ZyXEL Communications P660WTXV2 802.11g Wireless ADSL2+ Router User Manual SMG 700 User s Guide V1 00 Nov 2004

ZyXEL Communications Corporation 802.11g Wireless ADSL2+ Router SMG 700 User s Guide V1 00 Nov 2004

Contents

Users manual3

P-660W-Tx v2 User’s Guide 201
CHAPTER 20
Product Specifications
This chapter gives details about your ZyXEL Device’s hardware and firmware features.
20.1 General ZyXEL Device Specifications
The following tables summarize the ZyXEL Device’s hardware and firmware features.
Table 75 Hardware Specifications
SPECIFICATION DESCRIPTION
Dimensions (W x D x H) 190 x 128 x 33 mm
Weight 3.6 Kg
Power (devices that do not use an external power adaptor)
AC: 100 - 240V 50/60Hz 1.5A maximum input internal universal power
supply
DC: 48 - 60V 1.5A max, 48 Watt consumption. There is no tolerance for the
DC input voltage. This note is needed for DC powered devices, not AC.
Ethernet Ports Auto-negotiating: 10 Mbps or 100 Mbps in either half-duplex or full-duplex
mode.
Auto-crossover: Use either crossover or straight-through Ethernet cables.
Line/Phone Ports RJ-11 telephone wires.
LEDs
Operating Environment Temperature: 0º C ~ 50º C
Humidity: 20% ~ 95% RH
Storage Environment Temperature: -20º C ~ 60º C
Humidity: 10% ~ 90% RH
Distance between the
centers of the holes (for
wall mounting) on the
ZyXEL Device’s back.
125 mm
Chapter 20 Product Specifications
P-660W-Tx v2 User’s Guide
202
Recommended type of
screws for wall-mounting
M4 Tap Screw, see Figure 110 on page 206.
Approvals Safety
ANSI/UL Std No. 60950-1
CAN/CSA-C22.2 No 60950-1-03
EN 60950-1 1st Edition
IEC 60950-1 1st Edition
EMI
FCC Part 15 Class B
C-Tick
EN55022 Class B (1998+A1:2000+A2: 2003)
EN61000-3-2: 2000
EN61000-3-3: 1995+A1:2001
EMS
EN61000-4-2, EN61000-4-3, EN61000-4-4, EN61000-4-5, EN61000-4-
6, EN61000-4-8, EN61000-4-11, FCC Part 68, K.21 4KV by default.
RF
EN 301 489 -1/17
EN 300 328
FCC Part 15.207/209/247
Table 76 Firmware Specifications
FEATURE DESCRIPTION
Default IP Address 192.168.1.1
Default Subnet Mask 255.255.255.0 (24 bits)
Default Password 1234
DHCP Pool 192.168.1.33 to 192.168.1.64
Device Management Use the web configurator to easily configure the rich range of features on
the ZyXEL Device.
Wireless Functionality Allow the IEEE 802.11b and/or IEEE 802.11g wireless clients to connect
to the ZyXEL Device wirelessly. Enable wireless security (WEP,
WPA(2), WPA(2)-PSK) and/or MAC filtering to protect your wireless
network.
Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and
use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL
Device.
Note: Only upload firmware for your specific model!
Configuration Backup &
Restoration
Make a copy of the ZyXEL Device’s configuration. You can put it back on
the ZyXEL Device later if you decide to revert back to an earlier
configuration.
Network Address
Translation (NAT)
Each computer on your network must have its own unique IP address.
Use NAT to convert your public IP address(es) to multiple private IP
addresses for the computers on your network.
Port Forwarding If you have a server (mail or web server for example) on your network,
you can use this feature to let people access it from the Internet.
DHCP (Dynamic Host
Configuration Protocol)
Use this feature to have the ZyXEL Device assign IP addresses, an IP
default gateway and DNS servers to computers on your network.
Table 75 Hardware Specifications
SPECIFICATION DESCRIPTION
Chapter 20 Product Specifications
P-660W-Tx v2 User’s Guide 203
The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL
Device.
Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can use a
fixed URL, www.zyxel.com for example, with a dynamic IP address. You
must register for this service with a Dynamic DNS service provider.
IP Multicast IP multicast is used to send traffic to a specific group of computers. The
ZyXEL Device supports versions 1 and 2 of IGMP (Internet Group
Management Protocol) used to join multicast groups (see RFC 2236).
IP Alias IP alias allows you to subdivide a physical network into logical networks
over the same Ethernet interface with the ZyXEL Device itself as the
gateway for each subnet.
Time and Date Get the current time and date from an external server when you turn on
your ZyXEL Device. You can also set the time manually. These dates
and times are then used in logs.
Logging and Tracing Use packet tracing and logs for troubleshooting. You can send logs from
the ZyXEL Device to an external syslog server.
PPPoE PPPoE mimics a dial-up Internet access connection.
PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) enables secure transfer of
data through a Virtual Private Network (VPN). The ZyXEL Device
supports one PPTP connection at a time.
Universal Plug and Play
(UPnP)
A UPnP-enabled device can dynamically join a network, obtain an IP
address and convey its capabilities to other devices on the network.
RoadRunner Support The ZyXEL Device supports Time Warner’s RoadRunner Service in
addition to standard cable modem services.
Firewall You can configure firewall on the ZyXEL Device for secure Internet
access. When the firewall is on, by default, all incoming traffic from the
Internet to your network is blocked unless it is initiated from your
network. This means that probes from the outside to your network are
not allowed, but you can safely browse the Internet and download files
for example.
Content Filter The ZyXEL Device blocks or allows access to web sites that you specify
and blocks access to web sites with URLs that contain keywords that
you specify. You can define time periods and days during which content
filtering is enabled. You can also include or exclude particular computers
on your network from content filtering.
You can also subscribe to category-based content filtering that allows
your ZyXEL Device to check web sites against an external database.
Bandwidth Management You can efficiently manage traffic on your network by reserving
bandwidth and giving priority to certain types of traffic and/or to particular
computers.
Remote Management This allows you to decide whether a service (HTTP or FTP traffic for
example) from a computer on a network (LAN or WAN for example) can
access the ZyXEL Device.
Table 77 Standards Supported
STANDARD DESCRIPTION
RFC 867 Daytime Protocol
RFC 868 Time Protocol.
