ZyXEL Communications P-661H Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications P-661H Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications P-661H Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications P-661H Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications P-661H Series should contain:
- informations concerning technical data of ZyXEL Communications P-661H Series
- name of the manufacturer and a year of construction of the ZyXEL Communications P-661H Series item
- rules of operation, control and maintenance of the ZyXEL Communications P-661H Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications P-661H Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications P-661H Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications P-661H Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications P-661H Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    www .zyxel.com P-661H/HW Series 802.1 1g Wireless ADSL2+ 4-port Security Gateway User ’ s Guide V ersion 3.40 7/2007 Edition 3 DEFAULT LOGIN IP Address http://192 .168.1.1 Admin Password 1234 User Password user[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide P-661H/HW Series User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at least a basic knowledge of TCP/IP network ing concepts and topology . Related Document ation • Quick Start Guide Th[...]

  • Page 4

    Document Conventions P-661H/HW Series User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide. 1 W arnings tell you about things that could harm you or your device. " Notes tell you other important informati on (for example, other things you may need to configure or helpful [...]

  • Page 5

    Document Conventions P-661H/HW Series User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall T elephon e Switch Router[...]

  • Page 6

    Safety Warnings P-661H/HW Series User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warni ng notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store thin gs on the[...]

  • Page 7

    Safety Warnings P-661H/HW Series User’s Guide 7[...]

  • Page 8

    Safety Warnings P-661H/HW Series User’s Guide 8[...]

  • Page 9

    Contents Overview P-661H/HW Series User’s Guide 9 Contents Overview Introduction .......................................... ........................................................................ .......... 31 Getting T o Know Y our ZyXEL D evice .............. ................ ................ ................ ............. ............. 33 Int[...]

  • Page 10

    Contents Overview P-661H/HW Series User’s Guide 10[...]

  • Page 11

    Table of Contents P-661H/HW Series User’s Guide 11 Table of Contents About This User's Guide ........................................................................... ............................... 3 Document Conventions.................................................................. ......................................... .4 Safety W[...]

  • Page 12

    Table of Contents P-661H/HW Series User’s Guide 12 2.4.3 S tatus: Any IP T able ............... ................ ............. ................ ................ ............. .......... 4 7 2.4.4 S tatus: WLAN S tatus (Wireless devices only) ........ ................ ............. ................ ....... 48 2.4.5 S tatus: VPN S tatus ....... ...[...]

  • Page 13

    Table of Contents P-661H/HW Series User’s Guide 13 4.7 T raffic Redirect ................... ................ ................ ............. ................ ................. ......... .......... 86 4.8 Configuring WAN Backup Setup ..... ................ ................ ................ ................. ................ ... 87 Chapter 5 LAN Se[...]

  • Page 14

    Table of Contents P-661H/HW Series User’s Guide 14 6.7 WMM QoS ............. ............. ................ ................ ............. ................ ................. ........... .......1 17 6.7.1 WMM QoS Example ............ ................ ................ ................ ................ ............. .........1 17 6.7.2 WMM QoS Prior[...]

  • Page 15

    Table of Contents P-661H/HW Series User’s Guide 15 8.5 S tateful Inspection .............. ................ ................ ............. ................ ............. ............... ...... 142 8.5.1 S tateful I nspection Process ....... ................ ............. ................ ................. ............ ..... 143 8.5.2 S tateful I [...]

  • Page 16

    Table of Contents P-661H/HW Series User’s Guide 16 10.4 Configuring T rusted Computers .... .......... ......... ............. ................ ............. ................ ..... 173 Chapter 1 1 Introduction to IPSec ................................................. ......................................................... .. 175 1 1.1 VPN Over[...]

  • Page 17

    Table of Contents P-661H/HW Series User’s Guide 17 12.17 Configuring Global Setting .............. ................ ................. ................ ................ .............. 2 01 12.18 T elecommuter VPN/IPS ec Examples .... ................ ................ ................ ................ ........ 202 12.18.1 T elecommuters Sharing One[...]

  • Page 18

    Table of Contents P-661H/HW Series User’s Guide 18 16.1 Remote Management Overview ............................. ................ ................ ................ ........ 2 25 16.1.1 Remote Management Limitations ............................ ................... ................ ........... 226 16.1.2 Remote Management and NA T ............ ....[...]

  • Page 19

    Table of Contents P-661H/HW Series User’s Guide 19 19.3 Configuring Log Settings ................. ................ ................. ................ ................ .............. 258 Chapter 20 T ools ............................................ .............................................................................. ............. 261 2[...]

  • Page 20

    Table of Contents P-661H/HW Series User’s Guide 20 Index....................................................... ................................................................... ............. 351[...]

  • Page 21

    List of Figures P-661H/HW Series User’s Guide 21 List of Figures Figure 1 Protected Internet Access Applications ...... ................. ................ ............. ................ ........... ..... 34 Figure 2 LAN-to-LAN Application Example ........... ............. ................ ................ ............. ................ .. ..... 3[...]

  • Page 22

    List of Figure s P-661H/HW Series User’s Guide 22 Figure 39 Advanced Internet Connection ........... ... ............. ................ ............. ................ ................ ....... 80 Figure 40 More Connections ................. ................ ................ ................. ................ ................ .. .............. 82 F[...]

  • Page 23

    List of Figures P-661H/HW Series User’s Guide 23 Figure 82 S tateful Inspection .................... ............. ............. ................ ................ ............. ...... ............... 1 43 Figure 83 Ideal Firewall Setup .................. ................ ................. ............. ................ ............. ... .........[...]

  • Page 24

    List of Figure s P-661H/HW Series User’s Guide 24 Figure 125 Remote Management: WWW .............. ................ ................. ................................ .............. 226 Figure 126 Remote Management: T elnet ........ ...... ....... ................ ............. ................ ................ ........ ... 227 Figure 127 Remote [...]

  • Page 25

    List of Figures P-661H/HW Series User’s Guide 25 Figure 168 Windows XP: St art Menu ..................... ................ ................. ................ ................ ....... ....... 287 Figure 169 Windows XP: Control Panel ................ ... ................. ............. ................ ................ ......... ..... 287 Figure 17[...]

  • Page 26

    List of Figure s P-661H/HW Series User’s Guide 26 Figure 21 1 Conflicting Computer IP Addresses Example ............. ................ ................ ................ ........ 3 21 Figure 212 Conflicting Computer and Router IP Ad dres ses Example .... ................ ................ .............. 322 Figure 213 Peer-to-Peer Communica tion in[...]

  • Page 27

    List of Tables P-661H/HW Series User’s Guide 27 List of Tables T able 1 ADSL St andards ................ ............. ................ ................ ................ ................ .......... ................ 33 T able 2 Front Panel LEDs .. ................ ............. ................ ................ ................ ................ ..[...]

  • Page 28

    List of Tables P-661H/HW Series User’s Guide 28 T able 39 Wireless: WP A-PSK/WP A2-P SK ............ ................ ................. ................................ ............. .1 0 8 T able 40 Wireless: WP A/WP A 2 ............ ................ ................ ................. ............ ................. ........ .......... 1 10 T abl[...]

  • Page 29

    List of Tables P-661H/HW Series User’s Guide 29 T able 82 VPN: Global Setting .................. ................ ................. ................ ................ .............. ........ ..... 202 T able 83 T elec ommuters Sharing One VPN Rule Example ............ ................ ................ ................ ..... 203 T able 84 T elec om[...]

  • Page 30

    List of Tables P-661H/HW Series User’s Guide 30 T able 125 Subnet 2 .. ............. ................ ................ ................ ................. ............ ............... ........... ........ 318 T able 126 Subnet 3 .. ............. ................ ................ ................ ................. ............ ............... .....[...]

  • Page 31

    31 P ART I Introduction Getting T o Know Y our ZyXEL Device (33) Introducing the W eb Configurator (3 9) W izards (53)[...]

  • Page 32

    32[...]

  • Page 33

    P-661H/HW Series User’s Guide 33 C HAPTER 1 Getting To Know Your ZyXEL Device This chapter describes the key features and applications of your ZyXEL Device . 1.1 Introducing the ZyXEL Device The ZyXEL Device is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telephone lines (depending on yo ur[...]

  • Page 34

    Chapter 1 Getting To Kn ow Your ZyXEL Device P-661H/HW Series User’s Guide 34 In the ZyXEL Device product name, “H” denotes an inte grated 4-port switch (hub) and “W” denotes an included wireless LAN card that provides wireless connectivity . Models ending in “1 ”, for example P-661H-D1, denot e a device that works over the analog tel[...]

  • Page 35

    Chapter 1 Getting To Know Your ZyXEL Device P-661H/HW Series User’s Guide 35 Figure 2 LAN-to-LAN Applic ation Example 1.3 W ays to Manage the ZyXEL Device Use any of the following method s to manage the ZyXEL Device. • W eb Configurator . This is recommended fo r everyday management of the ZyXEL Device using a (s upported) web browser . See Cha[...]

  • Page 36

    Chapter 1 Getting To Kn ow Your ZyXEL Device P-661H/HW Series User’s Guide 36 Figure 3 Front Panel The following table describes the LEDs. 1.6 Hardware Connection Refer to the Quick S tart Guide for information on ha rdware connection. 1.7 Splitters and Microfilters This section describes how to connect ADSL splitters and micr ofilters. See your [...]

  • Page 37

    Chapter 1 Getting To Know Your ZyXEL Device P-661H/HW Series User’s Guide 37 1.7.1 Connecting a POTS Splitter When you use the Full Rate (G .dmt) ADSL standard, you can use a POTS (Plain Old T elephone Service) splitter to separate th e telephone and ADSL si gnals. This allows simultaneous Internet access and telephone service on the same lin e. [...]

  • Page 38

    Chapter 1 Getting To Kn ow Your ZyXEL Device P-661H/HW Series User’s Guide 38 Figure 5 Connecting a Microfilter[...]

  • Page 39

    P-661H/HW Series User’s Guide 39 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy ZyXEL Device setup and management via Internet browser . Use Internet Explorer 6.0 and lat[...]

  • Page 40

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 40 4 Ty p e " 192.168.1.1 " as the URL. 5 A window displays as shown. Enter the default admin password 1234 to configure the wizards and the advanced features or enter the default user password user to view the status only . Click Login to proceed to a screen aski[...]

  • Page 41

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 41 Figure 7 Change Password at Login 8 The next screen depends on which password (admin or user) you used in step 5 . Select Go to Wizard setup , and click Apply to display the wizard main screen. Select Go to Advanced setup or V iew Device S tatus , and click Apply to displ[...]

