ZyXEL Communications P660NT1A 802.11n Wireless ADSL2+ Gateway User Manual SMG 700 User s Guide V1 00 Nov 2004

ZyXEL Communications Corporation 802.11n Wireless ADSL2+ Gateway SMG 700 User s Guide V1 00 Nov 2004

Contents

user manual 2

 Chapter 21 ToolsP-660N-T1A User’s Guide 221Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer.Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device.Do not turn off the ZyXEL Device while configuration file upload is in progress.After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 107   Configuration Upload SuccessfulTable 90   Restore ConfigurationLABEL DESCRIPTIONFile Path  Type in the location of the file you want to upload in this field or click Browse ... to find it.Browse...  Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload  Click this to begin the upload process.
Chapter 21 ToolsP-660N-T1A User’s Guide222The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.Figure 108   Network Temporarily DisconnectedIf you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.1). See Appendix A on page 243 for details on how to set up your computer’s IP address.If the upload was not successful, the following screen will appear. Click Return to go back to the Configuration screen. Figure 109   Configuration Upload Error
 Chapter 21 ToolsP-660N-T1A User’s Guide 223Reset to Factory Defaults  Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears.Figure 110   Reset Warning MessageFigure 111   Reset In Process MessageYou can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 1.6 on page 26 for more information on the RESET button.21.4  The Restart Screen System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example.Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 112   Maintenance > Tools >Restart
Chapter 21 ToolsP-660N-T1A User’s Guide224
P-660N-T1A User’s Guide 225CHAPTER  22 Diagnostic22.1  OverviewThese read-only screens display information to help you identify problems with the ZyXEL Device.22.1.1  What You Can Do in the Diagnostic Screens•Use the General Diagnostic screen (Section 22.2 on page 225) to ping an IP address.•Use the DSL Line Diagnostic screen (Section 22.3 on page 226) to view the DSL line statistics and reset the ADSL line.22.2  The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next.Figure 113   Maintenance > Diagnostic > General
Chapter 22 DiagnosticP-660N-T1A User’s Guide226The following table describes the fields in this screen. 22.3  The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next.Figure 114   Maintenance > Diagnostic > DSL LineTable 91   Maintenance > Diagnostic > GeneralLABEL DESCRIPTIONTCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.Ping Click this to ping the IP address that you entered.
 Chapter 22 DiagnosticP-660N-T1A User’s Guide 227The following table describes the fields in this screen.  Table 92   Maintenance > Diagnostic > DSL LineLABEL DESCRIPTIONATM Status Click this to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed. The (Segmentation and Reassembly) SAR driver translates packets into ATM cells. It also receives ATM cells and reassembles them into packets.These counters are set back to zero whenever the device starts up.inPkts is the number of good ATM cells that have been received.inDiscards is the number of received ATM cells that were rejected.outPkts is the number of ATM cells that have been sent.outDiscards is the number of ATM cells sent that were rejected.inF4Pkts is the number of ATM Operations, Administration, and Management (OAM) F4 cells that have been received. See ITU recommendation I.610 for more on OAM for ATM.outF4Pkts is the number of ATM OAM F4 cells that have been sent. inF5Pkts is the number of ATM OAM F5 cells that have been received.outF5Pkts is the number of ATM OAM F5 cells that have been sent.openChan is the number of times that the ZyXEL Device has opened a logical DSL channel.closeChan is the number of times that the ZyXEL Device has closed a logical DSL channel.txRate is the number of bytes transmitted per second.rxRate is the number of bytes received per second.ATM Loopback Test Click this to start the ATM loopback test. Make sure you have configured at least one PVC with proper VPIs/VCIs before you begin this test. The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network.
Chapter 22 DiagnosticP-660N-T1A User’s Guide228DSL Line Status Click this to view statistics about the DSL connections.noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is. output power upstream is the amount of power (in decibels) that the ZyXEL Device is using to transmit to the ISP.attenuation downstream is the reduction in amplitude (in decibels) of the DSL signal coming into the ZyXEL Device from the ISP.Discrete Multi-Tone (DMT) modulation divides up a line’s bandwidth into sub-carriers (sub-channels) of 4.3125 KHz each called tones. The rest of the display is the line’s bit allocation. This is displayed as the number (in hexadecimal format) of bits transmitted for each tone. This can be used to determine the quality of the connection, whether a given sub-carrier loop has sufficient margins to support certain ADSL transmission rates, and possibly to determine whether particular specific types of interference or line attenuation exist. Refer to the ITU-T G.992.1 recommendation for more information on DMT. The better (or shorter) the line, the higher the number of bits transmitted for a DMT tone. The maximum number of bits that can be transmitted per DMT tone is 15. There will be some tones without any bits as there has to be space between the upstream and downstream channels. Reset ADSL Line Click this to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, for example:"Start to reset ADSLLoading ADSL modem F/W...Reset ADSL Line Successfully!"Capture All Logs Click this to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address.Table 92   Maintenance > Diagnostic > DSL Line (continued)LABEL DESCRIPTION
P-660N-T1A User’s Guide 229CHAPTER  23 TroubleshootingThis chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. •Power, Hardware Connections, and LEDs•ZyXEL Device Access and Login•Internet Access23.1  Power, Hardware Connections, and LEDsThe ZyXEL Device does not turn on. None of the LEDs turn on.1Make sure the ZyXEL Device is turned on. 2Make sure you are using the power adaptor or cord included with the ZyXEL Device.3Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source. Make sure the power source is turned on.4Turn the ZyXEL Device off and on.5If the problem continues, contact the vendor.One of the LEDs does not behave as expected.1Make sure you understand the normal behavior of the LED. See Section 1.5 on page 25.
Chapter 23 TroubleshootingP-660N-T1A User’s Guide2302Check the hardware connections.3Inspect your cables for damage. Contact the vendor to replace any damaged cables.4Turn the ZyXEL Device off and on.5If the problem continues, contact the vendor.23.2  ZyXEL Device Access and LoginI forgot the IP address for the ZyXEL Device.1The default IP address is 192.168.1.1.2If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the ZyXEL Device (it depends on the network), so enter this IP address in your Internet browser.3If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page 26.I forgot the password.1The default admin password is 1234.2If this does not work, you have to reset the device to its factory defaults. See Section 1.6 on page 26.I cannot see or access the Login screen in the web configurator.1Make sure you are using the correct IP address.• The default IP address is 192.168.1.1.
