User Guide
Page 9
... Tutorials ...27 Introducing the Web Configurator 51 Technical Reference ...57 Status Screens ...59 WAN Setup ...73 LAN Setup ...103 Wireless LAN ...115 Network Address Translation (NAT 147 MAC Filter ...159 Firewall ...163 Certificate ...169 Static Route ...181 Policy Forwarding ...185 DNS Route ...189 RIP ...191 Quality of Service (QoS) ...193 Dynamic... (UPnP 227 Parental Control ...241 Interface Group ...245 Captive Portal ...251 System Settings ...253 Logs ...259 Tools ...263 Diagnostic ...269 Troubleshooting ...275 Product Specifications ...281 P-870HN-5xb User's Guide 9
... Tutorials ...27 Introducing the Web Configurator 51 Technical Reference ...57 Status Screens ...59 WAN Setup ...73 LAN Setup ...103 Wireless LAN ...115 Network Address Translation (NAT 147 MAC Filter ...159 Firewall ...163 Certificate ...169 Static Route ...181 Policy Forwarding ...185 DNS Route ...189 RIP ...191 Quality of Service (QoS) ...193 Dynamic... (UPnP 227 Parental Control ...241 Interface Group ...245 Captive Portal ...251 System Settings ...253 Logs ...259 Tools ...263 Diagnostic ...269 Troubleshooting ...275 Product Specifications ...281 P-870HN-5xb User's Guide 9
User Guide
Page 13
... ...135 7.10.1 Wireless Network Overview 135 7.10.2 Additional Wireless Terms 136 7.10.3 Wireless Security Overview 136 7.10.4 WiFi Protected Setup 139 Chapter 8 Network Address Translation (NAT 147 8.1 Overview ...147 8.1.1 What You Can Do in this Chapter 147 8.2 What You Need to Know ...147 8.3 The Port Forwarding Screen 148 8.3.1 The Port Forwarding... 8.4 The Trigger Port Screen ...151 8.4.1 Trigger Port Configuration 154 8.5 The DMZ Host Screen ...156 8.6 The ALG Screen ...156 8.7 Technical Reference ...157 Chapter 9 MAC Filter ...159 P-870HN-5xb User's Guide 13
... ...135 7.10.1 Wireless Network Overview 135 7.10.2 Additional Wireless Terms 136 7.10.3 Wireless Security Overview 136 7.10.4 WiFi Protected Setup 139 Chapter 8 Network Address Translation (NAT 147 8.1 Overview ...147 8.1.1 What You Can Do in this Chapter 147 8.2 What You Need to Know ...147 8.3 The Port Forwarding Screen 148 8.3.1 The Port Forwarding... 8.4 The Trigger Port Screen ...151 8.4.1 Trigger Port Configuration 154 8.5 The DMZ Host Screen ...156 8.6 The ALG Screen ...156 8.7 Technical Reference ...157 Chapter 9 MAC Filter ...159 P-870HN-5xb User's Guide 13
User Guide
Page 54
... the Device. WPS Station Use this screen to configure filtering rule(s) that are available only when you enable NAT in a Forwarding WAN connection. NAT Port The NAT screens are not specified in bridge mode. 54 P-870HN-5xb User's Guide Use this screen to use WPS to DHCP clients and the IP addresses reserved for...
... the Device. WPS Station Use this screen to configure filtering rule(s) that are available only when you enable NAT in a Forwarding WAN connection. NAT Port The NAT screens are not specified in bridge mode. 54 P-870HN-5xb User's Guide Use this screen to use WPS to DHCP clients and the IP addresses reserved for...
User Guide
Page 80
... there is the service name of the WAN interface. The summary table shows you the configured WAN services (connections) on transmission rate. 80 P-870HN-5xb User's Guide Description (null) means the entry is not valid. This shows the maximum data rate (in this screen to change your Device...a layer-2 interface is the index number of PPP connection on the Device) indicates a PPP connection via any one of this connection. To use NAT, firewall or IGMP proxy in VLAN MUX Mode, you need to traffic sent through the same interface. The number after the underscore (_) represents the...