  • Page 42

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 42 2.3 Resetting the ZyXEL Device If you forget your password or cannot access th e web configurator , you will need to use the RESET button at the back of the ZyXEL Device to reload th e factory-default configuration file. This means that you will lose all configura tions [...]

  • Page 43

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 43 " Click the icon (located in the top ri ght corner of most screens) to view embedded help. T able 3 Web C onfigurator Screens Sum mary LINK/ICON SUB-LINK FUNCTION Wizard INTERNET SETUP Use these screens for init ial configuration including general setup, ISP paramete[...]

  • Page 44

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 44 Threshold Use this screen to configure the threshold for DoS attacks. Content Filter Keyword Use this screen to block sites containing certain keywords in the URL. Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. T rus[...]

  • Page 45

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 45 2.4.2 St atu s Screen The following summarizes how to navigate the web configurator from the St a t u s screen. Some fields or links are not available if yo u entered the user password in the login password screen (see Figu re 6 on page 40 ). Figure 10 S tatus Screen The [...]

  • Page 46

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 46 Default Gateway This is the IP address of the default gateway , if applicable. VPI/VCI This is the Virtual Path Identifier and Virtual Channel Identifier th at you entered in the Wizard or W A N screen. LAN Information IP Address This is the LAN po rt IP address. IP Subn[...]

  • Page 47

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 47 2.4.3 St atus: Any IP T able Click the Any IP T able hyperlink in the St a t u s screen. The Any IP table shows current read- only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the ZyXEL D[...]

  • Page 48

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 48 2.4.4 St atus: WLAN St atus (Wireless devices only) Click WLAN S tatus in the St a t u s screen to open this screen. Use this screen to view the wireless stations that are current ly associated to the ZyXEL Device. Figure 12 S tatus: WLAN S tatus The following table desc[...]

  • Page 49

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 49 Figure 13 S tatus: VPN S tatus The following table describes the labels in this screen. 2.4.6 St atus: Bandwidth S tatus Select the Bandwidth S tatus hyperlink in the St a t u s screen. V iew the bandwidth usage of the configured bandwidth rules. This is also shown as ban[...]

  • Page 50

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 50 2.4.7 St atus: Packet St atistics Click the Packet S tatistics hyperlink in the St a t u s screen. Read-only information here includes port status and packet specific statisti cs. Also provided are "system up time" and "poll interval(s)". The Poll Int[...]

  • Page 51

    Chapter 2 Introducing the Web Configurator P-661H/HW Series User’s Guide 51 2.4.8 Changing Login Password It is highly recommended that you periodic ally change the password for accessing the ZyXEL Device. If you didn’t change the default o ne after you logged in or you want to change to a new password again, then click Maintenance > System [...]

  • Page 52

    Chapter 2 Introducing the Web Configur ator P-661H/HW Series User’s Guide 52 Figure 16 System General The following table describes th e fields in this screen. T able 9 System General: Password LABEL DESCRIPTION Old Password T ype the default password or the ex isting p assword you use to access the system in this field. New Password T ype the ne[...]

  • Page 53

    P-661H/HW Series User’s Guide 53 C HAPTER 3 Wizards Use these screens to configure Internet access or to configure basic bandwidth management. " See the advanced menu chapters for ba ckground information on these fields. T o access the wizards , click Go to Wizard setup in Figure 8 on page 41 , or click the wizard icon ( ) in the top right c[...]

  • Page 54

    Chapter 3 Wizards P-661H/HW Series User’s Guide 54 3.1 Internet Setup Wizard Use these screens to configure Internet access and wi reless network settings (wireless devices only). T o access this wizard, click INTERNET/WIRELESS SETUP in the wizard main screen. W ait while the device tries to detect your DSL connection and connection type. Figure [...]

  • Page 55

    Chapter 3 Wizards P-661H/HW Series User’s Guide 55 3.1.2.1 Screen 1 Figure 20 Internet Setup Wiza rd: Manual Configuration Click Back to re turn to the wizard main screen. Click Next to continue to the next screen. Click Exit to close the wizard main screen and return to the St a t u s screen or the main window . 3.1.2.2 Screen 2 This screen lets[...]

  • Page 56

    Chapter 3 Wizards P-661H/HW Series User’s Guide 56 The following table describes the fields in this screen. 3.1.2.3 Screen 3 These screens let you enter the rest of the Inte rnet settings , which depend on the encapsulatio n your Internet connection u s es (and the mode you selected, for RFC1483). This screen appears if your Internet connection u[...]

  • Page 57

    Chapter 3 Wizards P-661H/HW Series User’s Guide 57 The following table describes the fields in this screen. This screen appears if your Intern et connection uses PPPoE encapsulation. Figure 23 Internet Se tup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen. T able 12 Internet Setup Wizard: I SP Parameters (E[...]

  • Page 58

    Chapter 3 Wizards P-661H/HW Series User’s Guide 58 This screen appears if your Internet connecti on uses RFC1483 encapsulation in routing mode. Figure 24 Internet Setup Wiza rd: ISP Parameters (RFC1483 + Routing Mode) The following table describes the fields in this screen. This screen appears if your Internet connection uses PPPoA encapsulation.[...]

  • Page 59

    Chapter 3 Wizards P-661H/HW Series User’s Guide 59 Figure 25 Internet Se tup Wizard: ISP Parameters (PPPoA) The following table describes the fields in this screen. No additional screen appears if your Internet connection us es RFC1483 encapsulation in bridge mode. In this case, the ZyXEL Device imme diately tries to detect the connection again. [...]

  • Page 60

    Chapter 3 Wizards P-661H/HW Series User’s Guide 60 Figure 26 Internet Setu p Wizard: No DSL Connection Click Restart the Internet/Wireless Setup W izard to return to the wizard ma in screen. Click Next to continue to the W ireless Setup W izard (wireless devices only), or click Exit to close the wizard main screen and return to the St a t u s scr[...]

  • Page 61

    Chapter 3 Wizards P-661H/HW Series User’s Guide 61 Figure 28 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. 3 Configure your wireless settin gs in this screen. Click Next . T able 16 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Enable OTIST Select the [...]

  • Page 62

    Chapter 3 Wizards P-661H/HW Series User’s Guide 62 Figure 29 Wireless LAN Setup Wizard 2 The following table describes the labels in this screen. T able 17 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Name(SSID) Enter a descriptive name (up to 32 printabl e 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyX[...]

  • Page 63

    Chapter 3 Wizards P-661H/HW Series User’s Guide 63 " The wireless stations and ZyXEL Device must use the same SSID, channel ID and WEP encryption key (if WEP is enabled), WP A-PSK (if WP A-PSK is enabled) for wirele ss communication. 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (i[...]

  • Page 64

    Chapter 3 Wizards P-661H/HW Series User’s Guide 64 Figure 31 Manually assign a WEP key The following table describes the labels in this screen. 5 Click Apply to save your wireless LAN settings. Figure 32 Wireless LAN Setup: Apply T able 19 Manually assign a WEP ke y LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Devic[...]

  • Page 65

    Chapter 3 Wizards P-661H/HW Series User’s Guide 65 Figure 33 Internet Setup Wizard: Summ ary Screen 6 Use the read-only summary table to check wh ether what you h ave configured is correct. Click Finish to complete and save the wizard se tup.The following table describes the fields in this screen. Launch your web browser and navigate to www .zyxe[...]

  • Page 66

    Chapter 3 Wizards P-661H/HW Series User’s Guide 66 The following table describes the services you can select. T o access this wizard, open the we b configurator (see Section 2.2 on page 39 ) and click BANDWIDTH MANAGEMENT SETUP in the wizard main screen. 3.3.1 Screen 1 Activate bandwidth management and select to a llocate bandwidth to packets ba [...]

  • Page 67

    Chapter 3 Wizards P-661H/HW Series User’s Guide 67 Figure 34 Bandwidt h Management Wizard: General Information The following fields describe the label in this screen. 3.3.2 Screen 2 Use the second wizard screen to select the se rvices that you want to apply bandwidth management, and select the p riorities that you want to apply to the services li[...]

  • Page 68

    Chapter 3 Wizards P-661H/HW Series User’s Guide 68 Figure 35 Bandwidt h Management Wizard: Configuration The following table describes the labels in this screen. T able 23 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Activ e Select an entry’s Active check box to turn on bandwidth management for the service/ application. Servi ce[...]

  • Page 69

    Chapter 3 Wizards P-661H/HW Series User’s Guide 69 3.3.3 Screen 3 Follow the on-screen in structions and click Finish to complete the wizard setup and save your configuration. Figure 36 Bandwid th Management Wizard: Complete[...]

  • Page 70

    Chapter 3 Wizards P-661H/HW Series User’s Guide 70[...]

  • Page 71

    71 P ART II Network WA N S e t u p ( 7 3 ) LAN Setup (89) W ireless LAN (101) Network Address T ranslation (NA T) Screens (123)[...]

  • Page 72

    72[...]

  • Page 73

    P-661H/HW Series User’s Guide 73 C HAPTER 4 WAN Setup This chapter describes how to configure W AN settings. 4.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or the Internet. 4.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP . The ZyXEL Device su pports the following method[...]

  • Page 74

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 74 4.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over A TM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial -up Internet connection. The ZyXEL Device encapsulates the PPP session based on RF C1483 and sends it through an A TM PVC (Permanent V irtual Circuit) to the Inte[...]

  • Page 75

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 75 4.1.4.1 IP Assignment with PPPoA or PPPoE Encap sulation If you have a dynamic IP , then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP , then you only need to fill in the IP Addr e ss field and not the ENET ENCAP Gateway field. 4.1.4.2 IP Assignm[...]

  • Page 76

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 76 For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal rout e fails to connect to the Intern et, the Z[...]

  • Page 77

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 77 4.3.1 A TM T raffic Classes These are the basic A TM traffic classes define d by the A TM Forum Traf fic Ma nagement 4.0 Specification. 4.3.1.1 Const ant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is genera[...]

  • Page 78

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 78 4.5 Internet Connection T o change your ZyXEL Device’ s W AN remote node settings, click Network > W AN . The screen dif fe rs by the encapsulation. See Section 4.1 on page 7 3 for more information. Figure 38 Internet Conne ction (PPPoE) The following table describes the labels in this scr[...]

