanced menu chap ters for background information on these fields. T o access the wizards, click Go to Wizard setup in Figure 8 on page 47 , or click the wizard icon ( ) i[...]

  • Seite 60

    P-661H/HW Series User’s Guide 60 Chapter 3 Wizards 3.1 Internet Setup Wizard Use these screens to configure Internet access and wi reless network settings (wireless devices only). T o access this wizard, click INTERNET/WIRELESS SETUP in the wizard main screen. W ait while the device tries to detect your DSL conn ection and connection type. Figure[...]

  • Seite 61

    P-661H/HW Series User’s Guide Chapter 3 Wizards 61 3.1.2 Manual Configuration The ZyXEL Device detected the DSL connecti on but not the Internet settings. Y ou should specify the Internet settings manually . 3.1.2.1 Screen 1 Figure 20 Internet Setup Wiza rd: Manual Configuration Click Back to re turn to the wizard main screen. Click Next to conti[...]

  • Seite 62

    P-661H/HW Series User’s Guide 62 Chapter 3 Wizards The following table describes the fields in this screen. 3.1.2.3 Screen 3 These screens let you enter the rest of the Inte rnet settings , which depend on the encapsul ation your Internet connection u ses (and the mode you selected, for RFC148 3). This screen appears if your Internet connection u[...]

  • Seite 63

    P-661H/HW Series User’s Guide Chapter 3 Wizards 63 The following table describes the fields in this screen. This screen appears if your Intern et connection uses PPPoE encapsulation. Figure 23 Internet Se tup Wizard: ISP Parameters (PPPoE) T able 12 Internet Setup Wizard: I SP Parameters (Ethernet) LABEL DESCRIPTION Obtain an IP Address Automatic[...]

  • Seite 64

    P-661H/HW Series User’s Guide 64 Chapter 3 Wizards The following table describes the fields in this screen. This screen appears if your Internet connecti on uses RFC1483 encapsulation in routing mode. Figure 24 Internet Setup Wiza rd: ISP Parameters (RFC1483 + Routing Mode) The following table describes the fields in this screen. This screen appe[...]

  • Seite 65

    P-661H/HW Series User’s Guide Chapter 3 Wizards 65 Figure 25 Internet Se tup Wizard: ISP Parameters (PPPoA) The following table describes the fields in this screen. No additional screen appears if your Internet connection us es RFC1483 encapsulation in bridge mode. In this case, the ZyXEL Device imme diately tries to detect the connection again. [...]

  • Seite 66

    P-661H/HW Series User’s Guide 66 Chapter 3 Wizards Figure 26 Internet Setu p Wizard: No DSL Connection Click Restart the Internet/Wireless Setup W izard to return to the wiza rd main screen. Click Next to continue to the W ireless Setup W izard (wireless devices only), or click Exit to close the wizard main screen and return to the St a t u s scr[...]

  • Seite 67

    P-661H/HW Series User’s Guide Chapter 3 Wizards 67 Figure 28 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. 3 Configure your wireless settin gs in this screen. Click Next . Table 16 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn o n the w ireless LAN. Enable OTIST Select the[...]

  • Seite 68

    P-661H/HW Series User’s Guide 68 Chapter 3 Wizards Figure 29 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. Table 17 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII character s) for the wireless LAN. If you change this field on the ZyXE[...]

  • Seite 69

    P-661H/HW Series User’s Guide Chapter 3 Wizards 69 Note: The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WP A-PSK (if WP A-PSK is enabled) for wireless communicatio n. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if[...]

  • Seite 70

    P-661H/HW Series User’s Guide 70 Chapter 3 Wizards Figure 31 Manually assign a WEP key The following table describes the labels in this screen. 5 Click Apply to save your wireless LAN settings. Table 19 Manually assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt da ta. Both the ZyXEL Device and the wireless stations must use [...]

  • Seite 71

    P-661H/HW Series User’s Guide Chapter 3 Wizards 71 Figure 32 Wireless LAN Setup: Apply Figure 33 Internet Setup Wizard: Summar y Screen 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard se tup.The following table describes the fields in this screen. T able 20 Inter[...]

  • Seite 72

    P-661H/HW Series User’s Guide 72 Chapter 3 Wizards Launch your web browser and navigate to www .zyxel.com. Inte rnet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access th e Internet, open the web configurator again to confirm that the Int[...]

  • Seite 73

    P-661H/HW Series User’s Guide Chapter 3 Wizards 73 T o access this wizard, open the web configura tor (see Section 2.2 on page 4 5 ) and click BANDWIDTH MANAGEMENT SETUP in the wizard main screen. 3.3.1 Screen 1 Activate bandwidth management and select to a llocate bandwidth to packets ba sed on the services. Figure 34 Bandwidt h Management Wizar[...]

  • Seite 74

    P-661H/HW Series User’s Guide 74 Chapter 3 Wizards The following fields describe the label in this screen. 3.3.2 Screen 2 Use the second wizard screen to select the se rvices that you want to apply bandwidth management, and select the p riorities that you want to apply to the services listed. Figure 35 Bandwidt h Management Wizard: Configuration [...]

  • Seite 75

    P-661H/HW Series User’s Guide Chapter 3 Wizards 75 The following table describes the labels in this screen. 3.3.3 Screen 3 Follow the on-screen in structions and click Finish to complete the wizard setup and save your configuration. Figure 36 Bandwid th Management Wizard: Complete Table 23 Bandwid th Management Wizard: Configuration LABEL DESCRIP[...]

  • Seite 76

    P-661H/HW Series User’s Guide 76 Chapter 3 Wizards[...]

  • Seite 77

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 77 C HAPTER 4 W AN Setup This chapter describes how to configure W AN settings. 4.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Intern et. 4.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP . The ZyXE L Device suppor[...]

  • Seite 78

    P-661H/HW Series User’s Guide 78 Chapter 4 WAN Setup By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NA T , all of the LANs’ computers will have access. 4.1.1.3 PPPoA PPPoA st[...]

  • Seite 79

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 79 4.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Si ngle User Account feature can be enabled or disabled if you have either a dynamic or static IP . Howeve r the encapsulation method assi[...]

  • Seite 80

    P-661H/HW Series User’s Guide 80 Chapter 4 WAN Setup 4.2 Metric The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost". RI P routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected network[...]

  • Seite 81

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 81 Maximum Burst Size (MBS) is the maximum numb er of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of[...]

  • Seite 82

    P-661H/HW Series User’s Guide 82 Chapter 4 WAN Setup The VBR-nR T (non real-time V a riable Bit Rate) ty pe is used with bu rsty connections that do not require closely controlled delay and delay variation. It is commonly used for " bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An e[...]

  • Seite 83

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 83 Figure 38 Internet Conne ction (PPPoE) The following table describes the labels in this screen. Table 24 Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider , e.g., MyISP . This information is for identification purpose s only . Mode Select Routin[...]

  • Seite 84

    P-661H/HW Series User’s Guide 84 Chapter 4 WAN Setup 4.5.1 Configuring Advance d Internet Connection T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. Virtual Circuit ID VPI (Virtual Path Iden tifier) an d VCI (Virtual Channel Id entifier) def[...]

  • Seite 85

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 85 Figure 39 Advanced Internet Connection The following table describes the labels in this screen. Table 25 Advanced Inte rnet Connection LABEL DESCRIPTION RIP & Multicast Setup RIP Direction R IP (Routing Information Protocol , RFC 1058 and RFC 1389) al lows a router to exchange ro uting info[...]

  • Seite 86

    P-661H/HW Series User’s Guide 86 Chapter 4 WAN Setup 4.6 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gate way and the network behind it across a W AN connection. When you use the W AN > Internet Connection screen to set up Internet[...]

  • Seite 87

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 87 Figure 40 More Connections The following table describes the labels in this screen. 4.6.1 More Connections Edit Click the edit icon in the More Con nections sc reen to configure a connection . Table 26 More Connections LABEL DESCRIPTION # This is the index number of a connection. Active This di[...]

  • Seite 88

    P-661H/HW Series User’s Guide 88 Chapter 4 WAN Setup Figure 41 More Connections Edit The following table describes the labels in this screen. Table 27 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII charact[...]

  • Seite 89

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 89 User Name (PPPoA and PPPoE encapsulation only ) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where doma in identifies a service name, then ent er both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password as[...]

  • Seite 90

    P-661H/HW Series User’s Guide 90 Chapter 4 WAN Setup 4.6.2 Configuring More Connections Advanced Setup T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Mor e Connections Edit screen. The screen appears as shown. Figure 42 More Connections Advanced Setup The following table describes the labels in t[...]

  • Seite 91

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 91 4.7 T raffic Redirect T raffic redirect forwards traf fic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below . Figure 43 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues whe[...]

  • Seite 92

    P-661H/HW Series User’s Guide 92 Chapter 4 WAN Setup Figure 44 T raffic Redirect LAN Setup 4.8 Configuring W AN Backup T o change your ZyXE L Device’ s W AN backup settin gs, click WA N > W AN Backup Setup . The screen appears as shown.[...]

  • Seite 93

    P-661H/HW Series User’s Guide Chapter 4 WAN Setup 93 Figure 45 W AN Backup Setup The following table describes the labels in this screen. Table 29 W AN Backup Setup LABEL DESCRIPTION Backup T ype Select the method tha t the ZyXEL Device uses to check the DSL connecti on. Select DSL Link to have the ZyXEL Device check if the connection to the DSLA[...]

  • Seite 94

    P-661H/HW Series User’s Guide 94 Chapter 4 WAN Setup T raffic Redirect T raffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. Active Traf f ic Redirect Select this check box to have the ZyXEL Device use traffic redirect if the normal W AN conn ection goes down. Note: If you activate traffic re[...]

  • Seite 95

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 95 C HAPTER 5 LAN Setup This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a buil[...]

