Quick Start Guide
Page 2
... already installed). 2 See your User's Guide for background information on the included CD. 1 DSL: Use a telephone wire to connect your P-660HW-T v2. 1 On the included CD, click Multimedia Auto Provisioner > Installation Tutorial. 2 At the end of the tutorial, click Configuration Genie. 1 ...multi-media animations that help you set up your P-660HW-T v2's DSL port to a telephone jack (or to a splitter, if one is an ADSL router with a four-port built-in Ethernet switch and IEEE 802.11b/g wireless capability. The P-660HW-T v2 allows wired and wireless clients to make hardware connections,...
... already installed). 2 See your User's Guide for background information on the included CD. 1 DSL: Use a telephone wire to connect your P-660HW-T v2. 1 On the included CD, click Multimedia Auto Provisioner > Installation Tutorial. 2 At the end of the tutorial, click Configuration Genie. 1 ...multi-media animations that help you set up your P-660HW-T v2's DSL port to a telephone jack (or to a splitter, if one is an ADSL router with a four-port built-in Ethernet switch and IEEE 802.11b/g wireless capability. The P-660HW-T v2 allows wired and wireless clients to make hardware connections,...
User Guide
Page 32
Thank you . E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Graphics Icons Key ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Wireless Signal Router 32 Preface P-660HW-T v2 User's Guide User Guide Feedback Help us help you .
Thank you . E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Graphics Icons Key ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Wireless Signal Router 32 Preface P-660HW-T v2 User's Guide User Guide Feedback Help us help you .
User Guide
Page 36
...You can securely manage and update configuration changes in the ZyXEL Device. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a protocol that you to the ZyXEL Device without the cost of switch and router makes your ZyXEL Device can be managed via its single physical Ethernet interface...network. The management server can connect up to four computers to partition a physical network into logical networks over the same Ethernet interface. P-660HW-T v2 User's Guide IP Alias IP Alias allows you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same ...
...You can securely manage and update configuration changes in the ZyXEL Device. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a protocol that you to the ZyXEL Device without the cost of switch and router makes your ZyXEL Device can be managed via its single physical Ethernet interface...network. The management server can connect up to four computers to partition a physical network into logical networks over the same Ethernet interface. P-660HW-T v2 User's Guide IP Alias IP Alias allows you can have both IEEE 802.11b and IEEE 802.11g wireless clients in the same ...
User Guide
Page 48
... or duplex mode setting as a router or a bridge. Summary Any IP Table Use this displays the port speed and duplex setting. P-660HW-T v2 User's Guide Table 4 Status Screen LABEL DESCRIPTION IP Subnet Mask This is the total time the ZyXEL Device has been on. Content Filter... This displays whether or not the ZyXEL Device's content filtering is the WAN port DHCP...
... or duplex mode setting as a router or a bridge. Summary Any IP Table Use this displays the port speed and duplex setting. P-660HW-T v2 User's Guide Table 4 Status Screen LABEL DESCRIPTION IP Subnet Mask This is the total time the ZyXEL Device has been on. Content Filter... This displays whether or not the ZyXEL Device's content filtering is the WAN port DHCP...
User Guide
Page 78
...priority for directly connected networks. In the same manner, the ZyXEL Device uses the dial-backup route if the traffic-redirect route also fails. 78 Chapter 5 WAN Setup P-660HW-T v2 User's Guide 5.1.5.3 IP Assignment with the lowest "cost"....Do not specify a nailed-up connection. The number must fill in a packet, for a dynamic IP, the ZyXEL Device acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are... called dial-backup (see Section 5.8 on and whenever the connection is disabled. A router determines the best route for obvious reasons.
...priority for directly connected networks. In the same manner, the ZyXEL Device uses the dial-backup route if the traffic-redirect route also fails. 78 Chapter 5 WAN Setup P-660HW-T v2 User's Guide 5.1.5.3 IP Assignment with the lowest "cost"....Do not specify a nailed-up connection. The number must fill in a packet, for a dynamic IP, the ZyXEL Device acts as a DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are... called dial-backup (see Section 5.8 on and whenever the connection is disabled. A router determines the best route for obvious reasons.