  • Page 79

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 79 4.5.1 Configuring Advance d Internet Connection T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Internet Connection screen. The screen appears as shown. Service Name (PPPoE only) T ype the name of your PPPoE service here. Multiplexing Select the[...]

  • Page 80

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 80 Figure 39 Advanced Internet Connection The following table describes the labels in this screen. T able 25 Advanced Internet Connection LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing informat[...]

  • Page 81

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 81 4.6 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gate way and the network behind it across a W AN connection. When you use the W AN > Internet Connection scree n to set up Interne[...]

  • Page 82

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 82 Figure 40 More Connections The following table describes the labels in this screen. 4.6.1 More Connections Edit Click the edit icon in the More Connections screen to configure a connection . T able 26 More Connections LABEL DESCRIPTION # This is the index number of a connection. Active This dis[...]

  • Page 83

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 83 Figure 41 More Connections Edit The following table describes the labels in this screen. T able 27 More Connections Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, de scriptive name of up to 13 ASCII chara[...]

  • Page 84

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 84 User Name (PPPoA and PPPoE en capsulation only) Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domai n identifies a service name, then enter both compone nts exactly as given. Password (PPPoA and PPPoE encap sulation only ) Enter the password [...]

  • Page 85

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 85 4.6.2 Configuring More Connections Advanced Setup T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Mor e Connections Edit screen. The scree n appears as shown. Figure 42 More Connections Advanced Setup The following table describes the labels in [...]

  • Page 86

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 86 4.7 T raffic Redirect T raffic redirect forwards traf fic to a backup gate way when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below . Figure 43 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues wh[...]

  • Page 87

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 87 Figure 44 T raffic Redirect LAN Setup 4.8 Configuring W AN Backup Setup T o change your ZyX EL Device’ s W AN backup settings , click WA N > W AN Backup Setup . The screen appears as shown. Figure 45 W AN Backup Setup[...]

  • Page 88

    Chapter 4 WAN Setup P-661H/HW Series User’s Guide 88 The following table describes the labels in this screen. T able 29 W AN Backup Setup LABEL DESCRIPTION Backup T ype Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have [...]

  • Page 89

    P-661H/HW Series User’s Guide 89 C HAPTER 5 LAN Setup This chapter describes how to configure LAN settings. 5.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a building. The LAN screen[...]

  • Page 90

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 90 5.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server . Y ou ca n configure the ZyXEL Device as a DHCP server or disable it. When configured as a server , the ZyXEL Device provides t[...]

  • Page 91

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 91 • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS S[...]

  • Page 92

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 92 Y ou can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small or ga nization and your Internet access is through an ISP , the ISP can provide you with the Internet addresses for y our local networks. On the other hand, if you a[...]

  • Page 93

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 93 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assi gned to the permanent group of all IP hosts (including gateways). All hosts must join the 22 4.0 .0.1 group in order to partic ipate in IGMP . The address 2[...]

  • Page 94

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 94 " Y ou must enable NA T/SUA to use the Any IP feature on the ZyXEL Device. 5.2.4.1 How Any IP W orks Address Resolution Protocol (ARP) is a prot ocol for mapping an Internet Protocol address (IP address) to a physical machine address, al so known as a Media Access Control or MAC address, o[...]

  • Page 95

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 95 The following table describes th e fields in this screen. 5.3.1 Configuring Advanced LAN Setup T o edit your ZyXEL Device's advanced LAN settings, click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 49 Advanced LAN Setup The following table describes t[...]

  • Page 96

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 96 5.4 DHCP Setup Use this screen to configure th e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. RIP V ersion This field is enabled if RIP Direction is not None . The RIP V e rsion field controls the format and the broadcasting method of the RIP packe t[...]

  • Page 97

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 97 Figure 50 DHCP Setup The following table describes the labels in this screen. T able 32 DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP Select what type of DHCP services the ZyXEL Device provides to the network. Choices are: None - the ZyXEL Device does not pr ovide any DHCP services. There is alr[...]

  • Page 98

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 98 5.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of hexadec ima[...]

  • Page 99

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 99 5.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyXEL Device s upports three logical LA N interfaces via its single physical Ethernet interface with th e ZyXEL Device itself as the gateway for each LAN [...]

  • Page 100

    Chapter 5 LAN Setup P-661H/HW Series User’s Guide 100 Figure 53 LAN IP Alias The following table describes the labels in this screen. T able 34 LAN IP Alias LABEL DESCRIPTION IP Alias 1, 2 S elect the check box to confi gure another LAN network for the ZyXEL Devi ce. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.[...]

  • Page 101

    P-661H/HW Series User’s Guide 101 C HAPTER 6 Wireless LAN This chapter discusses how to configure the wireless ne twork settings in your device (wireless devices only). See the appendices for more detailed information about wireless networks. 6.1 Wireless Network Overview The following figure provides an exampl e of a wireless network. Example of[...]

  • Page 102

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 102 • Every device in the sa me wireless network mu st use security compatible with the ZyXEL Device. Security stops unauthorized devices from using the wireless network. It ca n also protect the information that is sent in the wireless network. 6.2 Wireless Security Overview The following se[...]

  • Page 103

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 103 Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and p assword. Then, they can use that user name and password [...]

  • Page 104

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 104 When you select WP A2 or WP A2-PSK in your ZyXEL Device, you can also select an option ( WP A compatible ) to support WP A as well. In this case, if s ome of the devices supp ort WP A and some support WP A2, you should set up WP A2-PSK or WP A2 (depending on the ty pe of wireless network lo[...]

  • Page 105

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 105 Figure 54 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. See the rest of this chapter for informa tion on the other labels in this screen. 6.4.1 No Security Select No Security to allow wireless clients to commun icate with the access poin[...]

  • Page 106

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 106 " If you do not enable any wi reless security on your Zy XEL Device, your network is accessible to any wireless network ing device that is within range. Figure 55 Wireless: No Security The following table describes the labels in this screen. 6.4.2 WEP Encryption WEP encryption scramble[...]

  • Page 107

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 107 Figure 56 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. 6.4.3 WP A-PSK/WP A2-PSK In order to configure and enable WP A(2)-PSK authentication; click Network > Wir eless LAN to display the Ge neral screen. Select WP A-PSK or[...]

  • Page 108

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 108 Figure 57 Wireless: WP A-PSK/WP A2-PSK The following table describes the wireless LAN security labels in this screen. T able 39 Wireless: WP A-PSK/W P A2-PSK LABEL DESCRIPTION Security Mode Choose WP A-PSK or WP A2-PSK from the drop-down list box. WP A Compatible This check bo x is availabl[...]

  • Page 109

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 109 6.4.4 WP A/WP A2 In order to configure and enable WP A/WP A2; click the W ireless LAN link under Network to display the General screen. Select WP A or WP A2 from the Security Mo de list. Figure 58 Wireless: WP A/WP A2 Group Key Update T imer (In Seconds) The Group Key Up date Timer is the r[...]

  • Page 110

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 0 The following table describes the wireless LAN security labels in this screen. T able 40 Wireless: WPA/WPA2 LABEL DESCRIPTION WP A Compatible This check box is available onl y when you select WP A2-PSK or WP A2 in the Security Mode field. Select the check box to have both WP A2 and WP A wi[...]

  • Page 111

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 111 6.4.5 Wireless LAN Advanced Setup T o configure advanced wi reless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 59 Wireless LAN: Advanced The following table describes the labels in this screen. T able 41 Wireless LAN: Advanced LABEL D[...]

  • Page 112

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 2 6.5 OTIST In a wireless network, the wireless clients mu st have the same SSID and security settings as the access point (AP) or wireless router (we wi ll refer to both as “AP” here) in order to associate with it. T raditionally th is meant that you ha d to configure the settings on th[...]

  • Page 113

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 3 6.5.1.1.1 Reset button If you use the RESET button, the default (0 1234567) or previous saved (through the web configurator) Setup key is used to encrypt the settings that you want to transfer . Hold in the RESET button for one to five seconds . " If you hold in the RESET button too l[...]

  • Page 114

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 4 6.5.1.2 Wireless Client On your wireless client, star t the ZyXEL utility and click the Adapter tab. Select the OTIST check box, enter the same Setup Key as your AP’ s and click Save . Figure 61 Example Wireless Client OTIST Screen 6.5.2 St arting OTIST " Y ou must click Sta r t in [...]

  • Page 115

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 5 2 This screen appears while OTIST settings ar e being transferred. It closes when the transfer is complete. 3 In the wireless client, you see this screen if i t can't find an OTIST -enabled AP (with the same Setup key ). Click OK to go back to the ZyXEL utility main screen. Figure 65 [...]

  • Page 116

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 6 6.6 MAC Filter The MAC filter screen allows you to configure the ZyXEL Device to give exclusive access to up to 32 devices ( Allow ) or exclude up to 32 devices from accessing the ZyXEL Device ( Deny ). Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC addres[...]

  • Page 117

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 7 6.7 WMM QoS WMM (W i-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traf fic according to the delivery requirements of individual services. WMM is a part of the IEEE 802.1 1e QoS enhanc ement to certified W i-Fi wireless networks. 6.7.1 WMM QoS Example When WMM Q[...]

  • Page 118

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 8 6.7.3 Services The commonly used services and port numbers ar e shown in the following table . Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicat es the IP protocol type (TCP , UDP , o[...]

  • Page 119

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 11 9 6.8 QoS Screen The QoS screen by default allows you to au tomatically give a service a priority level according to the T oS value in the IP header of the packets it sends. PING(ICMP:0) Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote ho[...]

  • Page 120

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 120 6.8.1 T oS (T ype of Service) and WMM QoS T oS defines the DS (Differentiated Service) fiel d in the IP packet header . The T oS value of outgoing packe ts is between 0 and 255. 0 is the lowest priority . WMM QoS checks the T oS in the header of transm itted data packets. It gives the appli[...]

  • Page 121

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 121 6.8.2 Application Pr iority Configuration T o edit a WMM QoS application en try , click the edit icon under Modi fy . The following screen displays. Figure 69 Application Priority Configuration The following table describes the fields in this screen. Modify Click the Edit icon to open the A[...]

  • Page 122

    Chapter 6 Wireless LAN P-661H/HW Series User’s Guide 122 Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. •F T P File T ran sfer Program enables fast transfe r of files, including large files that may not be possible by e-mail. FTP uses port number 21. • [...]

  • Page 123

    P-661H/HW Series User’s Guide 123 C HAPTER 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NA T on the ZyXEL Device. 7.1 NA T Overview NA T (Netw ork Address T ransl ation - NA T , RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used w[...]

