ZyXEL P-336M User's Guide V1.00 (Jan 2006)
Contents
1. 80 Pa Boca S mm 80 Bs WN auibus ie A E apie I E E E Mand LT A alo E AT 82 GS LOOS darian kiii sesiecasrgubdecaie seerewotsrqenetassqumuecnes deeteeu remtiecsenaens 82 A STASIS eona N 83 Appendix A Types of EAP Authenticati n 2 inei saranno ra E aa x sa FY R2 RRn a PRRRYR ARR RRE PAR Fe Ron R23 Yo Prae einna 86 Appendix B Setting up Your Computer s IP Address eeeeeeeeeeeenennnnn 90 Dll e 102 Table of Contents 10 ZyXEL P 336M User s Guide 11 Table of Contents ZyXEL P 336M User s Guide List of Figures Figure 1 Web Copligurator Logi cc E 20 BU Pe Dovie D owe 21 Figure 3 Save Settings SUCCESS euscssisdeeecieeecesessas ses ase sot eh renina ennd 22 Figure d Change PaSSwOrd ausisaccsexin vutisexintubPeAzxUXPxHA TAB YR AAA LA S REL ASA RELAA 23 Fode S Baske Sa NZI eT 24 Figure 6 Basic WAN Dynamic IP usce keit rtr ttd boci sett i 26 Figure 7 Basic WAN Static IP uuo cic epa radices p nk Eon a dc PR da aE 28 Foue S Basic WAN PPPOE aunoseisobuteani tere c Mi ORI AM ERHI Rae E CHE ERN E DR TRUM DubdA 29 Figure D Base LM sarsies ot RETRO DRESVERNOH DANH RE SUERECO BEAR OLEO E CEULNOUA 30 zs mir 0431 751 tre 31 Figure 11 Basic Wireless Basic Wireless LAN Setup eene 34 Figure 12 Basic Wireless WLAN Security Setup eese 37 Figure 13 Basic Wireless WLAN Secur2. DHCP Renew This button is applicable when the P 336M uses a dynamic IP address Click DHCP Renew to get a new dynamic IP address DHCP Release This button is applicable when the P 336M uses a dynamic IP address Click DHCP Release to release the current IP address You must then click DHCP Renew to get a new IP address Connect This button is available when the P 336M is set to use PPPoE connection type Click Connect to establish an Internet connection using PPPoE Disconnect This button is available when the P 336M is set to use PPPoE connection type Click Disconnect to disconnect the Internet connection MAC Address This field displays the MAC address of the WAN port on the P 336M IP Address This field displays the WAN IP address Subnet Mask This field displays the WAN subnet mask Default Gateway This field displays the IP address of the gateway on the WAN Primary Secondary DNS Server This field displays the IP address es of the DNS server s LAN MAC Address This field displays the MAC address of the LAN port on the P 336M IP Address This field displays the LAN IP address Subnet Mask This field displays the LAN subnet mask DHCP Server This field displays whether the DHCP server is active or not on the LAN Wireless LAN Wireless Radio This field displays whether the wireless LAN feature is active or not MAC Address This field display
3. 4 6 Access Control Internet access control allows you to create and enforce Internet access policies tailored to your needs Access control gives you the ability to block specified computers and or applications from accessing the Internet You can also set a schedule for when the P 336M performs content filtering Click Advanced gt Access Control to display the configuration screen as shown Chapter 4 Advanced ZyXEL P 336M User s Guide Figure 22 Advanced Access Control ACCESS CONTROL The Access Control option allows you to control access in and out of your network Use this Feature as Parental Controls to only grant access to approved sites limit web access based on time or dates and or block internet access For applications like P2P utilities or games Save Settings Discard Settings ENABLE Enable Access Control v ADD ACCESS CONTROL RULE Enable v Policy Name Ec Address Type jp C mac Others IP Address pooo 7 lt lt select Machine Machine Address l lt lt Select Machine E Coup four PESSE Address Schedule Apply Always Apply Web Filter Log Internet Access lt lt Filter Ports Block access to specific IP addresses and ports Port Filter Rules Enable Name Dest IP Dest IP Protocol Start End pono sszsszsszss Bom s poco sszsszsszss BOTH pono sszsszsszss BOTH s pono sszsszsszss BOTH pono sszsszsszss Bom pon
4. System Preferences Dock Location 2 Click Network in the icon bar e Select Automatic from the Location list e Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list 99 Appendix B ZyXEL P 336M User s Guide Figure 59 Macintosh OS X Network e0 Network m Oo g Show All Displays Network Startup Disk Location Automatic m Show Built in Ethernet B PPPoE AppleTalk Proxies Configure Using DHCP m Domain Name Servers Optional IP Address 192 168 11 12 168 95 1 1 Provided by DHCP Server Subnet Mask 255 255 254 0 Router 192 168 10 11 Search Domains Optional DHCP Client ID Optional Example apple com earthlink net Ethernet Address 00 05 02 43 93 ff Appty Now 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your P 336M in the Router address box 5 Click Apply Now and close the window 6 Turn on your P 336M and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Appendix B 100 ZyXEL P 336M User s Guide 101 Appendix B ZyXEL P 336M User s Guide A about your ZyXEL G 220F 18 Address Assignment 25 ALG 46 Appl