RFC 1058 RIP-1 (Routing Information Protocol)
Table 76 Firmware Specifications
FEATURE DESCRIPTION
Chapter 20 Product Specifications
P-660W-Tx v2 User’s Guide
204
RFC 1112 IGMP v1
RFC 1157 SNMPv1: Simple Network Management Protocol version 1
RFC 1305 Network Time Protocol (NTP version 3)
RFC 1441 SNMPv2 Simple Network Management Protocol version 2
RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5
RFC 1631 IP Network Address Translator (NAT)
RFC 1661 The Point-to-Point Protocol (PPP)
RFC 1723 RIP-2 (Routing Information Protocol)
RFC 1901 SNMPv2c Simple Network Management Protocol version 2c
RFC 2236 Internet Group Management Protocol, Version 2.
RFC 2364 PPP over AAL5 (PPP over ATM over ADSL)
RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE)
RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5.
RFC 2766 Network Address Translation - Protocol
IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN
standards developed by working group 11 of the IEEE LAN/MAN
Standards Committee (IEEE 802).
IEEE 802.11b Uses the 2.4 gigahertz (GHz) band
IEEE 802.11g Uses the 2.4 gigahertz (GHz) band
IEEE 802.11g+ Turbo and Super G modes
IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access
Control (MAC) Bridges
IEEE 802.11x Port Based Network Access Control.
IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of Service
ANSI T1.413, Issue 2 Asymmetric Digital Subscriber Line (ADSL) standard.
G dmt(G.992.1) G.992.1 Asymmetrical Digital Subscriber Line (ADSL) Transceivers
ITU G.992.1 (G.DMT) ITU standard for ADSL using discrete multitone modulation.
ITU G.992.2 (G. Lite) ITU standard for ADSL using discrete multitone modulation.
ITU G.992.3 (G.dmt.bis) ITU standard (also referred to as ADSL2) that extends the capability of
basic ADSL in data rates.
ITU G.992.4 (G.lite.bis) ITU standard (also referred to as ADSL2) that extends the capability of
basic ADSL in data rates.
ITU G.992.5 (ADSL2+) ITU standard (also referred to as ADSL2+) that extends the capability of
basic ADSL by doubling the number of downstream bits.
ITU-T G.993.1 (VDSL) ITU standard that defines VDSL.
ITU-T G.993.2 (VDSL2) ITU standard that defines VDSL2.
Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling
Protocol)
MBM v2 Media Bandwidth Management v2
RFC 2383 ST2+ over ATM Protocol Specification - UNI 3.1 Version
Table 77 Standards Supported (continued)
STANDARD DESCRIPTION
Chapter 20 Product Specifications
P-660W-Tx v2 User’s Guide 205
20.2 Wall-mounting Instructions
Complete the following steps to hang your ZyXEL Device on a wall.
"See Table 75 on page 201 for the size of screws to use and how far apart to
place them.
1Select a position free of obstructions on a sturdy wall.
2Drill two holes for the screws.
1Be careful to avoid damaging pipes or cables located inside the wall when
drilling holes for the screws.
3Do not insert the screws all the way into the wall. Leave a small gap of about 0.5 cm
between the heads of the screws and the wall.
4Make sure the screws are snugly fastened to the wall. They need to hold the weight of
the ZyXEL Device with the connection cables.
5Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the
ZyXEL Device on the screws.
Figure 109 Wall-mounting Example
The following are dimensions of an M4 tap screw and masonry plug used for wall mounting.
All measurements are in millimeters (mm).
TR-069 TR-069 DSL Forum Standard for CPE Wan Management.
1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly)
Table 77 Standards Supported (continued)
STANDARD DESCRIPTION
Chapter 20 Product Specifications
P-660W-Tx v2 User’s Guide
206
Figure 110 Masonry Plug and M4 Tap Screw
20.3 Power Adaptor Specifications
Table 78 Power Adaptor Specifications
AC Power Adaptor Model MU12-2050200-A1
Input Power 100~240 Volts AC / 50~60Hz/0.25A
Output Power 5 Volts DC / 2A
Power Consumption 10 W
Safety Standards UL (UL 1950), CSA (CSA 22.2)
CE mark, EN60950 (2001)
T-Mark
C-tick, QAS
207
PART VI
Appendices
Pop-up Windows, JavaScripts and Java Permissions (209)
Wireless LANs (217)
Common Services (231)
Legal Information (235)
Customer Support (241)
208
P-660W-Tx v2 User’s Guide 209
APPENDIX A
Pop-up Windows, JavaScripts
and Java Permissions
In order to use the web configurator you need to allow:
Web browser pop-up windows from your device.
JavaScripts (enabled by default).
Java permissions (enabled by default).
"Internet Explorer 6 screens are used here. Screens for other Internet Explorer
versions may vary.
Internet Explorer Pop-up Blockers
You may have to disable pop-up blocking to log into your device.
Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or
allow pop-up blocking and create an exception for your device’s IP address.
Disable Pop-up Blockers
1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up
Blocker.
Figure 111 Pop-up Blocker
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the
Privacy tab.
1In Internet Explorer, select Tools, Internet Options, Privacy.
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide
210
2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This
disables any web pop-up blockers you may have enabled.
Figure 112 Internet Options: Privacy
3Click Apply to save this setting.
Enable Pop-up Blockers with Exceptions
Alternatively, if you only want to allow pop-up windows from your device, see the following
steps.
1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
2Select Settings…to open the Pop-up Blocker Settings screen.
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide 211
Figure 113 Internet Options: Privacy
3Type the IP address of your device (the web page that you do not want to have blocked)
with the prefix “http://”. For example, http://192.168.167.1.
4Click Add to move the IP address to the list of Allowed sites.
Figure 114 Pop-up Blocker Settings
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide
212
5Click Close to return to the Privacy screen.
6Click Apply to save this setting.
JavaScripts
If pages of the web configurator do not display properly in Internet Explorer, check that
JavaScripts are allowed.
1In Internet Explorer, click Tools, Internet Options and then the Security tab.
Figure 115 Internet Options: Security
2Click the Custom Level... button.
3Scroll down to Scripting.
4Under Active scripting make sure that Enable is selected (the default).
5Under Scripting of Java applets make sure that Enable is selected (the default).
6Click OK to close the window.
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide 213
Figure 116 Security Settings - Java Scripting
Java Permissions
1From Internet Explorer, click Tools, Internet Options and then the Security tab.
2Click the Custom Level... button.
3Scroll down to Microsoft VM.
4Under Java permissions make sure that a safety level is selected.
5Click OK to close the window.
Figure 117 Security Settings - Java
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide
214
JAVA (Sun)
1From Internet Explorer, click Tools, Internet Options and then the Advanced tab.
2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
3Click OK to close the window.
