ZyXEL Communications P660HWDXV2 802.11g Wireless ADSL Gateway User Manual SMG 700 User s Guide V1 00 Nov 2004

ZyXEL Communications Corporation 802.11g Wireless ADSL Gateway SMG 700 User s Guide V1 00 Nov 2004

Contents

Part4

P-660HW-Dx v2 User’s Guide 301APPENDIX D IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide302Figure 185 Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Table 125 IP Address Network Number and Host ID Example1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide 303Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 126 Subnet MasksBINARYDECIMAL1ST OCTET2ND OCTET3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 127 Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.248 3 bits 23 – 2 6Table 128 Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide304SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.The following figure shows the company network before subnetting. Figure 186 Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. 255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252Table 128 Alternative Subnet Mask Notation (continued)SUBNET MASK ALTERNATIVE NOTATIONLAST OCTET (BINARY)LAST OCTET (DECIMAL)
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide 305Figure 187 Subnetting Example: After SubnettingIn a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 129 Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63Highest Host ID: 192.168.1.62
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide306Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Table 130 Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127Highest Host ID: 192.168.1.126Table 131 Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191Highest Host ID: 192.168.1.190Table 132 Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255Highest Host ID: 192.168.1.254Table 133 Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 127
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide 307Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. 5128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255Table 133 Eight Subnets (continued)SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESSBROADCAST ADDRESSTable 134 24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 135 16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 6
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide308Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0 — 10.255.255.255• 172.16.0.0 — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.14 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1Table 135 16-bit Network Number Subnet Planning (continued)NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide 309IP Address ConflictsEach device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses ExampleMore than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically. Figure 188 Conflicting Computer IP Addresses ExampleConflicting Router IP Addresses ExampleSince a router connects different networks, it must have interfaces using different network numbers. For example, if a router is set between a LAN and the Internet (WAN), the router’s LAN and WAN addresses must be on different subnets. In the following example, the LAN and WAN are on the same subnet. The LAN computers cannot access the Internet because the router cannot route between networks.Figure 189 Conflicting Computer IP Addresses Example
Appendix D IP Addresses and SubnettingP-660HW-Dx v2 User’s Guide310Conflicting Computer and Router IP Addresses ExampleMore than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 190 Conflicting Computer and Router IP Addresses Example
P-660HW-Dx v2 User’s Guide 311APPENDIX E Firewall CommandsThe following describes the firewall commands. Table 136 Firewall CommandsFUNCTION COMMAND DESCRIPTIONFirewall SetUpconfig edit firewall active <yes | no>This command turns the firewall on or off.config retrieve firewall This command returns the previously saved firewall settings.config save firewall This command saves the current firewall settings.Displayconfig display firewall This command shows the of all the firewall settings including e-mail, attack, and the sets/ rules.config display firewall set <set #>This command shows the current configuration of a set; including timeout values, name, default-permit, and etc.If you don’t put use a number (#) after “set”, information about all of the sets/rules appears.config display firewall set <set #> rule <rule #>This command shows the current entries of a rule in a firewall rule set. config display firewall attack This command shows all of the attack response settings.config display firewall e-mail This command shows all of the e-mail settings.config display firewall? This command shows all of the available firewall sub commands.
Appendix E Firewall CommandsP-660HW-Dx v2 User’s Guide312EditE-mail config edit firewall e-mail mail-server <ip address of mail server>This command sets the IP address to which the e-mail messages are sent.config edit firewall e-mail return-addr <e-mail address>This command sets the source e-mail address of the firewall e-mails.config edit firewall e-mail email-to <e-mail address>This command sets the e-mail address to which the firewall e-mails are sent.config edit firewall e-mail policy <full | hourly | daily | weekly>This command sets how frequently the firewall log is sent via e-mail. config edit firewall e-mail day <sunday | monday | tuesday | wednesday | thursday | friday | saturday>This command sets the day on which the current firewall log is sent through e-mail if the ZyXEL Device is set to send it on a weekly basis.config edit firewall e-mail hour <0-23>This command sets the hour when the firewall log is sent through e- mail if the ZyXEL Device is set to send it on an hourly, daily or weekly basis.config edit firewall e-mail minute <0-59>This command sets the minute of the hour for the firewall log to be sent via e- mail if the ZyXEL Device is set to send it on a hourly, daily or weekly basis.Attack config edit firewall attack send-alert <yes | no>This command enables or disables the immediate sending of DOS attack notification e-mail messages.config edit firewall attack block <yes | no>Set this command to yes to block new traffic after the tcp-max-incomplete threshold is exceeded. Set it to no to delete the oldest half-open session when traffic exceeds the tcp-max-incomplete threshold.config edit firewall attack block-minute <0-255>This command sets the number of minutes for new sessions to be blocked when the tcp-max-incomplete threshold is reached. This command is only valid when block is set to yes.Table 136 Firewall Commands (continued)FUNCTION COMMAND DESCRIPTION