5. lt a NEITTLITT ENABLE Enable Dynamic DNS v DYNAMIC DNS Server Address www DynDNS org l Host Name lr o Username or Key 14 Password or Key I 3l Verify Password or Key F Timeout be hours The following table describes the labels in this screen Table 32 Tools DDNS LABEL DESCRIPTION Enable Select Enable Dynamic DNS to active this feature Dynamic DNS Service Address Select the web address of your Dynamic DNS service provider 7T Chapter 5 Tools ZyXEL P 336M User s Guide Table 32 Tools DDNS LABEL DESCRIPTION Host Name Enter the system name Username or Key Enter your user name You can use up to 31 alphanumeric characters and the underscore Spaces are not allowed Password or Key Enter the password associated with the user name above You can use up to 31 alphanumeric characters and the underscore Spaces are not allowed Verify Password or Key Enter the password again for confirmation Timeout Specify the time in hours the P 336M waits before time out Chapter 5 Tools 78 ZyXEL P 336M User s Guide 79 Chapter 5 Tools ZyXEL P 336M User s Guide CHAPTER 6 Status This chapter describes the Status screens you use to view the system status and logs 6 1 Device Info Display the Device Status screen to view device information such as the system time a
6. 4 5 Routing Each remote node specifies only the network to which the gateway is directly connected and the P 336M has no knowledge of the networks beyond For instance the P 336M knows about network N2 in the following figure through remote node Router 1 However the P 336M is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the P 336M about the networks beyond the remote nodes Figure 20 Example of Static Routing Topology N1 To view the routing table configure static routes click Advanced gt Routing to display the configuration screen Figure 21 Advanced Routing ROUTING The Routing option allows you to define fixed routes to defined destinations Save Settings Discard Settings ADD ROUTE l Enable Destination IP Netmask Gateway Interface Metric ROUTES LIST Enable Destination IP m 172 23 23 255 172 23 23 4 a 172 23 23 0 a 0 0 0 0 a 192 168 1 255 a 192 168 1 1 a 192 168 1 0 a Netmask 255 255 255 255 255 255 255 255 255 255 255 0 0 0 0 0 255 255 255 255 255 255 255 255 255 255 255 0 Gateway Metric 0 0 0 0 0 0 0 0 0 0 0 0 172 23 23 254 0 0 0 0 0 0 0 0 0 0 0 0 Interface WAN WAN WAN WAN LAN LAN LAN Chapter 4 Advanced 52 ZyXEL P 336M User s Guide The following table describes
7. IP Address Enter the inside IP address of the inside server Protocol Select the protocol type TCP UDP or Both Private Port Enter the port number to which you want the P 336M to translate the public port Public Port Enter the incoming port number for the selected service Inbound Filter Select a filter action on the traffic Select You can configure filter actions in the Inbound Filter screen Schedule Select the name of a time setting during which this setting is active You can configure schedules in the Schedules screen Save Click this button to save the changes of a configuration screen for the current session Clear Click this button to start configuring a screen again Virtual Server List Enable Select this check box to enable this virtual server setting Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry Name This field displays the descriptive name for this setting 45 Chapter 4 Advanced ZyXEL P 336M User s Guide Table 17 Advanced Virtual Server continued LABEL DESCRIPTION IP Address This field displays the IP address of the inside server Protocol This field displays the protocol type Private Port This field displays the port number to which you want the P 336M to translate the public port Public Port This field displays the incoming port number Inbound Filter Thi