  • Seite 96

    P-661H/HW Series User’s Guide 96 Chapter 5 LAN Setup 5.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at start-up from a server . Y o u can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server , the ZyXEL Device provides [...]

  • Seite 97

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 97 5.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because wit hout it, you must know the IP address of a computer before you can access it. There are two ways that an ISP di[...]

  • Seite 98

    P-661H/HW Series User’s Guide 98 Chapter 5 LAN Setup 5.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fice s, you can assign any IP addresses to the hosts without problems. However , the Internet Assigned Numbers [...]

  • Seite 99

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 99 5.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1. IGMP (Internet Group Mul[...]

  • Seite 100

    P-661H/HW Series User’s Guide 100 Chapter 5 LAN Setup Figure 47 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address tha t is in the sa me subnet as the ZyXEL Devi ce’ s IP address. Note: Y ou must enable NA T/SUA to use the Any IP feature on th e ZyXEL Device. 5.2.4.1 How An[...]

  • Seite 101

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 101 5.3 Configuring LAN IP Click LAN to open the IP screen. See Section 5.1 on page 95 for background information. Figure 48 LAN IP The following table describes th e fields in this screen. 5.3.1 Configuring Advanced LAN Setup T o edit your ZyXEL Device's advanced LAN settings, click the Adva[...]

  • Seite 102

    P-661H/HW Series User’s Guide 102 Chapter 5 LAN Setup Figure 49 Advanced LAN Setup The following table describes the labels in this screen. Table 31 Advanced LA N Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction R IP (Routing Information Protocol , RFC 1058 and RFC 1389) al lows a router to exchange ro uting informatio n with other[...]

  • Seite 103

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 103 5.4 DHCP Setup Use this screen to configure th e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 50 DHCP Setup Windows Networking (NetBIOS over TCP/IP) NetBIOS (Network Basic Input/Output S ystem) are TCP or UDP packets that enable a computer to[...]

  • Seite 104

    P-661H/HW Series User’s Guide 104 Chapter 5 LAN Setup The following table describes the labels in this screen. 5.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assign[...]

  • Seite 105

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 105 Figure 51 LAN Client List The following table describes the labels in this screen. T able 33 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address specified b elow . The IP address should be within the range o[...]

  • Seite 106

    P-661H/HW Series User’s Guide 106 Chapter 5 LAN Setup 5.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyXEL Device s upports three logical LA N interfaces via its single physical Ethernet interface with th e ZyXEL Device itself as the gateway for each LAN[...]

  • Seite 107

    P-661H/HW Series User’s Guide Chapter 5 LAN Setup 107 The following table describes the labels in this screen. T able 34 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 Select the check box to confi gure another LAN network for the Z yXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Alternatively , click t[...]

  • Seite 108

    P-661H/HW Series User’s Guide 108 Chapter 5 LAN Setup[...]

  • Seite 109

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 109 C HAPTER 6 W ireless LAN This chapter discusses how to configure the wireless network settings in your device (wireless devices only). See the appendices for more detailed information about wireless networks. 6.1 Wireless Network Overview The following figure provides an example o f a wirel[...]

  • Seite 110

    P-661H/HW Series User’s Guide 110 Chapter 6 Wireless LAN • Every device in the same wireless network must use security compa tible with the ZyXEL Device. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 6.2 Wireless Security Overview The following sect[...]

  • Seite 111

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 111 For wireless networks, u ser names and passwords can be stored in a RADIUS server . This is a server used in businesses more than in homes. If you do not have a RADIUS server , you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the informa[...]

  • Seite 112

    P-661H/HW Series User’s Guide 112 Chapter 6 Wireless LAN When you select WP A2 or WP A2-PSK in your ZyXEL Device, you can also select an option ( WP A compatible ) to support WP A as well. In this case, if s ome of the devices su pport WP A and some support WP A2, you should set up WP A2-PSK or WP A2 (depending on the type of wireless network log[...]

  • Seite 113

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 113 Figure 54 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. See the rest of this chapter for informa tion on the other labels in this screen. Table 36 Wireless LAN: General LABEL DESCRIPTION Active Wireless LAN Click the check box to activat[...]

  • Seite 114

    P-661H/HW Series User’s Guide 114 Chapter 6 Wireless LAN 6.4.1 No Security Select No Security to allow wireless clients to commun icate with the access points without any data encryption. Note: If you do not enable an y wireless security on your ZyXEL Device, your network is accessible to any wireless network ing device tha t is within range. Fig[...]

  • Seite 115

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 115 Figure 56 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. 6.4.3 WP A-PSK/WP A2-PSK In order to configure and enable WP A(2)-PSK authentication; click Network > Wir eless LAN to display the Ge neral screen. Select WP A-PSK or[...]

  • Seite 116

    P-661H/HW Series User’s Guide 116 Chapter 6 Wireless LAN Figure 57 Wireless: WP A-PSK/WP A2-PSK The following table describes the wireless LAN security labels in this screen. Table 39 Wireless: WP A-PSK/WP A2-PSK LABEL DESCRIPTION Security Mode Choose WP A-PSK or WP A2-PSK from the drop-d own list box. WP A Compatible This check box is available [...]

  • Seite 117

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 117 6.4.4 WP A/WP A2 In order to configure and enable WP A/WP A2; click the Wir eless LAN link under Network to display the General screen. Select WP A or WP A2 from the Secu rity Mode list. Figure 58 Wireless: WP A/WP A2 Group Key Update T imer (In Seconds) The Group Key Up date T imer is the [...]

  • Seite 118

    P-661H/HW Series User’s Guide 118 Chapter 6 Wireless LAN The following table describes the wireless LAN security labels in this screen. Table 40 Wireless: WPA/WPA2 LABEL DESCRIPTION WP A Compatible This check box is available only when you select WP A2-PSK or WP A2 in th e Security Mode field. Select the check box to have both WP A2 and WP A wire[...]

  • Seite 119

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 119 6.4.5 Wireless LAN Advanced Setup T o configure advanced wi reless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 59 Wireless LAN: Advanced The following table describes the labels in this screen. Cancel Click Cancel to reload the previo[...]

  • Seite 120

    P-661H/HW Series User’s Guide 120 Chapter 6 Wireless LAN 6.5 OTIST In a wireless network, the wireless clients mu st have the same SSID and security settings as the access point (AP) or wireless router (we wi ll refer to both as “AP” here) in order to associate with it. T raditionally th is meant that you ha d to configure the settings on the[...]

  • Seite 121

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 121 Note: The AP and wireless client(s) MUST use the same Setup key . 6.5.1.1 AP Y ou can enable OTIST using the RESET button or the web configurator . 6.5.1.1.1 Reset button If you use the RESET button, the default (0 1234567) or previous sav ed (through the web configurator) Setup key is used[...]

  • Seite 122

    P-661H/HW Series User’s Guide 122 Chapter 6 Wireless LAN The following table describes the labels in this screen. 6.5.1.2 Wireless Client On your wireless client, star t the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’ s and click Save . Figure 61 Example Wireless Client OTIST Screen [...]

  • Seite 123

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 123 6.5.2 St arting OTIST Note: Y ou must click Star t in the AP OTIST web configurator screen and in the wireless client(s) Adapter screen all within three minutes (at the time of writing). Y ou can start OTIST in the wireless client s and AP in any order but they must all be within range and [...]

  • Seite 124

    P-661H/HW Series User’s Guide 124 Chapter 6 Wireless LAN Figure 66 S tart OTIST? 2 If an OTIST -enabled wireless client los es its wireless connection for more than ten seconds, it will search for an OTIST -enabled AP for up to one minute. (If you manually have the wireless client search for an OT IST -enabled AP , there is no timeout; click Canc[...]

  • Seite 125

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 125 Figure 67 MAC Addres s Filter The following table describes the labels in this menu. Table 43 MAC Address F ilter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC ad dress filtering. Filter Action Define the filter action for th e list of MAC addresses in the MAC Addre[...]

  • Seite 126

    P-661H/HW Series User’s Guide 126 Chapter 6 Wireless LAN 6.7 WMM QoS WMM (W i-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traf fic according to the delivery requirements of individual services. WMM is a part of the IEEE 802.1 1e QoS enhanc ement to certified W i-Fi wireless networks. 6.7.1 WMM QoS Example When WMM Qo[...]

  • Seite 127

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 127 6.7.3 Services The commonly used services and port numbers ar e shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicat es the IP protocol type (TCP , UDP , or [...]

  • Seite 128

    P-661H/HW Series User’s Guide 128 Chapter 6 Wireless LAN 6.8 QoS Screen The QoS screen by default allows you to au tomatically give a service a priority level according to the T oS value in the IP header of the packets it sends. PING(ICMP:0) Packet INternet Groper i s a protocol that sends o ut ICMP echo requests to test whether or not a remote h[...]

  • Seite 129

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 129 6.8.1 T oS (T ype of Service) and WMM QoS T oS defines the DS (Differentiated Service) fiel d in the IP packet header . The T oS value of outgoing packe ts is between 0 and 255. 0 is the lowest priority . WMM QoS checks the T oS in the header of transm itted data packets. It gives the appli[...]

  • Seite 130

    P-661H/HW Series User’s Guide 130 Chapter 6 Wireless LAN 6.8.2 Application Pr iority Configuration T o edit a WMM QoS application en try , click the edit icon under Modi fy . The following screen displays. Figure 69 Application Priority Configuration The following table describes the fields in this screen. Dest Port This field displays th e desti[...]

  • Seite 131

    P-661H/HW Series User’s Guide Chapter 6 Wireless LAN 131 Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list b ox. • FTP File Transfer Program enables fast transf er of files, including large files tha t may not be possible by e-mail. FTP uses port number 21. • E[...]

  • Seite 132

    P-661H/HW Series User’s Guide 132 Chapter 6 Wireless LAN[...]

  • Seite 133

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 133 C HAPTER 7 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the ZyXEL Device. 7.1 NA T Overview NA T (Network Address Translation - NA T , RFC 1631) is the transla tion of the IP address of a host in a packet, for exam[...]