  • Page 124

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 124 7.1.2 What NA T Do es In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the respon se comes ba[...]

  • Page 125

    Chapter 7 Network Address Translation (NAT ) Screens P-661H/HW Series User’s Guide 125 Figure 71 NA T Application With IP Alias 7.1.5 NA T Mapping T ypes NA T suppo rts five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyXEL Devi ce maps one local IP address to one global IP address. • Many to One : In Many-to-On[...]

  • Page 126

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 126 The following table summarizes these types. 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server . The ZyXEL Device also supports Full Fea[...]

  • Page 127

    Chapter 7 Network Address Translation (NAT ) Screens P-661H/HW Series User’s Guide 127 Figure 72 NA T General The following table describes the labels in this screen. 7.4 Port Forwarding A port forwarding set is a list of inside (behind NA T on the LAN) servers, for example, web or FTP , that you can make visible to the outsid e world even though[...]

  • Page 128

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 128 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup. 7.4.2 Port Forwarding: Se rvices and Port Numbers Use the Port Forwarding screen [...]

  • Page 129

    Chapter 7 Network Address Translation (NAT ) Screens P-661H/HW Series User’s Guide 129 Figure 73 Multiple Servers Be hind NA T Example 7.5 Configuring Port Forwarding " The Port Forwarding screen is available only when you select SUA Only in the NA T > General screen. " If you do not assign a Default Server IP address, the Zy XEL Dev[...]

  • Page 130

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 130 Figure 74 Port Forwarding The following table describes th e fields in this screen. T able 52 Port Forwarding LABEL DESCRIPTION Default Server Setup Default Server In addition to the servers for specified services, NA T supports a default server . A default se[...]

  • Page 131

    Chapter 7 Network Address Translation (NAT ) Screens P-661H/HW Series User’s Guide 131 7.5.1 Port Forwarding Rule Edit T o edit a port forwarding rule, c lick the rule’ s edit icon in the Port Forwarding screen to display the screen shown next. Figure 75 Port Forwarding Rule Setup The following table describes th e fields in this screen. 7.6 Ad[...]

  • Page 132

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 132 Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify . When a rule matches the cu rrent packet, the ZyXEL Device takes the corresponding action and the rema ining rules are ignored. If ther e are any empty [...]

  • Page 133

    Chapter 7 Network Address Translation (NAT ) Screens P-661H/HW Series User’s Guide 133 7.6.1 Address Mapping Rule Edit T o edit an address mapping rule, click the rule’ s edit icon in the Address Mapping screen to display the screen shown next. Figure 77 Edit Address Mapping Rule Ty p e 1-1 : One-to-one mode maps one local IP address to one glo[...]

  • Page 134

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-661H/HW Series User’s Guide 134 The following table describes th e fields in this screen. T able 55 Edit Address Mapping Rule LABEL DESCRIPTION Ty p e Choose the port mapping type from one of the following. One-to-One : One-to-One mode maps one local IP address to one global IP address. Note[...]

  • Page 135

    135 P ART III Security Firewalls (137) Firewall Configuration (149) Content Filtering (171) Introduction to IPSec (175) VPN Screens (181)[...]

  • Page 136

    136[...]

  • Page 137

    P-661H/HW Series User’s Guide 137 C HAPTER 8 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designe d to prevent the spread of fire from one room to another . The ne tworking term “firewa[...]

  • Page 138

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 138 8.2.2 Applicatio n-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP, FTP and tel net, they can evaluate network packets for valid applicatio n-sp ecific data. [...]

  • Page 139

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 139 8.3.1 Denial of Service Att acks Figure 78 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet. Their goal is not to st eal in formation, but to disable a device or ne twork so users no lo[...]

  • Page 140

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 140 8.4.2 T ypes of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death " and &qu[...]

  • Page 141

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 141 Figure 80 SYN Flood •I n a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of the targeted system . This makes it appear as if the host computer sent the packets to itself, making the sy stem unavailable while the target system tries to respond to it[...]

  • Page 142

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 142 8.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that works in concert with IP . The following ICMP types trigger an alert: 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. All SMTP commands are illegal exce[...]

  • Page 143

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 143 are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By de fault, the ZyXEL Device’ s stateful inspection allows all communications to the Internet that or iginate from the LAN, and blocks all traffic to the LAN[...]

  • Page 144

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 144 6 Later , an inbound packet reac hes the interface . This packet is part of the connection previously established with the outbound packet. The inbound packet is ev aluated against the inbound access list, and is permitted because of the temporary access list entry previously crea ted. 7 The p[...]

  • Page 145

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 145 If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the In ternet. Assuming that this is an acceptable part of the security policy (as is the case w ith the default policy), the connection will be allowed. A cache entry is added[...]

  • Page 146

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 146 8.6 Guidelines for Enhancing Security with Y our Firewall • Change the default pa ssword. • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use. An y enabled service could present a potential security risk. A determ[...]

  • Page 147

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 147 • Always shred confidential inform ation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or indivi duals for information that might help them in an attack. 8.7 Packet Filtering Vs Firewall Below are some comparisons be tween the Z[...]

  • Page 148

    Chapter 8 Firewalls P-661H/HW Series User’s Guide 148 • T o selectively bloc k/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traf fic originating from an inside host or an ou tside host by IP address. • The firewall performs better than filtering if you need[...]

  • Page 149

    P-661H/HW Series User’s Guide 149 C HAPTER 9 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer . For this rea son, it is recommended that you config ure your fi[...]

  • Page 150

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 150 Y ou may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. " If you configure firewall rules without a good underst anding of how they work, you might inadvertently introduce securi ty risks to the fire wall and to the p[...]

  • Page 151

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 151 2 Does this rule stop LAN us ers from accessing critical reso urces on the Internet? For example, if IRC is blocke d, are th ere us ers that require this service? 3 Is it possible to modify the rule to be more specific? For ex ample, if IRC is blocked for all users, will a rule th[...]

  • Page 152

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 152 9.4.1 LAN to W AN Rules The default rule for LAN to W AN traf fic is that all users on the LAN are allowed non- restricted access to the W AN. When you config ure a LAN to W AN rule, you in essence want to limit some or all users from accessing cer tain services on the W A N. W AN[...]

  • Page 153

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 153 Figure 84 “T ria ngle Route” Problem 9.5.2 Solving the “T ri angle Route” Problem Y ou can have the ZyXEL Device allow triangle route sessions . However this can allow traffic from the W AN to go directly to a LAN computer without p assing through the ZyXEL Device and its [...]

  • Page 154

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 154 9.6 General Firewall Policy Click Security > Fir ew all to display the followi ng screen. Activate the firewall by selecting the Active Fir ewall check box as seen in the following screen. Refer to Section 8.1 on page 137 for more information. Figure 86 Firewall: General The fo[...]

  • Page 155

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 155 9.7 Firewall Rules Summary " The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 137 for more information. Click Security > Firewall > Rules to bring up the following scre en. This scree n displays a list of the config[...]

  • Page 156

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 156 Figure 87 Firewall Rules The following table describes the labels in this screen. T able 61 Firewall Rules LABEL DESCRIPTION Firewall Rules S torage S pace in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using[...]

  • Page 157

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 157 9.7.1 Configuring Firewa ll Rules Refer to Section 8.1 on page 137 for more information. In the Rules screen, select an index number and cl ick Add or click a rule’ s Edit icon to display this screen and refer to the following table for information on the labels. Log This field [...]

  • Page 158

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 158 Figure 88 Firewall: Edit Rule[...]

  • Page 159

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 159 The following table describes the labels in this screen. T able 62 Firewall: Edit Rule LABEL DESCRIPTION Activ e Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewall is to do with p ackets that match this[...]

  • Page 160

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 160 9.7.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. See Append ix E on page 337 for a list of commonly use[...]

  • Page 161

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 161 Refer to Section 8.1 on page 137 for more information. Figure 90 Firewall: Configure Customized Services The following table describes the labels in this screen. 9.8 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “MyService” connecti[...]

  • Page 162

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 162 Figure 91 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall r[...]

  • Page 163

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 163 Figure 93 Firewall Example: Edit Ru le: Des tination Addres s 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " Custom services show up with an “*” before the[...]

  • Page 164

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 164 Figure 94 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the W AN to IP addresses 10.0.0.10 through [...]

  • Page 165

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 165 Figure 95 Firewall Example: Rules: MyService 9.9 Anti Probing If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists. The ZyXEL Device support[...]

  • Page 166

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 166 The following table describes the labels in this screen. 9.10 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established. These thresholds ap ply globally to all sessions. Y ou can use the default thres[...]

  • Page 167

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 167 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service a ttack is occurring. For TCP , "half- open" means that the session has not reached the establis h[...]

  • Page 168

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 168 Figure 97 Firewall: Threshold s The following table describes the labels in this screen. T able 66 Firewall: Thresholds LABEL DESCRIPTION Denial of Service Thresholds The ZyXEL Device measures both the tota l number of existing half-open sessions and the rate of session establishm[...]

  • Page 169

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 169 TCP Maximum Incomplete An unusually h igh number of ha lf-open sessions with the same desti nation host address could indicate that a DoS attack is being launched against the host. S pecify the number of existing half-o pen TCP sessions with the same destination host IP address th[...]

  • Page 170

    Chapter 9 Firewall Configuration P-661H/HW Series User’s Guide 170[...]

  • Page 171

    P-661H/HW Series User’s Guide 171 C HAPTER 10 Content Filtering This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web sites that contain key words (tha[...]

  • Page 172

    Chapter 10 Content Filtering P-661H/HW Series User’s Guide 172 Figure 98 Content Filter: Keyword The following table describes the labels in this screen. 10.3 Configuring the Schedule T o set the days and times for the ZyXEL De vice to perform content filtering, click Security > Content Filter > Schedule . The screen appears as shown. T abl[...]

  • Page 173

    Chapter 10 Con tent Filtering P-661H/HW Series User’s Guide 173 Figure 99 Content Filter: Schedule The following table describes the labels in this screen. 10.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content filtering on your Zy XEL Device, click Security > Content Filter > Tr u s t e d . The screen appe[...]

  • Page 174

    Chapter 10 Content Filtering P-661H/HW Series User’s Guide 174 Figure 100 Content Filter: Trusted The following table describes the labels in this screen. T able 69 Content Filter: T rus ted LABEL DESCRIPTION T rusted User IP Range From T ype the IP address of a computer (or the beginn ing IP address of a specific range of computers) on the LAN t[...]