8. Select this option to set the P 336M to assign network information IP address DNS information etc to an Ethernet device connected to the LAN ports Clear this check box to stop the P 336M from acting as a DHCP server you must have another DHCP server on your LAN or else the computer must be manually configured DHCP SETTINGS DHCP Address Specify the starting and end IP address for the DHCP clients Range DHCP Lease Specify the time in minutes a DHCP client is allowed to use the assigned IP Time address from the P 336M Once the lease time is up the DHCP client has to renew the lease NUMBER OF This field displays the number of DHCP clients DYNMAIC DHCP CLIENTS Computer Name This field displays the name of the DHCP client computer MAC Address This field displays the MAC address of the DHCP client computer IP Address This field displays the IP address of the DHCP client computer ADD STATIC DHCP CLIENT Enable Select this option to enable static DHCP to set the P 336M to assign one IP address on the LAN to a specific computer based on the MAC address Clear this check box to disable this feature IP Address Type the IP address that you want to assign to the computer on your LAN Alternatively select from the list of dynamic client computer names in the drop down list box MAC Address Type the MAC address with colons of a computer on your LAN Or click Clone Your PC s MAC Address to copy the MAC address of your
9. WPA security WPA Mode WPA M Cipher Type TKIP T Group Key Update Interval 3600 seconds PRE SHARED KEY Pre Shared Key pem The following table describes the related labels in this screen Table 13 Basic WLAN Security Setup WPA Personal LABEL DESCRIPTION WPA WPA Mode Specify a WPA mode Make sure the peer device s is also set to use the same WPA mode Select WPA to set the P 336M to use WPA only WPA is a older implementation than WPA2 Select WPA2 to set the P 336M to use WPA2 first and then WPA if connection fails with WPA2 Select WPA2 Only to set the P 336M to use WPA2 only Cipher Type Specify the encryption mechanism Select TKIP AES or TKIP and AES Group Key Update This is the rate at which an AP or RADIUS server sends a new group key out to all Interval clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Enter an update time in seconds PRE SHARED KEY Pre Shared Key Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols 3 8 3 WLAN Security Setup WPA Enterprise If you want better WLAN security than WEP and have a RADIUS server on your network select WPA Enterprise in the Security Mode field in the Wireless screen 39 Chapter 3 Basic ZyXEL P 336M User s Guide Figure 15 Basic Wireless WLAN Security Setup
10. WPA Enterprise WIRELESS SECURITY SETTINGS Security Mode C None WEP C WPA Personal WPA Enterprise WPA WPA requires stations to use high grade encryption and authentication NOTE WDS will not function with WPA security WPA Mode WPA z Cipher Type rae z Group Key Update Interval 5600 seconds EAP 802 1X When WPA enterprise is enabled the router uses EAP 802 1x to authenticate clients via a remote RADIUS server Authentication Timeout eo minutes RADIUS server IP Address 0 0 0 0 RADIUS server Port fisiz RADIUS server Shared Secrel E radius shared MAC Address Authentication v lt lt Advanced Optional backup RADIUS server Second RADIUS server IP Address 000 Second RADIUS server Port ie12 Second RADIUS server adus shared Shared Secret radius shared Second MAC Address wv Authentication The following table describes the related labels in this screen Table 14 Basic WLAN Security Setup WPA Enterprise LABEL DESCRIPTION WPA WPA Mode Specify a WPA mode Make sure the peer device s is also set to use the same WPA mode Select WPA to set the P 336M to use WPA only WPA is a older implementation than WPA2 Select WPA2 to set the P 336M to use WPA2 first and then WPA if connection fails with WPA2 Select WPA2 Only to set the P 336M to use WPA2 only Cipher Type Specify the encryption mechanism Select TKIP AES or TKIP and
11. allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key Note You must go to the Dynamic DNS service provider s website and register a user account and a domain name before you can use the Dynamic DNS service with your P 336M Click Tools gt DDNS to display the configuration screen Figure 42 Tools DDNS DYNAMIC DNS Dynamic DNS DDNS The DDNS feature allows you to host a server Web FTP Game Server etc using a domain name that you have purchased www whateveryournameis com with your dynamically assigned IP address Most broadband Internet Service Providers assign dynamic changing IP addresses Using a DDNS service provider your friends can enter in your domain name to connect to your game server no matter what your IP address is