  • Seite 134

    P-661H/HW Series User’s Guide 134 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the response comes ba[...]

  • Seite 135

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 135 7.1.4 NA T Ap plication The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyXEL Devi ce can communicate with three distinct W AN networks. More examples follow at the end of this chap[...]

  • Seite 136

    P-661H/HW Series User’s Guide 136 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Port numbers do NOT change for One-to-One and Many-to-Many No Overload NA T mapping types. The following table summarizes these types. 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that su[...]

  • Seite 137

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 137 Figure 72 NA T Gener al The following table describes the labels in this screen. 7.4 Port Forwarding A port forwarding set is a list of inside (behind NA T on the LAN) servers, for example, web or FTP , that you can make visible to the outside world even though[...]

  • Seite 138

    P-661H/HW Series User’s Guide 138 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.4.1 Default Se rver IP Address In addition to the servers for specified services, NA T supports a default server IP address. A default server receives packets from ports that are not specifie d in this screen. Note: If you do not assign a Default Serve r I[...]

  • Seite 139

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 139 Figure 73 Multiple Servers Be hind NA T Example 7.5 Configuring Port Forwarding Note: The Port Forwarding screen is a vailable only when you select SUA Only in the NA T > General screen. If you do not assign a Default Server IP address, the ZyXEL Device disc[...]

  • Seite 140

    P-661H/HW Series User’s Guide 140 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens The following table describes th e fields in this screen. 7.5.1 Port Forwarding Rule Edit T o edit a port forwarding rule, c lick the rule’ s edit icon in the Port Forwarding screen to display the screen shown next. Figure 75 Port Forwarding Rule Setup T a[...]

  • Seite 141

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 141 The following table describes th e fields in this screen. 7.6 Address Mapping Note: The Address Mapping screen is available only when you select Ful l Feature in the NA T > General screen. Ordering your rules is important because the Zy XEL Device applies th[...]

  • Seite 142

    P-661H/HW Series User’s Guide 142 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Figure 76 Address Mapping Rule s The following table describes th e fields in this screen. Table 54 Address Mapp ing Rules LABEL DESCRIPTION # This is the rule index number . Local S tart IP This is the starting Inside Local IP Address (ILA). Lo cal IP addre[...]

  • Seite 143

    P-661H/HW Series User’s Guide Chapter 7 Network Address Translatio n (NAT) Screens 143 7.6.1 Address Mapping Rule Edit T o edit an address mapping rule, click the rule’ s edit icon in the Address Mapping screen to display the screen shown next. Figure 77 Edit Address Mapping Rule The following table describes th e fields in this screen. Table 5[...]

  • Seite 144

    P-661H/HW Series User’s Guide 144 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Table 55 Edit Address Mappin g Rule (continued) LABEL DESCRIPTION[...]

  • Seite 145

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 145 C HAPTER 8 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . The ne twor[...]

  • Seite 146

    P-661H/HW Series User’s Guide 146 Chapter 8 Firewalls 8.2.2 Applicatio n-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP, FTP and tel net, they can evaluate network packets for valid applicatio n-sp ecific data. [...]

  • Seite 147

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 147 • The LAN (Local Area Network) port attache s to a network of compute rs, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b. However , “inbound access” will not be allowed unless you config[...]

  • Seite 148

    P-661H/HW Series User’s Guide 148 Chapter 8 Firewalls 8.4.2 T ypes of Do S Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death " and &[...]

  • Seite 149

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 149 Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment). After this handsh ake, a c onn[...]

  • Seite 150

    P-661H/HW Series User’s Guide 150 Chapter 8 Firewalls Figure 81 Smurf Attack 8.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP . The following ICMP types trigger an alert: 8.4.2.2 Illegal Comma nds (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. All SMTP [...]

  • Seite 151

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 151 8.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at ta cker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many[...]

  • Seite 152

    P-661H/HW Series User’s Guide 152 Chapter 8 Firewalls The previous figure shows the ZyXEL Device’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d. However other T elnet traffic initiated from the W AN is[...]

  • Seite 153

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 153 • Allow certain types of traffic from the In ternet to specific hosts on the LAN. • Allow access to a W eb server to everyone but competitors. • Restrict use of certain protocols, such as T elnet, to authoriz ed users on the LAN. These custom rules work by evaluating the networ k traffic[...]

  • Seite 154

    P-661H/HW Series User’s Guide 154 Chapter 8 Firewalls A similar situation exists for ICMP , except that the ZyXEL Device is even more restrictive. Specifically , only outgoing echoes will allow in coming echo replies, outgoing address mask requests will allow incoming address mask replies, and ou tgoing timestamp requests wi ll allow incoming tim[...]

  • Seite 155

    P-661H/HW Series User’s Guide Chapter 8 Firewalls 155 • Encourage your co mpany or organization to develop a co mprehensive security p lan. Good network administration takes into ac count what hackers can do and prepares against attacks. The best defense against hack ers and crackers is information. Educate all employees about the importance of[...]

  • Seite 156

    P-661H/HW Series User’s Guide 156 Chapter 8 Firewalls 8.7.1.1 When T o Use Filtering • T o block/allow LAN packet s by their MAC addresses. • T o block/allow special IP packets which are neither TCP nor UDP , nor ICMP packe ts. • T o block/allow both in bound (W AN to LAN) and outbound (LAN to W AN) traffic between the specific inside host/[...]

  • Seite 157

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 157 C HAPTER 9 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer . For this reason, it is recom m[...]

  • Seite 158

    P-661H/HW Series User’s Guide 158 Chapter 9 Firewall Configuration Note: If you configure firewall rules wit hout a good understanding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network. Make sure you test your rules af ter you configure them. For example, you may create rules to: •[...]

  • Seite 159

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 159 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule[...]

  • Seite 160

    P-661H/HW Series User’s Guide 160 Chapter 9 Firewall Configuration 9.4.1 LAN to W AN Rules The default rule for LAN to W AN traffic is that all use rs on the LAN are allowed non- restricted access to the W AN. When you config ure a LAN to W AN rule, you in essenc e want to limit some or all users from accessing cer tain services on the W AN. W AN[...]

  • Seite 161

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 161 As a result, the ZyXEL Device resets the co nnection, as the conn ection has not been acknowledged. Figure 84 “T ria ngle Route” Prob lem 9.5.2 Solving the “T ri angle Route” Problem Y ou can have the ZyXEL Device allow triangle route sessions. However this can allow traff[...]

  • Seite 162

    P-661H/HW Series User’s Guide 162 Chapter 9 Firewall Configuration 9.6 General Firewall Policy Click Security > Fir ewall to display the followi ng screen. Activate the firewall by selecting the Active Fir e wall check box as seen in the following screen. Refer to Section 8.1 on page 145 for more information. Figure 86 Firewall: General The fo[...]

  • Seite 163

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 163 9.7 Firewall Rules Summary Note: The ordering of your rule s is very important as rules are app lied in turn. Refer to Section 8.1 on page 145 for more information. Click Security > Firewall > Rules to bring up the following scre en. This screen displays a list of the config[...]

  • Seite 164

    P-661H/HW Series User’s Guide 164 Chapter 9 Firewall Configuration The following table describes the labels in this screen. 9.7.1 Configuring Firewa ll Rules Refer to Section 8.1 on page 145 for more information. Table 61 Firewall Rules LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of the ZyXEL De vice&[...]

  • Seite 165

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 165 In the Rules screen, select an index number and cl ick Add or click a rule’ s Edit icon to display this screen and refer to the following table for information on the labels. Figure 88 Firewall: Edit Rule[...]

  • Seite 166

    P-661H/HW Series User’s Guide 166 Chapter 9 Firewall Configuration The following table describes the labels in this screen. Table 62 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewa ll is to d o with packets that match this[...]

  • Seite 167

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 167 9.7.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read[...]

  • Seite 168

    P-661H/HW Series User’s Guide 168 Chapter 9 Firewall Configuration 9.7.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This actio n displays the following screen. Refer to Section 8.1 on page 145 for more information. Figure 90 Firewall: Configu[...]

  • Seite 169

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 169 Figure 91 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall r[...]

  • Seite 170

    P-661H/HW Series User’s Guide 170 Chapter 9 Firewall Configuration Figure 93 Firewall Example: Edit Ru le: Des tination Addres s 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before thei[...]

  • Seite 171

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 171 Figure 94 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the W AN to IP addresses 10.0.0.10 through [...]

  • Seite 172

    P-661H/HW Series User’s Guide 172 Chapter 9 Firewall Configuration Figure 95 Firewall Example: Rules: MyService 9.9 Predefined Services The A vailable Services list box in the Edit Rule screen (see Section 9.7.1 on page 164 ) displays all predefined services that the ZyXEL Device already supports. Next to the name of the service, two fields appea[...]

  • Seite 173

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 173 H.323(TCP:1720) Net Meeting uses this proto col. HTTP(TCP:80) Hyper T ext Transfer Protocol - a cl ient/server protocol for the wo rld wide web. HTTPS HTTPS is a secured ht tp session of ten used in e-comme rce. ICQ(UDP:4000) This is a popular Internet chat program. IPSEC_TRANSPOR[...]

  • Seite 174

    P-661H/HW Series User’s Guide 174 Chapter 9 Firewall Configuration 9.10 Anti-Probing If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists. The ZyXEL Device supports anti- probing, which prevents the ICMP res[...]

  • Seite 175

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 175 The following table describes the labels in this screen. 9.1 1 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established. These thresholds ap ply globally to all sessions. Y ou can use the default thre[...]

  • Seite 176

    P-661H/HW Series User’s Guide 176 Chapter 9 Firewall Configuration If your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are of ten busy), then the de fault values should be reduced. Y ou should make any changes to the threshold va lues before you continue configurin[...]