 Chapter 23 TroubleshootingP-660N-T1A User’s Guide 231• If you changed the IP address (Section 7.2 on page 87), use the new IP address.• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device.2Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide.3Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. See Appendix C on page 281.4Make sure your computer is in the same subnet as the ZyXEL Device. (If there are routers between your computer and the ZyXEL Device, skip this step.)• If there is a DHCP server on your network, make sure your computer is using a dynamic IP address. See Appendix A on page 243. Your ZyXEL Device is a DHCP server by default.• If there is no DHCP server on your network, make sure your computer’s IP address is in the same subnet as the ZyXEL Device. See Appendix A on page 243.5Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 26.6If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions• Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP. • If your computer is connected to the WAN port or is connected wirelessly, use a computer that is connected to a ETHERNET port.I can see the Login screen, but I cannot log in to the ZyXEL Device.1Make sure you have entered the password correctly. The default admin password is 1234. The field is case-sensitive, so make sure [Caps Lock] is not on. 2You cannot log in to the web configurator while someone is using Telnet to access the ZyXEL Device. Log out of the ZyXEL Device in the other session, or ask the person who is logged in to log out. 3Turn the ZyXEL Device off and on.
Chapter 23 TroubleshootingP-660N-T1A User’s Guide2324If this does not work, you have to reset the device to its factory defaults. See Section 23.1 on page 229.I cannot Telnet to the ZyXEL Device.See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser.I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware.See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser.23.3  Internet AccessI cannot access the Internet.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 25.2Make sure you entered your ISP account information correctly in the wizard. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.4If you are trying to access the Internet wirelessly, make sure you enabled the wireless LAN and have selected the correct country and channel in which your ZyXEL Device operates in the Wireless LAN > AP screen.5Disconnect all the cables from your device, and follow the directions in the Quick Start Guide again. 6If the problem continues, contact your ISP.
 Chapter 23 TroubleshootingP-660N-T1A User’s Guide 233I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore.1Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 25.2Turn the ZyXEL Device off and on.3If the problem continues, contact your ISP. The Internet connection is slow or intermittent.1There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.5 on page 25. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2Check the signal strength. If the signal strength is low, try moving your computer closer to the ZyXEL Device if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).3Turn the ZyXEL Device off and on. 4If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.Advanced Suggestions• Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications.
Chapter 23 TroubleshootingP-660N-T1A User’s Guide234
P-660N-T1A User’s Guide 235CHAPTER  24 Product SpecificationsThe following tables summarize the ZyXEL Device’s hardware and firmware features.24.1  Hardware SpecificationsThe following table summarizes the ZyXEL Device’s hardware features. Table 93   Hardware SpecificationsDimensions 133mm (L) x 61mm (W) x 163mm (H)Weight 200gPower Specification 12VDC 1ALAN Ethernet Port One auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet portADSL Port 1 RJ-11 for Annex A802.11n Wireless LAN Access On-board WLAN moduleRESET Button Press for 10 seconds to restore factory defaultsAntenna 1 internal antenna, 3.5dBiWPS Button 1 second: turn on or off WLAN5 seconds: enable WPS (Wi-Fi Protected Setup)Operation Temperature 0º C ~ 40º CStorage Temperature -20º ~ 60º COperation Humidity 20% ~ 90% RHStorage Humidity 20% ~ 90% RH
Chapter 24 Product SpecificationsP-660N-T1A User’s Guide23624.2  Firmware SpecificationsThe following table summarizes the ZyXEL Device’s firmware features.Compliance and Certifications EANSI/UL-60950-1CSA 60950-1EN60950-1 (1992+A1+A2+A3+A4+A11)IEC 60950-1FCC Part 15 Class BEN55022 Class BEN61000-3-2EN61000-3-3EN61000-4-2EN61000-4-3EN61000-4-4EN61000-4-5EN61000-4-6EN61000-4-8EN61000-4-11K.21 4KVPower Adaptor Safety Approvals ANSI/UL 60950-1CSA 60950-1CE markGS mark or TUV certificateEN60950-1Table 93   Hardware SpecificationsTable 94   Firmware Specifications Basic FeaturesDefault IP Address 192.168.1.1Default Subnet Mask 255.255.255.0 (24 bits)Default Admin Password 1234
 Chapter 24 Product SpecificationsP-660N-T1A User’s Guide 237ADSL Standard Compliance Support Multi-Mode standard (ANSI T1.413, Issue 2; G.dmt (G.992.1); G.lite (G992.2)).EOC specified in ITU-T G.992.1ADSL2 G.dmt.bis (G.992.3)ADSL2 G.lite.bis (G.992.4)ADSL2+ (G.992.5)Reach Extended ADSL (RE ADSL)SRA (Seamless Rate Adaptation)Auto-negotiating rate adaptationADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5)Support multi-protocol over AAL5 (RFC2684/1483)Support PPP over ATM AAL5 (RFC2364)PPP over Ethernet support for DSL connection (RFC 2516)Support VC-based and LLC-based multiplexing Support up to 8 PVCsI.610 F4/F5 OAMTR-067/TR-100 supportedAnnex A,B,I, J,L,MBit swappingTable 94   Firmware Specifications  (continued)
Chapter 24 Product SpecificationsP-660N-T1A User’s Guide238Wireless LAN Features WDS(wireless client: TBD)IEEE 802.11n ComplianceFrequency Range:2.4 GHzAdvanced Orthogonal Frequency Division Multiplexing (OFDM)Data Rates:150Mbps and Auto FallbackWired Equivalent Privacy (WEP) Data Encryption 64/128WLAN bridge to LAN32 MAC Address filterWPA, WPA-PSK,WPA2, WPA2-PSKWPSIEEE 802.1x (EAP-MD5, TLS and TTLS)WMMMulti BSSID (4 BSSIDs)Wireless SchedulingFirewall DoS Protocol and Generic Packet FilterStateful InspectionAccess Control List (ACL) between LAN, WANReal time alert via e-mailReport and logs20 ACL rulesContent Filtering URL Keyword BlockingNAT Muti-NAT & Port Address Translation (PAT)2048 NAT sessionCone NATMultimedia applications support (NetMeeting, CuSeeMe, ICQ, …etc)Microsoft PPTP under NAT/SUAMultiple VPN (IPSec/PPTP/L2TP) pass-throughNAT loopback12 NAT port forwardingTable 94   Firmware Specifications  (continued)
 Chapter 24 Product SpecificationsP-660N-T1A User’s Guide 239UPnP UPnP DCPUPnP protocolsNAT traversalProtocol Support SIP pass-throughDNS ProxyDynamic DNS (www.dyndns.org)IP AliasDHCP client/server/relayRIP I/ RIP II supportedSupport 16 IP Static routes by GatewayIGMP v1 and v2, v3IP Policy RoutingUPnP support Transparent bridging, VLAN-tagging pass-through bridge modeStatic DHCP802.1QTR-098 complied QoSManagement Embedded Web ConfiguratorSNMP v1 & v2 with MIB IITR-064 support(Need to support ZyXEL"easy install utility")TR-111ADSL mode selectable on GUIEmbedded FTP/TFTP Server for f/w upgrade and romfile backup and restoreRemote Management Control: Telnet, FTP, and Web.TR-069 HTTPS(with motive certification)MTU adjustable on WebGUIWAN Backup Traffic redirectOther features rom-tSupport IGMP ProxyTable 94   Firmware Specifications  (continued)
Chapter 24 Product SpecificationsP-660N-T1A User’s Guide24024.3  Standards SupportThe following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device.Table 95   Standards Supported STANDARD DESCRIPTIONRFC 867 Daytime ProtocolRFC 868 Time Protocol.RFC 1058 RIP-1 (Routing Information Protocol)RFC 1112 IGMP v1RFC 1305 Network Time Protocol (NTP version 3)RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5RFC 1631 IP Network Address Translator (NAT)RFC 1661 The Point-to-Point Protocol (PPP)RFC 1723 RIP-2 (Routing Information Protocol)RFC 2236 Internet Group Management Protocol, Version 2.RFC 2364 PPP over AAL5 (PPP over ATM over ADSL)RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)RFC 2516 A Method for Transmitting PPP Over Ethernet (PPPoE)RFC 2684 Multiprotocol Encapsulation over ATM Adaptation Layer 5.RFC 2766 Network Address Translation - ProtocolIEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802).IEEE 802.11b Uses the 2.4 gigahertz (GHz) bandIEEE 802.11g Uses the 2.4 gigahertz (GHz) bandIEEE 802.11n Uses the 2.4 gigahertz (GHz) band IEEE 802.11d Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) BridgesIEEE 802.11x Port Based Network Access Control.IEEE 802.11e QoS IEEE 802.11 e Wireless LAN for Quality of ServiceANSI T1.413, Issue 2 Asymmetric Digital Subscriber Line (ADSL) standard.G dmt(G.992.1) G.992.1 Asymmetrical Digital Subscriber Line (ADSL) TransceiversITU G.992.1 (G.DMT) ITU standard for ADSL using discrete multitone modulation.ITU G.992.2 (G. Lite) ITU standard for ADSL using discrete multitone modulation.ITU G.992.3 (G.dmt.bis) ITU standard (also referred to as ADSL2) that extends the capability of basic ADSL in data rates.ITU G.992.4 (G.lite.bis) ITU standard (also referred to as ADSL2) that extends the capability of basic ADSL in data rates.