12. ssssssssss 40 Table 15 Advanced Game Hosting u22sccnteso cr rto Een Eo yat traer a ai KR RP CK Dena dona 43 Table 16 Virtual Server Common Services and Port Numbers 44 Table 17 Advanced Virtual Server sott Dort Pn o rH Hato b Dod LE qa d 45 Table 18 Advanced Applications essent 47 Table 19 Advanced SHESMENGING secissviciurssssnecasersessiremererneamreessreeumeennenmreanners 50 Tablo ZU Adusbod FG ssiri R 53 Table 21 Advanced Access ConlkOl cc cscicasecacseharscaxtatenasasaniacededienonelarnsananeceneeenanens 54 Table 22 Advanced Neb FII iusoisevesbesk ken etie GS Pese ad dU oL EINE ox INERAT cbU T PI dte 56 Table 23 Advanced MAC Fiter 1 terrent kamen t ern h b een iie otn a nk na 57 Tabla 24 Advanced T Newell 12er toa nq Ebr ARE EE PE PeES ERI Irae et ER Pe ren RE Ies 59 Table 25 Advanced Inbound Fiter occiso y beber re DI FEEEFELL EI et E niee 60 Table 25 Advsnted Wireless 1icosaci rre DIM SERI PER Era S EUERER E DO Eo LEER SIEGEN ER COLL kaiia 63 Table 27 Advanced Schedule iuescoasens een sees eve Vas tas dU Feri tabu lex tke Dp Via 64 Table 259 Toss AUDI ees os Sects arate oH ER M te o pp onem t 67 Table 29 TOOS TIMO Mem T1 Table 30 Tools SYSIOG 73 E 2a TOR Ema aaiae ane EAA E DERENAN ODEA 74 Table 2s Tools DDNS suina A 77 Tables 39 Tools AGM son PER Meo oa E RU pot 81 Table 34 Associaton EISE nsiet eterne bL had a pee bk tette dili aaa eaan aa 82 T
13. 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in the same subnet as the P 336M s LAN port Windows 95 98 Me Click Start Settings Control Panel and double click the Network icon to open the Network window Appendix B 90 ZyXEL P 336M User s Guide Figure 47 WIndows 95 98 Me Network Configuration Network LPR for TCP IP Printing 3Com EtherLink 10 100 PCI Tx NIC 3C905B TX Dial Up Adapter USB Fast Ethernet Adapter Y TCP IP gt 3Com EtherLink 10 100 PCI T NIC 3C9 for Microsoft Networks iG Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Sel
14. AES Group Key Update This is the rate at which an AP or RADIUS server sends a new group key out to all Interval clients The re keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis Enter an update time in seconds PRE SHARED KEY Pre Shared Key Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols Chapter 3 Basic 40 ZyXEL P 336M User s Guide 41 Chapter 3 Basic ZyXEL P 336M User s Guide CHAPTER 4 Advanced This chapter describes the Advanced screens you use to configure routing and security features 4 1 Game Hosting Some Internet applications such as video conferencing and Internet games require multiple connections between the clients and the server These applications do not work through NAT enabled networks Your P 336M is a NAT enabled device In order to allow these applications to work in your network you have to configure the P 336M to forward these applications to ports on a computer hosting that service To set the P 336M to forward applications to allowed ports click Advanced gt Game Hosting A configuration screen displays Figure 16 Advanced Game Hosting GAME HOSTING The Gaming option is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network This feature allows you to enter p
15. IP address If your networks are isolated from the Internet for instance only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks Table 5 Private IP Address Ranges 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or have it assigned by a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 2 2 DNS Server Address Assignment Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you
16. My Pictures ce Printers and Faxes Help and Support Search All Programs gt 177 Run P Log OFf o Turn Off Computer untitled Paint 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 51 Windows XP Control Panel Control Panel File Edit view Favorites Tools Help Q se d PO Search gt Folders E Address gt Control Panel v Control Panel A 2 E mm Add Hardware Qe Switch to Category view Co ons Windows Update Controllers 3 Right click Local Area Connection and then click Properties Appendix B 94 ZyXEL P 336M User s Guide Figure 52 Windows XP Control Panel Network Connections Properties s Network Connections File Edit view Favorites Tools Advanced Help Q sax 2 Search e Folders Ez 5 e Network Connections LAN or High Speed Internet Network Tasks ocal Area Connection nabled Standard PCI Fast Ethernet Adapte amp Create a new connection f setup a home or small Disable office network amp Disable this network teas device Repair W Repair this connection Bridge Connections mij Rename this connection View status of this connection Change settings of this Rename connection Create Shortcut Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 53 Windows XP Local Area Connection Pr