Figure 118 Java (Sun)
Mozilla Firefox
Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary.
You can enable Java, Javascripts and pop-ups in one screen. Click To ols, then click Options
in the screen that appears.
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide 215
Figure 119 Mozilla Firefox: Tools > Options
Click Content.to show the screen below. Select the check boxes as shown in the following
screen.
Figure 120 Mozilla Firefox Content Security
Appendix A Pop-up Windows, JavaScripts and Java Permissions
P-660W-Tx v2 User’s Guide
216
P-660W-Tx v2 User’s Guide 217
APPENDIX B
Wireless LANs
Wireless LAN Topologies
This section discusses ad-hoc and infrastructure wireless LAN topologies.
Ad-hoc Wireless LAN Configuration
The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of
computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within
range of each other, they can set up an independent network, which is commonly referred to as
an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an
example of notebook computers using wireless adapters to form an ad-hoc wireless LAN.
Figure 121 Peer-to-Peer Communication in an Ad-hoc Network
BSS
A Basic Service Set (BSS) exists when all communications between wireless clients or
between a wireless client and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled,
wireless client A and B can access the wired network and communicate with each other. When
Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot
communicate with each other.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
218
Figure 122 Basic Service Set
ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS).
This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not
only provide communication with the wired network but also mediate wireless network traffic
in the immediate neighborhood.
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their
associated wireless clients within the same ESS must have the same ESSID in order to
communicate.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 219
Figure 123 Infrastructure WLAN
Channel
A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Channels available depend on your geographical area. You may have a choice of channels (for
your region) so you should use a channel different from an adjacent AP (access point) to
reduce interference. Interference occurs when radio signals from different access points
overlap causing interference and degrading performance.
Adjacent channels partially overlap however. To avoid interference due to overlap, your AP
should be on a channel at least five channels away from a channel that an adjacent AP is using.
For example, if your region has 11 channels and an adjacent AP is using channel 1, then you
need to select a channel between 6 or 11.
RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot "hear" each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
220
Figure 124 RTS/CTS
When station A sends data to the AP, it might not know that the station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the
biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send)
handshake is invoked.
When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station
that wants to transmit this frame must first send an RTS (Request To Send) message to the AP
for permission to send it. The AP then responds with a CTS (Clear to Send) message to all
other stations within its range to notify them to defer their transmission. It also reserves and
confirms with the requesting station the time frame for the requested transmission.
Stations can send frames smaller than the specified RTS/CTS directly to the AP without the
RTS (Request To Send)/CTS (Clear to Send) handshake.
You should only configure RTS/CTS if the possibility of hidden nodes exists on your network
and the "cost" of resending large frames is more than the extra network overhead involved in
the RTS (Request To Send)/CTS (Clear to Send) handshake.
If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the
RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will
be fragmented before they reach RTS/CTS size.
"Enabling the RTS Threshold causes redundant network overhead that could
negatively affect the throughput performance instead of providing a remedy.
Fragmentation Threshold
A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432
bytes) that can be sent in the wireless network before the AP will fragment the packet into
smaller data frames.
A large Fragmentation Threshold is recommended for networks not prone to interference
while you should set a smaller threshold for busy networks or networks that are prone to
interference.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 221
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously)
you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as
data frames will be fragmented before they reach RTS/CTS size.
Preamble Type
Preamble is used to signal that data is coming to the receiver. Short and long refer to the length
of the synchronization field in a packet.
Short preamble increases performance as less time sending preamble means more time for
sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all
support short preamble.
Use long preamble if you are unsure what preamble mode other wireless devices on the
network support, and to provide more reliable communications in busy wireless networks.
Use short preamble if you are sure all wireless devices on the network support it, and to
provide more efficient communications.
Use the dynamic setting to automatically use short preamble when all wireless devices on the
network support it, otherwise the ZyXEL Device uses long preamble.
"The wireless devices MUST use the same preamble mode in order to
communicate.
IEEE 802.11g Wireless LAN
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE
802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at
11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps
between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation
are as follows:
Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
clients, access points and the wired network.
Table 79 IEEE 802.11g
DATA RATE (MBPS) MODULATION
1 DBPSK (Differential Binary Phase Shift Keyed)
2 DQPSK (Differential Quadrature Phase Shift Keying)
5.5 / 11 CCK (Complementary Code Keying)
6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
222
Wireless security methods available on the ZyXEL Device are data encryption, wireless client
authentication, restricting access by device MAC address and hiding the ZyXEL Device
identity.
The following figure shows the relative effectiveness of these wireless security methods
available on your ZyXEL Device.
"You must enable the same wireless security settings on the ZyXEL Device and
on all wireless clients that you want to associate with it.
IEEE 802.1x
In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to
support extended authentication as well as providing additional accounting and control
features. It is supported by Windows XP and a number of network devices. Some advantages
of IEEE 802.1x are:
User based identification that allows for roaming.
Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for
centralized user profile and accounting management on a network RADIUS server.
Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional
authentication methods to be deployed with no changes to the access point or the wireless
clients.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The access point is the client and the server is the RADIUS server. The RADIUS
server handles the following tasks:
Authentication
Determines the identity of the users.
• Authorization
Table 80 Wireless Security Levels
SECURITY
LEVEL SECURITY TYPE
Least
S e c u r e
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
WPA2
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 223
Determines the network services available to authenticated users once they are connected
to the network.
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the
wireless client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The
access point sends a proper response from the user and then sends another Access-Request
message.
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
network from unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS,
PEAP and LEAP. Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. .
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
224
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)
can be used to authenticate users and a CA issues certificates and guarantees the identity of
each certificate owner.
EAP-MD5 (Message-Digest Algorithm 5)
MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password
by encrypting the password with the challenge and sends back the information. Password is
not sent in plain text.
However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.
EAP-TLS (Transport Layer Security)
With EAP-TLS, digital certifications are needed by both the server and the wireless clients for
mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
senders identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
PEAP (Protected EAP)
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection,
then use simple username and password methods through the secured connection to
authenticate the clients, thus hiding client identity. However, PEAP only supports EAP
methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card),
for client authentication. EAP-GTC is implemented only by Cisco.
LEAP
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE
802.1x.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 225
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when
the wireless connection times out, disconnects or reauthentication times out. A new WEP key
is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the
wireless security configuration screen. You may still configure and store keys, but they will
not be used while dynamic WEP is enabled.
"EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE
802.11i) is a wireless security standard that defines stronger encryption, authentication and
key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.