 Chapter 24 Product SpecificationsP-660N-T1A User’s Guide 241ITU G.992.5 (ADSL2+) ITU standard (also referred to as ADSL2+) that extends the capability of basic ADSL by doubling the number of downstream bits.Microsoft PPTP MS PPTP (Microsoft's implementation of Point to Point Tunneling Protocol)MBM v2 Media Bandwidth Management v2RFC 2383 ST2+ over ATM Protocol Specification - UNI 3.1 VersionTR-069 TR-069 DSL Forum Standard for CPE Wan Management.1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) Table 95   Standards Supported  (continued)STANDARD DESCRIPTION
Chapter 24 Product SpecificationsP-660N-T1A User’s Guide242
P-660N-T1A User’s Guide 243APPENDIX  A Setting Up Your Computer’s IPAddressNote: Your specific ZyXEL Device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported.This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network. Windows Vista/XP/2000, Mac OS 9/OS X, and all versions of UNIX/LINUX include the software components you need to use TCP/IP on your computer. If you manually assign IP information instead of using a dynamic IP, make sure that your network’s computers have IP addresses that place them in the same subnet.In this appendix, you can set up an IP address for:•Windows XP/NT/2000 on page 244•Windows Vista on page 247•Windows 7 on page 251•Mac OS X: 10.3 and 10.4 on page 255•Mac OS X: 10.5 and 10.6 on page 258•Linux: Ubuntu 8 (GNOME) on page 261•Linux: openSUSE 10.3 (KDE) on page 266
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide244Windows XP/NT/2000The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT.1Click Start > Control Panel.2In the Control Panel, click the Network Connections icon.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2453Right-click Local Area Connection and then select Properties.4On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2465The Internet Protocol TCP/IP Properties window opens.6Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.7Click OK to close the Internet Protocol (TCP/IP) Properties window.8Click OK to close the Local Area Connection Properties window.Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 247Windows VistaThis section shows screens from Windows Vista Professional.1Click Start > Control Panel.2In the Control Panel, click the Network and Internet icon.3Click the Network and Sharing Center icon.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2484Click Manage network connections.5Right-click Local Area Connection and then select Properties.Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2496Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2507The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.8Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided.Click Advanced.9Click OK to close the Internet Protocol (TCP/IP) Properties window.10 Click OK to close the Local Area Connection Properties window.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 251Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also go to Start > Control Panel > Network Connections, right-click a network connection, click Status and then click the Support tab to view your IP address and connection information.Windows 7This section shows screens from Windows 7 Enterprise.1Click Start > Control Panel.2In the Control Panel, click View network status and tasks under the Network and Internet category.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2523Click Change adapter settings.4Double click Local Area Connection and then select Properties.Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2535Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2546The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.7Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP. You may also have to enter a Preferred DNS server and an Alternate DNS server, if that information was provided. Click Advanced if you want to configure advanced settings for IP, DNS and WINS. 8Click OK to close the Internet Protocol (TCP/IP) Properties window.9Click OK to close the Local Area Connection Properties window.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 255Verifying Settings1Click Start > All Programs > Accessories > Command Prompt.2In the Command Prompt window, type "ipconfig" and then press [ENTER]. 3The IP settings are displayed as follows.Mac OS X: 10.3 and 10.4The screens in this section are from Mac OS X 10.4 but can also apply to 10.3.1Click Apple > System Preferences.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2562In the System Preferences window, click the Network icon.3When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2574For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab.5For statically assigned settings, do the following:•From the Configure IPv4 list, select Manually.•In the IP Address field, type your IP address.•In the Subnet Mask field, type your subnet mask.•In the Router field, type the IP address of your device.6Click Apply Now and close the window.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide258Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab.Figure 115   Mac OS X 10.4: Network UtilityMac OS X: 10.5 and 10.6The screens in this section are from Mac OS X 10.5 but can also apply to 10.6.1Click Apple > System Preferences.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2592In System Preferences, click the Network icon.3When the Network preferences pane opens, select Ethernet from the list of available connection types.4From the Configure list, select Using DHCP for dynamically assigned settings.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2605For statically assigned settings, do the following:•From the Configure list, select Manually.•In the IP Address field, enter your IP address.•In the Subnet Mask field, enter your subnet mask.•In the Router field, enter the IP address of your ZyXEL Device.6Click Apply and close the window.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 261Verifying SettingsCheck your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.Figure 116   Mac OS X 10.5: Network UtilityLinux: Ubuntu 8 (GNOME)This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation.Note: Make sure you are logged in as the root administrator.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide262Follow the steps below to configure your computer IP address in GNOME: 1Click System > Administration > Network.2When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2633In the Authenticate window, enter your admin account name and password then click the Authenticate button.4In the Network Settings window, select the connection that you want to configure, then click Properties.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2645The Properties dialog box opens.•In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address.•In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. 6Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. 7If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided.  8Click the Close button to apply the changes.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 265Verifying SettingsCheck your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab.  The Interface Statistics column shows data if your connection is working properly.Figure 117   Ubuntu 8: Network Tools
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide266Linux: openSUSE 10.3 (KDE)This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation.Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE:1Click K Menu > Computer > Administrator Settings (YaST).2When the Run as Root - KDE su dialog opens, enter the admin password and click OK.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2673When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.4When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button.