Appendix E Firewall CommandsP-660HW-Dx v2 User’s Guide 313config edit firewall attack minute-high <0-255>This command sets the threshold rate of new half-open sessions per minute where the ZyXEL Device starts deleting old half-opened sessions until it gets them down to the minute-low threshold.config edit firewall attack minute-low <0-255>This command sets the threshold of half-open sessions where the ZyXEL Device stops deleting half-opened sessions.config edit firewall attack max-incomplete-high <0-255>This command sets the threshold of half-open sessions where the ZyXEL Device starts deleting old half-opened sessions until it gets them down to the max incomplete low.config edit firewall attack max-incomplete-low <0-255>This command sets the threshold where the ZyXEL Device stops deleting half-opened sessions.config edit firewall attack tcp-max-incomplete <0-255>This command sets the threshold of half-open TCP sessions with the same destination where the ZyXEL Device starts dropping half-open sessions to that destination.Sets config edit firewall set <set #> name <desired name>This command sets a name to identify a specified set.Config edit firewall set <set #> default-permit <forward | block>This command sets whether a packet is dropped or allowed through, when it does not meet a rule within the set.Config edit firewall set <set #> icmp-timeout <seconds>This command sets the time period to allow an ICMP session to wait for the ICMP response.Config edit firewall set <set #> udp-idle-timeout <seconds>This command sets how long a UDP connection is allowed to remain inactive before the ZyXEL Device considers the connection closed.Config edit firewall set <set #> connection-timeout <seconds>This command sets how long ZyXEL Device waits for a TCP session to be established before dropping the session.Config edit firewall set <set #> fin-wait-timeout <seconds> This command sets how long the ZyXEL Device leaves a TCP session open after the firewall detects a FIN-exchange (indicating the end of the TCP session).Table 136 Firewall Commands (continued)FUNCTION COMMAND DESCRIPTION
Appendix E Firewall CommandsP-660HW-Dx v2 User’s Guide314Config edit firewall set <set #> tcp-idle-timeout <seconds>This command sets how long ZyXEL Device lets an inactive TCP connection remain open before considering it closed.Config edit firewall set <set #> log <yes | no>This command sets whether or not the ZyXEL Device creates logs for packets that match the firewall’s default rule set.Rules Config edit firewall set <set #> rule <rule #> permit <forward | block>This command sets whether packets that match this rule are dropped or allowed through.Config edit firewall set <set #> rule <rule #> active <yes | no>This command sets whether a rule is enabled or not.Config edit firewall set <set #> rule <rule #> protocol <integer protocol value >This command sets the protocol specification number made in this rule for ICMP.Config edit firewall set <set #> rule <rule #> log <none | match | not-match | both>This command sets the ZyXEL Device to log traffic that matches the rule, doesn't match, both or neither.Config edit firewall set <set #> rule <rule #> alert <yes | no>This command sets whether or not the ZyXEL Device sends an alert e-mail when a DOS attack or a violation of a particular rule occurs. config edit firewall set <set #> rule <rule #> srcaddr-single <ip address>This command sets the rule to have the ZyXEL Device check for traffic with this individual source address.config edit firewall set <set #> rule <rule #> srcaddr-subnet <ip address> <subnet mask>This command sets a rule to have the ZyXEL Device check for traffic from a particular subnet (defined by IP address and subnet mask).config edit firewall set <set #> rule <rule #> srcaddr-range <start ip address> <end ip address>This command sets a rule to have the ZyXEL Device check for traffic from this range of addresses.Table 136 Firewall Commands (continued)FUNCTION COMMAND DESCRIPTION
Appendix E Firewall CommandsP-660HW-Dx v2 User’s Guide 315config edit firewall set <set #> rule <rule #> destaddr-single <ip address>This command sets the rule to have the ZyXEL Device check for traffic with this individual destination address.config edit firewall set <set #> rule <rule #> destaddr-subnet <ip address> <subnet mask>This command sets a rule to have the ZyXEL Device check for traffic with a particular subnet destination (defined by IP address and subnet mask).config edit firewall set <set #> rule <rule #> destaddr-range <start ip address> <end ip address>This command sets a rule to have the ZyXEL Device check for traffic going to this range of addresses.config edit firewall set <set #> rule <rule #> TCP destport-single <port #>This command sets a rule to have the ZyXEL Device check for TCP traffic with this destination address. You may repeat this command to enter various, non-consecutive port numbers. config edit firewall set <set #> rule <rule #> TCP destport-range <start port #> <end port #>This command sets a rule to have the ZyXEL Device check for TCP traffic with a destination port in this range.config edit firewall set <set #> rule <rule #> UDP destport-single <port #>This command sets a rule to have the ZyXEL Device check for UDP traffic with this destination address. You may repeat this command to enter various, non-consecutive port numbers.config edit firewall set <set #> rule <rule #> UDP destport-range <start port #> <end port #>This command sets a rule to have the ZyXEL Device check for UDP traffic with a destination port in this range.Deleteconfig delete firewall e-mail This command removes all of the settings for e-mail alert.config delete firewall attack This command resets all of the attack response settings to their defaults.config delete firewall set <set #>This command removes the specified set from the firewall configuration.Table 136 Firewall Commands (continued)FUNCTION COMMAND DESCRIPTION
Appendix E Firewall CommandsP-660HW-Dx v2 User’s Guide316config delete firewall set <set #> rule<rule #>This command removes the specified rule in a firewall configuration set.Table 136 Firewall Commands (continued)FUNCTION COMMAND DESCRIPTION
P-660HW-Dx v2 User’s Guide 317APPENDIX F Internal SPTGENThis appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ.Internal SPTGEN OverviewInternal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device. You can use FTP to get the Internal SPTGEN file. Then edit the file in a text editor and use FTP to upload it again to the same device or another one. See the following sections for details. The Configuration Text File FormatAll Internal SPTGEN text files conform to the following format:<field identification number = field name = parameter values allowed = input>,where <input> is your input conforming to <parameter values allowed>. The figure shown next is an example of an Internal SPTGEN text file.Figure 191 Configuration Text File Format: Column Descriptions/ Menu 1 General Setup 10000000 = Configured <0(No)| 1(Yes)> = 1 10000001 = System Name <Str> = Your Device 10000002 = Location <Str> = 10000003 = Contact Person’s Name <Str> = 10000004 = Route IP <0(No)| 1(Yes)> = 1 10000005 = Route IPX <0(No)| 1(Yes)> = 0 10000006 = Bridge <0(No)| 1(Yes)> = 0