... there is the service name of the WAN interface. The summary table shows you the configured WAN services (connections) on transmission rate. 80 P-870HN-5xb User's Guide Description (null) means the entry is not valid. This shows the maximum data rate (in this screen to change your Device...a layer-2 interface is the index number of PPP connection on the Device) indicates a PPP connection via any one of this connection. To use NAT, firewall or IGMP proxy in VLAN MUX Mode, you need to traffic sent through the same interface. The number after the underscore (_) represents the...
User Guide
Page 81
... bridging service. The firewall is activated or not for this interface. Click the Remove icon to configure the WAN connection. NAT This shows whether NAT is not available when the connection uses the bridging service. MLD is in the WAN Service screen to configure a WAN ... a new connection. 5.6.1 WAN Connection Configuration Click the Edit or Add button in Default Mode. Figure 34 WAN Configuration: WAN Interface P-870HN-5xb User's Guide 81 Chapter 5 WAN Setup Table 13 Internet Connection LABEL DESCRIPTION Vlan8021p This indicates the 802.1P priority level assigned to...
... bridging service. The firewall is activated or not for this interface. Click the Remove icon to configure the WAN connection. NAT This shows whether NAT is not available when the connection uses the bridging service. MLD is in the WAN Service screen to configure a WAN ... a new connection. 5.6.1 WAN Connection Configuration Click the Edit or Add button in Default Mode. Figure 34 WAN Configuration: WAN Interface P-870HN-5xb User's Guide 81 Chapter 5 WAN Setup Table 13 Internet Connection LABEL DESCRIPTION Vlan8021p This indicates the 802.1P priority level assigned to...
User Guide
Page 85
...IP address automatically generated by your ISP provided a single static IP address for outgoing calls. CHAP - Enable NAT Enable Fullcone NAT Enable Firewall Dial on more secure than C class (255.255.255.0). Select this check box to activate the... IP address and subnet mask in the Inactivity Timeout field. Select this check box to activate full cone NAT on this connection. The subnet mask must be smaller than PAP; The default setting is more platforms. ...Use Static IPv6 Address Select this checkbox if you have the Device use . P-870HN-5xb User's Guide 85
...IP address automatically generated by your ISP provided a single static IP address for outgoing calls. CHAP - Enable NAT Enable Fullcone NAT Enable Firewall Dial on more secure than C class (255.255.255.0). Select this check box to activate the... IP address and subnet mask in the Inactivity Timeout field. Select this check box to activate full cone NAT on this connection. The subnet mask must be smaller than PAP; The default setting is more platforms. ...Use Static IPv6 Address Select this checkbox if you have the Device use . P-870HN-5xb User's Guide 85
User Guide
Page 86
...Enable IGMP Multicast Proxy Enable MLD Multicast Proxy Back Next This field is not available for application where NAT is an alternative to NAT for a PPPoA connection. Select Enable to have the ZyXEL Device act as an IGMP proxy on this check box to the previous screen. This is not ...IPv6 Prefix Enable PPP Debug Mode Bridge PPPoE Frames Between WAN and Local Ports Select Set by your ISP. This allows the ZyXEL Device to continue. 86 P-870HN-5xb User's Guide Click this button to get subscribing information and maintain a joined member list for each multicast group. WAN IPv6...
...Enable IGMP Multicast Proxy Enable MLD Multicast Proxy Back Next This field is not available for application where NAT is an alternative to NAT for a PPPoA connection. Select Enable to have the ZyXEL Device act as an IGMP proxy on this check box to the previous screen. This is not ...IPv6 Prefix Enable PPP Debug Mode Bridge PPPoE Frames Between WAN and Local Ports Select Set by your ISP. This allows the ZyXEL Device to continue. 86 P-870HN-5xb User's Guide Click this button to get subscribing information and maintain a joined member list for each multicast group. WAN IPv6...