User Guide
Page 91
...connection. Active Traffic Redirect Select this check box to have the ZyXEL Device check if the connection to wait for a ping response from one of seconds (3 recommended) for example, your ISP's DNS server address). A router determines the best route for transmission by choosing a path with a...higher value in the Fail Tolerance field. Backup Gateway Type the IP address of seconds (30 recommended) for directly connected networks. P-660HW-T v2 User's Guide The following table describes the labels in dotted decimal notation. Table 25 WAN Backup Setup LABEL Backup Type Check WAN ...
...connection. Active Traffic Redirect Select this check box to have the ZyXEL Device check if the connection to wait for a ping response from one of seconds (3 recommended) for example, your ISP's DNS server address). A router determines the best route for transmission by choosing a path with a...higher value in the Fail Tolerance field. Backup Gateway Type the IP address of seconds (30 recommended) for directly connected networks. P-660HW-T v2 User's Guide The following table describes the labels in dotted decimal notation. Table 25 WAN Backup Setup LABEL Backup Type Check WAN ...
User Guide
Page 105
...wireless clients. 6.5.1 Enabling OTIST You must have OTIST generate a WPA-PSK key for you if you want to the ZyXEL Device. Click Back to return to disable this feature. Traditionally this screen. 6.5 OTIST In a wireless network, the ...AP You can also choose to have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Enter 0 to the ...eight seconds. Hold in micro-seconds, that you didn't configure one manually. P-660HW-T v2 User's Guide Table 32 Wireless LAN: Advanced LABEL Max.
...wireless clients. 6.5.1 Enabling OTIST You must have OTIST generate a WPA-PSK key for you if you want to the ZyXEL Device. Click Back to return to disable this feature. Traditionally this screen. 6.5 OTIST In a wireless network, the ...AP You can also choose to have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Enter 0 to the ...eight seconds. Hold in micro-seconds, that you didn't configure one manually. P-660HW-T v2 User's Guide Table 32 Wireless LAN: Advanced LABEL Max.
User Guide
Page 114
On the other routers. When set to a small organization and your local networks. the ZyXEL Device will not send any RIP packets and will broadcast its routing table periodically and incorporate the RIP information that the ZyXEL Device sends (it recognizes both formats when receiving). For...in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. 114 Chapter 7 LAN Setup P-660HW-T v2 User's Guide 7.2.1.1 Private IP Addresses Every machine on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and...
On the other routers. When set to a small organization and your local networks. the ZyXEL Device will not send any RIP packets and will broadcast its routing table periodically and incorporate the RIP information that the ZyXEL Device sends (it recognizes both formats when receiving). For...in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. 114 Chapter 7 LAN Setup P-660HW-T v2 User's Guide 7.2.1.1 Private IP Addresses Every machine on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and...
User Guide
Page 115
...is used to identify host groups and can simply connect the computer to gather group membership. P-660HW-T v2 User's Guide 7.2.3 Multicast Traditionally, IP packets are transmitted in another network, you may need ...configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) ...2 (IGMPv2). The following figure depicts a scenario where a computer is set to the multicast routers group. IGMP (Internet Group Multicast Protocol) is not used to carry user data. it is ...
...is used to identify host groups and can simply connect the computer to gather group membership. P-660HW-T v2 User's Guide 7.2.3 Multicast Traditionally, IP packets are transmitted in another network, you may need ...configure the network settings of the computer every time you want to access the Internet via the ZyXEL Device. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) ...2 (IGMPv2). The following figure depicts a scenario where a computer is set to the multicast routers group. IGMP (Internet Group Multicast Protocol) is not used to carry user data. it is ...
User Guide
Page 123
..., also. Click Cancel to exchange routing information with other routers. By default, RIP direction is set to Both and the Version set to the ZyXEL Device. Multicasting can reduce the load on your changes to None, it recognizes both formats when receiving). P-660HW-T v2 User's Guide Table 39 LAN IP Alias LABEL RIP Direction...
..., also. Click Cancel to exchange routing information with other routers. By default, RIP direction is set to Both and the Version set to the ZyXEL Device. Multicasting can reduce the load on your changes to None, it recognizes both formats when receiving). P-660HW-T v2 User's Guide Table 39 LAN IP Alias LABEL RIP Direction...
User Guide
Page 125
...as the packet travels on the LAN. Chapter 8 Network Address Translation (NAT) Screens 125 P-660HW-T v2 User's Guide CHAPTER 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT...when the packet is still in the WAN side. This refers to the host on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - The following table summarizes this information... while the global address refers to the packet address (source or destination) as the packet traverses a router, for example, the source address of a host in a packet. NAT, RFC 1631) is the ...