Table 81 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity Protection No No Yes Yes No
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
226
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced
Encryption Standard (AES) in the Counter mode with Cipher block chaining Message
authentication code Protocol (CCMP) to offer stronger encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael. They both include a per-packet key mixing function,
a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption
key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up
a key hierarchy and management system, using the PMK to dynamically generate unique data
encryption keys to encrypt every data packet that is wirelessly communicated between the AP
and the wireless clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only
difference between the two is that WPA(2)-PSK uses a simple common password, instead of
user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to
brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a
consistent, single, alphanumeric password to derive a PMK which is used to generate unique
temporal encryption keys. This prevent all wireless devices sharing the same encryption keys.
(a weakness of WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database. WPA2 reduces the number
of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time
required to connect to a network. Other WPA2 authentication features that are different from
WPA include key caching and pre-authentication. These two features are optional and may not
be supported in all wireless devices.
Key caching allows a wireless client to store the PMK it derived through a successful
authentication with an AP. The wireless client uses the PMK when it tries to connect to the
same AP and does not need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to
an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 227
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the
wireless client how to use WPA. At the time of writing, the most widely available supplicant is
the WPA patch for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-
in "Zero Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is
1812), and the RADIUS shared secret. A WPA(2) application example with an external
RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the
RADIUS server and the client.
4The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy
and management system, using the PMK to dynamically generate unique data encryption
keys. The keys are used to encrypt every data packet that is wirelessly communicated
between the AP and the wireless clients.
Figure 125 WPA(2) with RADIUS Application Example
WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters
(including spaces and symbols).
2The AP checks each wireless client's password and allows it to join the network only if
the password matches.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
228
3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key
itself is not sent over the network, but is derived from the PSK and the SSID.
4The AP and wireless clients use the TKIP or AES encryption process, the PMK and
information exchanged in a handshake to create temporal encryption keys. They use
these keys to encrypt data exchanged between them.
Figure 126 WPA(2)-PSK Authentication
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
authentication method or key management protocol type. MAC address filters are not
dependent on how you configure these security features.
Table 82 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTIO
N METHOD
ENTER
MANUAL KEY IEEE 802.1X
Open None No Disable
Enable without Dynamic WEP Key
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP Key
Yes Disable
WPA TKIP/AES No Enable
WPA-PSK TKIP/AES Yes Disable
WPA2 TKIP/AES No Enable
WPA2-PSK TKIP/AES Yes Disable
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide 229
Antenna Overview
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF
signal to the antenna, which propagates the signal through the air. The antenna also operates in
reverse by capturing RF signals from the air.
Positioning the antennas properly increases the range and coverage area of a wireless LAN.
Antenna Characteristics
Frequency
An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE
802.11a) is needed to communicate efficiently in a wireless LAN
Radiation Pattern
A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s
coverage area.
Antenna Gain
Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Higher antenna gain improves the range of the signal for better communications.
For an indoor site, each 1 dB increase in antenna gain results in a range increase of
approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a
range increase of approximately 5%. Actual results may vary depending on the network
environment.
Antenna gain is sometimes specified in dBi, which is how much the antenna increases the
signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical
perfect antenna that sends out radio signals equally well in all directions. dBi represents the
true gain that the antenna provides.
Types of Antennas for WLAN
There are two types of antennas used for wireless LAN applications.
Omni-directional antennas send the RF signal out in all directions on a horizontal plane.
The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a
room environment. With a wide coverage area, it is possible to make circular overlapping
coverage areas with multiple access points.
Directional antennas concentrate the RF signal in a beam, like a flashlight does with the
light from its bulb. The angle of the beam determines the width of the coverage pattern.
Angles typically range from 20 degrees (very directional) to 120 degrees (less directional).
Directional antennas are ideal for hallways and outdoor point-to-point applications.
Appendix B Wireless LANs
P-660W-Tx v2 User’s Guide
230
Positioning Antennas
In general, antennas should be mounted as high as practically possible and free of
obstructions. In point-to–point application, position both antennas at the same height and in a
direct line of sight to each other to attain the best performance.
For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For
omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single
AP application, place omni-directional antennas as close to the center of the coverage area as
possible.
For directional antennas, point the antenna in the direction of the desired coverage area.
P-660W-Tx v2 User’s Guide 231
APPENDIX C
Common Services
The following table lists some commonly-used services and their associated protocols and port
numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services,
visit the IANA (Internet Assigned Number Authority) web site.
Name: This is a short, descriptive name for the service. You can use this one or create a
different one, if you like.
Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the
service uses the same port number with TCP and UDP. If this is USER-DEFINED, the
Port(s) is the IP protocol number, not the port number.
Port(s): This value depends on the Protocol. Please refer to RFC 1700 for further
information about port numbers.
If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.
If the Protocol is USER, this is the IP protocol number.
Description: This is a brief explanation of the applications that use this service or the
situations in which this service is used.
Table 83 Commonly Used Services
NAME PROTOCOL PORT(S) DESCRIPTION
AH
(IPSEC_TUNNEL)
User-Defined 51 The IPSEC AH (Authentication Header)
tunneling protocol uses this service.
AIM/New-ICQ TCP 5190 AOLs Internet Messenger service. It is also
used as a listening port by ICQ.
AUTH TCP 113 Authentication protocol used by some
servers.
BGP TCP 179 Border Gateway Protocol.
BOOTP_CLIENT UDP 68 DHCP Client.
BOOTP_SERVER UDP 67 DHCP Server.
CU-SEEME TCP
UDP
7648
24032
A popular videoconferencing solution from
White Pines Software.
DNS TCP/UDP 53 Domain Name Server, a service that
matches web names (for example
www.zyxel.com) to IP numbers.
ESP
(IPSEC_TUNNEL)
User-Defined 50 The IPSEC ESP (Encapsulation Security
Protocol) tunneling protocol uses this
service.
FINGER TCP 79 Finger is a UNIX or Internet related
command that can be used to find out if a
user is logged on.
Appendix C Common Services
P-660W-Tx v2 User’s Guide
232
FTP TCP
TCP
20
21
File Transfer Program, a program to enable
fast transfer of files, including large files
that may not be possible by e-mail.
H.323 TCP 1720 NetMeeting uses this protocol.
HTTP TCP 80 Hyper Text Transfer Protocol - a client/
server protocol for the world wide web.
HTTPS TCP 443 HTTPS is a secured http session often
used in e-commerce.
ICMP User-Defined 1Internet Control Message Protocol is often
used for diagnostic or routing purposes.
ICQ UDP 4000 This is a popular Internet chat program.