User Guide
Page 90
...connection. LAN clients can still configure static private IP addresses and access the Internet. This field is available only when you select Enable NAT. LAN clients can still configure static public IP addresses and access the Internet. Click this button to get subscribing information and maintain a...using the ATM interface. It can reduce multicast traffic significantly. 90 P-870HN-5xb User's Guide Assign Public IP to LAN PCs by DHCP Select this to activate full cone NAT on this connection. Enable Fullcone NAT Select this check box to have the Device act as an IGMP proxy...
...connection. LAN clients can still configure static private IP addresses and access the Internet. This field is available only when you select Enable NAT. LAN clients can still configure static public IP addresses and access the Internet. Click this button to get subscribing information and maintain a...using the ATM interface. It can reduce multicast traffic significantly. 90 P-870HN-5xb User's Guide Assign Public IP to LAN PCs by DHCP Select this to activate full cone NAT on this connection. Enable Fullcone NAT Select this check box to have the Device act as an IGMP proxy...
User Guide
Page 91
..., IPoE or IPoA The following table describes the labels in the WAN Service Configuration screen. P-870HN-5xb User's Guide 91 This allows the ZyXEL Device to have the ZyXEL Device act as an MLD proxy on this button to return to the previous screen. WAN Interfaces... Selected Default Gateway Interfaces Select a WAN interface through which you can select from. Chapter 5 WAN Setup Table 19 WAN Configuration: NAT, IGMP Multicast and Firewall Activation: IPoE LABEL DESCRIPTION Enable MLD Multicast Proxy Select Enable to get subscription information and maintain a joined member...
..., IPoE or IPoA The following table describes the labels in the WAN Service Configuration screen. P-870HN-5xb User's Guide 91 This allows the ZyXEL Device to have the ZyXEL Device act as an MLD proxy on this button to return to the previous screen. WAN Interfaces... Selected Default Gateway Interfaces Select a WAN interface through which you can select from. Chapter 5 WAN Setup Table 19 WAN Configuration: NAT, IGMP Multicast and Firewall Activation: IPoE LABEL DESCRIPTION Enable MLD Multicast Proxy Select Enable to get subscription information and maintain a joined member...
User Guide
Page 94
...Service Name This is active or not. This shows whether this button to return to save your changes. 94 P-870HN-5xb User's Guide This shows whether full cone NAT is the encapsulation method used by the ISP, manually configured or not configurable. Click this service is the name of...describes the labels in this connection. This shows whether IGMP multicasting is active or not for this connection. IP Address Service State NAT Full Cone NAT Firewall IGMP Multicast MLD Multicast IPv6 Back Apply/Save This field is assigned by this connection. This shows whether the WAN IP...
...Service Name This is active or not. This shows whether this button to return to save your changes. 94 P-870HN-5xb User's Guide This shows whether full cone NAT is the encapsulation method used by the ISP, manually configured or not configurable. Click this service is the name of...describes the labels in this connection. This shows whether IGMP multicasting is active or not for this connection. IP Address Service State NAT Full Cone NAT Firewall IGMP Multicast MLD Multicast IPv6 Back Apply/Save This field is assigned by this connection. This shows whether the WAN IP...
User Guide
Page 96
...' computers will have a separate VC for each carried protocol, for transmission of real time data such as audio and video connections. 96 P-870HN-5xb User's Guide The Device encapsulates the PPP session based on the number of the task. Be sure to use the multiplexing method required ... dynamic creation of large numbers of data transmission over an ATM network. VC-based Multiplexing In this case one VC carries multiple protocols with NAT, all of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that part of simultaneous VCs....
...' computers will have a separate VC for each carried protocol, for transmission of real time data such as audio and video connections. 96 P-870HN-5xb User's Guide The Device encapsulates the PPP session based on the number of the task. Be sure to use the multiplexing method required ... dynamic creation of large numbers of data transmission over an ATM network. VC-based Multiplexing In this case one VC carries multiple protocols with NAT, all of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second method assumes that part of simultaneous VCs....