  • Page 175

    P-661H/HW Series User’s Guide 175 C HAPTER 11 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 1 1 .1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications between sites without the expense of leased site-to-site lines. A secure VP N is a combination of tunneling, encryption, authentication, access c[...]

  • Page 176

    Chapter 11 Introduction to IPSec P-661H/HW Series User’s Guide 176 Figure 101 Encryption an d Decryption 1 1.1.3.2 Data Confide ntiality The IPSec sender can encrypt packets befo re transmitting them across a network. 1 1.1.3.3 Dat a Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been al[...]

  • Page 177

    Chapter 11 Introdu ction to IPSec P-661H/HW Series User’s Guide 177 Figure 102 IPSec Architecture 1 1.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406 ) and AH (Authentication Header) protocol (RFC 2402 ) describe the packet format s and the default standards for packet structure (including implemen tation algorith[...]

  • Page 178

    Chapter 11 Introduction to IPSec P-661H/HW Series User’s Guide 178 Figure 103 T ransport and T unnel Mode IPSec Encap sulation 1 1.3.1 T ransport Mode Tr a n s p o r t mode is used to protect up per layer prot ocols and only affects the data in the IP packet. In Tr a n s p o r t mode, the IP packet conta ins the security protoc ol ( AH or ESP ) l[...]

  • Page 179

    Chapter 11 Introdu ction to IPSec P-661H/HW Series User’s Guide 179 A NA T device in between the IPSec endpoints w ill rewrite either the source or destination address with one of it s own choosing. The VPN device at the receiving end wil l verify the integrity of the incoming packet by computing its own hash value, and complain that the hash val[...]

  • Page 180

    Chapter 11 Introduction to IPSec P-661H/HW Series User’s Guide 180[...]

  • Page 181

    P-661H/HW Series User’s Guide 181 C HAPTER 12 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for in formation on viewing logs and the appendix for IPSec log descriptions. 12.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 12.2 IPSec Algor[...]

  • Page 182

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 182 12.3 My IP Address My IP Address is the W AN IP address of th e ZyX EL Device. The ZyXEL Device has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0 : • The ZyXEL Device uses the current ZyXEL Device W AN IP a[...]

  • Page 183

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 183 If the remote secure gateway has a static W AN IP address, enter it in the Secure Gateway Address field. Y ou may alternatively enter the remote secure gatewa y’ s domain name (if it has one) in the Secure Gateway A ddress field. Y ou can also enter a remote secure gateway’ s domain na[...]

  • Page 184

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 184 Figure 105 VPN Setup The following table describes the fields in this screen. T able 72 VPN Setup LABEL DESCRIPTION No. This is the VPN policy index number . Click a number to edit VPN policies. Activ e This field displays whether the VPN policy is acti ve or not. A Ye s signifies that this[...]

  • Page 185

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 185 12.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the ZyX EL Device automatically renegotiates the tunnel wh en the IPSec SA lifetime period expires (see Section 12.12 on page 193 for more on the IPSec SA lifetime). In ef fe ct, the IPSec tunnel becomes an “alway[...]

  • Page 186

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 186 Finally , NA T is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the "o riginal header pl us original payload," which is unchanged by a NA T device. The compatibility of AH and ESP w ith NA T in tunnel an d transport modes is summ[...]

  • Page 187

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 187 12.9 ID T y pe and Content W ith aggressive negotiation mode (see Section 12.12.1 on pa ge 194 ), the ZyXEL Device identifies incoming SAs by ID type and conten t since this identifying information is not encrypted. This enables the ZyXEL Device to distinguish between multip le rules for S[...]

  • Page 188

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 188 12.9.1 ID T ype and Content Examples T wo IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two ZyXEL Devices in this example ca n complete negotiation and establish a VPN tunnel. The two ZyXEL Devices in this example cann ot complete th[...]

  • Page 189

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 189 Figure 108 Edit VPN Policies The following table describes the fields in this screen. T able 78 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy . This opti on determines whether a VPN rule is applied before a packet leaves the firew[...]

  • Page 190

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 190 Name T ype up to 32 characters to identify this VPN policy . Y ou may use any character, including spaces, but the ZyXEL Device drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box. IKE provides more protection so it is generally recommended. Manual is a us[...]

  • Page 191

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 191 IP Address S tart When the Remote Address T ype field is configured to Single , ente r a (static) IP address on the network behind the remote IPSec router . When the Remote Address T ype field is configure d to Range , en ter the beginning (static) IP address, in a range of computers on t [...]

  • Page 192

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 192 Content The configuration of the peer c ontent depend s on the peer ID type. For IP , type th e IP address of the comput er with which you will make the VPN connection. If you configure this field to 0 .0.0.0 or leave it blank, the ZyXEL Device will use the address in th e Secu re Gateway A[...]

  • Page 193

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 193 12.12 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA a nd the second one uses that SA to negotiate SAs for IPSe c. Figure 109 T wo Phases to Set Up the IPSe[...]

  • Page 194

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 194 • Choose an authentication algorithm • Choose whether to enable Perfect Forward Secrecy (PFS) using Dif fie-Hellman public- key cryptography – see Section 12.12.3 on page 194 . Select None (the default) to disable PFS. • Choose T unnel mode or T ransport mode. • Set the IPSec SA l[...]

  • Page 195

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 195 12.13 Configuring Advanced IKE Settings Click Advanced in the Edit VPN Policies screen to open this screen. Figure 1 10 Advanced VPN Policies The following table describes the fields in this screen. T able 79 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protoc ol Ente r 1 for ICMP , 6[...]

  • Page 196

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 196 Phase 1 Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs con necting through a secure g ateway must have the same negotiatio n mode. Pre-Shared Key T ype your pre-shared key in this fi eld. A pre -shared key identifies a communicating party during a phase[...]

  • Page 197

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 197 12.14 Manual Key Setup Manual key managemen t is useful if you have problem s with IKE key management . 12.14.1 Security Parameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol. This data allows for the mult[...]

  • Page 198

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 198 Figure 1 1 1 VPN: Manual Key The following table describes the fields in this screen. T able 80 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy . Name T ype up to 32 characters to identify this VPN policy . Y ou may use any character ,[...]

  • Page 199

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 199 DNS Server (for IPSec VPN) If there is a private D NS server that se rvices the VPN, type its IP address here. The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS serve[...]

  • Page 200

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 200 12.16 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monito r screen as shown. Use this screen to display and ma nage active VPN conn ections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel. This screen displays active V[...]

  • Page 201

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 201 When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or inbound traffic is "idle" and does not timeo ut until the SA lifetime period expires. See Section 12. 6 on page 185 on keep alive to have the Zy[...]

  • Page 202

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 202 The following table describes the fields in this screen. 12.18 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL D e vice at head quarters. The te lecommuters use IPSec routers with dynamic W AN IP addresse s. [...]

  • Page 203

    Chapter 12 VP N Screens P-661H/HW Series User’s Guide 203 12.18.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresse s (use Dynamic DNS to do this). W ith aggressive negotiation mode (see Section 12.12.1 o[...]

  • Page 204

    Chapter 12 VPN Screens P-661H/HW Series User’s Guide 204 12.19 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you should config ure remote management ( Remote Management ) to allow access for that service. T able 84 T elecommuters Using Uniq ue VPN Rules Example T ELECOMMUTERS HEADQUARTER S All T elecommuter Rule s: All [...]

  • Page 205

    205 P ART IV Advanced S tatic Route (207) Bandwidth Management (2 11) Dynamic DNS Setup (221) Remote Management Configurat ion (225) Universal Plug-and-P lay (UPnP) (237)[...]

  • Page 206

    206[...]

  • Page 207

    P-661H/HW Series User’s Guide 207 C HAPTER 13 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 13.1 S t atic Route The ZyXEL Device usually uses the default ga teway to route outbound traffic fro m computers on the LAN to the Internet. T o have the ZyX EL Device send data to devices not reachable through t[...]

  • Page 208

    Chapter 13 Static Rou te P-661H/HW Series User’s Guide 208 13.2 Configuring S t atic Route Click Advanced > S tatic Route to open the St a t i c R o u t e scree n. Figure 1 17 S tatic Ro ute The following table describes the labels in this screen. 13.2.1 S tatic Route Edit Select a static route index numb er and click Edit . The screen shown n[...]

  • Page 209

    Chapter 13 Static Route P-661H/HW Series User’s Guide 209 Figure 1 18 S tatic Ro ute Edit The following table describes the labels in this screen. T able 86 Static Rou te Edit LABEL DESCRIPTION Activ e This field allows you to activa te/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to del e[...]

  • Page 210

    Chapter 13 Static Rou te P-661H/HW Series User’s Guide 210[...]

  • Page 211

    P-661H/HW Series User’s Guide 21 1 C HAPTER 14 Bandwidth Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth managem ent logs. 14.1 Bandwid th Management Overview ZyXEL ’ s Bandwidth Management allows you to specify bandwidth management rules based on an[...]

  • Page 212

    Chapter 14 Bandwid th Manageme nt P-661H/HW Series User’s Guide 212 Figure 1 19 Subnet-based Band width Management Example 14.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth classes based on a combination of a subnet and an application. The following exam ple table shows bandwidth alloca tions for application[...]

  • Page 213

    Chapter 14 Bandwidth Management P-661H/HW Series User’s Guide 213 14.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth. 14.6 Maximize Bandwid th Usage The maximize bandwi dth us[...]

  • Page 214

    Chapter 14 Bandwid th Manageme nt P-661H/HW Series User’s Guide 214 The ZyXEL Device divides up the unb udgeted 2048 kbps among the class es that require more bandwidth. If the administratio n department only uses 1024 kbps of the budg eted 2048 kbps, the ZyXEL Device also divides the remaining 10 24 kbps among the classes that re quire more band[...]

  • Page 215

    Chapter 14 Bandwidth Management P-661H/HW Series User’s Guide 215 14.6.3 Over Allotment of Bandw id th Y ou can set the bandwidth management speed fo r an interface higher than the interface’ s actual transmission speed. Higher priority traf fi c gets to use up to its allocated bandwidth, even if it takes up all of the interface’ s ava ilable[...]

  • Page 216

    Chapter 14 Bandwid th Manageme nt P-661H/HW Series User’s Guide 216 Figure 120 Bandwidth Ma nagement: Summary The following table describes the labels in this screen. T able 93 Media Bandwidth Ma nagement: Summary LABEL DESCRIPTION Interface These read-only l abels represent the physica l interfaces. Select an in terface’s check box to enable b[...]