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide318"DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ.Internal SPTGEN File Modification - Important Points to RememberEach parameter you enter must be preceded by one “=”sign and one space.Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 191 on page 317), then you disable every field in this menu.If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number. Figure 192 on page 318, shown next, is an example of what the ZyXEL Device displays if you enter a value other than “0” or “1” in the Input column of Field Identification Number 1000000 (refer to Figure 191 on page 317). Figure 192 Invalid Parameter Entered: Command Line ExampleThe ZyXEL Device will display the following if you enter parameter(s) that are valid.Figure 193 Valid Parameter Entered: Command Line ExampleInternal SPTGEN FTP Download Example1Launch your FTP application.2Enter "bin". The command “bin” sets the transfer mode to binary.3Get "rom-t" file. The command “get” transfers files from the ZyXEL Device to your computer. The name “rom-t” is the configuration filename on the ZyXEL Device.4Edit the "rom-t" file using a text editor (do not use a word processor). You must leave this FTP screen to edit.field value is not legal error:-1ROM-t is not saved, error Line ID:10000000reboot to get the original configurationBootbase Version: V2.02 | 2/22/2001 13:33:11RAM: Size = 8192 KbytesFLASH: Intel 8M *2Please wait for the system to write SPT text file(ROM-t)...Bootbase Version: V2.02 | 2/22/2001 13:33:11RAM: Size = 8192 KbytesFLASH: Intel 8M *2
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 319Figure 194 Internal SPTGEN FTP Download Example"You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.Internal SPTGEN FTP Upload Example1Launch your FTP application.2Enter "bin". The command “bin” sets the transfer mode to binary.3Upload your “rom-t” file from your computer to the ZyXEL Device using the “put” command. computer to the ZyXEL Device.4Exit this FTP application.Figure 195 Internal SPTGEN FTP Upload Examplec:\ftp 192.168.1.1220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000User (192.168.1.1:(none)):331 Enter PASS commandPassword:230 Logged inftp>bin200 Type I OKftp> get rom-tftp>byec:\edit rom-t(edit the rom-t text file by a text editor and save it)c:\ftp 192.168.1.1220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000User (192.168.1.1:(none)):331 Enter PASS commandPassword:230 Logged inftp>bin200 Type I OKftp> put rom-tftp>bye
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide320Example Internal SPTGEN MenusThis section provides example Internal SPTGEN menus. Table 137 Abbreviations Used in the Example Internal SPTGEN Screens TableABBREVIATION MEANINGFIN Field Identification Number FN Field NamePVA Parameter Values AllowedINPUT An example of what you may enter* Applies to the ZyXEL Device.Table 138 Menu 1 General Setup / Menu 1 General Setup FIN FN PVA INPUT 10000000 = Configured <0(No) | 1(Yes)> = 010000001 = System Name <Str> = Your Device10000002 = Location <Str> =10000003 = Contact Person's Name <Str> =10000004 = Route IP <0(No) | 1(Yes)> = 110000006 = Bridge <0(No) | 1(Yes)> = 0Table 139 Menu 3/ Menu 3.1 General Ethernet Setup FIN FN PVA INPUT30100001 = Input Protocol filters Set 1 = 230100002 = Input Protocol filters Set 2 = 25630100003 = Input Protocol filters Set 3 = 25630100004 = Input Protocol filters Set 4 = 25630100005 = Input device filters Set 1 = 25630100006 = Input device filters Set 2 = 25630100007 = Input device filters Set 3 = 25630100008 = Input device filters Set 4 = 25630100009 = Output protocol filters Set 1 = 25630100010 = Output protocol filters Set 2 = 25630100011 = Output protocol filters Set 3 = 25630100012 = Output protocol filters Set 4 = 25630100013 = Output device filters Set 1 = 25630100014 = Output device filters Set 2 = 25630100015 = Output device filters Set 3 = 25630100016 = Output device filters Set 4 = 256
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 321/ Menu 3.2 TCP/IP and DHCP Ethernet Setup FIN FN PVA INPUT30200001 = DHCP <0(None) | 1(Server) | 2(Relay)>= 030200002 = Client IP Pool Starting Address = 192.168.1.3330200003 = Size of Client IP Pool = 3230200004 = Primary DNS Server = 0.0.0.030200005 = Secondary DNS Server = 0.0.0.030200006 = Remote DHCP Server = 0.0.0.030200008 = IP Address = 172.21.2.20030200009 = IP Subnet Mask = 1630200010 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 030200011 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)>= 030200012 = Multicast <0(IGMP-v2) | 1(IGMP-v1) | 2(None)>= 230200013 = IP Policies Set 1 (1~12) = 25630200014 = IP Policies Set 2 (1~12) = 25630200015 = IP Policies Set 3 (1~12) = 25630200016 = IP Policies Set 4 (1~12) = 256/ Menu 3.2.1 IP Alias Setup FIN FN PVA INPUT30201001 = IP Alias 1 <0(No) | 1(Yes)> = 030201002 = IP Address = 0.0.0.030201003 = IP Subnet Mask = 030201004 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 030201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 030201006 = IP Alias #1 Incoming protocol filters Set 1 = 25630201007 = IP Alias #1 Incoming protocol filters Set 2 = 256Table 139 Menu 3
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide32230201008 = IP Alias #1 Incoming protocol filters Set 3 = 25630201009 = IP Alias #1 Incoming protocol filters Set 4 = 25630201010 = IP Alias #1 Outgoing protocol filters Set 1 = 25630201011 = IP Alias #1 Outgoing protocol filters Set 2 = 25630201012 = IP Alias #1 Outgoing protocol filters Set 3 = 25630201013 = IP Alias #1 Outgoing protocol filters Set 4 = 25630201014 = IP Alias 2 <0(No) | 1(Yes)> = 030201015 = IP Address = 0.0.0.030201016 = IP Subnet Mask = 030201017 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 030201018 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 030201019 = IP Alias #2 Incoming protocol filters Set 1 = 25630201020 = IP Alias #2 Incoming protocol filters Set 2 = 25630201021 = IP Alias #2 Incoming protocol filters Set 3 = 25630201022 = IP Alias #2 Incoming protocol filters Set 4 = 25630201023 = IP Alias #2 Outgoing protocol filters Set 1 = 25630201024 = IP Alias #2 Outgoing protocol filters Set 2 = 25630201025 = IP Alias #2 Outgoing protocol filters Set 3 = 25630201026 = IP Alias #2 Outgoing protocol filters Set 4 = 256Table 139 Menu 3Table 140 Menu 4 Internet Access Setup / Menu 4 Internet Access SetupFIN FN PVA INPUT40000000 = Configured <0(No) | 1(Yes)> = 1