  • Seite 177

    P-661H/HW Series User’s Guide Chapter 9 Firewall Configuration 177 9.1 1.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold an d timeout apply to all TCP connections. Click Fir ewall , and Threshold to bring up the next screen. Figure 97 F[...]

  • Seite 178

    P-661H/HW Series User’s Guide 178 Chapter 9 Firewall Configuration Maximum Incomplete Low This is the number of existing half-open sessions that cau ses the firewall to stop deleting half-open sessions. Th e ZyXEL Device continues to delete hal f-open requests as necessary , until the numb er of existing half-open sessions drops below this number[...]

  • Seite 179

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 179 C HAPTER 10 T rend Micro Security Services This chapter contains informa tion about configuring T rend Micr o Security Services (TMSS). 10.1 T rend Micro Security Services Overview TMSS helps protect computers on a network that acce ss the Intern et through the ZyXEL Dev[...]

  • Seite 180

    P-661H/HW Series User’s Guide 180 Chapter 10 Trend Micro Security Services Figure 99 Download Active X to View TMSS Web Page 2 In the TMSS web page, click Service Summary . Figure 100 TMSS Web Pag e (Dashboard) 3 Click Activate My Services to begin a 3-step process to activate TMSS. Figure 101 TMSS Service Summary 4 Click Next to begin the proces[...]

  • Seite 181

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 181 Figure 102 TMSS 3 S teps 5 Fill in the registration form and submit it. Figure 103 TMSS Registration Form 6 After you submit the registration form, you w ill receive an e-mail w ith instructions for validating your e-mail address. Follow the instructions. 7 Download TMSS[...]

  • Seite 182

    P-661H/HW Series User’s Guide 182 Chapter 10 Trend Micro Security Services Figure 104 Example TMSS Activated Service Summa ry Screen Y ou need a Parental Contr o l license to activate configure Par ental Control categories on the ZyXEL Device (see Figure 1 10 on page 187 ). The following screen is an example of the Parental Control screen with TM[...]

  • Seite 183

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 183 Figure 106 General TMSS Settings The following table describes the labels in this screen. Table 68 General TMSS Settings LABEL DESCRIPTION TMSS & Parental Control Setup Enable T rend Micro Security Services Select the check box to enable T rend Micro Secu rity Servic[...]

  • Seite 184

    P-661H/HW Series User’s Guide 184 Chapter 10 Trend Micro Security Services 10.2.2 TMSS Exception List Use this screen to exempt comp uters from TMSS monitoring. Click Security > TMSS > Exception List to display the screen. Note: At the time of writing, TMSS may monitor up to 10 ZyXEL Device L AN computers with TMSS installed. The ZyXEL Devi[...]

  • Seite 185

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 185 10.3 TMSS V irus Protection Use this screen to look at the status of computers under TMSS monitoring. Click Security > TMSS > V irus Protection to display the screen. Figure 108 Vi rus Protection The following table describes the labels in this screen. Apply Click [...]

  • Seite 186

    P-661H/HW Series User’s Guide 186 Chapter 10 Trend Micro Security Services 10.4 Parent al Controls Use this screen to schedule and block web pages based on pre-defined web site categories such as pornography , gambling, etc. Note: Y ou need a T rend Micro Parental Control license in order to configure this screen. If you don’t have one or it ha[...]

  • Seite 187

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 187 Figure 1 10 Parental Controls The following table describes the labels in this screen. Table 71 Parental Controls LABEL DESCRIPTION Restrict Web Features Select the web features you want to disable. If a user downloads a page with a restricted feature, th at part of the [...]

  • Seite 188

    P-661H/HW Series User’s Guide 188 Chapter 10 Trend Micro Security Services 10.4.1 Parent al Controls St atistics This screen displays a record of attempted entr ies to web pages or actual entries to web pages from a list of categories. Click St a t i s t i c s in the Parental Controls screen to open it. Select Categories Pornography Selecting th [...]

  • Seite 189

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 189 Figure 1 1 1 Parental Controls S tatistics The following table describes the labels in this screen. 10.5 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX cont rols or to use T rend Micro Security Services. Make sure t[...]

  • Seite 190

    P-661H/HW Series User’s Guide 190 Chapter 10 Trend Micro Security Services Figure 1 12 Internet Options Secur ity 3 Scroll down to ActiveX controls and plug-ins . 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected. 6 Then click the OK but[...]

  • Seite 191

    P-661H/HW Series User’s Guide Chapter 10 Tre nd Micro Se curity Services 191 Figure 1 13 Security Setting ActiveX Controls[...]

  • Seite 192

    P-661H/HW Series User’s Guide 192 Chapter 10 Trend Micro Security Services[...]

  • Seite 193

    P-661H/HW Series User’s Guide Chapter 11 Content Filtering 193 C HAPTER 11 Content Filtering This chapter covers how to configure content filtering. 1 1.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web sit[...]

  • Seite 194

    P-661H/HW Series User’s Guide 194 Chapter 11 Content Filtering The following table describes the labels in this screen. 1 1.3 Configuring the Schedule T o set the days and times for the ZyXEL De vice to perform content filtering, click Security > Content Filter > Schedule . The screen appears as shown. Figure 1 15 Co ntent Filter: Sche dule[...]

  • Seite 195

    P-661H/HW Series User’s Guide Chapter 11 Content Filtering 195 The following table describes the labels in this screen. 1 1.4 Configuring T r usted Computers T o exclude a range of users on the LAN from content fi ltering on your ZyXEL Device, click Security > Content Filter > Tr u s t e d . The screen appe ars as shown. Figure 1 16 Co nten[...]

  • Seite 196

    P-661H/HW Series User’s Guide 196 Chapter 11 Content Filtering[...]

  • Seite 197

    P-661H/HW Series User’s Guide Chapter 12 Introduction to IPSec 197 C HAPTER 12 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 12.1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications between sites without the expense of leased site-to-site lines. A secure VP N is a combination of tunneling, encry[...]

  • Seite 198

    P-661H/HW Series User’s Guide 198 Chapter 1 2 Introduc tion to IPSec Figure 1 17 Encryption and D ecryption 12.1.3.2 Dat a Confidentiality The IPSec sender can encrypt packets befo re transmitting them across a network. 12.1.3.3 Dat a Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been a[...]

  • Seite 199

    P-661H/HW Series User’s Guide Chapter 12 Introduction to IPSec 199 12.2 IPSec Architecture The overall IPSec architect ure is shown as follows. Figure 1 18 IPSec Architecture 12.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402 ) describe the packe t formats and the[...]

  • Seite 200

    P-661H/HW Series User’s Guide 200 Chapter 1 2 Introduc tion to IPSec Figure 1 19 Transpor t and T unnel Mode IPSec Encapsulation 12.3.1 T ransport Mode Tr a n s p o r t mode is used to protect upper layer prot ocols and only af fects the data in the IP packet. In Tr a n s p o r t mode, the IP packet contains the security protocol ( AH or ESP ) lo[...]

  • Seite 201

    P-661H/HW Series User’s Guide Chapter 12 Introduction to IPSec 201 NA T is incompatible with the AH protocol in both Tr a n s p o r t and T unnel mode. An IPSec VPN using the AH protocol digitally sig n s the outbound packet, both data p a yload and headers, with a hash value appe nded to the pack et. When using AH protoc ol, packet contents (the[...]

  • Seite 202

    P-661H/HW Series User’s Guide 202 Chapter 1 2 Introduc tion to IPSec[...]

  • Seite 203

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 203 C HAPTER 13 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for in formation on viewing logs and the appendix for IPSec log descriptions. 13.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connec[...]

  • Seite 204

    P-661H/HW Series User’s Guide 204 Chapter 13 VPN Screens 13.3 My IP Address My IP Address is the W AN IP address of th e ZyXEL Device. The ZyXEL Device has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0 : • The ZyXEL Device us es the current ZyXEL Devic e W AN IP [...]

  • Seite 205

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 205 13.4 Secure Gateway Address Secure Gateway Address is the W AN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static W AN IP address, enter it in the Secure Gateway Address field. Y ou may alternatively enter the remote secure gatew[...]

  • Seite 206

    P-661H/HW Series User’s Guide 206 Chapter 13 VPN Screens Figure 121 VPN Setup The following table describes the fields in this screen. T able 78 VPN Setup LABEL DESCRIPTION No. This is the VPN policy index number . Click a numbe r to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Ye s signifies that this [...]

  • Seite 207

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 207 13.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyX EL Device automatically renegotiates the tunnel wh en the IPSec SA lifetime period expires (see Section 13.12 on page 216 for more on the IPSec SA lifetime). In ef fe ct, the IPSec tunnel becomes an “always[...]

  • Seite 208

    P-661H/HW Series User’s Guide 208 Chapter 13 VPN Screens Figure 122 NA T Router Between IPSec Routers Normally you cannot set up an IKE SA with a NA T router between the two IPSe c routers because the NA T router changes the header of the IPSec packet. NA T traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NA T[...]

  • Seite 209

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 209 The following figure depicts an example wh ere three VPN tunnels are created from ZyXEL Device A; one to branch office 2, one to branch of fice 3 and an other to headquarters. In o rder to access computers that use private domain names on the he adquarters (HQ) n etwork, the ZyXEL Device at[...]

  • Seite 210

    P-661H/HW Series User’s Guide 210 Chapter 13 VPN Screens The type of ID can be a domain name, an IP addr ess or an e-mail address. The content is the IP address, domain name, or e-mail address. 13.9.1 ID T ype and Content Examples T wo IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two ZyXE[...]

  • Seite 211

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 211 The two ZyXEL Devices in this example cann ot complete their negotiation because ZyXEL Device B’ s Local ID type is IP , but ZyXEL Device A ’ s Peer ID type is set to E-mail . An “ID mismatched” message displays in the IPSEC LOG . 13.10 Pre-Shared Key A pre-shared key identifies a c[...]