IGMP
(MULTICAST)
User-Defined 2Internet Group Management Protocol is
used when sending packets to a specific
group of hosts.
IKE UDP 500 The Internet Key Exchange algorithm is
used for key distribution and management.
IRC TCP/UDP 6667 This is another popular Internet chat
program.
MSN Messenger TCP 1863 Microsoft Networks’ messenger service
uses this protocol.
NEW-ICQ TCP 5190 An Internet chat program.
NEWS TCP 144 A protocol for news groups.
NFS UDP 2049 Network File System - NFS is a client/
server distributed file service that provides
transparent file sharing for network
environments.
NNTP TCP 119 Network News Transport Protocol is the
delivery mechanism for the USENET
newsgroup service.
PING User-Defined 1Packet INternet Groper is a protocol that
sends out ICMP echo requests to test
whether or not a remote host is reachable.
POP3 TCP 110 Post Office Protocol version 3 lets a client
computer get e-mail from a POP3 server
through a temporary connection (TCP/IP or
other).
PPTP TCP 1723 Point-to-Point Tunneling Protocol enables
secure transfer of data over public
networks. This is the control channel.
PPTP_TUNNEL
(GRE)
User-Defined 47 PPTP (Point-to-Point Tunneling Protocol)
enables secure transfer of data over public
networks. This is the data channel.
RCMD TCP 512 Remote Command Service.
REAL_AUDIO TCP 7070 A streaming audio service that enables real
time sound over the web.
REXEC TCP 514 Remote Execution Daemon.
RLOGIN TCP 513 Remote Login.
RTELNET TCP 107 Remote Telnet.
Table 83 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix C Common Services
P-660W-Tx v2 User’s Guide 233
RTSP TCP/UDP 554 The Real Time Streaming (media control)
Protocol (RTSP) is a remote control for
multimedia on the Internet.
SFTP TCP 115 Simple File Transfer Protocol.
SMTP TCP 25 Simple Mail Transfer Protocol is the
message-exchange standard for the
Internet. SMTP enables you to move
messages from one e-mail server to
another.
SNMP TCP/UDP 161 Simple Network Management Program.
SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
SQL-NET TCP 1521 Structured Query Language is an interface
to access data on many different types of
database systems, including mainframes,
midrange systems, UNIX systems and
network servers.
SSH TCP/UDP 22 Secure Shell Remote Login Program.
STRM WORKS UDP 1558 Stream Works Protocol.
SYSLOG UDP 514 Syslog allows you to send system logs to a
UNIX server.
TACACS UDP 49 Login Host Protocol used for (Terminal
Access Controller Access Control System).
TELNET TCP 23 Telnet is the login and terminal emulation
protocol common on the Internet and in
UNIX environments. It operates over TCP/
IP networks. Its primary function is to allow
users to log into remote host systems.
TFTP UDP 69 Trivial File Transfer Protocol is an Internet
file transfer protocol similar to FTP, but
uses the UDP (User Datagram Protocol)
rather than TCP (Transmission Control
Protocol).
VDOLIVE TCP 7000 Another videoconferencing solution.
Table 83 Commonly Used Services (continued)
NAME PROTOCOL PORT(S) DESCRIPTION
Appendix C Common Services
P-660W-Tx v2 User’s Guide
234
P-660W-Tx v2 User’s Guide 235
APPENDIX D
Legal Information
Copyright
Copyright © 2008 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimers
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Your use of the ZyXEL Device is subject to the terms and conditions of any related service
providers. Use with products that have NAT, and/or 3G.
Do not use the ZyXEL Device for illegal purposes. Illegal downloading or sharing of files can
result in severe civil and criminal penalties. You are subject to the restrictions of copyright
laws and any other applicable laws, and will bear the consequences of any infringements
thereof. ZyXEL bears NO responsibility or liability for your use of the download service
feature. Use for products that have a download service.
Make sure all data and programs on the ZyXEL Device are also stored elsewhere. ZyXEL is
not responsible for any loss of or damage to any data, programs, or storage media resulting
from the use, misuse, or disuse of this or any other ZyXEL product. Use for storage/backup
devices.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Appendix D Legal Information
Certifications
Federal Communications Commission (FCC) Interference Statement
The device complies with Part 15 of FCC rules. Operation is subject to the following two
Conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may
cause undesired operations.
This device has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
device generates, uses, and can radiate radio frequency energy, and if not installed
and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not
occur in a particular installation. If this device does cause harmful interference to
radio/television reception, which can be determined by turning the device off and on,
the user is encouraged to try to correct the interference by one or more of the
following measures:
1 Reorient or relocate the receiving antenna.
2 Increase the separation between the equipment and the receiver.
3 Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected.
4 Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement
• This equipment must be installed and operated in accordance with provided instructions and the
antenna(s) used for this transmitter must be installed to provide a separation distance of at least 20
cm from all persons and must not be co-located or operating in conjunction with any other
antenna or transmitter.
• IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to
channels 1 through 11.
• End-users and installers must be provide with antenna installation instructions and transmitter
operating conditions for satisfying RF exposure compliance.
Appendix D Legal Information
注意 !
依據 低功率電波輻射性電機管理辦法
第十二條 經型式認證合格之低功率射頻電機非經許可公司商號或使用
者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。
第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信經發現
有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。
前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍
受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。
減少電磁波影響,請妥適使用。
Notices
Any changes or modifications not expressly approved by the grantee of this device
could void the user's authority to operate the equipment.
This device has been designed for the WLAN 2.4 GHz network throughout the EC
region and Switzerland, with restrictions in France.
This Class B digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.
Viewing Certifications
1 Go to http://www.zyxel.com.
2 Select your product on the ZyXEL home page to go to that product's page.
3 Select the certification you wish to view from this page.
Appendix D Legal Information
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from
any defects in materials or workmanship for a period of up to two years from the
date of purchase. During the warranty period, and upon proof of purchase, should
the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or
components without charge for either parts or labor, and to whatever extent it shall
deem necessary to restore the product or components to proper operating condition.
Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal or higher value, and will be solely at the discretion of ZyXEL.
This warranty shall not apply if the product has been modified, misused, tampered
with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of
the purchaser. This warranty is in lieu of all other warranties, express or implied,
including any implied warranty of merchantability or fitness for a particular use or
purpose. ZyXEL shall in no event be held liable for indirect or consequential
damages of any kind to the purchaser. To obtain the services of this warranty,
contact your vendor. You may also refer to the warranty policy for the region in
which you bought the device at http://www.zyxel.com/web/
support_warranty_info.php.