User Guide
Page 98
...network has spare bandwidth. IP Address Assignment A static IP is used with bursty connections that require closely controlled delay and delay variation. The NAT router also maps packets coming to that external IP address and port to the video image's changing dynamics. Connections that use the Variable ...the source address of bandwidth (a PCR is specified) but is only available when data is commonly used for "bursty" traffic typical on the 98 P-870HN-5xb User's Guide It also provides a fixed amount of all outgoing packets from the internal IP address 1 and port A to a single IP ...
...network has spare bandwidth. IP Address Assignment A static IP is used with bursty connections that require closely controlled delay and delay variation. The NAT router also maps packets coming to that external IP address and port to the video image's changing dynamics. Connections that use the Variable ...the source address of bandwidth (a PCR is specified) but is only available when data is commonly used for "bursty" traffic typical on the 98 P-870HN-5xb User's Guide It also provides a fixed amount of all outgoing packets from the internal IP address 1 and port A to a single IP ...
User Guide
Page 99
... packets sent to IP address 2 and port B and forwards them to the internal host via the external IP address and port that the NAT router used in P-870HN-5xb User's Guide 99 A host on the external network (IP address 3 and port C for each different destination IP address and port.... Chapter 5 WAN Setup external network. In symmetric NAT, the mapping of the destination IP address and port. The Device also performs NAT on the external...
... packets sent to IP address 2 and port B and forwards them to the internal host via the external IP address and port that the NAT router used in P-870HN-5xb User's Guide 99 A host on the external network (IP address 3 and port C for each different destination IP address and port.... Chapter 5 WAN Setup external network. In symmetric NAT, the mapping of the destination IP address and port. The Device also performs NAT on the external...
User Guide
Page 100
... can be partitioned into multiple logical networks. the traffic must first go to a smaller and more than an untagged frame and 100 P-870HN-5xb User's Guide The VLANs can belong to 2, M. VLAN also increases network performance by hand or dynamically through a router. The ... to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in providing isolation and security among the subscribers. Figure 46 Symmetric NAT 3, C 2, B 1, A 2, M 4, D 4, E 5, B Introduction to VLANs A Virtual Local Area Network (VLAN) allows a physical network to one subscriber from...
... can be partitioned into multiple logical networks. the traffic must first go to a smaller and more than an untagged frame and 100 P-870HN-5xb User's Guide The VLANs can belong to 2, M. VLAN also increases network performance by hand or dynamically through a router. The ... to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in providing isolation and security among the subscribers. Figure 46 Symmetric NAT 3, C 2, B 1, A 2, M 4, D 4, E 5, B Introduction to VLANs A Virtual Local Area Network (VLAN) allows a physical network to one subscriber from...
User Guide
Page 112
... a small organization and your Internet access is using that IP address. For more information on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for your Device, but make sure that no other number unless you are isolated from the Internet, for example...are told otherwise. If this block of addresses specifically for Management of a much larger organization, you are part of IP Address Space". 112 P-870HN-5xb User's Guide If the ISP did not explicitly give you an IP network number, then most likely you select 192.168.1.0 as the...
... a small organization and your Internet access is using that IP address. For more information on the Internet must enable the Network Address Translation (NAT) feature of IP addresses specifically for your Device, but make sure that no other number unless you are isolated from the Internet, for example...are told otherwise. If this block of addresses specifically for Management of a much larger organization, you are part of IP Address Space". 112 P-870HN-5xb User's Guide If the ISP did not explicitly give you an IP network number, then most likely you select 192.168.1.0 as the...
User Guide
Page 147
... Do in a packet received from a subscriber (the inside local address) to another (the inside host. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside global address) before... forwarding the packet to the WAN side. P-870HN-5xb User's Guide 147 CHAPTER 8 Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on page 156). 8.2 What You Need to Know The following terms and concepts may...