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 32340000001 = ISP <0(No) | 1(Yes)> = 140000002 = Active <0(No) | 1(Yes)> = 140000003 = ISP's Name = ChangeMe40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 240000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 140000006 = VPI # = 040000007 = VCI # = 3540000008 = Service Name <Str> = any40000009 = My Login <Str> = test@pqa40000010 = My Password <Str> = 123440000011 = Single User Account <0(No) | 1(Yes)> = 140000012 = IP Address Assignment <0(Static)|1(Dynamic)> = 140000013 = IP Address = 0.0.0.040000014 = Remote IP address = 0.0.0.040000015 = Remote IP subnet mask = 040000016 = ISP incoming protocol filter set 1 = 640000017 = ISP incoming protocol filter set 2 = 25640000018 = ISP incoming protocol filter set 3 = 25640000019 = ISP incoming protocol filter set 4 = 25640000020 = ISP outgoing protocol filter set 1 = 25640000021 = ISP outgoing protocol filter set 2 = 25640000022 = ISP outgoing protocol filter set 3 = 25640000023 = ISP outgoing protocol filter set 4 = 25640000024 = ISP PPPoE idle timeout = 040000025 = Route IP <0(No) | 1(Yes)>= 140000026 = Bridge <0(No) | 1(Yes)>= 040000027 = ATM QoS Type <0(CBR) | (1 (UBR)>= 140000028 = Peak Cell Rate (PCR) = 040000029 = Sustain Cell Rate (SCR) = 040000030 = Maximum Burst Size(MBS) = 0Table 140 Menu 4 Internet Access Setup (continued)
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide324 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)>= 040000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 040000033= Nailed-up Connection <0(No) |1(Yes)>= 0Table 140 Menu 4 Internet Access Setup (continued)Table 141 Menu 12 / Menu 12.1.1 IP Static Route SetupFIN FN PVA INPUT120101001 = IP Static Route set #1, Name <Str> =120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0120101003 = IP Static Route set #1, Destination IP address = 0.0.0.0120101004 = IP Static Route set #1, Destination IP subnetmask = 0120101005 = IP Static Route set #1, Gateway = 0.0.0.0120101006 = IP Static Route set #1, Metric = 0120101007 = IP Static Route set #1, Private <0(No) |1(Yes)> = 0/ Menu 12.1.2 IP Static Route Setup FIN FN PVA INPUT120108001 = IP Static Route set #8, Name <Str> =120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> = 0120108003 = IP Static Route set #8, Destination IP address = 0.0.0.0120108004 = IP Static Route set #8, Destination IP subnetmask = 0120108005 = IP Static Route set #8, Gateway = 0.0.0.0120108006 = IP Static Route set #8, Metric = 0120108007 = IP Static Route set #8, Private <0(No) |1(Yes)> = 0Table 142 Menu 15 SUA Server Setup / Menu 15 SUA Server SetupFIN FN PVA INPUT150000001 = SUA Server IP address for default port = 0.0.0.0150000002 = SUA Server #2 Active <0(No) | 1(Yes)> = 0150000003 = SUA Server #2 Protocol <0(All)|6(TCP)|17(UDP)>= 0
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 325150000004 = SUA Server #2 Port Start = 0150000005 = SUA Server #2 Port End = 0150000006 = SUA Server #2 Local IP address = 0.0.0.0150000007 = SUA Server #3 Active <0(No) | 1(Yes)> = 0150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(UDP)>= 0150000009 = SUA Server #3 Port Start = 0150000010 = SUA Server #3 Port End = 0150000011 = SUA Server #3 Local IP address = 0.0.0.0150000012 = SUA Server #4 Active <0(No) | 1(Yes)> = 0150000013 = SUA Server #4 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000014 = SUA Server #4 Port Start = 0150000015 = SUA Server #4 Port End = 0150000016 = SUA Server #4 Local IP address = 0.0.0.0150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000019 = SUA Server #5 Port Start = 0150000020 = SUA Server #5 Port End = 0150000021 = SUA Server #5 Local IP address = 0.0.0.0150000022 = SUA Server #6 Active <0(No) | 1(Yes)> = 0= 0150000023 = SUA Server #6 Protocol <0(All)|6(TCP)|17(UDP)>= 0150000024 = SUA Server #6 Port Start = 0150000025 = SUA Server #6 Port End = 0150000026 = SUA Server #6 Local IP address = 0.0.0.0150000027 = SUA Server #7 Active <0(No) | 1(Yes)> = 0150000028 = SUA Server #7 Protocol <0(All)|6(TCP)|17(UDP)>= 0.0.0.0150000029 = SUA Server #7 Port Start = 0150000030 = SUA Server #7 Port End = 0150000031 = SUA Server #7 Local IP address = 0.0.0.0150000032 = SUA Server #8 Active <0(No) | 1(Yes)> = 0150000033 = SUA Server #8 Protocol <0(All)|6(TCP)|17(UDP)>= 0150000034 = SUA Server #8 Port Start = 0150000035 = SUA Server #8 Port End = 0150000036 = SUA Server #8 Local IP address = 0.0.0.0150000037 = SUA Server #9 Active <0(No) | 1(Yes)> = 0Table 142 Menu 15 SUA Server Setup (continued)
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide326150000038 = SUA Server #9 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000039 = SUA Server #9 Port Start = 0150000040 = SUA Server #9 Port End = 0150000041 = SUA Server #9 Local IP address = 0.0.0.0150000042 = SUA Server #10 Active <0(No) | 1(Yes)> = 0150000043 = SUA Server #10 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000044 = SUA Server #10 Port Start = 0150000045 = SUA Server #10 Port End = 0150000046 = SUA Server #10 Local IP address = 0.0.0.0150000047 = SUA Server #11 Active <0(No) | 1(Yes)> = 0150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000049 = SUA Server #11 Port Start = 0150000050 = SUA Server #11 Port End = 0150000051 = SUA Server #11 Local IP address = 0.0.0.0150000052 = SUA Server #12 Active <0(No) | 1(Yes)> = 0150000053 = SUA Server #12 Protocol <0(All)|6(TCP)|17(UDP)> = 0150000054 = SUA Server #12 Port Start = 0150000055 = SUA Server #12 Port End = 0150000056 = SUA Server #12 Local IP address = 0.0.0.0Table 142 Menu 15 SUA Server Setup (continued)Table 143 Menu 21.1 Filter Set #1/ Menu 21 Filter set #1 FIN FN PVA INPUT210100001 = Filter Set 1, Name <Str> = / Menu 21.1.1.1 set #1, rule #1 FIN FN PVA INPUT210101001 = IP Filter Set 1,Rule 1 Type <2(TCP/IP)> = 2210101002 = IP Filter Set 1,Rule 1 Active <0(No)|1(Yes)> = 1210101003 = IP Filter Set 1,Rule 1 Protocol = 6210101004 = IP Filter Set 1,Rule 1 Dest IP address = 0.0.0.0210101005 = IP Filter Set 1,Rule 1 Dest Subnet Mask = 0210101006 = IP Filter Set 1,Rule 1 Dest Port = 137210101007 = IP Filter Set 1,Rule 1 Dest Port Comp <0(none)|1(equal)|2(not equal)| 3(less)| 4(greater)> = 1210101008 = IP Filter Set 1,Rule 1 Src IP address = 0.0.0.0