Registration
Register your product online to receive e-mail notices of firmware upgrades and
information at www.zyxel.com.
Appendix D Legal Information
Appendix D Legal Information
P-660W-Tx v2 User’s Guide
240
P-660W-Tx v2 User’s Guide 241
APPENDIX E
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your
vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in
which you bought the device. Regional offices are listed below (see also http://
www.zyxel.com/web/contact_us.php). Please have the following information ready when you
contact an office.
Required Information
Product model and serial number.
Warranty Information.
Date that you received your device.
Brief description of the problem and the steps you took to solve it.
“+” is the (prefix) number you dial to make an international telephone call.
Corporate Headquarters (Worldwide)
Support E-mail: support@zyxel.com.tw
Sales E-mail: sales@zyxel.com.tw
Telephone: +886-3-578-3942
Fax: +886-3-578-2439
Web: www.zyxel.com
Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park,
Hsinchu 300, Taiwan
China - ZyXEL Communications (Beijing) Corp.
Support E-mail: cso.zycn@zyxel.cn
Sales E-mail: sales@zyxel.cn
Telephone: +86-010-82800646
Fax: +86-010-82800587
Address: 902, Unit B, Horizon Building, No.6, Zhichun Str, Haidian District, Beijing
Web: http://www.zyxel.cn
China - ZyXEL Communications (Shanghai) Corp.
Support E-mail: cso.zycn@zyxel.cn
Sales E-mail: sales@zyxel.cn
Telephone: +86-021-61199055
Fax: +86-021-52069033
Appendix E Customer Support
P-660W-Tx v2 User’s Guide
242
Address: 1005F, ShengGao International Tower, No.137 XianXia Rd., Shanghai
Web: http://www.zyxel.cn
Costa Rica
Support E-mail: soporte@zyxel.co.cr
Sales E-mail: sales@zyxel.co.cr
Telephone: +506-2017878
Fax: +506-2015098
Web: www.zyxel.co.cr
Regular Mail: ZyXEL Costa Rica, Plaza Roble Escazú, Etapa El Patio, Tercer Piso, San
José, Costa Rica
Czech Republic
E-mail: info@cz.zyxel.com
Telephone: +420-241-091-350
Fax: +420-241-091-359
Web: www.zyxel.cz
Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 -
Modrany, Ceská Republika
Denmark
Support E-mail: support@zyxel.dk
Sales E-mail: sales@zyxel.dk
Telephone: +45-39-55-07-00
Fax: +45-39-55-07-07
Web: www.zyxel.dk
Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark
Finland
Support E-mail: support@zyxel.fi
Sales E-mail: sales@zyxel.fi
Telephone: +358-9-4780-8411
Fax: +358-9-4780-8448
Web: www.zyxel.fi
Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland
France
E-mail: info@zyxel.fr
Telephone: +33-4-72-52-97-97
Fax: +33-4-72-52-19-20
Web: www.zyxel.fr
Regular Mail: ZyXEL France, 1 rue des Vergers, Bat. 1 / C, 69760 Limonest, France
Appendix E Customer Support
P-660W-Tx v2 User’s Guide 243
Germany
Support E-mail: support@zyxel.de
Sales E-mail: sales@zyxel.de
Telephone: +49-2405-6909-69
Fax: +49-2405-6909-99
Web: www.zyxel.de
Regular Mail: ZyXEL Deutschland GmbH., Adenauerstr. 20/A2 D-52146, Wuerselen,
Germany
Hungary
Support E-mail: support@zyxel.hu
Sales E-mail: info@zyxel.hu
Telephone: +36-1-3361649
Fax: +36-1-3259100
Web: www.zyxel.hu
Regular Mail: ZyXEL Hungary, 48, Zoldlomb Str., H-1025, Budapest, Hungary
India
Support E-mail: support@zyxel.in
Sales E-mail: sales@zyxel.in
Telephone: +91-11-30888144 to +91-11-30888153
Fax: +91-11-30888149, +91-11-26810715
Web: http://www.zyxel.in
Regular Mail: India - ZyXEL Technology India Pvt Ltd., II-Floor, F2/9 Okhla Phase -1,
New Delhi 110020, India
Japan
Support E-mail: support@zyxel.co.jp
Sales E-mail: zyp@zyxel.co.jp
Telephone: +81-3-6847-3700
Fax: +81-3-6847-3705
Web: www.zyxel.co.jp
Regular Mail: ZyXEL Japan, 3F, Office T&U, 1-10-10 Higashi-Gotanda, Shinagawa-ku,
Tokyo 141-0022, Japan
Kazakhstan
Support: http://zyxel.kz/support
Sales E-mail: sales@zyxel.kz
Telephone: +7-3272-590-698
Fax: +7-3272-590-689
Web: www.zyxel.kz
Regular Mail: ZyXEL Kazakhstan, 43 Dostyk Ave., Office 414, Dostyk Business Centre,
050010 Almaty, Republic of Kazakhstan
Appendix E Customer Support
P-660W-Tx v2 User’s Guide
244
Malaysia
Support E-mail: support@zyxel.com.my
Sales E-mail: sales@zyxel.com.my
Telephone: +603-8076-9933
Fax: +603-8076-9833
Web: http://www.zyxel.com.my
Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar
Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia
North America
Support E-mail: support@zyxel.com
Support Telephone: +1-800-978-7222
Sales E-mail: sales@zyxel.com
Sales Telephone: +1-714-632-0882
Fax: +1-714-632-0858
Web: www.zyxel.com
Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806-
2001, U.S.A.