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide2685When the Network Card Setup window opens, click the Address tabFigure 118   openSUSE 10.3: Network Card Setup6Select Dynamic Address (DHCP) if you have a dynamic IP address.Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields.7Click Next to save the changes and close the Network Card Setup window.
 Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide 2698If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided.9Click Finish to save your settings and close the window.Verifying SettingsClick the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information.Figure 119   openSUSE 10.3: KNetwork Manager
Appendix A Setting Up Your Computer’s IP AddressP-660N-T1A User’s Guide270When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.Figure 120   openSUSE: Connection Status - KNetwork Manager
P-660N-T1A User’s Guide 271APPENDIX  B IP Addresses and SubnettingThis appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.Introduction to IP AddressesOne part of the IP address is the network number, and the other part is the host ID. In the same way that houses on a street share a common street name, the hosts on a network share a common network number. Similarly, as each house has its own house number, each host on the network has its own unique identifying number - the host ID. Routers use the network number to send packets to the correct network, while the host ID determines to which host on the network the packets are delivered.StructureAn IP address is made up of four parts, written in dotted decimal notation (for example, 192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal.
Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide272The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID.Figure 121   Network Number and Host IDHow much of the IP address is the network number and how much is the host ID varies according to the subnet mask.  Subnet MasksA subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”.A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID. The following example shows a subnet mask identifying the network number (in bold text) and host ID of an IP address (192.168.1.2 in decimal).Table 96   Subnet Masks1ST OCTET:(192)2ND OCTET:(168)3RD OCTET:(1)4TH OCTET(2)IP Address (Binary) 11000000 10101000 00000001 00000010Subnet Mask (Binary) 11111111 11111111 11111111 00000000Network Number 11000000 10101000 00000001Host ID 00000010
 Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide 273By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits.Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Network SizeThe size of the network number determines the maximum number of possible hosts you can have on your network. The larger the number of network number bits, the smaller the number of remaining host ID bits. An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 with a 24-bit subnet mask, for example). An IP address with host IDs of all ones is the broadcast address for that network  (192.168.1.255 with a 24-bit subnet mask, for example).As these two IP addresses cannot be used for individual hosts, calculate the maximum number of possible hosts in a network as follows:Table 97   Subnet MasksBINARYDECIMAL1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET8-bit mask 11111111 00000000 00000000 00000000 255.0.0.016-bit mask 11111111 11111111 00000000 00000000 255.255.0.024-bit mask 11111111 11111111 11111111 00000000 255.255.255.029-bit mask 11111111 11111111 11111111 11111000 255.255.255.248Table 98   Maximum Host NumbersSUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS8 bits 255.0.0.0 24 bits 224 – 2 1677721416 bits 255.255.0.0 16 bits 216 – 2 6553424 bits 255.255.255.0 8 bits 28 – 2 25429 bits 255.255.255.248 3 bits 23 – 2 6
Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide274NotationSince the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed by the number of bits in the mask after the address. For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. SubnettingYou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 28 – 2 or 254 possible hosts.Table 99   Alternative Subnet Mask NotationSUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL)255.255.255.0 /24 0000 0000 0255.255.255.128 /25 1000 0000 128255.255.255.192 /26 1100 0000 192255.255.255.224 /27 1110 0000 224255.255.255.240 /28 1111 0000 240255.255.255.248 /29 1111 1000 248255.255.255.252 /30 1111 1100 252
 Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide 275The following figure shows the company network before subnetting.  Figure 122   Subnetting Example: Before SubnettingYou can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 123   Subnetting Example: After Subnetting
Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide276In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address. Therefore, the lowest IP address that can be assigned to an actual host for subnet A is 192.168.1.1 and the highest is 192.168.1.126. Similarly, the host ID range for subnet B is 192.168.1.129 to 192.168.1.254.Example: Four Subnets The previous example illustrated using a 25-bit subnet mask to divide a 24-bit address into two subnets. Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. Each subnet contains 6 host ID bits, giving 26 - 2 or 62 hosts for each subnet (a host ID of all zeroes is the subnet itself, all ones is the subnet’s broadcast address). Table 100   Subnet 1IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address (Decimal) 192.168.1. 0IP Address (Binary) 11000000.10101000.00000001. 00000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62Table 101   Subnet 2IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 64IP Address (Binary) 11000000.10101000.00000001. 01000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126
 Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide 277Example: Eight SubnetsSimilarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet.Table 102   Subnet 3IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 128IP Address (Binary) 11000000.10101000.00000001. 10000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.128 Lowest Host ID: 192.168.1.129Broadcast Address: 192.168.1.191 Highest Host ID: 192.168.1.190Table 103   Subnet 4IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUEIP Address 192.168.1. 192IP Address (Binary) 11000000.10101000.00000001. 11000000Subnet Mask (Binary) 11111111.11111111.11111111. 11000000Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.193Broadcast Address: 192.168.1.255 Highest Host ID: 192.168.1.254Table 104   Eight SubnetsSUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS1 0 1 30 31232 33 62 63364 65 94 95496 97 126 1275128 129 158 1596160 161 190 1917192 193 222 2238224 225 254 255
Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide278Subnet PlanningThe following table is a summary for subnet planning on a network with a 24-bit network number.The following table is a summary for subnet planning on a network with a 16-bit network number. Configuring IP AddressesWhere you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP Table 105   24-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.255.128 (/25) 21262255.255.255.192 (/26) 4623255.255.255.224 (/27) 8304255.255.255.240 (/28) 16 145255.255.255.248 (/29) 32 66255.255.255.252 (/30) 64 27255.255.255.254 (/31) 128 1Table 106   16-bit Network Number Subnet PlanningNO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET1255.255.128.0 (/17) 2327662255.255.192.0 (/18) 4163823255.255.224.0 (/19) 881904255.255.240.0 (/20) 16 40945255.255.248.0 (/21) 32 20466255.255.252.0 (/22) 64 10227255.255.254.0 (/23) 128 5108255.255.255.0 (/24) 256 2549255.255.255.128 (/25) 512 12610 255.255.255.192 (/26) 1024 6211 255.255.255.224 (/27) 2048 3012 255.255.255.240 (/28) 4096 1413 255.255.255.248 (/29) 8192 614 255.255.255.252 (/30) 16384 215 255.255.255.254 (/31) 32768 1
 Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide 279addresses, follow their instructions in selecting the IP addresses and the subnet mask.If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.Private IP AddressesEvery machine on the Internet must have a unique address. If your networks are isolated from the Internet (running only between two branch offices, for example) you can assign IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:• 10.0.0.0     — 10.255.255.255• 172.16.0.0   — 172.31.255.255• 192.168.0.0 — 192.168.255.255You can obtain your IP address from the IANA, from an ISP, or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
Appendix B IP Addresses and SubnettingP-660N-T1A User’s Guide280
P-660N-T1A User’s Guide 281APPENDIX  C Pop-up Windows, JavaScriptsand Java PermissionsIn order to use the web configurator you need to allow:• Web browser pop-up windows from your device.• JavaScripts (enabled by default).• Java permissions (enabled by default).Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary.Internet Explorer Pop-up BlockersYou may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.Disable Pop-up Blockers1In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 124   Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide2821In Internet Explorer, select Tools, Internet Options, Privacy.2Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 125   Internet Options: Privacy3Click Apply to save this setting.Enable Pop-up Blockers with ExceptionsAlternatively, if you only want to allow pop-up windows from your device, see the following steps.1In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
 Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide 2832Select Settings…to open the Pop-up Blocker Settings screen.Figure 126   Internet Options: Privacy3Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide2844Click Add to move the IP address to the list of Allowed sites.Figure 127   Pop-up Blocker Settings5Click Close to return to the Privacy screen. 6Click Apply to save this setting. JavaScriptsIf pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
 Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide 2851In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 128   Internet Options: Security 2Click the Custom Level... button. 3Scroll down to Scripting. 4Under Active scripting make sure that Enable is selected (the default).5Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide2866Click OK to close the window.Figure 129   Security Settings - Java ScriptingJava Permissions1From Internet Explorer, click Tools, Internet Options and then the Security tab. 2Click the Custom Level... button. 3Scroll down to Microsoft VM. 4Under Java permissions make sure that a safety level is selected.
 Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide 2875Click OK to close the window.Figure 130   Security Settings - Java JAVA (Sun)1From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide2883Click OK to close the window.Figure 131   Java (Sun)Mozilla FirefoxMozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.Figure 132   Mozilla Firefox: Tools > Options
 Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide 289Click Content.to show the screen below. Select the check boxes as shown in the following screen.Figure 133   Mozilla Firefox Content Security
Appendix C Pop-up Windows, JavaScripts and Java PermissionsP-660N-T1A User’s Guide290
P-660N-T1A User’s Guide 291APPENDIX  D Wireless LANsWireless LAN TopologiesThis section discusses ad-hoc and infrastructure wireless LAN topologies.Ad-hoc Wireless LAN ConfigurationThe simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS). The following diagram shows an example of notebook computers using wireless adapters to form an ad-hoc wireless LAN. Figure 134   Peer-to-Peer Communication in an Ad-hoc NetworkBSSA Basic Service Set (BSS) exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate
Appendix D Wireless LANsP-660N-T1A User’s Guide292with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other.Figure 135   Basic Service SetESSAn Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
 Appendix D Wireless LANsP-660N-T1A User’s Guide 293An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate.Figure 136   Infrastructure WLANChannelA channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.Adjacent channels partially overlap however. To avoid interference due to overlap, your AP should be on a channel at least five channels away from a channel that an adjacent AP is using. For example, if your region has 11 channels and an adjacent AP is using channel 1, then you need to select a channel between 6 or 11.RTS/CTSA hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a
Appendix D Wireless LANsP-660N-T1A User’s Guide294hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 137    RTS/CTSWhen station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.RTS/CTS is designed to prevent collisions due to hidden nodes. An RTS/CTS defines the biggest size data frame you can send before an RTS (Request To Send)/CTS (Clear to Send) handshake is invoked.When a data frame exceeds the RTS/CTS value you set (between 0 to 2432 bytes), the station that wants to transmit this frame must first send an RTS (Request To Send) message to the AP for permission to send it. The AP then responds with a CTS (Clear to Send) message to all other stations within its range to notify them to defer their transmission. It also reserves and confirms with the requesting station the time frame for the requested transmission.Stations can send frames smaller than the specified RTS/CTS directly to the AP without the RTS (Request To Send)/CTS (Clear to Send) handshake. You should only configure RTS/CTS if the possibility of hidden nodes exists on your network and the "cost" of resending large frames is more than the extra network overhead involved in the RTS (Request To Send)/CTS (Clear to Send) handshake. If the RTS/CTS value is greater than the Fragmentation Threshold value (see next), then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy.