  • Page 217

    Chapter 14 Bandwidth Management P-661H/HW Series User’s Guide 217 14.8 Bandwid th Management Rule Setup Y ou must use the Bandwidth Management Summary scr een to enable bandwi dth management on an interface before yo u can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 1[...]

  • Page 218

    Chapter 14 Bandwid th Manageme nt P-661H/HW Series User’s Guide 218 14.8.1 Rule Configuration Click the Edit icon or select User define in the Service field to configure a bandwidth management rule. Use bandwidth rul e s to allo cate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. Figure 122 Ban[...]

  • Page 219

    Chapter 14 Bandwidth Management P-661H/HW Series User’s Guide 219 Use All Managed Bandwidth Select this option to allow a rule to borrow unuse d bandwidth on the interface. Bandwidth borrowing is governed by the priori ty of the rules. That is, a rule with the highest priority is the first to borrow bandwidth. Do not select this if you want to le[...]

  • Page 220

    Chapter 14 Bandwid th Manageme nt P-661H/HW Series User’s Guide 220 14.9 Bandwid th Monitor T o view the ZyXEL Device’ s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Mon itor . The screen appears as shown. Selec t an interface from the drop-down list box to view the bandwidth usa ge of its bandwidth rules. Figure 123 [...]

  • Page 221

    P-661H/HW Series User’s Guide 221 C HAPTER 15 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 15.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in Ne tMeeting, CU-SeeMe, etc.). Y ou can [...]

  • Page 222

    Chapter 15 Dy namic DNS Se tup P-661H/HW Series User’s Guide 222 Figure 124 Dynamic DNS The following table describes th e fields in this screen. T able 97 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dy namic DNS. Service Prov ider This i s the name of your Dynamic DNS service provider . Dynamic[...]

  • Page 223

    Chapter 15 Dynamic DNS Setup P-661H/HW Series User’s Guide 223 Dynamic DNS server auto detect IP Address Select this option only when the re are one or more NA T routers between the ZyXEL Device and the DDNS server . This fea ture has the D DNS server auto matically detect and use the IP address of the NA T router that has a public IP address. No[...]

  • Page 224

    Chapter 15 Dy namic DNS Se tup P-661H/HW Series User’s Guide 224[...]

  • Page 225

    P-661H/HW Series User’s Guide 225 C HAPTER 16 Remote Management Configuration This chapter provides information on config uring remote management. 16.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from which computers. " When you configure remo[...]

  • Page 226

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 226 16.1.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP address. If it does n[...]

  • Page 227

    Chapter 16 Remote Ma nagement Configuration P-661H/HW Series User’s Guide 227 The following table describes the labels in this screen. 16.3 T elnet Y ou can use T elnet to access the ZyXEL De vice’ s command line inte rface. Specify which interfaces allow T elnet access a nd fro m which IP address the access can come. 16.4 Configuring T elnet C[...]

  • Page 228

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 228 The following table describes the labels in this screen. 16.5 Configuring FTP Y ou can use FTP (File T ransfer Protocol) to upload and download the ZyXEL Device’ s firmware and configuration files. T o use this f eature, your computer must have an FTP client. T o chang[...]

  • Page 229

    Chapter 16 Remote Ma nagement Configuration P-661H/HW Series User’s Guide 229 16.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol used for ex changing management information b e tween network devices. SNMP is a member of the TCP/IP protocol suite. Y our ZyXEL Device support s SNMP agent functiona lity , which allows a manager stat[...]

  • Page 230

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 230 An agent is a management software module that resi des in a managed device (the ZyXEL Device). An agent translates the local manageme nt information from the managed device into a form compatible with SN MP . The mana ger is the console through wh ich network administrat[...]

  • Page 231

    Chapter 16 Remote Ma nagement Configuration P-661H/HW Series User’s Guide 231 16.6.3 Configuring SNMP T o change your ZyX EL Device’ s SNMP settings, c lick Advanced > Remote MGMT > SNMP . The screen appears as show n. Figure 129 Remote Mana gement: SNMP The following table describes the labels in this screen. W armS tart 1.3.6.1.6.3.1.1.[...]

  • Page 232

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 232 16.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. T o change your ZyXEL Device’ s DNS settings, click Advanced > Remote MGMT > DNS . The s[...]

  • Page 233

    Chapter 16 Remote Ma nagement Configuration P-661H/HW Series User’s Guide 233 The following table describes the labels in this screen. 16.8 Configuring ICMP T o change your ZyX EL Device’ s security setting s, click Advanced > Remote MGMT > ICMP . The scre en appears as shown. If an outside user attempts to probe an unsupp orted port on y[...]

  • Page 234

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 234 16.9 TR-069 (P-661H Only) TR-069 is a protocol that de fines how your ZyXEL Device can be managed via a management server such as ZyXEL ’ s V antage CNM Acce ss. An administrator can use CNM Access to remotely set up the ZyXEL Device, mo dify settings, perform firmware[...]

  • Page 235

    Chapter 16 Remote Ma nagement Configuration P-661H/HW Series User’s Guide 235 The following table gi ves a description of TR-069 commands. T able 106 TR-069 Commands ROO T COMMAND OR SUBDIRECTO RY COMMAND DESCRIPTION wan tr069 All TR-069 related commands mu st be preceded by wan tr069 . load S tart configuring TR-069 on your ZyXEL Device. active [...]

  • Page 236

    Chapter 16 Remote Management Configuration P-661H/HW Series User’s Guide 236[...]

  • Page 237

    P-661H/HW Series User’s Guide 237 C HAPTER 17 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 17.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices. A UPnP d[...]

  • Page 238

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 238 When a UPnP device joins a network, it announ ces its presence with a multicast mess age. For security reasons, the ZyXEL Device allows multicast messages on the LAN only . All UPnP-enabled devices may communicate freely with eac h other without additional configuration. [...]

  • Page 239

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 239 17.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click St a r t and Control Panel . Double-click Add/Remove Pr ogr[...]

  • Page 240

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 240 Figure 135 Add/Remove Programs: Wind ows Setup: Communication: Component s 4 Click OK to go back to the Add/Remove Pr ograms Properties window and click Next . 5 Restart the computer when prompted. Inst alling UPnP in Windows XP Follow the steps below to install the UPnP [...]

  • Page 241

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 241 Figure 137 Windows Optiona l Networking Component s Wizard 5 In the Networking Services window , select the Universal Plug and Play check box. Figure 138 Networking Services[...]

  • Page 242

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 242 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 17.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already have UPnP installed in W indows XP and UP nP ac[...]

  • Page 243

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 243 Figure 140 Internet Connection Properties 4 Y ou may edit or delete the port map pings or click Add to manually add port mappings.[...]

  • Page 244

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 244 Figure 141 Internet Connection Properties: Adva nced Settings Figure 142 Internet Connection Proper ties: Adva nced Settings: Add 5 When the UP nP-enabled device is disconne cted from your computer , all port mappings will be deleted automatically . 6 Select Show icon in [...]

  • Page 245

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 245 Figure 143 System T ray Icon 7 Double-click on the icon to display yo ur curr ent Internet connection st atus. Figure 144 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-based configurator on the ZyXEL Device without finding o[...]

  • Page 246

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 246 Figure 145 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for y our ZyXEL Device and s elect Invoke . The web config urator login screen displays.[...]

  • Page 247

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 247 Figure 146 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device. Figure 147 Network Connections: My Networ k Places: Properties: Example[...]

  • Page 248

    Chapter 17 Universal Plug-and-Play (UPnP) P-661H/HW Series User’s Guide 248[...]

  • Page 249

    249 P ART V Maintenance System (251) Logs (257) T ools (261) Diagnostic (267)[...]

  • Page 250

    250[...]

  • Page 251

    P-661H/HW Series User’s Guide 251 C HAPTER 18 System Use this screen to configure the ZyXEL Device’ s time and date settings. 18.1 General Setup 18.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However , because some ISPs c heck this name you s[...]

  • Page 252

    Chapter 18 System P-661H/HW Series User’s Guide 252 Figure 148 System General Setu p The following table describes the labels in this screen. T able 108 System Ge neral Setup LABEL DESCRIPTION General Setup System Name Choose a descrip tive name for identificatio n purposes. It is recommen ded you enter your computer ’s “Computer name” in t[...]

  • Page 253

    Chapter 18 System P-661H/HW Series User’s Guide 253 18.2 T ime Setting T o change your ZyX EL Device’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone. Figure 149 System T ime Setting Old Password T ype the defaul[...]

  • Page 254

    Chapter 18 System P-661H/HW Series User’s Guide 254 The following table describes th e fields in this screen. T able 109 System Time Setting LABEL DESCRIPTION Current T ime and Date Current T ime This field displays the time of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time with the time server . Current[...]

  • Page 255

    Chapter 18 System P-661H/HW Series User’s Guide 255 St a r t D a t e Con figure the day and time when Daylight Sa ving T ime starts if you selected Enable Daylight Saving . The o' clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving T ime start s in most parts of the United St ate s on the first Sunday of April[...]

  • Page 256

    Chapter 18 System P-661H/HW Series User’s Guide 256[...]

  • Page 257

    P-661H/HW Series User’s Guide 257 C HAPTER 19 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 19.1 Logs Overview The web confi gurator allows you to choose which categories of events and/or alerts to have the ZyXEL [...]

  • Page 258

    Chapter 19 Logs P-661H/HW Series User’s Guide 258 Figure 150 Vi ew Log The following table describes th e fields in this screen. 19.3 Configuring Log Settings Use the Log Settings screen to configure to where the Zy XEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the Zy[...]

  • Page 259

    Chapter 19 Lo gs P-661H/HW Series User’s Guide 259 Figure 151 Log Settings The following table describes the fields in this screen. Ta b l e 1 11 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail serve r for the e-mail ad dresses specified below . If this field is left blank, logs a[...]

  • Page 260

    Chapter 19 Logs P-661H/HW Series User’s Guide 260 User Name Enter the user name (up to 31 characters ) (usually the user name of a mail account). Password Enter the password associated with the user name above. Log Schedule This drop-down menu is used to config ure the frequency of log messag es being sent as E-mail: Daily Weekly Hourly When Log [...]

  • Page 261

    P-661H/HW Series User’s Guide 261 C HAPTER 20 Tools This chapter covers uploadin g new firmware, managing config uration and restarting your ZyXEL Device. 20.1 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process us[...]