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 327210101009 = IP Filter Set 1,Rule 1 Src Subnet Mask = 0210101010 = IP Filter Set 1,Rule 1 Src Port = 0210101011 = IP Filter Set 1,Rule 1 Src Port Comp <0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 0210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)|3(drop)> = 3210101014 = IP Filter Set 1,Rule 1 Act Not Match <1(check next)|2(forward)|3(drop)> = 1/ Menu 21.1.1.2 set #1, rule #2 FIN FN PVA INPUT210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1210102003 = IP Filter Set 1,Rule 2 Protocol = 6210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.0.0.0210102005 = IP Filter Set 1,Rule 2 Dest Subnet Mask = 0210102006 = IP Filter Set 1,Rule 2 Dest Port = 138210102007 = IP Filter Set 1,Rule 2 Dest Port Comp <0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 1210102008 = IP Filter Set 1,Rule 2 Src IP address = 0.0.0.0210102009 = IP Filter Set 1,Rule 2 Src Subnet Mask = 0210102010 = IP Filter Set 1,Rule 2 Src Port = 0210102011 = IP Filter Set 1,Rule 2 Src Port Comp <0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 0210102013 = IP Filter Set 1,Rule 2 Act Match <1(check next)|2(forward)|3(drop)> = 3210102014 = IP Filter Set 1,Rule 2 Act Not Match <1(check next)|2(forward)|3(drop)> = 1Table 143 Menu 21.1 Filter Set #1 (continued)Table 144 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN PVA INPUT210200001 = Filter Set 2, Nam <Str> = NetBIOS_WAN/ Menu 21.1.2.1 Filter set #2, rule #1
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide328FIN FN PVA INPUT210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> = 1210201003 = IP Filter Set 2, Rule 1 Protocol = 6210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.0210201005 = IP Filter Set 2, Rule 1 Dest Subnet Mask = 0210201006 = IP Filter Set 2, Rule 1 Dest Port = 137210201007 = IP Filter Set 2, Rule 1 Dest Port Comp<0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 1210201008 = IP Filter Set 2, Rule 1 Src IP address = 0.0.0.0210201009 = IP Filter Set 2, Rule 1 Src Subnet Mask = 0210201010 = IP Filter Set 2, Rule 1 Src Port = 0210201011 = IP Filter Set 2, Rule 1 Src Port Comp<0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 0210201013 = IP Filter Set 2, Rule 1 Act Match <1(check next)|2(forward)|3(drop)> = 3210201014 = IP Filter Set 2, Rule 1 Act Not Match<1(check next)|2(forward)|3(drop)> = 1/ Menu 21.1.2.2 Filter set #2, rule #2 FIN FN PVA INPUT210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> = 1210202003 = IP Filter Set 2, Rule 2 Protocol = 6210202004 = IP Filter Set 2, Rule 2 Dest IP address = 0.0.0.0210202005 = IP Filter Set 2, Rule 2 Dest Subnet Mask = 0210202006 = IP Filter Set 2, Rule 2 Dest Port = 138210202007 = IP Filter Set 2, Rule 2 Dest Port Comp<0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 1210202008 = IP Filter Set 2, Rule 2 Src IP address = 0.0.0.0Table 144 Menu 21.1 Filer Set #2, (continued)
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 329210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0210202010 = IP Filter Set 2,Rule 2 Src Port = 0210202011 = IP Filter Set 2, Rule 2 Src Port Comp<0(none)|1(equal)|2(not equal)|3(less)|4(greater)> = 0210202013 = IP Filter Set 2, Rule 2 Act Match <1(check next)|2(forward)|3(drop)> = 3210202014 = IP Filter Set 2, Rule 2 Act Not Match<1(check next)|2(forward)|3(drop)> = 1Table 144 Menu 21.1 Filer Set #2, (continued)Table 145 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN PVA INPUT230000000 = System Password = 1234*/ Menu 23.2 System security: radius server FIN FN PVA INPUT230200001 = Authentication Server Configured <0(No) | 1(Yes)> = 1230200002 = Authentication Server Active <0(No) | 1(Yes)> = 1230200003 = Authentication Server IP Address = 192.168.1.32230200004 = Authentication Server Port = 1822230200005 = Authentication Server Shared Secret = 1111111111111111111111111111111230200006 = Accounting Server Configured <0(No) | 1(Yes)> = 1230200007 = Accounting Server Active <0(No) | 1(Yes)> = 1230200008 = Accounting Server IP Address = 192.168.1.44230200009 = Accounting Server Port = 1823230200010 = Accounting Server Shared Secret = 1234*/ Menu 23.4 System security: IEEE802.1x FIN FN PVA INPUT230400001 = Wireless Port Control <0(Authentication Required) |1(No Access Allowed) |2(No Authentication Required)>= 2
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide330230400002 = ReAuthentication Timer (in second) = 555230400003 = Idle Timeout (in second) = 999230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)>= 1230400005 = Key Management Protocol <0(8021x) |1(WPA) |2(WPAPSK)> = 0230400006 = Dynamic WEP Key Exchange <0(Disable) |1(64-bit WEP) |2(128-bit WEP)>= 0230400007 = PSK = = 230400008 = WPA Mixed Mode <0(Disable) |1(Enable)>= 0230400009 = Data Privacy for Broadcast/Multicast packets <0(TKIP) |1(WEP)> = 0230400010 = WPA Broadcast/Multicast Key Update Timer= 0Table 145 Menu 23 System Menus (continued)Table 146 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management ControlFIN FN PVA INPUT241100001 = TELNET Server Port = 23241100002 = TELNET Server Access <0(all)|1(none)|2(Lan)|3(Wan)> = 0241100003 = TELNET Server Secured IP address = 0.0.0.0241100004 = FTP Server Port = 21241100005 = FTP Server Access <0(all)|1(none)|2(Lan)|3(Wan)> = 0241100006 = FTP Server Secured IP address = 0.0.0.0241100007 = WEB Server Port = 80241100008 = WEB Server Access <0(all)|1(none)|2(Lan) |3(Wan)> = 0241100009 = WEB Server Secured IP address = 0.0.0.0
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide 331Command ExamplesThe following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands.Table 147 Command ExamplesFIN FN PVA INPUT/ci command (for annex a): wan adsl opencmd FIN FN PVA INPUT990000001 = ADSL OPMD <0(glite)|1(t1.413)|2(gdmt)|3(multimode)>= 3/ci command (for annex B): wan adsl opencmdFIN FN PVA INPUT990000001 = ADSL OPMD <0(etsi)|1(normal)|2(gdmt)|3(multimode)>= 3
Appendix F Internal SPTGENP-660HW-Dx v2 User’s Guide332
P-660HW-Dx v2 User’s Guide 333APPENDIX G Pop-up Windows, JavaScriptsand Java PermissionsIn order to use the web configurator you need to allow:• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Java permissions (enabled by default)."Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.Disable pop-up Blockers1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 196 Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1In Internet Explorer, select Tools, Internet Options, Privacy.
Appendix G Pop-up Windows, JavaScripts and Java PermissionsP-660HW-Dx v2 User’s Guide3342Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 197 Internet Options: Privacy3Click Apply to save this setting.Enable pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2Select Settings…to open the Pop-up Blocker Settings screen.
Appendix G Pop-up Windows, JavaScripts and Java PermissionsP-660HW-Dx v2 User’s Guide 335Figure 198 Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4Click Add to move the IP address to the list of Allowed sites.Figure 199 Pop-up Blocker Settings
Appendix G Pop-up Windows, JavaScripts and Java PermissionsP-660HW-Dx v2 User’s Guide3365Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptsIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 200 Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting. 4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default). 6Click OK to close the window.