...as the packet travels on the LAN. Chapter 8 Network Address Translation (NAT) Screens 125 P-660HW-T v2 User's Guide CHAPTER 8 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT...when the packet is still in the WAN side. This refers to the host on the ZyXEL Device. 8.1 NAT Overview NAT (Network Address Translation - The following table summarizes this information... while the global address refers to the packet address (source or destination) as the packet traverses a router, for example, the source address of a host in a packet. NAT, RFC 1631) is the ...
User Guide
Page 127
... Translation (NAT) Screens 127 They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. P-660HW-T v2 User's Guide 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside servers of this...to SUA (for instance, PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today's routers). • Many to Many Overload: In Many-to-Many Overload mode, the ZyXEL Device maps the multiple local IP addresses to shared global ...
... Translation (NAT) Screens 127 They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. P-660HW-T v2 User's Guide 8.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside servers of this...to SUA (for instance, PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today's routers). • Many to Many Overload: In Many-to-Many Overload mode, the ZyXEL Device maps the multiple local IP addresses to shared global ...
User Guide
Page 134
P-660HW-T v2 User's Guide Figure 76 Address Mapping Rules The following table describes the fields ... to one global IP address. This field is N/A for the One-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that subsequent address mapping rules move up by one NAT mapping type. This is the starting...local IP addresses, then this screen. Click the edit icon to go to unique global IP addresses. Note that previous ZyXEL routers supported only. Server: This type allows you have a dynamic IP address from your ISP. Table 46 Address Mapping ...
P-660HW-T v2 User's Guide Figure 76 Address Mapping Rules The following table describes the fields ... to one global IP address. This field is N/A for the One-to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that subsequent address mapping rules move up by one NAT mapping type. This is the starting...local IP addresses, then this screen. Click the edit icon to go to unique global IP addresses. Note that previous ZyXEL routers supported only. Server: This type allows you have a dynamic IP address from your ISP. Table 46 Address Mapping ...
User Guide
Page 135
P-660HW-T v2 User's Guide 8.6.1 Address Mapping Rule Edit To edit an address mapping rule, click...N/A for One-to Server. If your ISP. This field is the ending global IP address (IGA). Note that previous ZyXEL routers supported only. • Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global...you have a dynamic IP address from one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that port numbers do not change for One-to one global IP address. Enter 0.0.0.0 here if...
P-660HW-T v2 User's Guide 8.6.1 Address Mapping Rule Edit To edit an address mapping rule, click...N/A for One-to Server. If your ISP. This field is the ending global IP address (IGA). Note that previous ZyXEL routers supported only. • Many-to-Many Overload: Many-to-Many Overload mode maps multiple local IP addresses to shared global...you have a dynamic IP address from one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that port numbers do not change for One-to one global IP address. Enter 0.0.0.0 here if...
User Guide
Page 138
... can evaluate network packets for valid application-specific data. Firewalls, of standard security solutions for enterprises. 9.3 Introduction to ZyXEL's Firewall The ZyXEL Device firewall is a stateful inspection firewall and is to be important to the Internet. 138 Chapter 9 Firewalls Since ...to prevent theft, destruction and modification of your network. Filtering rules at the packet filtering router can be less complex than if it to the Internet. P-660HW-T v2 User's Guide 9.2.2 Application-level Firewalls Application-level firewalls restrict access by screening data packets ...
... can evaluate network packets for valid application-specific data. Firewalls, of standard security solutions for enterprises. 9.3 Introduction to ZyXEL's Firewall The ZyXEL Device firewall is a stateful inspection firewall and is to be important to the Internet. 138 Chapter 9 Firewalls Since ...to prevent theft, destruction and modification of your network. Filtering rules at the packet filtering router can be less complex than if it to the Internet. P-660HW-T v2 User's Guide 9.2.2 Application-level Firewalls Application-level firewalls restrict access by screening data packets ...
User Guide
Page 141
... moved off the queue only when an ACK comes back or when an internal timer (which is the broadcast address of the network, the router will also congest the network of the spoofed source IP address, known as a backlog queue. Chapter 9 Firewalls 141 Figure 80 SYN Flood ...ignore all available bandwidth, making the system unavailable for the ACK that initiates a session sends a SYN (synchronize) packet to the receiving server. P-660HW-T v2 User's Guide Under normal circumstances, the application that follows the SYN-ACK, it appear as if the host computer sent the packets to itself,...