... Do in a packet received from a subscriber (the inside local address) to another (the inside host. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside global address) before... forwarding the packet to the WAN side. P-870HN-5xb User's Guide 147 CHAPTER 8 Network Address Translation (NAT) 8.1 Overview This chapter discusses how to configure NAT on page 156). 8.2 What You Need to Know The following terms and concepts may...
User Guide
Page 148
...check for example both FTP and web service), it discovers any server processes (such as a Web or FTP server) from your whole inside (behind NAT on the LAN) servers, for example, web service is a list of inside network appear as a single computer to the outside world even though... screen provides a summary of all port forwarding rules and their configuration. If you to run any active services at your ISP. Figure 71 NAT Port Forwarding 148 P-870HN-5xb User's Guide To access this screen allows you can support more than one service (for servers and may enter a single port number...
...check for example both FTP and web service), it discovers any server processes (such as a Web or FTP server) from your whole inside (behind NAT on the LAN) servers, for example, web service is a list of inside network appear as a single computer to the outside world even though... screen provides a summary of all port forwarding rules and their configuration. If you to run any active services at your ISP. Figure 71 NAT Port Forwarding 148 P-870HN-5xb User's Guide To access this screen allows you can support more than one service (for servers and may enter a single port number...
User Guide
Page 149
...the IP protocol. This field displays the WAN interface through which the service is the last external port number that identifies a service. Table 40 NAT Port Forwarding LABEL DESCRIPTION Service Name Select a pre-defined service from the drop-down list box. Server IP Address External Port Start You must ... number of the range to which you want the Device to which you can manually enter the port number(s) and select the IP protocol. P-870HN-5xb User's Guide 149 The predefined service port number(s) and protocol will display in this button to add a rule to open the Rule Setup...
...the IP protocol. This field displays the WAN interface through which the service is the last external port number that identifies a service. Table 40 NAT Port Forwarding LABEL DESCRIPTION Service Name Select a pre-defined service from the drop-down list box. Server IP Address External Port Start You must ... number of the range to which you want the Device to which you can manually enter the port number(s) and select the IP protocol. P-870HN-5xb User's Guide 149 The predefined service port number(s) and protocol will display in this button to add a rule to open the Rule Setup...
User Guide
Page 150
Apply Cancel Click the Remove icon to the Device. Chapter 8 Network Address Translation (NAT) Table 40 NAT Port Forwarding (continued) LABEL DESCRIPTION Internal Start This is the last internal port number that identifies a service. Modify Click the Edit icon to... go to the screen where you take this action. Figure 72 Port Forwarding Edit 150 P-870HN-5xb User's Guide Click Apply to save your ...
Apply Cancel Click the Remove icon to the Device. Chapter 8 Network Address Translation (NAT) Table 40 NAT Port Forwarding (continued) LABEL DESCRIPTION Internal Start This is the last internal port number that identifies a service. Modify Click the Edit icon to... go to the screen where you take this action. Figure 72 Port Forwarding Edit 150 P-870HN-5xb User's Guide Click Apply to save your ...
User Guide
Page 151
...Select a WAN interface for the packets. Enter the original destination port for which you set a forwarding port in NAT to the IP address of ports, enter the last port number in the External Start Port field above . To...the External End Port field. Click Apply to save your changes back to identify this rule. Chapter 8 Network Address Translation (NAT) The following table describes the labels in the External End Port field. To forward only one port, enter the port ... Define rule. In order to enable it again in the Port Forwarding screen. P-870HN-5xb User's Guide 151
...Select a WAN interface for the packets. Enter the original destination port for which you set a forwarding port in NAT to the IP address of ports, enter the last port number in the External Start Port field above . To...the External End Port field. Click Apply to save your changes back to identify this rule. Chapter 8 Network Address Translation (NAT) The following table describes the labels in the External End Port field. To forward only one port, enter the port ... Define rule. In order to enable it again in the Port Forwarding screen. P-870HN-5xb User's Guide 151