Appendix G Pop-up Windows, JavaScripts and Java PermissionsP-660HW-Dx v2 User’s Guide 337Figure 201 Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools, Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM. 4Under Java permissions make sure that a safety level is selected.5Click OK to close the window.Figure 202 Security Settings - Java
Appendix G Pop-up Windows, JavaScripts and Java PermissionsP-660HW-Dx v2 User’s Guide338JAVA (Sun)1From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.3Click OK to close the window.Figure 203 Java (Sun)
P-660HW-Dx v2 User’s Guide 339APPENDIX H NetBIOS Filter CommandsThe following describes the NetBIOS packet filter commands.IntroductionNetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.You can configure NetBIOS filters to do the following:• Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN.• Allow or disallow the sending of NetBIOS packets through VPN connections.• Allow or disallow NetBIOS packets to initiate calls.Display NetBIOS Filter SettingsThis command gives a read-only list of the current NetBIOS filter modes for The ZyXEL Device.NetBIOS Display Filter Settings Command ExampleSyntax: sys filter netbios disp=========== NetBIOS Filter Status =========== Between LAN and WAN: Block IPSec Packets: Forward Trigger Dial: Disabled
Appendix H NetBIOS Filter CommandsP-660HW-Dx v2 User’s Guide340The filter types and their default settings are as follows.NetBIOS Filter ConfigurationSyntax:sys filter netbios config <type> <on|off>whereTable 148 NetBIOS Filter Default SettingsNAME DESCRIPTION EXAMPLEBetween LAN and WANThis field displays whether NetBIOS packets are blocked or forwarded between the LAN and the WAN.BlockIPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded. ForwardTrigger dial This field displays whether NetBIOS packets are allowed to initiate calls. Disabled means that NetBIOS packets are blocked from initiating calls.Disabled<type> = Identify which NetBIOS filter (numbered 0-3) to configure.0 = Between LAN and WAN3 = IPSec packet pass through4 = Trigger Dial<on|off> = For type 0 and 1, use on to enable the filter and block NetBIOS packets. Use off to disable the filter and forward NetBIOS packets.For type 3, use on to block NetBIOS packets from being sent through a VPN connection. Use off to allow NetBIOS packets to be sent through a VPN connection.For type 4, use on to allow NetBIOS packets to initiate dial backup calls. Use off to block NetBIOS packets from initiating dial backup calls.Example commandssys filter netbios config 0 onThis command blocks LAN to WAN and WAN to LAN NetBIOS packets.sys filter netbios config 3 onThis command blocks IPSec NetBIOS packets.sys filter netbios config 4 offThis command stops NetBIOS commands from initiating calls.
P-660HW-Dx v2 User’s Guide 341APPENDIX I Triangle RouteThe Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks.Figure 204 Ideal SetupThe “Triangle Route” ProblemA traffic route is a path for sending or receiving data packets between two Ethernet devices. Some companies have more than one route to one or more ISPs. If the alternate gateway is on the LAN (and it’s IP address is in the same subnet), the “triangle route” problem may occur. The steps below describe the “triangle route” problem. 1A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN.2The ZyXEL Device reroutes the SYN packet through Gateway A on the LAN to the WA N. 3The reply from the WAN goes directly to the computer on the LAN without going through the ZyXEL Device. As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged.
Appendix I Triangle RouteP-660HW-Dx v2 User’s Guide342Figure 205 “Triangle Route” ProblemThe “Triangle Route” SolutionsThis section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network. By putting your LAN and Gateway B in different subnets, all returning network traffic must pass through the ZyXEL Device to your LAN. The following steps describe such a scenario.1A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. 2The ZyXEL Device reroutes the packet to Gateway A, which is in Subnet 2. 3The reply from WAN goes through the ZyXEL Device to the computer on the LAN in Subnet 1. Figure 206 IP Alias
P-660HW-Dx v2 User’s Guide 343APPENDIX J Legal InformationCopyrightCopyright © 2007 by ZyXEL Communications Corporation.The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.Published by ZyXEL Communications Corporation. All rights reserved.DisclaimerZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.TrademarksZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.CertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:• This device may not cause harmful interference.• This device must accept any interference received, including interference that may cause undesired operations.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
Appendix J Legal InformationP-660HW-Dx v2 User’s Guide344If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.• IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons.注意 ! 依據 低功率電波輻射性電機管理辦法第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.Viewing Certifications1Go to http://www.zyxel.com.2Select your product on the ZyXEL home page to go to that product's page.
Appendix J Legal InformationP-660HW-Dx v2 User’s Guide 3453Select the certification you wish to view from this page.ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.NoteRepair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.RegistrationRegister your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
Appendix J Legal InformationP-660HW-Dx v2 User’s Guide346
P-660HW-Dx v2 User’s Guide 347APPENDIX K Customer SupportPlease have the following information ready when you contact customer support.Required Information• Product model and serial number.• Warranty Information.• Date that you received your device.• Brief description of the problem and the steps you took to solve it.Corporate Headquarters (Worldwide)• Support E-mail: support@zyxel.com.tw• Sales E-mail: sales@zyxel.com.tw• Telephone: +886-3-578-3942• Fax: +886-3-578-2439• Web Site: www.zyxel.com, www.europe.zyxel.com• FTP Site: ftp.zyxel.com, ftp.europe.zyxel.com• Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, TaiwanCosta Rica• Support E-mail: soporte@zyxel.co.cr• Sales E-mail: sales@zyxel.co.cr• Telephone: +506-2017878• Fax: +506-2015098• Web Site: www.zyxel.co.cr• FTP Site: ftp.zyxel.co.cr• Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San José, Costa RicaCzech Republic• E-mail: info@cz.zyxel.com• Telephone: +420-241-091-350• Fax: +420-241-091-359• Web Site: www.zyxel.cz• Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika
Appendix K Customer SupportP-660HW-Dx v2 User’s Guide348Denmark• Support E-mail: support@zyxel.dk• Sales E-mail: sales@zyxel.dk• Telephone: +45-39-55-07-00• Fax: +45-39-55-07-07• Web Site: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, DenmarkFinland• Support E-mail: support@zyxel.fi• Sales E-mail: sales@zyxel.fi• Telephone: +358-9-4780-8411• Fax: +358-9-4780 8448• Web Site: www.zyxel.fi• Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, FinlandFrance• E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97• Fax: +33-4-72-52-19-20• Web Site: www.zyxel.fr• Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, FranceGermany• Support E-mail: support@zyxel.de• Sales E-mail: sales@zyxel.de• Telephone: +49-2405-6909-69• Fax: +49-2405-6909-99• Web Site: www.zyxel.de• Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen, GermanyHungary• Support E-mail: support@zyxel.hu• Sales E-mail: info@zyxel.hu• Telephone: +36-1-3361649• Fax: +36-1-3259100• Web Site: www.zyxel.hu• Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, HungaryKazakhstan• Support: http://zyxel.kz/support• Sales E-mail: sales@zyxel.kz
Appendix K Customer SupportP-660HW-Dx v2 User’s Guide 349• Telephone: +7-3272-590-698• Fax: +7-3272-590-689• Web Site: www.zyxel.kz• Regular Mail: ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dostyk Business Centre, 050010, Almaty, Republic of KazakhstanNorth America• Support E-mail: support@zyxel.com• Sales E-mail: sales@zyxel.com• Telephone: +1-800-255-4101, +1-714-632-0882• Fax: +1-714-632-0858• Web Site: www.us.zyxel.com• FTP Site: ftp.us.zyxel.com• Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-2001, U.S.A.Norway• Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no• Telephone: +47-22-80-61-80• Fax: +47-22-80-61-81• Web Site: www.zyxel.no• Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, NorwayPoland• E-mail: info@pl.zyxel.com• Telephone: +48 (22) 333 8250• Fax: +48 (22) 333 8251• Web Site: www.pl.zyxel.com• Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, PolandRussia• Support: http://zyxel.ru/support• Sales E-mail: sales@zyxel.ru• Telephone: +7-095-542-89-29• Fax: +7-095-542-89-25• Web Site: www.zyxel.ru• Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow, 117279, RussiaSpain• Support E-mail: support@zyxel.es• Sales E-mail: sales@zyxel.es• Telephone: +34-902-195-420• Fax: +34-913-005-345
Appendix K Customer SupportP-660HW-Dx v2 User’s Guide350• Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, SpainSweden• Support E-mail: support@zyxel.se• Sales E-mail: sales@zyxel.se• Telephone: +46-31-744-7700• Fax: +46-31-744-7701• Web Site: www.zyxel.se• Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, SwedenUkraine• Support E-mail: support@ua.zyxel.com• Sales E-mail: sales@ua.zyxel.com• Telephone: +380-44-247-69-78• Fax: +380-44-494-49-32• Web Site: www.ua.zyxel.com• Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev, 04050, UkraineUnited Kingdom• Support E-mail: support@zyxel.co.uk• Sales E-mail: sales@zyxel.co.uk• Telephone: +44-1344 303044, 08707 555779 (UK only)• Fax: +44-1344 303034• Web Site: www.zyxel.co.uk• FTP Site: ftp.zyxel.co.uk• Regular Mail: ZyXEL Communications UK, Ltd.,11 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK)“+” is the (prefix) number you dial to make an international telephone call.
IndexP-660HW-Dx v2 User’s Guide 351IndexAAAL5 76access pointsee APaddress assignment 94Address Resolution Protocolsee ARPADSLstandards 34ADSL linereinitialize 258ADSL standards 34Advanced Encryption StandardSee AES.AES 280alerts 233ALG 132alternative subnet mask notation 303antennadirectional 283gain 283omni-directional 283antenna gain 116Any IP 97, 267how it works 98note 98Any IP Setup 100AP 105AP (access point) 273application layer gateway 132Application Layer Gateway. See ALG.application-level firewalls 144ARP 98ATM Adaptation Layer 5see AAL5ATM loopback test 258attack alert 174attack types 148attacks 233auxiliary gateway 267Bbackup 253backup gateway 267backup settings 253backup type 90bandwidth 67budget 193bandwidth management 67, 187bandwidth managerclass configuration 192monitor 197summary 191Basic Service Set, See BSS 271Basic wireless security 63blocking time 173brute-force attack 147BSS 271CCA 278CBR 83, 88Certificate AuthoritySee CA.certifications 343notices 344viewing 344change password at login 41channel 105, 273interference 273channel ID 109Class of Service 194Class of Service (CoS) 194computer name 227, 228configuration 94, 251, 253, 298backup 253restore 253, 254upload 254configuration text file 317connection failure 267contact information 347content filtering 177categories 177
IndexP-660HW-Dx v2 User’s Guide352schedule 178trusted computers 179URL keyword blocking 177Continuous Bit Ratesee CBRcopyright 343CoS 194CTS (Clear to Send) 274custom portscreating / editing 164customer support 347customized services 164Ddate and time settings 229default 255default LAN IP address 39default settings 253, 254Denial of Servicesee DoSdestination address 157detection 54device model number 251DHCP 94, 95, 199, 227diagnosticDSL line 257general 257Differentiated Services 194DiffServ Code Point (DSCP) 194DiffServ Code Points 194DiffServ marking rule 194Digital Subscriber Line Access Multiplexersee DSLAMdimensions 265disclaimer 343DNS 94, 210domain name 94, 134, 227, 228Domain Name Systemsee DNSDoS 144, 145, 173basics 145types 146downstream 33, 34DS Field 194DS field 194DSCPs 194DSLreinitialize 258DSLAM 33dynamic DNS 199dynamic WEP key exchange 279DYNDNS wildcard 199EEAP Authentication 277ECHO 134E-Mail 127e-mail 67log example 236Encapsulated Routing Link Protocolsee ENET ENCAPencapsulation 75, 76PPP over Ethernet 75PPPoA 76RFC 1483 76encryption 107, 110, 280and local (user) database 107key 108WPA compatible 108ENET ENCAP 75ESS 272ESSID 109Ethernet adapter card 285Extended Service Set IDentificationsee ESSIDExtended Service Set, See ESS 272Extended wireless security 63Ffactory defaults 253, 255fairness-based scheduler 189FCC interference statement 343File Transfer Protocolsee FTPfilename extension 251finger 134firewallaccess methods 155address type 163alerts 158anti-probing 171commands 311creating/editing rules 161custom ports 164enabling 158firewall vs filters 153