  • Page 262

    Chapter 20 Tools P-661H/HW Series User’s Guide 262 " Do NOT turn off the ZyXEL Device wh ile firmware uplo ad is in progress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again. Figure 153 Firmware Uplo ad In Progres s The ZyXEL Device automatically restarts in this time causing[...]

  • Page 263

    Chapter 20 Tools P-661H/HW Series User’s Guide 263 Figure 155 Error Message 20.2 Configuration Use this screen to back up or restore the conf ig uration of th e ZyXEL Device. Y ou can also use this screen to reset the ZyXEL Device to the factory default settings. T o access this screen, click Maintenance > T ools > Configuration . Figure 15[...]

  • Page 264

    Chapter 20 Tools P-661H/HW Series User’s Guide 264 " Do not turn off the device while conf iguration file upl oad is in progress. When the ZyXEL Device has finished restoring the selected configuration file, the fol lowing screen appears. Figure 157 Configuration Upload Successfu l The device now automatically restarts. This cau ses a tempor[...]

  • Page 265

    Chapter 20 Tools P-661H/HW Series User’s Guide 265 Y ou might have to open a new browser to log in again. If the upload was not successful, a Configuration Upload Err or screen appears. Figure 159 Configuration Upload Err or Click Return to go back to the previous screen. 20.3 Rest art System restart allows you t o reboot the Zy XEL Device withou[...]

  • Page 266

    Chapter 20 Tools P-661H/HW Series User’s Guide 266[...]

  • Page 267

    P-661H/HW Series User’s Guide 267 C HAPTER 21 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 21.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 161 Diagnostic: General The following table describes th e fields in this screen. T able 1 14 Diag[...]

  • Page 268

    Chapter 21 Diagnostic P-661H/HW Series User’s Guide 268 21.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next . Figure 162 Diagnostic: DSL Line The following table describes th e fields in this screen. T able 1 15 Diagnostic: DSL Line LABEL DESCRIPTION AT M S t a t u s Click this butt on to view A [...]

  • Page 269

    269 P ART VI T roubleshooting and S pecifications T roubleshooting (271) Product Specification s (275)[...]

  • Page 270

    270[...]

  • Page 271

    P-661H/HW Series User’s Guide 271 C HAPTER 22 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power , Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • W ireless Router/A P T roubles hooting 22[...]

  • Page 272

    Chapter 22 Trou bleshooting P-661H/HW Series User’s Guide 272 22.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1 . 2 If you changed the IP addre ss and have forgotten it, you might get the IP address o f the ZyXEL Device by looking up th e IP address of the default gate way f[...]

  • Page 273

    Chapter 22 Trou bleshooting P-661H/HW Series User’s Guide 273 5 Check that you have enabled web service access . If you have configured a secured client IP address, your computer's IP address must match it. See Section 16 .2 on page 226 . 6 Reset the device to its factory defaults, an d try to access the ZyXEL Device with the default IP addr[...]

  • Page 274

    Chapter 22 Trou bleshooting P-661H/HW Series User’s Guide 274 4 Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 5 If the problem continues, contact your ISP . V I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet c onnection is not av ail[...]

  • Page 275

    P-661H/HW Series User’s Guide 275 C HAPTER 23 Product Specifications This chapter gives details about your ZyX EL Device’ s hardware and firmware features. 23.1 General ZyXEL Device S pecifications The following tables summarize the ZyXEL De vice’ s hardware and firmware features. T able 1 16 Hardware Specifications SPECIFICATIO N DESCRIPTION[...]

  • Page 276

    Chapter 23 Product Specifications P-661H/HW Series User’s Guide 276 Firmware Upgrade Download new firmware (when availabl e) from the ZyXEL web site and use the web config urator , an FTP or a TFTP tool to put it on the Zy XEL Device. Note: Only upload firmware for your spe cific model! Configuration Backup & Restoration Make a copy of the Zy[...]

  • Page 277

    Chapter 23 Product Specifications P-661H/HW Series User’s Guide 277 The following list, which is not exhaustive, i llustrates the standards su pported in the ZyXEL Device. T able 1 18 Standards Supported ST ANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 T ime Protocol. RFC 1058 RIP-1 (Routing Information Protocol) RFC 1 1 12 IGMP v1 RFC 1 15[...]

  • Page 278

    Chapter 23 Product Specifications P-661H/HW Series User’s Guide 278 23.2 W a ll-mounting Instructions Complete the following step s to hang your ZyXEL Device on a wall. " See T able 1 16 on page 275 for the size of screws to use and how far apart to place them. 1 Select a position free of obstructions on a sturdy wall. 2 Drill two holes for [...]

  • Page 279

    Chapter 23 Product Specifications P-661H/HW Series User’s Guide 279 Figure 164 Masonry Plug and M4 T ap Screw 23.3 Cable Pin Assignment s T able 1 19 Ethernet Cable Pin Assignments W AN / LAN ETHERNET CABLE PIN LAYOUT Straight-through Crossover (Switch) (Adapter) (S witch) (Switch) 1 IRD + 1 OTD + 1 IRD + 1 IRD + 2 IRD - 2 OTD - 2 IRD - 2 IRD - 3[...]

  • Page 280

    Chapter 23 Product Specifications P-661H/HW Series User’s Guide 280[...]

  • Page 281

    281 P ART VII Appendices and Index " The appendices provide general informatio n. Some details may not apply to your ZyXEL Device. Setting up Y our Computer ’ s IP Address (283) Pop-up W indows, JavaScripts and Java Permissions (305) IP Addresses and Subnetting (313) W ireless LANs (323) Common Services (337) Legal Information (341) Customer[...]

  • Page 282

    282[...]

  • Page 283

    P-661H/HW Series User’s Guide 283 A PPENDIX A Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP /V ista, Macintos h OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP[...]

  • Page 284

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 284 Figure 165 WIndows 95/98 /Me: Networ k: Configuratio n Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microsoft Netwo rks. If you need the adapt[...]

  • Page 285

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 285 Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically . • If you have a static IP addr[...]

  • Page 286

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 286 Figure 167 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP addr ess, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and cl[...]

  • Page 287

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 287 Figure 168 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indow s 2000/NT). Figure 169 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 288

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 288 Figure 170 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties . Figure 171 Windows XP: Local Area Conne ction Properties 5 The Internet Protocol TCP/IP Prop[...]

  • Page 289

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 289 Figure 172 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP ad dress, remove any previously installed gateways in the IP Settings tab and click OK . Do one or more of the fo llowing if you want to configure additi ona[...]

  • Page 290

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 290 Figure 173 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indow s XP): • Click Obtain DNS server address automatically if yo u do not know your DNS server IP address(es). • If you know your DN[...]

  • Page 291

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 291 Figure 174 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click Close ( OK in W i ndows 2000/NT) to close the Local Area Connecti o n Properties window . 10 Close the Network Connections[...]

  • Page 292

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 292 Figure 175 Windows V ista: S tart Menu 2 In the Control Panel , double-click Network and Internet . Figure 176 Windows V ista: Control Panel 3 Click Network and Sharing Center . Figure 177 Windows V ista: Network And Internet 4 Click Manage network connections . [...]

  • Page 293

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 293 5 Right-click Local Area Connection and then click Pr operties . " During this procedure, click Continue whenever Windows displays a screen saying that it needs y our permission to continue. Figure 179 Windows V ista: Network and Sharing Center 6 Select Inte[...]

  • Page 294

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 294 7 The Internet Protocol V ersion 4 (TCP/IPv4) Properties window opens (the General tab ). • If you have a dynamic IP address click Obtain an IP address automatically . • If you have a static IP address click Use the follow ing IP address and fi ll in the IP a[...]

  • Page 295

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 295 Figure 182 Windows V ista: Advanced TCP/IP Pr operties 9 In the Internet Protocol V ersion 4 (TCP/IPv4) Properties window , (the General tab ): • Click Obtain DNS server address automatically if yo u do not know your DNS server IP address(es). • If you know y[...]

  • Page 296

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 296 Figure 183 Windows V ista: Internet Protocol V ersion 4 (TCP/IPv4) Prope rties 10 Click OK to close the Internet Protocol V ersion 4 (TCP/IPv4) Pr operties window . 11 Click Close to close the Local Ar ea C onnection Pr operties window . 12 Close the Network Conn[...]

  • Page 297

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 297 Figure 184 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 185 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the [...]

  • Page 298

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 298 • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Contr ol Panel . 6 Click Save if prompted, to save chan ges to your con[...]

  • Page 299

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 299 Figure 187 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP addre[...]

  • Page 300

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 300 " Make sure you are logged in as the root administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting [...]

  • Page 301

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 301 • If you have a dyna mic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click S tatically set IP Addresses and fill in the Address , Sub net mask , and Default Gatewa[...]

  • Page 302

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 302 Figure 192 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in t he BOOTPROTO= field. T ype IPADDR = followed by the IP address (in do tted decimal notation) and type NETMASK = followed by the subnet mask.[...]

  • Page 303

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 303 V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 196 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWadd r 00:50:BA:72:5B:44 inet addr:172.23.19.129 B cast:172.23.19.255[...]

  • Page 304

    Appendix A Setting up Your Computer’s IP Address P-661H/HW Series User’s Guide 304[...]

  • Page 305

    P-661H/HW Series User’s Guide 305 A PPENDIX B Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for oth[...]

  • Page 306

    Appendix B Po p-up Window s, JavaScrip ts and Java Pe rmissions P-661H/HW Series User’s Guide 306 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have enabled . Figure 198 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exce[...]

  • Page 307

    Appendix B Pop-u p Windows, JavaScripts and Java Permissio ns P-661H/HW Series User’s Guide 307 Figure 199 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed s[...]

  • Page 308

    Appendix B Po p-up Window s, JavaScrip ts and Java Pe rmissions P-661H/HW Series User’s Guide 308 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer , ch eck that JavaScripts are allowed. 1 In Internet Explorer , click T ool[...]

  • Page 309

    Appendix B Pop-u p Windows, JavaScripts and Java Permissio ns P-661H/HW Series User’s Guide 309 Figure 202 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions make sur[...]

  • Page 310

    Appendix B Po p-up Window s, JavaScrip ts and Java Pe rmissions P-661H/HW Series User’s Guide 310 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted. 3 Click OK to clos e the window . Figure 204 Java (Sun) Mozilla Firefox[...]

  • Page 311

    Appendix B Pop-u p Windows, JavaScripts and Java Permissio ns P-661H/HW Series User’s Guide 31 1 Figure 205 Mozilla Firefox: T ools > Options Click Content .to show the screen below . Select the check boxes as shown in the follo wing screen. Figure 206 Mozilla Firefox Content Security[...]