  • Seite 212

    P-661H/HW Series User’s Guide 212 Chapter 13 VPN Screens Figure 124 Edit VPN Policies The following table describes the fields in this screen. T able 84 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Th is option determines whether a VPN rule is applied before a packet leaves the firewal[...]

  • Seite 213

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 213 NA T Traversal This function is available if the VPN protocol is ESP . Select this check box if you want to set up a VPN tunnel when there are NA T routers between the ZyXEL Devi ce and remo te IPSec router . The remote IPSec router must also enable NA T traversal, and the NA T routers have[...]

  • Seite 214

    P-661H/HW Series User’s Guide 214 Chapter 13 VPN Screens Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when th e Secure Gateway IP Address field is configured to 0.0.0.0 . In this case only the remote IPSec router can initiate the VPN. T wo [...]

  • Seite 215

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 215 Peer ID T ype Select IP to id entify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Content The configuration of the peer content depends on the peer ID type.[...]

  • Seite 216

    P-661H/HW Series User’s Guide 216 Chapter 13 VPN Screens 13.12 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSe c. Figure 125 T wo Phases to Set Up the IPSec [...]

  • Seite 217

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 217 • Choose an authentication algorithm. • Choose a Dif fie-Hellman public-key cry p tography key group ( DH1 or DH2 ) . • Set the IKE SA lifetime. This field allows you to determin e how l ong an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime per[...]

  • Seite 218

    P-661H/HW Series User’s Guide 218 Chapter 13 VPN Screens 13.12.2 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a publi c -ke y cryptography protocol tha t allows two parties to establish a shared secret over an unsecured communications channel. Diff ie -Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 - DH1 [...]

  • Seite 219

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 219 Figure 126 Advanced VPN Policies The following table describes the fields in this screen. T able 85 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 1 7 for UDP , etc. 0 is the default and signi fies any protocol. Enable Replay Detection As a VPN set[...]

  • Seite 220

    P-661H/HW Series User’s Guide 220 Chapter 13 VPN Screens Negotiati on Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode . Pre-Shared Key T ype your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE nego[...]

  • Seite 221

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 221 13.14 Manual Key Setup Manual key managemen t is useful if you have pro blems with IKE key managemen t. 13.14.1 Security Parameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol. This data allows for the multi[...]

  • Seite 222

    P-661H/HW Series User’s Guide 222 Chapter 13 VPN Screens Figure 127 VPN: Manual Key The following table describes the fields in this screen. Table 86 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Name T ype up to 32 characters to ide ntify this VPN policy . Y ou may use a ny character , i[...]

  • Seite 223

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 223 DNS Server (for IPSec VPN) If there is a private DNS server that se rvices the VPN, type its IP address here. The ZyXEL Device a ssigns this addi tional DNS server to the ZyXEL D evice 's DHCP clients that have IP addresses in this IPSec rule's range of lo cal addresses. A DNS ser[...]

  • Seite 224

    P-661H/HW Series User’s Guide 224 Chapter 13 VPN Screens 13.16 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and ma nage active VPN conn ections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel. This screen displays active VP[...]

  • Seite 225

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 225 When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or inbound traf fic is "idle" and does not timeout until the SA lifetime period expires. See Section 13. 6 on page 207 on keep alive to have the ZyX[...]

  • Seite 226

    P-661H/HW Series User’s Guide 226 Chapter 13 VPN Screens Figure 129 VPN: Global Setting The following table describes the fields in this screen. 13.18 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL D evice at headqu arters. The te lecommuters use IPSec routers wit[...]

  • Seite 227

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 227 Figure 130 T elecommuters Sharing One VPN Rule Example 13.18.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this). W i[...]

  • Seite 228

    P-661H/HW Series User’s Guide 228 Chapter 13 VPN Screens Figure 131 T elecommuters Using Uniq ue VPN Rules Example Table 90 T elecommuters Using Unique VPN Rules Example T ELECOMMUTERS HEADQUARTERS All T ele commuter Rules: All Headquarters Rules: My IP Address 0.0.0. 0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Loca[...]

  • Seite 229

    P-661H/HW Series User’s Guide Chapter 13 VPN Screens 229 13.19 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then yo u should configure remo te management ( Remote Management ) to allow access for that service.[...]

  • Seite 230

    P-661H/HW Series User’s Guide 230 Chapter 13 VPN Screens[...]

  • Seite 231

    P-661H/HW Series User’s Guide Chapter 14 Static Rout e 231 C HAPTER 14 S t atic Route This chapter shows you how to configure static routes for your ZyXEL Device. 14.1 S t atic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the network s beyond. For insta nc[...]

  • Seite 232

    P-661H/HW Series User’s Guide 232 Chapter 14 Static Route Figure 133 S tatic Route The following table describes the labels in this screen. 14.2.1 S t atic Route Edit Select a static route index numb er and click Edit . The screen shown next appears. Use this screen to configure the required information for a static route. T able 91 S tatic Route[...]

  • Seite 233

    P-661H/HW Series User’s Guide Chapter 14 Static Rout e 233 Figure 134 S tatic Route Edit The following table describes the labels in this screen. T able 92 S tatic Route Edit LABEL DESCRIPTION Active This field allows you to activa te/deactivate this st atic route. Route Name Enter the name of the IP static route. Leave this field blank to delete[...]

  • Seite 234

    P-661H/HW Series User’s Guide 234 Chapter 14 Static Route[...]

  • Seite 235

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 235 C HAPTER 15 Bandwid th Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth man agement logs. 15.1 Bandwid th Management Overview ZyXEL ’ s Bandwidth Management allows you to specify bandw[...]

  • Seite 236

    P-661H/HW Series User’s Guide 236 Chapter 15 Bandwidth Management Figure 135 Subnet-based Ba ndwidt h Management Example 15.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth clas ses based on a combination of a subnet and an application. The following exam ple table shows bandwidth alloca tions for application [...]

  • Seite 237

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 237 15.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth. 15.6 Maximize Bandwid th Usage The maximize bandwi dth u[...]

  • Seite 238

    P-661H/HW Series User’s Guide 238 Chapter 15 Bandwidth Management 15.6.2 Maximize Ba ndwid th Usag e Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each ba nd width class’ s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 [...]

  • Seite 239

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 239 • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unu sed bandwidth goes to the higher priority sales and marketing classes. 15.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwid th The following table shows th[...]

  • Seite 240

    P-661H/HW Series User’s Guide 240 Chapter 15 Bandwidth Management 15.6.4 Bandwid th Management Priorities The following table describes the priorities th at you can apply to traf fic that the ZyXEL Device forwards out through an interface. 15.7 Configuring Summary Click Advanced > Bandwidth M GMT to open the screen as shown next. Enable bandwi[...]

  • Seite 241

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 241 15.8 Bandwid th Management Rule Setup Y ou must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before yo u can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. S peed (k[...]

  • Seite 242

    P-661H/HW Series User’s Guide 242 Chapter 15 Bandwidth Management Figure 137 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 100 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select the direction of traffic to which you want to apply bandwidth management. Service Select a service for [...]

  • Seite 243

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 243 15.8.1 Rule Configuration Click the Edit icon or select User define in the Service field to configure a bandwidth management rule. Use bandwidth rul es to allo cate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. Figure 138 Bandw[...]

  • Seite 244

    P-661H/HW Series User’s Guide 244 Chapter 15 Bandwidth Management Use All Managed Bandwidth Select this option to allow a rule to borrow unused bandwi dth on the interface. Bandwidth borrowing is governed by the priority of the rules. That is, a rule with the highest priority is the first to borrow bandwidth. Do not select th is if you want to le[...]

  • Seite 245

    P-661H/HW Series User’s Guide Chapter 15 Bandwidth Managemen t 245 15.9 Bandwid th Monitor T o view the ZyXEL Device’ s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Mon itor . The screen appears as s hown. Select an interface from the drop-down list box to view the bandwidth usa ge of its bandwidth rules. Figure 139 B[...]

  • Seite 246

    P-661H/HW Series User’s Guide 246 Chapter 15 Bandwidth Management[...]

  • Seite 247

    P-661H/HW Series User’s Guide Chapter 16 Dynamic DNS Setup 247 C HAPTER 16 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 16.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting[...]

  • Seite 248

    P-661H/HW Series User’s Guide 248 Chapter 1 6 Dynamic DNS Setup Figure 140 Dynamic DNS The following table describes th e fields in this screen. Table 103 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provide r . Dynamic DN[...]

  • Seite 249

    P-661H/HW Series User’s Guide Chapter 16 Dynamic DNS Setup 249 Dynamic DNS server auto detect IP Address Select this option only when there are one or more NA T routers between the ZyXEL Device and the DDNS server . This feat ure has the DDNS server automatically detect and use the IP address of th e NA T router that has a public IP address. Note[...]

  • Seite 250

    P-661H/HW Series User’s Guide 250 Chapter 1 6 Dynamic DNS Setup[...]

  • Seite 251

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 251 C HAPTER 17 Remote Management Configuration This chapter provides information on config uring remote management. 17.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from whi[...]

  • Seite 252

    P-661H/HW Series User’s Guide 252 Chapter 17 Remote Ma nagement Configuration • The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately . • There is already another rem ote management session with an equal or higher priority running. Y [...]

  • Seite 253

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 253 The following table describes the labels in this screen. 17.3 T elnet Y ou can configure your ZyXEL Device for remote T elnet access as shown next. The administrator uses T elnet from a computer on a remote network to access the ZyXEL Device. Figure 142 T elnet Configur[...]

  • Seite 254

    P-661H/HW Series User’s Guide 254 Chapter 17 Remote Ma nagement Configuration Figure 143 Remote Mana gement: T elnet The following table describes the labels in this screen. 17.5 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmware and c onfiguration files using FTP , please see the chapter on firmware and configuration fi[...]

  • Seite 255

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 255 Figure 144 Remote Mana gement: FTP The following table describes the labels in this screen. 17.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol [...]