 Appendix D Wireless LANsP-660N-T1A User’s Guide 295Fragmentation ThresholdA Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the AP will fragment the packet into smaller data frames.A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference.If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.Preamble TypePreamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble. Use long preamble if you are unsure what preamble mode other wireless devices on the network support, and to provide more reliable communications in busy wireless networks. Use short preamble if you are sure all wireless devices on the network support it, and to provide more efficient communications.Use the dynamic setting to automatically use short preamble when all wireless devices on the network support it, otherwise the ZyXEL Device uses long preamble.Note: The wireless devices MUST use the same preamble mode in order to communicate.IEEE 802.11g Wireless LANIEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has
Appendix D Wireless LANsP-660N-T1A User’s Guide296several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows:Wireless Security OverviewWireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network.Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device.Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. Table 107   IEEE 802.11gDATA RATE (MBPS) MODULATION1 DBPSK (Differential Binary Phase Shift Keyed)2 DQPSK (Differential Quadrature Phase Shift Keying)5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Table 108   Wireless Security LevelsSECURITY LEVEL SECURITY TYPELeast       Secure                                                                                  Most SecureUnique SSID (Default)Unique SSID with Hide SSID EnabledMAC Address FilteringWEP EncryptionIEEE802.1x EAP with RADIUS Server AuthenticationWi-Fi Protected Access (WPA)WPA2
 Appendix D Wireless LANsP-660N-T1A User’s Guide 297IEEE 802.1xIn June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are:• User based identification that allows for roaming.• Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients. RADIUSRADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:• Authentication Determines the identity of the users.• AuthorizationDetermines the network services available to authenticated users once they are connected to the network.•AccountingKeeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS MessagesThe following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:• Access-RequestSent by an access point requesting authentication.• Access-RejectSent by a RADIUS server rejecting access.• Access-AcceptSent by a RADIUS server allowing access.
Appendix D Wireless LANsP-660N-T1A User’s Guide298• Access-ChallengeSent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access-Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting:•Accounting-RequestSent by the access point requesting accounting.• Accounting-ResponseSent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. .For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.EAP-MD5 (Message-Digest Algorithm 5)MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.
 Appendix D Wireless LANsP-660N-T1A User’s Guide 299However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption. EAP-TLS (Transport Layer Security)With EAP-TLS, digital certifications are needed by both the server and the wireless clients for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead. EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP)   Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.LEAPLEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.
Appendix D Wireless LANsP-660N-T1A User’s Guide300Dynamic WEP Key ExchangeThe AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled.Note: EAP-MD5 cannot be used with Dynamic WEP Key ExchangeFor added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.WPA and WPA2Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. Table 109   Comparison of EAP Authentication TypesEAP-MD5 EAP-TLS EAP-TTLS PEAP LEAPMutual Authentication No Yes Yes Yes YesCertificate – Client No Yes Optional Optional NoCertificate – Server No Yes Yes Yes NoDynamic Key Exchange No Yes Yes Yes YesCredential Integrity None Strong Strong Strong ModerateDeployment Difficulty Easy Hard Moderate Moderate ModerateClient Identity Protection No No Yes Yes No
 Appendix D Wireless LANsP-660N-T1A User’s Guide 301If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP).TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break into the network. The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption
Appendix D Wireless LANsP-660N-T1A User’s Guide302keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP)User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-authentication. These two features are optional and may not be supported in all wireless devices.Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it.Wireless Client WPA SupplicantsA wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application ExampleTo set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system.1The AP passes the wireless client's authentication request to the RADIUS server.2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.3A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client.
 Appendix D Wireless LANsP-660N-T1A User’s Guide 3034The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.Figure 138   WPA(2) with RADIUS Application ExampleWPA(2)-PSK Application ExampleA WPA(2)-PSK application looks as follows.1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).2The AP checks each wireless client's password and allows it to join the network only if the password matches.3The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID.
Appendix D Wireless LANsP-660N-T1A User’s Guide3044The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them.Figure 139   WPA(2)-PSK AuthenticationSecurity Parameters SummaryRefer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features.Table 110   Wireless Security Relational MatrixAUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOLENCRYPTION METHOD ENTER MANUAL KEY IEEE 802.1XOpen None No DisableEnable without Dynamic WEP KeyOpen WEP No           Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableShared WEP  No           Enable with Dynamic WEP KeyYes Enable without Dynamic WEP KeyYes DisableWPA  TKIP/AES No EnableWPA-PSK  TKIP/AES Yes DisableWPA2 TKIP/AES No EnableWPA2-PSK  TKIP/AES Yes Disable
 Appendix D Wireless LANsP-660N-T1A User’s Guide 305Antenna OverviewAn antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. Antenna CharacteristicsFrequencyAn antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LANRadiation PatternA radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna GainAntenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width. Higher antenna gain improves the range of the signal for better communications. For an indoor site, each 1 dB increase in antenna gain results in a range increase of approximately 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions. dBi represents the true gain that the antenna provides.   Types of Antennas for WLANThere are two types of antennas used for wireless LAN applications.
Appendix D Wireless LANsP-660N-T1A User’s Guide306• Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment. With a wide coverage area, it is possible to make circular overlapping coverage areas with multiple access points. • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications.Positioning AntennasIn general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. For omni-directional antennas mounted on a table, desk, and so on, point the antenna up. For omni-directional antennas mounted on a wall or ceiling, point the antenna down. For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area.
P-660N-T1A User’s Guide 307APPENDIX  E ServicesThe following table lists some commonly-used services and their associated protocols and port numbers.•Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.•Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.•Port(s): This value depends on the Protocol.•If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number.•If the Protocol is USER, this is the IP protocol number.•Description: This is a brief explanation of the applications that use this service or the situations in which this service is used.
Appendix E ServicesP-660N-T1A User’s Guide308Table 111   Examples of ServicesNAME PROTOCOL PORT(S) DESCRIPTIONAH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service.AIM TCP 5190 AOL’s Internet Messenger service.AUTH TCP 113 Authentication protocol used by some servers.BGP TCP 179 Border Gateway Protocol.BOOTP_CLIENT UDP 68 DHCP Client.BOOTP_SERVER UDP 67 DHCP Server.CU-SEEME TCP/UDPTCP/UDP 764824032A popular videoconferencing solution from White Pines Software.DNS TCP/UDP 53 Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers.ESP (IPSEC_TUNNEL) User-Defined 50 The IPSEC ESP (Encapsulation Security Protocol) tunneling protocol uses this service.FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on.FTP TCPTCP2021File Transfer Protocol, a program to enable fast transfer of files, including large files that may not be possible by e-mail.H.323 TCP 1720 NetMeeting uses this protocol.HTTP TCP 80 Hyper Text Transfer Protocol - a client/server protocol for the world wide web.HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce.ICMP User-Defined 1Internet Control Message Protocol is often used for diagnostic purposes.ICQ UDP 4000 This is a popular Internet chat program.IGMP (MULTICAST) User-Defined 2Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management.IMAP4 TCP 143 The Internet Message Access Protocol is used for e-mail.IMAP4S TCP 993 This is a more secure version of IMAP4 that runs over SSL.IRC TCP/UDP 6667 This is another popular Internet chat program.