Norway
Support E-mail: support@zyxel.no
Sales E-mail: sales@zyxel.no
Telephone: +47-22-80-61-80
Fax: +47-22-80-61-81
Web: www.zyxel.no
Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway
Poland
E-mail: info@pl.zyxel.com
Telephone: +48-22-333 8250
Fax: +48-22-333 8251
Web: www.pl.zyxel.com
Regular Mail: ZyXEL Communications, ul. Okrzei 1A, 03-715 Warszawa, Poland
Russia
Support: http://zyxel.ru/support
Sales E-mail: sales@zyxel.ru
Telephone: +7-095-542-89-29
Fax: +7-095-542-89-25
Web: www.zyxel.ru
Regular Mail: ZyXEL Russia, Ostrovityanova 37a Str., Moscow 117279, Russia
Appendix E Customer Support
P-660W-Tx v2 User’s Guide 245
Singapore
Support E-mail: support@zyxel.com.sg
Sales E-mail: sales@zyxel.com.sg
Telephone: +65-6899-6678
Fax: +65-6899-8887
Web: http://www.zyxel.com.sg
Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy
#03-28, Singapore 609930
Spain
Support E-mail: support@zyxel.es
Sales E-mail: sales@zyxel.es
Telephone: +34-902-195-420
Fax: +34-913-005-345
Web: www.zyxel.es
Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain
Sweden
Support E-mail: support@zyxel.se
Sales E-mail: sales@zyxel.se
Telephone: +46-31-744-7700
Fax: +46-31-744-7701
Web: www.zyxel.se
Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden
Taiwan
Support E-mail: support@zyxel.com.tw
Sales E-mail: sales@zyxel.com.tw
Telephone: +886-2-27399889
Fax: +886-2-27353220
Web: http://www.zyxel.com.tw
Address: Room B, 21F., No.333, Sec. 2, Dunhua S. Rd., Da-an District, Taipei
Thailand
Support E-mail: support@zyxel.co.th
Sales E-mail: sales@zyxel.co.th
Telephone: +662-831-5315
Fax: +662-831-5395
Web: http://www.zyxel.co.th
Regular Mail: ZyXEL Thailand Co., Ltd., 1/1 Moo 2, Ratchaphruk Road, Bangrak-Noi,
Muang, Nonthaburi 11000, Thailand.
Appendix E Customer Support
P-660W-Tx v2 User’s Guide
246
Turkey
Support E-mail: cso@zyxel.com.tr
Telephone: +90 212 222 55 22
Fax: +90-212-220-2526
Web: http:www.zyxel.com.tr
Address: Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N:14/13 K:6
Okmeydani/Sisli Istanbul/Turkey
Ukraine
Support E-mail: support@ua.zyxel.com
Sales E-mail: sales@ua.zyxel.com
Telephone: +380-44-247-69-78
Fax: +380-44-494-49-32
Web: www.ua.zyxel.com
Regular Mail: ZyXEL Ukraine, 13, Pimonenko Str., Kiev 04050, Ukraine
United Kingdom
Support E-mail: support@zyxel.co.uk
Sales E-mail: sales@zyxel.co.uk
Telephone: +44-1344-303044, 0845 122 0301 (UK only)
Fax: +44-1344-303034
Web: www.zyxel.co.uk
Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road,
Bracknell, Berkshire RG12 2XB, United Kingdom (UK)
Index
P-660W-Tx v2 User’s Guide 247
Index
A
Access point 65
See also AP.
Address Assignment 56
Address mapping 99
Address Resolution Protocol (ARP) 60
Advanced Encryption Standard
See AES.
AES 226
antenna
directional 229
gain 229
omni-directional 229
Any IP 59
How it works 60
note 60
Any IP Setup 62
Any IP table 185
AP 65
See also access point.
AP (access point) 219
Application-level Firewalls 108
ATM Adaptation Layer 5 (AAL5) 81
Attack Alert 136
Attack Types 112
B
Backup Type 91
Bandwidth Borrowing 170
bandwidth budget 165
bandwidth capacity 165
Bandwidth Class 165
bandwidth class 165
Bandwidth Filter 165
bandwidth filter 165
Bandwidth Management 165
Bandwidth Management Statistics 176
Bandwidth Manager Class Configuration 173
Bandwidth Manager Class Setup 172
Bandwidth Manager Monitor 177
Bandwidth Manager Summary 171
Basic Service Set, See BSS 217
Blocking Time 136
Borrow bandwidth from parent class 174
Brute-force Attack, 111
BSS 217
BW Budget 174
C
CA 224
CBR (Continuous Bit Rate) 88
Certificate Authority
See CA.
certifications 236, 237
notices 236, 238
viewing 237, 239
change password at login 34
channel 65, 219
interference 219
Class Name 174
command interface 29, 30
Configuration 56, 185
contact information 241
Content Filtering 139
Categories 139
Schedule 141
Trusted computers 141
URL keyword blocking 140
Content filtering 139
copyright 235
CTS (Clear to Send) 220
Custom Ports
Creating/Editing 128
customer support 241
Customized Services 128
Customized services 128
D
default LAN IP address 33
Denial of Service 108, 109, 135, 136
Destination Address 121
Index
P-660W-Tx v2 User’s Guide
248
device model number 189
DHCP 56, 57, 103, 185
DHCP server 185
DHCP table 185
diagnostic 187
dimensions 201
disclaimer 235
Domain Name 56, 97
Domain Name System 56
DoS 109
Basics 109
Types 110
DoS attacks, types of 110
DSL line, reinitialize 188
Dynamic DNS 103
dynamic WEP key exchange 225
DYNDNS Wildcard 103
E
EAP Authentication 223
ECHO 97
E-mail
Log Example 162
embedded help 35
Encapsulated Routing Link Protocol (ENET ENCAP)
81
Encapsulation 81
ENET ENCAP 81
PPP over Ethernet 81
PPPoA 81
RFC 1483 82
encryption 67, 226
and local (user) database 67
key 68
WPA compatible 68
ESS 218
ESSID 199
Extended Service Set, See ESS 218
F
Fairness-based Scheduler 168
FCC interference statement 236, 237
file transfer using FTP
command example 191
filename convention, configuration
configuration
file names 191
Finger 97
Firewall
Access Methods 119
Address Type 127
Alerts 122
Anti-Probing 134
Creating/Editing Rules 125
Custom Ports 128
Enabling 122
Firewall Vs Filters 117
Guidelines For Enhancing Security 116
Introduction 108
LAN to WAN Rules 121
Policies 119
Rule Checklist 120
Rule Logic 120
Rule Security Ramifications 120
Services 133
Types 107
When To Use 118
firmware 189
upgrade 189
upload 189
upload error 190
fragmentation threshold 220
FTP 30, 96, 97, 143, 190
file transfer procedure 191
restrictions over WAN 192
FTP Restrictions 143
H
Half-Open Sessions 135
hidden node 219
hide SSID 66
Host 37
HTTP 97, 108, 109, 110
HTTP (Hypertext Transfer Protocol) 189
humidity 201
I
IANA 57, 58
IANA (Internet Assigned Number Authority) 128
IBSS 217
ICMP echo 111
IEEE 802.11g 221
IGMP 58, 59
Independent Basic Service Set
Index
P-660W-Tx v2 User’s Guide 249
See IBSS 217
initialization vector (IV) 226
Install UPnP 149
Windows Me 149
Windows XP 150
Internet access 41
Internet access wizard setup 41, 49
Internet Assigned Numbers AuthoritySee IANA 57
Internet Control Message Protocol (ICMP) 111, 134
IP Address 57, 97, 185
IP Address Assignment 82
ENET ENCAP 83
PPPoA or PPPoE 82
RFC 1483 82
IP Pool Setup 56
IP protocol type 133
IP Spoofing 110, 113
K
Key Fields For Configuring Rules 121
L
LAN Setup 55, 81
LAN TCP/IP 57
LAN to WAN Rules 121
LAND 110, 111
LEDs 30
local (user) database 66
and encryption 67
Local Network
Rule Summary 124
Logs 159
M
MAC (Media Access Control) 185
MAC (Media Access Control) address. 77
MAC address 66
MAC address filter 66
MAC Address Filter Action 78
MAC Address Filtering 77
maintenance 181
management idle timeout period 34
managing the device
good habits 30
using FTP. See FTP.
using Telnet. See command interface.
using the command interface. See command
interface.
using the web configurator. See web configurator.