  • Seite 256

    P-661H/HW Series User’s Guide 256 Chapter 17 Remote Ma nagement Configuration Figure 145 SNMP Managemen t Model An SNMP managed network consis ts of two main types of comp onent: agen ts and a manager . An agent is a management software module that resi des in a managed device (the ZyXEL Device). An agent translates the local manageme nt informat[...]

  • Seite 257

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 257 17.6.2 SNMP T rap s The ZyXEL Device will send traps to the SNMP manager when any on e of the following events occurs: 17.6.3 Configuring SNMP T o change your ZyXE L Device’ s SNMP settings, c lick Advanced > Remote MGMT > SNMP . The screen appears as shown. Tab[...]

  • Seite 258

    P-661H/HW Series User’s Guide 258 Chapter 17 Remote Ma nagement Configuration Figure 146 Remote Mana gement: SNMP The following table describes the labels in this screen. Table 109 Remote Mana gement: SNMP LABEL DESCRIPTION SNMP Port Y ou may change the server port number for a service if needed, however you must use the same port number in order[...]

  • Seite 259

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 259 17.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. T o change your ZyXEL Device’ s DNS settings, click Advanced > Remote MGMT > DNS . The [...]

  • Seite 260

    P-661H/HW Series User’s Guide 260 Chapter 17 Remote Ma nagement Configuration If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists. Y our ZyXEL Device supports anti- probing, which prevents the ICMP response[...]

  • Seite 261

    P-661H/HW Series User’s Guide Chapter 17 Remote M anagement Configuration 261 17.9 TR-069 (P-661H Only) TR-069 is a protocol that de fines how your ZyXEL Device can be managed via a management server such as ZyXEL ’ s V antage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, mo dify settings, perform firmware[...]

  • Seite 262

    P-661H/HW Series User’s Guide 262 Chapter 17 Remote Ma nagement Configuration periodicEnable [0:Disable/ 1:Enable] Whether or not the device mu st periodically send information to CNM Access. It is recommended to set thi s value to 1 in order for the ZyXEL Device to send information to CNM Access. informInterval [sec] The duration in se conds of [...]

  • Seite 263

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 263 C HAPTER 18 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 18.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer netw[...]

  • Seite 264

    P-661H/HW Series User’s Guide 264 Chapter 18 Univer sal Plug-and-Play (UPnP) 18.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues. Network information and configuration may also be obtained and modifi ed by users in some net[...]

  • Seite 265

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 265 The following table describes the fields in this screen. 18.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click S[...]

  • Seite 266

    P-661H/HW Series User’s Guide 266 Chapter 18 Univer sal Plug-and-Play (UPnP) Figure 151 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check box in the Components selection box. Figure 152 Add/Remove Programs: Wind ows Setup: Communication: Components 4 Click OK to go back to[...]

  • Seite 267

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 267 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP . 1 Click St a r t and Contro l Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Compo[...]

  • Seite 268

    P-661H/HW Series User’s Guide 268 Chapter 18 Univer sal Plug-and-Play (UPnP) 5 In the Networking Services window , select the Universal Plug and Play check box. Figure 155 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 18.4 Using UPnP in Windows XP Example This section shows[...]

  • Seite 269

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 269 Figure 156 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.[...]

  • Seite 270

    P-661H/HW Series User’s Guide 270 Chapter 18 Univer sal Plug-and-Play (UPnP) Figure 157 Internet Connection Properties 4 Y ou may edit or delete the port mappings o r click Add to manually add port mappings.[...]

  • Seite 271

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 271 Figure 158 Internet Connection Properties: Adva nced Settings Figure 159 Internet Connection Proper ties: Adva nced Settings: Add 5 When the UP nP-enabled device is disconn ected from your computer , all port mappings will be deleted automatically . 6 Select Show icon in[...]

  • Seite 272

    P-661H/HW Series User’s Guide 272 Chapter 18 Univer sal Plug-and-Play (UPnP) Figure 160 System T r ay Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection status. Figure 161 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-based configurator on the ZyXEL Device without finding[...]

  • Seite 273

    P-661H/HW Series User’s Guide Chapter 18 Universa l Plug-and-Play (UPnP) 273 Figure 162 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your ZyXEL Device an d select Invoke . The web configurator login screen displays.[...]

  • Seite 274

    P-661H/HW Series User’s Guide 274 Chapter 18 Univer sal Plug-and-Play (UPnP) Figure 163 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device. Figure 164 Network Connections: My Networ k Places: Properties: Example[...]

  • Seite 275

    P-661H/HW Series User’s Guide Chapter 19 System 275 C HAPTER 19 System Use this screen to configure the ZyXEL Device’ s time and date settings. 19.1 General Setup 19.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However , because some ISPs chec[...]

  • Seite 276

    P-661H/HW Series User’s Guide 276 Chapter 19 Syst em Figure 165 System General Setu p The following table describes the labels in this screen. T able 1 14 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identificatio n purposes. It is recommende d you enter your computer’s “Compu ter name” in t[...]

  • Seite 277

    P-661H/HW Series User’s Guide Chapter 19 System 277 19.2 T ime Setting T o change your ZyXEL De vice’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone. Figure 166 System T ime Setting Admin Password In addition to[...]

  • Seite 278

    P-661H/HW Series User’s Guide 278 Chapter 19 Syst em The following table describes th e fields in this screen. Table 115 System T ime Setting LABEL DESCRIPTION Current T ime and Date Current T ime This field displays the ti me of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synch ronizes the time with the time server . Curr[...]

  • Seite 279

    P-661H/HW Series User’s Guide Chapter 19 System 279 S tart Date Configure the day a nd time when Dayl ight Saving Time starts if you selected Enable Daylight Saving . The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time st arts in most parts of the United S tates on the first Sunday of April. Each ti[...]

  • Seite 280

    P-661H/HW Series User’s Guide 280 Chapter 19 Syst em[...]

  • Seite 281

    P-661H/HW Series User’s Guide Chapter 20 Logs 281 C HAPTER 20 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 20.1 Logs Overview The web confi gurator allows you to choose which c ategories of events and/or alerts t[...]

  • Seite 282

    P-661H/HW Series User’s Guide 282 Chapter 20 Logs The following table describes th e fields in this screen. 20.3 Configuring Log Settings Use the Log Settings screen to configure to where the Zy XEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to reco[...]

  • Seite 283

    P-661H/HW Series User’s Guide Chapter 20 Logs 283 Figure 168 Log Settings The following table describes the fields in this screen. Table 117 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Ente r the server name or the IP address of the mail server for the e-mail addresses specified below . If this field is left blank , logs a nd a[...]

  • Seite 284

    P-661H/HW Series User’s Guide 284 Chapter 20 Logs Enable SMTP Authentication SMTP (Simple Mail T r ansfer Protocol) is the message-exchange standard for the Internet. SMTP enables you to move mess a ges from one e-mail server to another . Select the check box to activate SMTP authen tica tion. If mail server authentica tion is needed but this fea[...]

  • Seite 285

    P-661H/HW Series User’s Guide Chapter 21 Tools 285 C HAPTER 21 To o l s This chapter covers uploadin g new firmware, managing config uration and restarting your ZyXEL Device. 21.1 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". T[...]

  • Seite 286

    P-661H/HW Series User’s Guide 286 Chapter 21 Tools Note: Do NOT turn off th e ZyXEL Device while firmware upload is in pro gress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again. Figure 170 Firmware Uplo ad In Progres s The ZyXEL Device automatically restarts in this time causing [...]

  • Seite 287

    P-661H/HW Series User’s Guide Chapter 21 Tools 287 Figure 172 Error Message 21.2 Configuration Use this screen to back up or restore the conf ig uration of the ZyXEL Devic e. Y ou can also use this screen to reset the ZyXEL Device to the factory default settings. T o access this screen, click Maintenance > T ools > Configuration . Figure 17[...]

  • Seite 288

    P-661H/HW Series User’s Guide 288 Chapter 21 Tools Note: Do not turn of f the device while conf iguration file upload is in progress. When the ZyXEL Device has finished restoring the selected configuration file, the fol lowing screen appears. Figure 174 Configuration Upload Successfu l The device now automatically restarts. This cau ses a tempora[...]

  • Seite 289

    P-661H/HW Series User’s Guide Chapter 21 Tools 289 Figure 175 Network T emporarily Disconnected If the ZyXEL Device’ s IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the default management IP address (192.168.5.1). See yo ur Quick Start G[...]

  • Seite 290

    P-661H/HW Series User’s Guide 290 Chapter 21 Tools[...]

  • Seite 291

    P-661H/HW Series User’s Guide Chapter 22 Diagnostic 291 C HAPTER 22 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 22.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 178 Diagnostic: General The following table describes th e fields in this sc[...]

  • Seite 292

    P-661H/HW Series User’s Guide 292 Chapter 22 Diagnostic 22.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next . Figure 179 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 121 Diagnostic: DSL Line LABEL DESCRIPTION A TM S tatus Click this button to view A TM stat[...]

  • Seite 293

    P-661H/HW Series User’s Guide Chapter 23 Troubleshooting 293 C HAPTER 23 T roubleshooting This chapter covers potential proble ms and the corresponding remedies. 23.1 Problems St arting Up the ZyXEL Device 23.2 Problems with the LAN Table 122 Troubleshooting Startin g Up Your ZyXEL Device PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I [...]

  • Seite 294

    P-661H/HW Series User’s Guide 294 Chapter 23 Troublesh ooting 23.3 Problems with the W AN Table 124 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connection s between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for [...]

  • Seite 295

    P-661H/HW Series User’s Guide Chapter 23 Troubleshooting 295 23.4 Problems Accessi ng the ZyXEL Device Table 125 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL Device. The default user password is “user” and admin password is “1234”.The Password field is case-sensitive. Make sure that you en[...]

  • Seite 296

    P-661H/HW Series User’s Guide 296 Chapter 23 Troublesh ooting[...]