IndexP-660HW-Dx v2 User’s Guide 353guidelines for enhancing security 152introduction 144LAN to WAN rules 158policies 155rule checklist 156rule configuration key fields 157rule logic 156rule security ramifications 156services 169types 143when to use 153firmware 33, 251upgrade 251upload 251upload error 252fragmentation threshold 274FTP 67, 134, 204, 207restrictions 204full rate 36Hhalf-open sessions 173help 42hidden node 273hide SSID 106host 228, 229host name 227HTTP 134, 144, 145, 251hub 33humidity 265Hypertext Transfer Protocolsee HTTPIIANA 95, 96, 164, 308IBSS 271ICMP 147, 171ICMP echo 147IEEE 802.11g 275IGMP 96, 97Independent Basic Service SetSee IBSS 271initialization vector (IV) 280Integrated Services Digital Networksee ISDNinternal SPTGEN 317FTP upload example 319points to remember 318text file 317Internet access 34, 53wizard setup 53Internet Assigned Numbers AuthoritySee IANA 308see IANA 95Internet Control Message Protocolsee ICMPInternet Group Multicast Protocolsee IGMPIP address 95, 134, 135, 136, 265IP address assignment 77ENET ENCAP 77PPPoA or PPPoE 77RFC 1483 77IP policy routing (IPPR) 267IP pool 101setup 94IP protocol type 169IP spoofing 146, 148ISDN 33LLAN setup 93LAN TCP/IP 95LAN to WAN rules 158LAND 146, 147LEDs 35local (user) database 106and encryption 107logs 233alerts 233configuring 234descriptions 237e-mail 236loopback test 258MMAC address 106MAC address filter 106action 121MAC address filtering 121MAC filter 121maintenance 253Management Information Basesee MIB
IndexP-660HW-Dx v2 User’s Guide354managing the devicegood habits 35using FTP. See FTP.using Telnet. See command interface.using the command interface. See command interface.maximize bandwidth usage 189Maximum Burst Sizesee MBSmax-incomplete high 173max-incomplete low 173MBS 79, 83, 88media access controlsee MACMessage Integrity Check (MIC) 280metric 78MIB 208multicast 96multiplexing 76LLC-based 76VC-based 76multiprotocol encapsulation 76Nnailed-up connection 77NAT 95, 129, 134, 135, 308address mapping rule 139application 130definitions 129how it works 130mapping types 131mode 133what it does 130NAT traversal 213navigating the web configurator 42NetBIOS 339commands 148Network Address Translationsee NATNetwork Basic Input / Output Systemsee NetBIOSnetwork disconnect icon 252, 254network management 134NNTP 134Oone-minute high 173one-minute low 173Ppacket filtering 153when to use 153packet filtering firewalls 143Pairwise Master Key (PMK) 280, 282PCR 78, 83, 88Peak Cell Ratesee PCRPer-Hop Behavior 194PHB (Per-Hop Behavior) 194ping 257ping of death 146Point to Point Protocol over ATM Adaptation Layer 5 (AAL5) 76point-to-point protocol over ATMPoint-to-Point Tunneling Protocolsee PPTPPOP3 134, 145power specifications 265PPPoA 76PPPoE 75Benefits 75PPTP 134preamble mode 275Priorities 122priority 191, 193priority-based scheduler 188product registration 345PSK 280Qquick start guide 39RRADIUS 276message types 277messages 277shared secret key 277RADIUS server 107reboot 255
IndexP-660HW-Dx v2 User’s Guide 355registrationproduct 345related documentation 3remote management and NAT 204remote management limitations 204reset 255reset button 42resetting the ZyXEL device 42restart 251, 255restore configuration 254restore settings 254RFC 1483 76RFC 1631 129RFC-1483 77RFC-2364 76RIP 96Direction 96Version 96Routing Information Protocolsee RIPRTS (Request To Send) 274threshold 273, 274rules 158checklist 156key fields 157LAN to WAN 158logic 156predefined services 169Ssafety warnings 6save settings 253saving the state 148scheduler 188fairness-based 189priority-based 188SCR 79, 83, 88screws 269securitygeneral 152ramifications 156Server 132server 131, 132, 230service 157service set 109Service Set IDentitySee SSIDservice type 165services 134settingsbackup 253defaults 253restore 254setup, general 227Single User Accountsee SUASIPALG 132SIP application layer gateway 132SMTP 134smurf 147SNMP 134, 207manager 208MIBs 209source address 157splitters 36SPTGEN 317command examples 331text file format 317SSID 105hide 106stateful inspection 143, 144, 148, 149and the ZyXEL device 150process 149static route 183SUA 132SUA vs NAT 132subnet 267, 301subnet mask 95, 163, 302subnetting 304Sustain Cell Ratesee SCRswitch 265SYN Flood 146, 147SYN-ACK 146syntax conventions 4syslog 168system errors 233system name 227, 228System Parameter Table Generatorsee SPTGENsystem restart 255system timeout 204TTCP maximum incomplete 173TCP security 150TCP/IP 145, 146, 285
IndexP-660HW-Dx v2 User’s Guide356TCP/IP address 257teardrop 146Teln e t 67, 205temperature 265Temporal Key Integrity Protocol (TKIP) 280TFTP restrictions 204three-way handshake 146threshold values 172time and date settings 229timeout 204tools 251traceroute 148trademarks 343traffic redirect 89, 91, 267traffic shaping 78transmission rates 33triangle route 341solutions 342UUBR 83, 88UDP/ICMP security 151Unspecified Bit Ratesee UBRUPnP 213application 213Forum 214security issues 213UPnP installation 215Windows Me 215Windows XP 216upper layer protocols 150, 151upstream 33, 34user authentication 106local (user) database 106RADIUS server 107weaknesses 107user name 200VVariable Bit Ratesee VBRVBR 83, 88VC 76VC-based multiplexing 76VCI 77Virtual Channel Identifiersee VCIvirtual circuitsee VCVirtual Path Identifiersee VPIVoice over IPsee VoIPVoIP 68VPI 77Wwall-mounting 265WAN 75backup 89WAN setup 75WAN to LAN rules 158warranty 345note 345web configurator 39, 42, 151, 152, 157screen summary 43WEP 110encryption 112Wide Area Networksee WANWi-Fi Multimedia QoS 122Wi-Fi Protected Access 279wireless client 105wireless client WPA supplicants 281wireless LAN 108wireless network 105basic guidelines 105wireless networkschannel 105encryption 107MAC address filter 106security 106SSID 105wireless security 106, 275wizard icon 53WLANinterference 273security parameters 282world wide web 204WPA 279key caching 280pre-authentication 280user authentication 280vs WPA-PSK 280wireless client supplicant 281
IndexP-660HW-Dx v2 User’s Guide 357with RADIUS application example 281WPA compatibility 108WPA2 279user authentication 280vs WPA2-PSK 280wireless client supplicant 281with RADIUS application example 281WPA2-Pre-Shared Key 279WPA2-PSK 279, 280application example 281WPA-PSK 279, 280application example 281WWW 127Zzero configuration Internet access 80ZyXEL’s firewallintroduction 144
IndexP-660HW-Dx v2 User’s Guide358

Navigation menu