17. Streaming Protocol RTSP to receive streaming media from the Internet Windows Messenger Select this feature to allow the use of Microsoft Windows Messenger on computers in the LAN Note You must also enable the SIP ALG FTP Select this option to allow FTP data transfer through a NAT enabled network You must also set up the FTP server settings in the Virtual Server screen NetMeeting Select this option to allow Microsoft NetMeeting clients to communicate through a NAT enabled network You must also set up the NetMeeting server settings in the Virtual Server screen SIP Select this option to allow devices and applications using VoIP Voice over IP to communicate over NAT Clear this check box to disable this ALG if the devices applications use NAT traversal Wake On LAN Select this option to forward magic packets or wake up packets from the WAN to a LAN computer or device with Wake on LAN WOL feature You must also define the WOL server settings in the Virtual Server screen The LAN IP address for the virtual server is typically set to the broadcast address of 192 168 0 255 The computer on the LAN whose MAC address is contained in the magic packet will be awakened AOL Select this option if you are experiencing frequent line disconnections from the AOL server due to inactivity timeout MMS Select this option to allow Windows Media Player using MMS protocol to receive streaming data f
18. Sunday of October Each time zone in the United States stops using Daylight Saving Time at 2 A M local time So in the United States you would select the last Sun Oct and select 2 am in the Time field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select the last Sun Oct The time you select in the Time field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 Automatic Time Setting Enable NTP Server Select this option to have the P 336M get the time and date from the Network Time Protocol NTP time server you specified below NTP Server Used Enter the IP address in dotted decimal notation of the time server or select one from the pre defined list Set the Date and Time Manually These fields display when you clear the Enable NTP Server checkbox Current Gateway Time This field displays the current system time and date Year Month Day Hour Minute Second Set these fields to configure the system date and time Copy Your Computer s Time Settings Click this button to get the system date and time from your computer 5 3 Syslog Use the Syslog screen to configure to where the P 336M is to send logs Click T
19. Web based management It is highly recommended that you create a password to keep your new router secure The maximum character length can t over fifteen ADMIN PASSWORD Please enter the same password into both boxes for confirmation Password Verify Password e USER PASSWORD Please enter the same password into both boxes for confirmation Password Verify Password e The following table describes the related fields in this screen Table 4 Change Password LABEL DESCRIPTION Admin Password Password Type the new password in this field Verify Password Type the new password again in this field User Password Password Type the new password in this field Verify Password Type the new password again in this field 23 Chapter 2 The Web Configurator ZyXEL P 336M User s Guide CHAPTER 3 Basic This chapter describes the Basic screens you use to configure the wizards LAN WAN and WLAN settings 3 1 Setup Wizards You can use the wizard screens to configure the P 336M for Internet access and secure wireless connection Click Basic gt Start to display the main Wizard screen Figure 5 Basic Start Wizard WIZARD The P 336M XtremeMIMO Wireless Router powered by StreamEngine technology meets the demands of individuals who demand powerful and reliable performance For the ultimate online gaming experience INTERNET CONNECTION SETUP WIZARD Th