  • Page 312

    Appendix B Po p-up Window s, JavaScrip ts and Java Pe rmissions P-661H/HW Series User’s Guide 312[...]

  • Page 313

    P-661H/HW Series User’s Guide 313 A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.) ne eds an IP address to communicate across the network. These networking devices[...]

  • Page 314

    Appendix C IP Addresses a nd Subnetting P-661H/HW Series User’s Guide 314 Figure 207 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask. Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of [...]

  • Page 315

    Appendix C IP Addresses and Subnetting P-661H/HW Series User’s Guide 315 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks. Network Size The size of the network number determines the maximum number of po ss[...]

  • Page 316

    Appendix C IP Addresses a nd Subnetting P-661H/HW Series User’s Guide 316 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the foll owing example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons. In this example, the com[...]

  • Page 317

    Appendix C IP Addresses and Subnetting P-661H/HW Series User’s Guide 317 Figure 209 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address). 192.1[...]

  • Page 318

    Appendix C IP Addresses a nd Subnetting P-661H/HW Series User’s Guide 318 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet. T able 125 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VA L U E [...]

  • Page 319

    Appendix C IP Addresses and Subnetting P-661H/HW Series User’s Guide 319 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number . 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225[...]

  • Page 320

    Appendix C IP Addresses a nd Subnetting P-661H/HW Series User’s Guide 320 Configuring IP Addresses Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If th[...]

  • Page 321

    Appendix C IP Addresses and Subnetting P-661H/HW Series User’s Guide 321 IP Address Conflict s Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be ab le to access the Internet or ot her resources. The devices may also be unreachable through the network. Conflicting Computer I[...]

  • Page 322

    Appendix C IP Addresses a nd Subnetting P-661H/HW Series User’s Guide 322 Conflicting Computer and R outer IP Addresses Example More than one device can not use the same IP addr ess. In the following example, the computer and the router ’ s LAN port both use 192.168.1.1 as the IP ad dress. The computer cannot access the Internet. This problem c[...]

  • Page 323

    P-661H/HW Series User’s Guide 323 A PPENDIX D W ireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a se t of computers with wireless adapters (A, B, C). An y time two or mo[...]

  • Page 324

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 324 Figure 214 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wir[...]

  • Page 325

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 325 Figure 215 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your g eographical area. Y ou may have a choice of channels (for your region) so you should use a channel different from an adja[...]

  • Page 326

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 326 Figure 216 RTS/ CT S When station A sends data to the AP , it might not know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me ssage[...]

  • Page 327

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 327 If the Fragmentation Threshold value is smaller than the RT S / C T S value (see previously) you set then the R TS (Request T o Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmen ted before they reach R TS/CTS size. Preamble T ype Preamble is used to signa[...]

  • Page 328

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 328 W ireless security methods availabl e on the ZyXEL Device are data encryption, wireless client authentication, restricting access by devi ce MAC address and hiding the ZyXEL Device identity . The following figure shows th e relative effectiveness of th ese wireless security methods availa[...]

  • Page 329

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 329 Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’ s network activity . RADIUS is a simple package exchange in whic h your AP acts as a message rela y between the wireless client and the netw[...]

  • Page 330

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 330 For EAP-TLS authentication type, you must firs t hav e a wired connection to the network and obtain the certificate(s) from a certificate authorit y (CA). A certificate (als o called digital IDs) can be used to authenticate users and a CA issu es certificates and guar antees the identity [...]

  • Page 331

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 331 Dynamic WEP Key Exchange The AP maps a unique ke y that is generated w ith the RADIUS se rver . This key expires when the wireless connection times out, disconnects or reauthentic ation times out. A new WEP key is generated each time r eauthentication is performed. If this feature is enab[...]

  • Page 332

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 332 Encryption Both WP A and WP A2 improve data encryption by using T emporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IE EE 802.1x. WP A and WP A2 use Advanced Encryption S tandard (AES) in the Counter mode with Cipher block chaining Message authentication code Protoc[...]

  • Page 333

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 333 Wireless Client WP A Supp licant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk Software's Odyssey c[...]

  • Page 334

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 334 3 The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to creat[...]

  • Page 335

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 335 Antenna Overview An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air . The antenna also operates in reverse by capturing RF signals fro m the air . Positioning the antennas properly[...]

  • Page 336

    Appendix D Wireless LANs P-661H/HW Series User’s Guide 336 Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point ap plication, position both antennas at the same height and in a direct line of si ght to each othe r to attain the best performance. For omni-directio[...]

  • Page 337

    P-661H/HW Series User’s Guide 337 A PPENDIX E Common Services The following table l ists some commonly-used se rvices and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name : This is a short, descrip tive[...]

  • Page 338

    Appendix E Common Services P-661H/HW Series User’s Guide 338 FTP TCP TCP 20 21 File Tr a nsfer Program, a program to enable fast transfer of files, including large fil es that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper T ext T ransfer Protoco l - a client/ server protocol for the world wide web.[...]

  • Page 339

    Appendix E Common Services P-661H/HW Series User’s Guide 339 RTE L NE T TCP 10 7 Remote T elnet. RTS P TCP/UDP 554 T he Real Time S treaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 11 5 Simple File Transfer Protocol. SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for[...]

  • Page 340

    Appendix E Common Services P-661H/HW Series User’s Guide 340[...]

  • Page 341

    P-661H/HW Series User’s Guide 341 A PPENDIX F Legal Information Copyright Copyright © 2007 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mecha[...]

  • Page 342

    Appendix F L egal Information P-661H/HW Series User’s Guide 342 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.[...]

  • Page 343

    Appendix F Legal Information P-661H/HW Series User’s Guide 343 3 Select the certification you wish to view from this page. ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to two ye ars from the date of purchase. Du ring the warr[...]

  • Page 344

    Appendix F L egal Information P-661H/HW Series User’s Guide 344[...]

  • Page 345

    P-661H/HW Series User’s Guide 345 A PPENDIX G Customer Support Please have the following information r eady when you contact customer support. Required Information • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps you took to solv e it. “+[...]

  • Page 346

    Appendix G Custo mer Support P-661H/HW Series User’s Guide 346 • Re g u l ar M a il : ZyXEL Communications, Czech s.r .o., Modranská 621, 143 01 Praha 4 - Modrany , Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • T elephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • W eb: www .zyxel.dk • [...]

  • Page 347

    Appendix G Custome r Support P-661H/HW Series User’s Guide 347 India • Support E-mail: support@zyxel.in • Sales E-mail: sales@zyxel.in • T elephone: +91-1 1-30888144 to +91 -11-308 88153 • Fax: +91-1 1-30888149, +91 -11-2 6810715 • W eb: http://www .zyxel.in • Re g u l a r M a i l: India - ZyXEL T echnology Indi a Pvt Ltd. , II - F l [...]

  • Page 348

    Appendix G Custo mer Support P-661H/HW Series User’s Guide 348 • Re g u la r Ma i l : ZyXEL Communications Inc., 1 130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • T elephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • W eb: www .zyxel.no • Re g u la r M ai l[...]

  • Page 349

    Appendix G Custome r Support P-661H/HW Series User’s Guide 349 Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • T elephone: +46-31-744-7700 • Fax: +46-31-744-7701 • W eb: www .zyxel.se • Re g ul a r M a i l: ZyXEL Communications A/S, Sjö porten 4, 41764 Götebor g, Sweden Thailand • Support E-mail: support[...]

  • Page 350

    Appendix G Custo mer Support P-661H/HW Series User’s Guide 350[...]

  • Page 351

    Index P-661H/HW Series User’s Guide 351 Index A Address Assignment 90 Address Resolution Protocol (ARP) 94 ADSL standards 33 Advanced Encryption St andard See AES. AES 332 AH 177 AH Protoc ol 181 alternative subnet mask notation 315 antenna directional 335 gain 335 omni-directional 335 Antenna gain 111 Any IP 93 How it works 94 note 94 Any IP Set[...]

  • Page 352

    Index P-661H/HW Series User’s Guide 352 diagnostic 267 Diffie-Hellman Key Groups 194 dimensions 275 disclaimer 341 DNS 232 DNS Server For VPN Host 186 Domain Name 90 , 128 , 251 Domain Name System 90 DoS 139 , 169 Basics 139 Ty p e s 140 DoS attacks, types of 140 DSL line, reinitialize 268 DSLAM (Digital Subscriber Line Access Multiplexer) 34 Dyn[...]

  • Page 353

    Index P-661H/HW Series User’s Guide 353 HTTP 128 , 138 , 139 HTTP (Hypertext Transfer Protocol) 261 humidity 275 I IANA 91 , 92 , 320 IANA (Internet Assigned Number Authority) 160 IBSS 323 ICMP echo 141 ID T ype and Content 187 IEEE 802.1 1g 327 IGMP 92 , 93 IKE Phases 193 Independent Basi c Service Set See IBSS 323 initialization vector (IV) 332[...]

  • Page 354

    Index P-661H/HW Series User’s Guide 354 N Nailed-Up Connectio n 75 NA T 91 , 127 , 129 , 320 Address mapping rule 133 Application 124 Definitions 123 How it works 124 Mapping T ypes 125 What it does 124 What NA T does 124 NA T (Network Address Translation) 123 NA T mode 127 NA T Traversal 237 NA T traversal 185 navigating the web co nfigurator 42[...]

  • Page 355

    Index P-661H/HW Series User’s Guide 355 Security Association 175 Security In General 146 Security Parameter Index 197 Security Ramifications 150 Server 125 , 126 , 254 Service 151 Service Set 105 Service T ype 161 Services 128 SMTP 128 Smurf 141 SNMP 35 , 128 , 229 Manager 230 MIBs 230 Source Address 151 SPI 197 S plitters 37 S tateful Inspection[...]

  • Page 356

    Index P-661H/HW Series User’s Guide 356 web configurator 35 web configurator screen summary 43 WEP Encryption 108 WEP encryption 106 Wi-Fi Multimedia QoS 11 7 Wi-Fi Protected Access 33 1 wireless channel 274 wireless client WP A supplicants 333 wireless LAN 274 wireless security 274 , 327 WLAN interference 325 security parameters 334 WP A 331 key[...]

  • Page 357

    Index P-661H/HW Series User’s Guide 357[...]

  • Page 358

    Index P-661H/HW Series User’s Guide 358[...]