 Appendix E ServicesP-660N-T1A User’s Guide 309MSN Messenger TCP 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDPTCP/UDPTCP/UDPTCP/UDP137138139445The Network Basic Input/Output System is used for communication between computers in a LAN.NEW-ICQ TCP 5190 An Internet chat program.NEWS  TCP 144 A protocol for news groups.NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.PING User-Defined 1Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other).POP3S TCP 995 This is a more secure version of POP3 that runs over SSL.PPTP TCP 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel.PPTP_TUNNEL (GRE) User-Defined 47 PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel.RCMD TCP 512 Remote Command Service.REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web.REXEC TCP 514 Remote Execution Daemon.RLOGIN TCP 513 Remote Login.ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems.RTELNET TCP 107 Remote Telnet.RTSP TCP/UDP 554 The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. Table 111   Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
Appendix E ServicesP-660N-T1A User’s Guide310SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between computers.SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL.SNMP TCP/UDP 161 Simple Network Management Program.SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers.SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP).SSH TCP/UDP 22 Secure Shell Remote Login Program.STRM WORKS UDP 1558 Stream Works Protocol.SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System).TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).VDOLIVE TCPUDP7000user-definedA videoconferencing solution. The UDP port number is specified in the application.Table 111   Examples of Services (continued)NAME PROTOCOL PORT(S) DESCRIPTION
P-660N-T1A User’s Guide 311APPENDIX  F Legal InformationCopyrightCopyright © 2010 by ZyXEL Communications Corporation.The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.Published by ZyXEL Communications Corporation. All rights reserved.DisclaimerZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.TrademarksZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.CertificationsFederal Communications Commission (FCC) Interference StatementThe device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:• This device may not cause harmful interference.
Appendix F Legal InformationP-660N-T1A User’s Guide312• This device must accept any interference received, including interference that may cause undesired operations.This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This device generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures:1Reorient or relocate the receiving antenna.2Increase the separation between the equipment and the receiver.3Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.4Consult the dealer or an experienced radio/TV technician for help.FCC Radiation Exposure Statement• This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. • IEEE 802.11b or 802.11g operation of this product in the U.S.A. is firmware-limited to channels 1 through 11. • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 !依據  低功率電波輻射性電機管理辦法第十二條  經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條  低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。
 Appendix F Legal InformationP-660N-T1A User’s Guide 313本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.Viewing Certifications1Go to http://www.zyxel.com.2Select your product on the ZyXEL home page to go to that product's page.3Select the certification you wish to view from this page.ZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.NoteRepair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or
Appendix F Legal InformationP-660N-T1A User’s Guide314purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.RegistrationRegister your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
IndexP-660N-T1A User’s Guide 315IndexNumerics802.1p 173, 174802.1Q/1P 163activation 165group settings 166port settings 168priority 163PVC 164PVID 168tagging frames 164, 167Aactivation802.1Q/1P 165CWMP 200dynamic DNS 178DYNDNS wildcard 178firewalls 151MAC address filter 109NAT 135port forwarding 139QoS 171, 172SIP ALG 143SPI 151UPnP 191wireless LAN 102scheduling 116WPS 112address mapping 140rules 142types 141, 142, 146administrator password 28, 204alerts 207alternative subnet mask notation 274antennadirectional 306gain 305omni-directional 306AP (access point) 293application filter 155applications, NAT 146Asynchronous Transfer Mode, see ATMATM 227MBS 73, 78PCR 73, 78QoS 73, 78, 82SCR 73, 78status 227authentication 119, 121RADIUS server 121WPA 107Bbackupconfiguration 221Basic Service Set, See BSS 291Basic Service Set, see BSSbroadcast 68BSS 122, 291example 123CCA 299CBR 73, 78, 82Certificate AuthoritySee CA.certifications 311notices 313viewing 313channel 293interference 293channel, wireless LAN 118CLI 21client list 90Command Line Interface, see CLI
IndexP-660N-T1A User’s Guide316compatibility, WDS 114configurationbackup 221CWMP 200DHCP 89file 218firewalls 151IP alias 92IP precedence 172IP/MAC filter 157logs 207port forwarding 137reset 223restoring 221static route 161WAN 69wireless LAN 101wizard 56connectionnailed-up 76, 81on demand 76copyright 311CPE WAN Management Protocol, see CWMPCTS (Clear to Send) 294CTS threshold 107, 119CWMP 199activation 200configuration 200Ddata fragment threshold 107, 119DDoS 150default server, NAT 136, 138Denials of Service, see DoSDHCP 86, 89, 94diagnostic 225DiffServ Code Point, see DSCPdisclaimer 311DNS 86, 90, 94, 186Domain Name System, see DNSDoS 150DSCP 172DSL connections, status 228dynamic DNS 177activation 178wildcard 177activation 178Dynamic Host Configuration Protocol, see DHCPdynamic WEP key exchange 300DYNDNS wildcard 177activation 178EEAP Authentication 298encapsulation 67, 70, 76ENET ENCAP 79PPPoA 79PPPoE 79RFC 1483 79encryption 102, 121, 301WEP 103key 104WPA 106authentication 107reauthentication 106WPA-PSK 105pre-shared key 105ENET ENCAP 70, 76, 79ESS 292Extended Service Set, See ESS 292FFCC interference statement 311filters 153application 155IP/MAC 156structure 153IP/MAC filterconfiguration 157MAC address 109, 120activation 109URL 153, 154firewalls 149configuration 151DDoS 150DoS 150