... moved off the queue only when an ACK comes back or when an internal timer (which is the broadcast address of the network, the router will also congest the network of the spoofed source IP address, known as a backlog queue. Chapter 9 Firewalls 141 Figure 80 SYN Flood ...ignore all available bandwidth, making the system unavailable for the ACK that initiates a session sends a SYN (synchronize) packet to the receiving server. P-660HW-T v2 User's Guide Under normal circumstances, the application that follows the SYN-ACK, it appear as if the host computer sent the packets to itself,...
User Guide
Page 143
P-660HW-T v2 User's Guide 9.4.2.3 Traceroute Traceroute is a utility used to protect the private LAN from hackers and vandals on the Internet. To engage in . The ZyXEL Device blocks all IP Spoofing attempts. 9.5 Stateful Inspection With stateful inspection, fields of the network topology inside...received packets with the saved state to computers by tricking a router or firewall into systems, to hide the hacker's identity, or to be allowed through the router or firewall. By default, the ZyXEL Device's stateful inspection allows all communications to the Internet that originate...
P-660HW-T v2 User's Guide 9.4.2.3 Traceroute Traceroute is a utility used to protect the private LAN from hackers and vandals on the Internet. To engage in . The ZyXEL Device blocks all IP Spoofing attempts. 9.5 Stateful Inspection With stateful inspection, fields of the network topology inside...received packets with the saved state to computers by tricking a router or firewall into systems, to hide the hacker's identity, or to be allowed through the router or firewall. By default, the ZyXEL Device's stateful inspection allows all communications to the Internet that originate...
User Guide
Page 146
... at specific interfaces. • Protect against misuse. You can use . Factors outside your router. • Don't enable any local service (such as FTP and RealAudio) utilize multiple ...server will allow incoming timestamp replies. At this , the ZyXEL Device inspects the application-level FTP data. Any protocol that the ZyXEL Device is active. • Keep the firewall in a ...anticipated data connection. Below are too dangerous and contain too little tracking information. P-660HW-T v2 User's Guide A similar situation exists for ICMP, except that operates in this way...
... at specific interfaces. • Protect against misuse. You can use . Factors outside your router. • Don't enable any local service (such as FTP and RealAudio) utilize multiple ...server will allow incoming timestamp replies. At this , the ZyXEL Device inspects the application-level FTP data. Any protocol that the ZyXEL Device is active. • Keep the firewall in a ...anticipated data connection. Below are too dangerous and contain too little tracking information. P-660HW-T v2 User's Guide A similar situation exists for ICMP, except that operates in this way...
User Guide
Page 147
...• Never give out a password or any information you use passwords that are some comparisons between the ZyXEL Device's filtering and firewall functions. 9.7.1 Packet Filtering: • The router filters packets as a Trojan horse with upper and lower case letters, numbers and a symbol such as ...system networking information to crack are "always-on the bottom of an IP packet. The most difficult passwords to people outside your company. P-660HW-T v2 User's Guide • Encourage your software regularly. You can identify a secure connection by looking for a small "key" icon on ...
...• Never give out a password or any information you use passwords that are some comparisons between the ZyXEL Device's filtering and firewall functions. 9.7.1 Packet Filtering: • The router filters packets as a Trojan horse with upper and lower case letters, numbers and a symbol such as ...system networking information to crack are "always-on the bottom of an IP packet. The most difficult passwords to people outside your company. P-660HW-T v2 User's Guide • Encourage your software regularly. You can identify a secure connection by looking for a small "key" icon on ...
User Guide
Page 149
...Router This allows computers on the LAN to manage the ZyXEL Device and communicate between networks or subnets connected to the LAN interface. • LAN to WAN By default, the ZyXEL Device's stateful packet inspection drops packets traveling in doing so. Chapter 10 Firewall Configuration 149 P-660HW-T v2... User's Guide CHAPTER 10 Firewall Configuration This chapter shows you configure your ZyXEL Device has to offer. For this ...
...Router This allows computers on the LAN to manage the ZyXEL Device and communicate between networks or subnets connected to the LAN interface. • LAN to WAN By default, the ZyXEL Device's stateful packet inspection drops packets traveling in doing so. Chapter 10 Firewall Configuration 149 P-660HW-T v2... User's Guide CHAPTER 10 Firewall Configuration This chapter shows you configure your ZyXEL Device has to offer. For this ...