20. active Select the name of a schedule from the drop down list box You can configure a schedule in the Schedule screen Apply Web Filter Select this option to apply the web filters you configure in the Web Filter screen Log Internet Access Select this option to set the P 336M to create logs for Internet access activity Filter Ports Click this button to display the fields you use to configure port filters Port Filter Rules Enable Select this option to activate this rule Clear this check box to deactivate this rule Name Enter a descriptive name for identification purposes Dest IP Start Enter the start of the destination IP address range Dest IP End Enter the end of the destination IP address range Protocol Select a protocol type from the drop down list box Dest Port Start Enter the start of the destination port range Dest Port End Enter the end of the destination port range Save Click Save to save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again Access Control Rules List Enable Select this option to activate the rule Clear this check box to disable the rule without deleting it Policy This field displays the name of the port filter policy you configured for this access control rule Machine This field displays the IP or MAC address of the device to which this access control
21. allows you to allow access to the P 336M web configurator from the WAN Select this option to activate this feature Clear this check box to disable this feature Remote Admin Port Specify the port number of the embedded web server on the P 336M for accessing the web configurator Enter a port number to access the web configurator If you enter a number other than 80 you need to append the port number to the WAN port IP address to access the web configurator For example if you enter 8080 as the web server port number then you must enter http 10 10 1 1 8080 where 10 10 1 1 is the WAN port IP address Remote Admin Inbound Filter Select a filter action on the traffic Select You can configure filter actions in the Inbound Filter screen Admin Idle Specify how many minutes the web configuration can be left idle before the Timeout session times out After it times out you have to log in with your username and password again Very long idle timeouts may have security risks UPNP Enable UPNP Select this option to activate this feature Save and Restore Configuration Restore You can restore a previously save configuration file to the P 336M Configuration Enter the name of the configuration file or click Browse to locate it and click From File Restore Configuration From File to start the file upload process Save Click Save Configuration to save the current device configuration to you
22. between the two is that WPA PSK uses a simple common password instead of user specific credentials The common password approach makes WPA PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs an easier to use consistent single alphanumeric password Appendix A 88 ZyXEL P 336M User s Guide Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method key management protocol type MAC address filters are not dependent on how you configure these security features Table 38 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY gusce im KEY ENABLE IEEE 802 1X MANAGEMENT PROTOCOL Open None No No Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Yes WPA TKIP No Yes WPA PSK WEP Yes Yes WPA PSK TKIP Yes Yes 89 Appendix A ZyXEL P 336M User s Guide Appendix B Setting up Your Computer s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP IP installed Windows 95 98 Me NT 2000 XP Macintosh OS 7 and later operating systems and all versions of UNIX LINUX include the software components you need to install and use TCP IP on your computer Windows 3
23. can access it The P 336M can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses manually enter them in the DNS server fields 2 If your ISP dynamically assigns the DNS server IP addresses along with the P 336M s WAN IP address set the DNS server fields to get the DNS server address from the ISP 25 Chapter 3 Basic ZyXEL P 336M User s Guide 3 You can manually enter the IP addresses of other DNS servers These servers can be public or private A DNS server could even be behind a remote IPSec router 3 2 3 WAN Configuration Select Dynamic IP in the WAN screen if your ISP does not give you a fixed public IP address and Internet access account information such as the user name and password Figure 6 Basic WAN Dynamic IP Internet Connection Settings Use this section to configure your Internet Connection type There are several connection types to choose from Static IP Dynamic IP and PPPoE If you are unsure of your connection method please contact your Internet Service Provider Note If using the PPPoE option you will need to remove or disable any PPPoE client software on your computers Save Settings Discard Settings Choose the mode to be used by the router to connect to the Internet WANMode Static IP Dynamic IP PPPoE DYNAMIC IP Host Na