IndexP-660N-T1A User’s Guide 317LAND attack 150Ping of Death 150status 37SYN attack 149firmware 218version 36forwarding ports 134, 136activation 139configuration 137example 137rules 139fragmentation threshold 107, 119, 295FTP 21, 183Hhidden node 293IIANA 279Internet Assigned Numbers Authoritysee IANAIBSS 291ICMP 187IEEE 802.11g 295IGA 144IGMP 68, 86, 88, 97ILA 144Independent Basic Service SetSee IBSS 291initialization vector (IV) 301Inside Global Address, see IGAInside Local Address, see ILAInternet Group Multicast Protocol, see IGMPIP address 68, 71, 76, 80, 86, 95default server 136, 138ping 225private 96IP alias 91configuration 92NAT applications 146IP precedence 173, 175configuration 172IP/MAC filter 156configuration 157structure 153LLAN 85client list 90DHCP 86, 89, 94DNS 86, 90, 94IGMP 86, 97IP address 86, 87, 95IP alias 91configuration 92MAC address 91multicast 86, 88, 97RIP 86, 88, 93, 96status 36subnet mask 86, 87, 95LAND attack 150LEDs 25limitationswireless LAN 122WPS 130Local Area Network, see LANlogin 27passwords 28logs 207alerts 207settings 207MMAC address 91, 109filter 100, 102, 109, 120MAC address filteractivation 109Management Information Base (MIB) 185mapping address 140rules 142types 141, 142, 146Maximum Burst Size, see MBSMaximum Transmission Unit, see MTU
IndexP-660N-T1A User’s Guide318MBS 73, 78, 82MBSSID 123MTU 73, 78multicast 68, 73, 86, 88, 97IGMPInternet Group Multicast Protocol, see IGMPMultiple BSS, see MBSSIDmultiplexing 70, 76, 80LLC-based 80VC-based 80Nnailed-up connection 71, 76, 81NAT 77, 133, 134, 144, 279activation 135address mapping 140rules 142types 141, 142, 146applications 146IP alias 146default server IP address 136, 138example 145global 144IGA 144ILA 144inside 144local 144outside 144P2P 135port forwarding 134, 136activation 139configuration 137example 137rules 139remote management 181SIP ALG 143activation 143SUA 134, 135Network Address Translationsee NATNetwork Address Translation, see NATPP2P 135Pairwise Master Key (PMK) 301, 303passwords 28administrator 204PBC 125PCR 73, 78, 81Peak Cell Rate, see PCRPIN, WPS 113, 114, 125example 127Ping of Death 150port forwarding 134, 136activation 139configuration 137example 137rules 139PPPoA 70, 76, 79PPPoE 70, 76, 79preamble 108, 119preamble mode 295pre-shared key 105private IP address 96product registration 314PSK 301push button 114Push Button Configuration, see PBCpush button, WPS 125PVC 164PVID 168QQoS 169802.1p 173, 174activation 171, 172DSCP 172example 169IP precedence 173, 175priority queue 175Quality of Service, see QoS
IndexP-660N-T1A User’s Guide 319RRADIUS 297message types 297messages 297shared secret key 298RADIUS server 121reauthentication, WPA 106registrationproduct 314related documentation 3remote management 179DNS 186FTP 183ICMP 187limitations 180NAT 181Telnet 182WWW 181reset 26, 223restart 223restoring configuration 221RFC 1483 70, 76, 79RIP 72, 86, 88, 93, 96Routing Information Protocol, see RIPRTS (Request To Send) 294threshold 293, 294RTS threshold 107, 119rules, port forwarding 139Ssafety warnings 7scheduleswireless LAN 116SCR 73, 78, 82securitywireless LAN 102, 119Security Parameter Index, see SPIService Set IDentifier, see SSIDsetupDHCP 89firewalls 151IP alias 92IP precedenceQoSIP precedence 172IP/MAC filter 157logs 207port forwarding 137static route 161WAN 69wireless LAN 101wizard 56shaping traffic 81, 82Simple Network Management Protocol, see SNMPSingle User Account, see SUASIP ALG 143activation 143SNMP 184agents 185Manager 185managers 185MIB 185network components 185traps 185versions 184SPI 150activation 151SSID 100, 102, 111, 120MBSSID 123static route 159configuration 161example 159status 31, 35, 38ATM 227DSL connections 228firewalls 37firmware version 36LAN 36WAN 36wireless LAN 36WPS 113SUA 134, 135subnet 271subnet mask 86, 95, 272subnetting 274Sustain Cell Rate, see SCRSYN attack 149syntax conventions 5system 203
IndexP-660N-T1A User’s Guide320firmware 218version 36LED 25passwords 28administrator 204reset 26status 31, 35firewalls 37LAN 36WAN 36wireless LAN 36time 204Ttagging frames 164, 167Telnet 182thresholdsdata fragment 107, 119RTS/CTS 107, 119time 204TR-069 21trademarks 311traffic priority 163traffic shaping 81example 82UUBR 73, 78, 83unicast 68Universal Plug and Play, see UPnPupgrading firmware 218UPnP 189activation 191cautions 190NAT traversal 189URL 153URL filter 154URL 153VVBR 82VBR-nRT 73, 78, 83VBR-RT 73, 78, 83VCI 70, 76, 80Virtual Channel Identifier, see VCIVirtual Local Area Network, see VLANVirtual Path Identifier, see VPIVLAN 163802.1P priority 163activation 165group settings 166port settings 168PVC 164PVID 168tagging frames 164, 167VPI 70, 76, 80WWAN 67ATM QoS 73, 78, 82encapsulation 67, 70, 76IGMP 68IP address 68, 71, 76, 80mode 70, 75MTU 73, 78multicast 68, 73multiplexing 70, 76, 80nailed-up connection 71, 76, 81NAT 77RIP 72setup 69status 36traffic shaping 81example 82VCI 70, 76, 80VPI 70, 76, 80warranty 313note 313WDS 114, 124compatibility 114example 124web configurator 21, 27login 27
IndexP-660N-T1A User’s Guide 321passwords 28WEP 103, 122key 104Wide Area Network, see WANWi-Fi Protected Access 300WiFi Protected Setup, see WPSwireless client WPA supplicants 302Wireless Distribution System, see WDSwireless LAN 99, 117activation 102authentication 119, 121BSS 122example 123channel 118configuration 101encryption 102, 121example 117fragmentation threshold 107, 119limitations 122MAC address filter 100, 102, 109, 120MBSSID 123preamble 108, 119RADIUS server 121RTS/CTS threshold 107, 119scheduling 116security 119SSID 100, 102, 111, 120status 36WDS 114, 124compatibility 114example 124WEP 103, 122key 104wizard 62WPA 106, 122authentication 107reauthentication 106WPA-PSK 105, 122pre-shared key 105WPS 112, 124, 127activation 112adding stations 114example 129limitations 130PIN 113, 114, 125push button 114, 125status 113wireless security 296Wireless tutorial 41wizard 53configuration 56wireless LAN 62WLANinterference 293security parameters 304WPA 106, 122, 300authentication 107key caching 302pre-authentication 302reauthentication 106user authentication 302vs WPA-PSK 301wireless client supplicant 302with RADIUS application example 302WPA2 300user authentication 302vs WPA2-PSK 301wireless client supplicant 302with RADIUS application example 302WPA2-Pre-Shared Key 300WPA2-PSK 300, 301application example 303WPA-PSK 105, 122, 301application example 303pre-shared key 105WPS 112, 124, 127activation 112adding stations 114example 129limitations 130PIN 113, 114, 125example 127push button 114, 125status 113
IndexP-660N-T1A User’s Guide322
IndexP-660N-T1A User’s Guide 323
IndexP-660N-T1A User’s Guide324

Navigation menu