  • Seite 297

    P-661H/HW Series User’s Guide Appendix A 297 Appendix A Product S pecifications See also the Introduction ch apter for a general overview of the key features. S pecification T ables Table 126 Device Default IP Address 192.168.1 .1 Default Subnet Mask 255.255 .255.0 (24 bits) Default Password 1 234 DHCP Pool 192.168.1.33 to 192.168.1.64 Dimensions[...]

  • Seite 298

    P-661H/HW Series User’s Guide 298 Appendix A Table 127 Firmware ADSL S tandards Multi-Mode standard (ANSI T1.413,Issu e 2; G . dmt(G . 992.1); G .lite(G992.2)). ADSL2 G . dmt.bis (G .992.3) ADSL2 G . lite.bis (G .9 92.4) ADSL2+ (G .992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical c[...]

  • Seite 299

    P-661H/HW Series User’s Guide Appendix A 299 Firewall S tateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Real time E-mail alerts. Reports and logs. NA T/SUA Port Forwarding 1024 NA T sessions Multimed ia application PPTP under NA T/SUA IPSec passthrough SIP ALG passthrough VPN passthr[...]

  • Seite 300

    P-661H/HW Series User’s Guide 300 Appendix A[...]

  • Seite 301

    P-661H/HW Series User’s Guide Appendix B 301 Appendix B About ADSL Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices. While the wire itself can handle higher frequencies, the tel[...]

  • Seite 302

    P-661H/HW Series User’s Guide 302 Appendix B cable modems, transmission sp eeds drop significa ntly as mo re users go on-line because the line is shared. 3 ADSL can be "always on" (connect ed). This means that there is no time wasted dialing up the service several times a day and waiting to be connec ted; ADSL is on standby , ready for [...]

  • Seite 303

    P-661H/HW Series User’s Guide Appendix C 303 A PPENDIX C W all-mounting Instructions Do the following to hang your ZyXEL Devic e on a wall. Note: See the product specifications appe ndix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on wall that is free of ob structions. Use a sturdy wall. 2 Drill two ho[...]

  • Seite 304

    P-661H/HW Series User’s Guide 304 Appendix C[...]

  • Seite 305

    P-661H/HW Series User’s Guide 305 Appendix D Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on yo[...]

  • Seite 306

    P-661H/HW Series User’s Guide 30 6 Figure 181 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the adapter: 1 In the Network window , click Add . 2 Selec[...]

  • Seite 307

    P-661H/HW Series User’s Guide 307 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab, select your network adapter's T C P/IP entry and [...]

  • Seite 308

    P-661H/HW Series User’s Guide 30 8 Figure 183 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your g a teway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add . 5 Click OK to save and close the TCP/IP [...]

  • Seite 309

    P-661H/HW Series User’s Guide 309 Figure 184 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indow s 2000/NT). Figure 185 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Seite 310

    P-661H/HW Series User’s Guide 31 0 Figure 186 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties . Figure 187 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Properties window opens (the General tab in W indows [...]

  • Seite 311

    P-661H/HW Series User’s Guide 311 • Click Advanced . Figure 188 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK . Do one or more of the fo llowing if you want to conf igure additional I P addresses: •I n t h e I[...]

  • Seite 312

    P-661H/HW Series User’s Guide 31 2 Figure 189 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following D NS [...]

  • Seite 313

    P-661H/HW Series User’s Guide 313 Figure 190 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click Close ( OK in W ind ows 2000/NT) to close the Local Area Connection Properties window . 10 Close the Network Connections window ( Network and Dial-up Connections in W indows[...]

  • Seite 314

    P-661H/HW Series User’s Guide 31 4 Figure 191 Macintosh O S X: App le Menu 2 Click Network i n the icon bar . • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list . Figure 192 Macintosh O S X: Netw ork [...]

  • Seite 315

    P-661H/HW Series User’s Guide 315 6 Restart your computer (if prompted). V erifying Settings Check your TCP/IP properties in the Network window . Linux This section shows you how to configure your computer’ s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens an d file location may vary depe nding on your Linux d istribution and release v[...]

  • Seite 316

    P-661H/HW Series User’s Guide 31 6 Figure 194 Red Hat 9.0: KDE: Ethern et Device: General • If you have a dy namic IP address, clic k Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click S tatic ally set IP Addresses and fill in the Address , Sub net mask , and Default[...]

  • Seite 317

    P-661H/HW Series User’s Guide 317 Figure 196 Red Hat 9.0: KDE: Network Config uration: Activate 7 After the network card restart pro cess is complete, make sure the St a t u s is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network co nfiguration files and se t your computer IP address. [...]

  • Seite 318

    P-661H/HW Series User’s Guide 31 8 Figure 198 Red Hat 9.0: S tatic IP Addres s Setting in ifconfig-eth0 2 If you know your DNS server IP address(es) , enter the DNS server information in the resolv.conf file in the /etc directory . The follo wing fi gure shows an example where two DNS server IP addresses are specified. Figure 199 Red Hat 9.0: DNS[...]

  • Seite 319

    P-661H/HW Series User’s Guide Appendix E 319 Appendix E IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192.168[...]

  • Seite 320

    P-661H/HW Series User’s Guide 320 Appendix E Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127. Similarly the first octet of a class “B” must begi n with “10”, therefore the first octet of a class “B” address has a valid range of 128 to [...]

  • Seite 321

    P-661H/HW Series User’s Guide Appendix E 321 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can si mply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed b[...]

  • Seite 322

    P-661H/HW Series User’s Guide 322 Appendix E Note: In the following chart s, shaded/bolded last octet bit values indicate host ID bit s “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of h ost ID bits (af ter “borrowing”) determines the numbe[...]

  • Seite 323

    P-661H/HW Series User’s Guide Appendix E 323 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00 , 01, 10 and 1 1.[...]

  • Seite 324

    P-661H/HW Series User’s Guide 324 Appendix E Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001 , 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Table 138 Subnet 4 IP/SUBNET MASK NETWORK NUMBER[...]

  • Seite 325

    P-661H/HW Series User’s Guide Appendix E 325 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets ava ilable for subnetting and a class “A” address [...]

  • Seite 326

    P-661H/HW Series User’s Guide 326 Appendix E[...]

  • Seite 327

    P-661H/HW Series User’s Guide Appendix F 327 Appendix F Command Interpreter The following describes how to use th e command interpreter . Y ou can use telnet to access the CLI (Command Line Interface) commands. See the included di sk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfigurati[...]

  • Seite 328

    P-661H/HW Series User’s Guide 328 Appendix F[...]

  • Seite 329

    P-661H/HW Series User’s Guide Appendix G 329 Appendix G Firewall Commands The following describes the firewall commands. Table 142 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall Se tUp config edit firewall active <yes | no> This command turns the firewall on or off. config retrieve firewall This co mmand returns the previously save[...]

  • Seite 330

    P-661H/HW Series User’s Guide 330 Appendix G config edit firewall e-mail return-addr <e-mail address> This command sets the source e-mail add ress of the firewall e-mails. config edit firewall e-mail email-to <e-mail address> This command sets the e-mail address to which the fire wall e-mails ar e sent. config edit firewall e-mail pol[...]

  • Seite 331

    P-661H/HW Series User’s Guide Appendix G 331 config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the ZyXEL Device stop s deleting half-opened sessions. config edit firewall attack max-incomplete-high <0-255> This command sets the threshold of half-open sessions where the ZyXEL Dev[...]

  • Seite 332

    P-661H/HW Series User’s Guide 332 Appendix G Config edit firewall set <set #> log <yes | no> This command sets whether or not the ZyXEL Device creates logs for packets that match the firewall’s default rule set. Rules Config edit firewall set <set #> rule <rule #> permit <forward | block> This command sets whether [...]

  • Seite 333

    P-661H/HW Series User’s Guide Appendix G 333 config edit firewall set <set #> rule <rule #> destaddr- subnet <ip address> <subnet mask> This command sets a rule to have the ZyXEL Device check for traffic with a particular subnet destination (defined by IP address and subnet mask). config edit firewall set <set #> rul[...]

  • Seite 334

    P-661H/HW Series User’s Guide 334 Appendix G[...]

  • Seite 335

    P-661H/HW Series User’s Guide Appendix H 335 Appendix H NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PP TP , [...]

  • Seite 336

    P-661H/HW Series User’s Guide 336 Appendix H The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off> where Table 143 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked or[...]

  • Seite 337

    P-661H/HW Series User’s Guide Appendix I 337 Appendix I PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) which connects to a DSL Acce ss Concentrator where the PPP session terminates (see F igure 202 on page 338 ). One PV C can su[...]

  • Seite 338

    P-661H/HW Series User’s Guide 338 Appendix I Figure 202 Single-Compute r per Router Hardwa re Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP , the AC[...]

  • Seite 339

    P-661H/HW Series User’s Guide Appendix J 339 Appendix J Log Descriptions This appendix provides descrip tions of example log messages. Table 144 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server . Time calibration failed The router failed to g[...]

  • Seite 340

    P-661H/HW Series User’s Guide 340 Appendix J Successful HTTPS login Someo ne has logged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someo ne has failed to log on to the router's web configurator interface using HTTPS protocol. Table 145 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the m[...]

  • Seite 341

    P-661H/HW Series User’s Guide Appendix J 341 Table 147 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the nu[...]

  • Seite 342

    P-661H/HW Series User’s Guide 342 Appendix J Table 149 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> ICMP access matched the default policy and was blocked or forwarded according to the user's setting. For type and code details, see T able 161 on page 351 . Firewall[...]

  • Seite 343

    P-661H/HW Series User’s Guide Appendix J 343 ppp:LCP Closing Th e PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Proto col stage is closing. Table 152 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 153 Cont[...]

  • Seite 344

    P-661H/HW Series User’s Guide 344 Appendix J Connecting to content filter server fail The connection to the external content fi ltering server failed. License key is invalid The external content filter in g license key is invalid. Table 154 Attack Logs LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a TC[...]