Maximize Bandwidth Usage 168
Maximum Burst Size (MBS) 84, 88
Max-incomplete High 135
Max-incomplete Low 135
Message Integrity Check (MIC) 226
Metric 83
Multicast 58
Multiplexing 82
multiplexing 82
LLC-based 82
VC-based 82
Multiprotocol Encapsulation 82
N
Nailed-Up Connection 83
NAT 57, 96, 97
Address mapping rule 101
Application 94
Definitions 93
How it works 94
Mapping Types 95
What it does 94
What NAT does 94
NAT (Network Address Translation) 93
NAT mode 98
NAT Traversal 147
navigating the web configurator 34
NetBIOS commands 112
Network Management 97
NNTP 97
O
One-Minute High 135
P
Packet Filtering 117
Index
P-660W-Tx v2 User’s Guide
250
Packet filtering
When to use 117
Packet Filtering Firewalls 107
Pairwise Master Key (PMK) 226, 228
Peak Cell Rate (PCR) 84, 88
Ping of Death 110
Point to Point Protocol over ATM Adaptation Layer 5
(AAL5) 81
Point-to-Point Tunneling Protocol 97
POP3 97, 109, 110
Port Numbers 97
power adaptor specifications 206
power specification 201
PPP session over Ethernet (PPP over Ethernet, RFC
2516) 81
PPPoE 84
Benefits 84
PPPoE (Point-to-Point Protocol over Ethernet) 84
PPTP 97
preamble mode 221
Priority 174
Priority-based Scheduler 168
product registration 239
Proportional Bandwidth Allocation 166
PSK 226
PVC (Permanent Virtual Circuit) 81
R
RADIUS 222
message types 223
messages 223
shared secret key 223
RADIUS server 66
real-time application 165
registration
product 239
reinitialize the ADSL line 188
related documentation 3
Remote Management and NAT 144
Remote Management Limitations 143
Reset button, the 34
resetting the Device 34
RFC 1483 82
RFC 1631 93
RIPSee Routing Information Protocol 58
Roaming 79
Root Class 172
Routing Information Protocol 58
Direction 58
Version 58
RTS (Request To Send) 220
threshold 219, 220
RTS (Request To Send) threshold 71
Rule Summary 123
Rules 121
Checklist 120
Key Fields 121
LAN to WAN 121
Logic 120
Predefined Services 133
Summary 123
S
safety warnings 6
Saving the State 113
Scheduler 167
screws 205
Security In General 116
Security Ramifications 120
Server 95, 96
Service 121
Service Set IDentification 70
Service Set IDentity. See SSID.
Service Type 129
Services 97
SMTP 97
Smurf 111, 112
SNMP 97
Source Address 121, 127
specifications 206
power adaptor 206
SSID 65, 70
hide 66
Stateful Inspection 107, 108, 113, 114
Process 114
SUA 96, 97
SUA (Single User Account) 96
SUA server 96, 98
Default server set 97
SUA vs NAT 96
SUA/NAT Server Set 99
Sub-class Layers 172
Subnet Mask 57, 127
Sustain Cell Rate (SCR) 88
Sustained Cell Rate (SCR) 84
SYN Flood 110, 111
SYN-ACK 111
Index
P-660W-Tx v2 User’s Guide 251
syntax conventions 4
System Timeout 144
T
TCP Maximum Incomplete 136
TCP Security 115
TCP/IP 109, 110, 144
Teardrop 110
Teln e t 144
Telnet Configuration 144
temperature 201
Temporal Key Integrity Protocol (TKIP) 226
TFTP Restrictions 143
Three-Way Handshake 110
Threshold Values 135
Traceroute 112
trademarks 235
Traffic Redirect 90
Traffic redirect 90, 92
Traffic shaping 84
U
UBR (Unspecified Bit Rate) 88
UDP/ICMP Security 115
Universal Plug and Play 147
Application 147
Security issues 147
Universal Plug and Play Forum 148
UPnP 147
Upper Layer Protocols 115, 116
user authentication 66
local (user) database 66
RADIUS server 66
weaknesses 67
User Name 104
V
VBR (Variable Bit Rate) 88
Virtual Channel Identifier (VCI) 82
virtual circuit (VC) 82
Virtual Path Identifier (VPI) 82
Voice-over-IP (VoIP) 165
VPI & VCI 82
W
WAN (Wide Area Network) 81
WAN backup 90
WAN to LAN Rules 121
warranty 239
note 239
Web Configurator 33, 34, 35, 108, 116, 121
web configurator 29
web configurator screen summary 35
WEP encryption 72
Wi-Fi Protected Access 225
wireless channel 199
wireless client 65
wireless client WPA supplicants 227
Wireless LAN
Configuring 70
wireless LAN 199
Wireless network
basic guidelines 65
channel 65
encryption 67
example 65
MAC address filter 66
overview 65
security 66
SSID 65
Wireless security 66
overview 66
type 66
wireless security 199, 221
WLAN
interference 219
security parameters 228
WPA 225
key caching 226
pre-authentication 226
user authentication 226
vs WPA-PSK 226
wireless client supplicant 227
with RADIUS application example 227
WPA compatible 68
WPA2 225
user authentication 226
vs WPA2-PSK 226
wireless client supplicant 227
with RADIUS application example 227
WPA2-Pre-Shared Key 225
WPA2-PSK 225, 226
application example 227
Index
P-660W-Tx v2 User’s Guide
252
WPA-PSK 225, 226
application example 227
Z
Zero configuration Internet access 85
ZyNOS (ZyXEL Network Operating System) 191
ZyXEL Firewall
Introduction 108
Index
P-660W-Tx v2 User’s Guide 253
Index
P-660W-Tx v2 User’s Guide
254

Navigation menu