  • Seite 345

    P-661H/HW Series User’s Guide Appendix J 345 Table 155 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router re ceived and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered. A third party may have altered or tampered with the packet. Receive[...]

  • Seite 346

    P-661H/HW Series User’s Guide 346 Appendix J Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address. Peer ID: <peer id> <My remote type> -<My local type> The displayed ID information did not match between the two ends [...]

  • Seite 347

    P-661H/HW Series User’s Guide Appendix J 347 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer . Rule [%d] Phase 1 encryptio n a[...]

  • Seite 348

    P-661H/HW Series User’s Guide 348 Appendix J Rule [%d] phase 2 mismatch The l isted rule’s IKE phase 2 di d not ma tch betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer . Table 157 PKI Logs LOG ME[...]

  • Seite 349

    P-661H/HW Series User’s Guide Appendix J 349 Rcvd data <size> too large! Max size allowed: <max size> The router received dire ctory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field. The maximu m size of di rectory data that the router allows is also recorded. Ce[...]

  • Seite 350

    P-661H/HW Series User’s Guide 350 Appendix J 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 159 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database. Local User Database reports us er credential error. A user was not authenticated by t[...]

  • Seite 351

    P-661H/HW Series User’s Guide Appendix J 351 Table 160 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for p ackets traveling from the LAN to the WAN. (W to L) W AN to LAN ACL set for p ackets traveling from the W AN to the LAN. (L to L) LAN to LAN/ ZyXEL Device ACL set for packet s traveling from the LAN to[...]

  • Seite 352

    P-661H/HW Series User’s Guide 352 Appendix J The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. 0 T imestamp request message 14 T imestamp Reply 0 T imestamp reply message 15 Information Request 0 Information request message 16 Informat ion Reply 0 Informat[...]

  • Seite 353

    P-661H/HW Series User’s Guide Appendix J 353 Log Commands Go to the command in terpreter interface. Configuring What Y ou W ant the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyXEL Device is to record. 2 Use sys logs category to view a list of the log categories. [...]

  • Seite 354

    P-661H/HW Series User’s Guide 354 Appendix J • Use the sys logs clear command to erase all of the ZyXEL Device’ s logs. Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys [...]

  • Seite 355

    P-661H/HW Series User’s Guide Appendix K 355 A PPENDIX K Wireless LANs (wireless devices only) Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless adapt[...]

  • Seite 356

    P-661H/HW Series User’s Guide 356 Appendix K Figure 207 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topo[...]

  • Seite 357

    P-661H/HW Series User’s Guide Appendix K 357 Figure 208 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your ge ographical area. Y ou may have a choice o f channels (for your region) so you should use a dif ferent channel th an an adjacent AP (access point)[...]

  • Seite 358

    P-661H/HW Series User’s Guide 358 Appendix K Figure 209 RTS/ CT S When station A sends data to the AP , it might not know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me ssages for both sta[...]

  • Seite 359

    P-661H/HW Series User’s Guide Appendix K 359 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller thresh old for busy networks or ne tworks that are prone to interference. If the Fragmentation Threshold value is smaller than the RT S / C T S value (see previously) you set then the R[...]

  • Seite 360

    P-661H/HW Series User’s Guide 360 Appendix K Wireless Security Overview W ireless security is vital to your network to p rotect wireless commu nication betw een wireless clients, access points and the wired network. W ireless security methods availabl e on the ZyXEL Device are data encryption, wireless client authentication, restricting access by[...]

  • Seite 361

    P-661H/HW Series User’s Guide Appendix K 361 RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is th e RADIUS server . The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization Det[...]

  • Seite 362

    P-661H/HW Series User’s Guide 362 Appendix K In order to ensure network security , the access point and the RADIUS server use a shared secret key, which is a password, they both know . The key is not sent over the network. In addition to the shared key , pass word information exchanged is also encrypted to protect the network from unauthorized ac[...]

  • Seite 363

    P-661H/HW Series User’s Guide Appendix K 363 PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods through the secured co nnection to authenticate the clients, thus hiding client identity . However , PEAP only supports EAP methods, such [...]

  • Seite 364

    P-661H/HW Series User’s Guide 364 Appendix K WP A and WP A2 W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1i standard. WP A2 (IEEE 802.1 1i) is a wireless security standard tha t defines stronger encryp tion, authentication and key manage ment than WP A. Key differences between WP A or WP A2 and W EP are improved data encryption an[...]

  • Seite 365

    P-661H/HW Series User’s Guide Appendix K 365 By generating unique data encryption keys for ev ery data packet and by creating an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a W i-Fi network than WEP and dif ficult for an intruder to break into the network. The encryption mechanisms used for WP A(2[...]

  • Seite 366

    P-661H/HW Series User’s Guide 366 Appendix K 3 The RADIUS server distributes a Pairwise Mast er Key (PMK) key to th e AP that then sets up a key hierarch y and management system, u sing the pair -wise key to dynamically generate unique data en cryption keys to encr ypt every data packet that is wirelessly communicated between the AP and the wirel[...]

  • Seite 367

    P-661H/HW Series User’s Guide Appendix K 367 Figure 21 1 WP A(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other secur ity parameters you should co nfigure for each Authentication Method/ key management prot ocol type. MAC address filters are not dependent on how you config ure these security features. Table 1[...]

  • Seite 368

    P-661H/HW Series User’s Guide 368 Appendix K[...]

  • Seite 369

    P-661H/HW Series User’s Guide 369 A PPENDIX L Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser po p-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for oth[...]

  • Seite 370

    P-661H/HW Series User’s Guide 370 Figure 213 Internet Options 3 Click Apply to save this setting. Enable pop-up Blockers with Except ions Alternatively , if you only want to allow pop-up win dows from your device, see the following steps. 1 In Internet Explorer , select To o l s , Internet Options and then the Privacy tab. 2 Select Settings… to[...]

  • Seite 371

    P-661H/HW Series User’s Guide 371 Figure 214 Internet Options 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .[...]

  • Seite 372

    P-661H/HW Series User’s Guide 372 Figure 215 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer , click T ools , Internet Options and then t[...]

  • Seite 373

    P-661H/HW Series User’s Guide 373 Figure 216 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default). 6 Click OK to clos e the window .[...]

  • Seite 374

    P-661H/HW Series User’s Guide 374 Figure 217 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions ma ke sure that a safety level is selected. 5 Click OK to clos e the w[...]

  • Seite 375

    P-661H/HW Series User’s Guide 375 Figure 218 Security Settings - Java JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected. 3 Click OK to clos e the window .[...]

  • Seite 376

    P-661H/HW Series User’s Guide 376 Figure 219 Java (Sun)[...]

  • Seite 377

    P-661H/HW Series User’s Guide Index 377 Index Numerics 11 0 V A C 6 230V AC 6 A Abnormal Working Conditions 7 AC 6 Accessories 6 Acts of God 7 Address Assignment 97 Address Resolution Protocol (ARP) 100 ADSL standards 35 Advanced Encryption St andard 36 4 AH 199 AH Protoc ol 203 Airflow 6 Alternative Subnet Mask Notation 321 Antenna gain 11 9 Any[...]

  • Seite 378

    P-661H/HW Series User’s Guide 378 Index Correcting Interference 4 Corrosive Liquids 6 Covers 6 CTS (Clear to Send) 358 Custom Ports Creating/Editing 168 Customer Support 8 Customized Services 167 Customized services 167 D Dampness 6 Danger 6 Data Confidentiality 198 Data Integrity 198 Data Origin Authentication 198 Dealer 4 default LAN IP address[...]

  • Seite 379

    P-661H/HW Series User’s Guide Index 379 Alerts 160 Anti-Probing 174 Creating/Editing Rules 164 Custom Ports 167 Enabling 162 Firewall Vs Filters 155 Guidelines For Enhancing Security 154 Introduction 146 LAN to W AN Rul es 160 Policies 157 Rule Checklist 158 Rule Logic 158 Rule Security Ra mificati ons 158 Services 172 Ty p e s 145 When T o Use 1[...]

  • Seite 380

    P-661H/HW Series User’s Guide 380 Index K Keep Alive 207 Key Fields For Configurin g Rules 159 L Labor 7 LAN Setup 77 , 95 LAN TCP/IP 97 LAN to W AN Rul es 160 LAND 148 , 149 Legal Rights 7 Liability 3 License 3 Lightning 6 Liquids, Corrosive 6 Logs 281 M MAC Address Filter Acti on 125 MAC Address Filtering 124 MAC Filter 124 Management Informati[...]

  • Seite 381

    P-661H/HW Series User’s Guide Index 381 Permission 3 PFS 218 Photocopying 3 Ping of Death 148 Pipes 6 Point to Point Protocol over A TM Adaptation Layer 5 (AAL5) 78 Point-to-Point 301 Point-to-Point Tunneling Protocol 138 Pool 6 POP3 138 , 147 , 14 8 Postage Prepaid. 7 Power Cord 6 PPPoE 77 , 337 Benefits 77 PPPoE (Point-to-Point Prot ocol over E[...]

  • Seite 382

    P-661H/HW Series User’s Guide 382 Index Safety W arnings 6 Saving the S tate 151 Scheduler 236 Secure Gateway Address 205 Security Association 197 Security In General 154 Security Parameter Index 221 Security Parameters 367 Security Ramifications 158 Separation Between Equipment and Receiver 4 Serial Number 8 Server 135 , 136 , 278 Service 6 , 7 [...]

  • Seite 383

    P-661H/HW Series User’s Guide Index 383 User Authentication 365 User Name 248 V Va l u e 7 VBR (V ariable Bit Rate) 85 , 90 V endor 6 V entilation Slots 6 Viewing Certifications 4 Virtual Channel Identifier (VCI) 78 virtual circuit (VC) 78 Virtual Path Identifier (VPI) 78 Virtual Private Network 197 V oltage Supply 6 V oltage, High 6 VPI & VC[...]