24. give more daytime light in the evening Enable Daylight Select this option to if you use Daylight Saving Time Saving Daylight Saving Enter the off set time for daylight saving time Offset Chapter 5 Tools ZyXEL P 336M User s Guide Table 29 Tools Time continued LABEL DESCRIPTION DST Start Configure the day and time when Daylight Saving Time starts if you selected Enable Daylight Saving The Time field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the first Sunday of April Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select 1st Sun Apr and select 2 am in the Time field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select the last Sun Mar The time you select in the Time field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 DST End Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The Time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the last
25. is the IP Address that you use to access the Web based management interface If you change the IP Address here you may need to adjust your PC s network settings to access the network again LAN SETTINGS IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 The following table describes the labels in this screen Table 9 Basic LAN LABEL DESCRIPTION LAN Setting IP Address Type the IP address of your P 336M in dotted decimal notation 192 168 167 1 is the factory default Alternatively click the right mouse button to copy and or paste the IP address Default Subnet Mask The subnet mask specifies the network number portion of an IP address Your P 336M automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the P 336M 3 4 DHCP Overview DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the P 336M as a DHCP server or disable it When configured as a server the P 336M provides the TCP IP configuration for the DHCP client If DHCP service is disabled you must have another DHCP server on your LAN or else the computer must be manually configured Chapter 3 Basic 30 ZyXEL P 336M User s Guide 3 4 1 IP Pool Setup The P 336M is pre configured to provide IP addresses r
26. need to fill them all in Appendix B 92 ZyXEL P 336M User s Guide Figure 49 Windows 95 98 Me TCP IP Properties DNS Configuration TCP IP Properties E 2 x Bindings Advanced Netpios DNS Configuration Gateway WINS Configuration IP Address Domain Suffix Search Order Cancel 4 Click the Gateway tab Ifyou do not know your gateway s IP address remove previously installed gateways Ifyou have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your P 336M and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 93 Appendix B ZyXEL P 336M User s Guide Figure 50 Windows XP Start Menu 5 Internet Explorer 7 My Documents fs Outlook Express Y Paint Files and Settings Transfer W B Command Prompt e My Music EJ Acrobat Reader 4 0 Ws My Computer Tour Windows XP E Windows Movie Maker B Control Panel 2 My Recent Documents gt e
27. of C OnteNS en 8 List ot PIJU Sairi EE 12 List OT TADIC S eT 14 PIA CE sniene a a OAA 16 Chapter 1 E ERS eT ril eT E E e T EE EET 18 uisus ils Maru PNE 18 Ic m 18 1 3 Hardware Connection and Wizard Setup sssssssssssssssee 19 ToT Fon Fane LEDE eee m 19 Chapter 2 THE Web Configurato anisina a a aa 20 PX CSI P E RAN R L 20 O E 20 23 Ihe DEVICE INFO GreGM aixpieeeuec tes tb dkeu atat Ee bct aane kucc eed brsbta duse cuc d due aE euo 21 2 4 Web Configurator Sereen Buttons 1 cusa sadtia ka aka tu iE ERR kd AGER 2 EX EXER LA A Ra 22 29 Saving Coniiguration Changes iuis etecveidit cen ud dte Quir du ceu M Een dO 22 20 t hshngihndg Wor Passo qusoacesttecaimieie i ditio ad ela tcv Ord 23 Chapter 3 rt Tere M DIET 24 BS A ec AT cas a ys S aiias te ere te peer er ERR d N 24 T2 Dd Eg m M RR 25 3 2 1 WAN IP Address Assignment ieeeeeseeeeesise aenean 25 3 2 2 DNS Server Address AssIgDBEPIE uie ie tente rr roti prFV Ra tete p rte re YR UO 25 dado VERI Conga O cassserxuxissstextd sstres etti epa tA Ege pt a artt IS ertt a etadds 26 3 2 4 WAN Configuration Statie IP 1s ient ertet capra gat tola Ente 27 3 2 0 WAN Configuration PPPOE 2er eir rct Eee cbe rebas E Five ipaa 28 Table of Contents 8 ZyXEL P 336M User s Guide VEBWI Roos SM P 30 RI MBILD EIE r1 Mem CT 30 gal IP PO StU e 21 2a DAOP SB 25i delis tein c dendi sdb o e a due 3
28. of Service attacks such as SYN flooding and Ping of Death These public servers can also still be accessed from the secure LAN 4 9 2 Configuring Firewall To configure the firewall and DMZ settings click Advanced gt Firewall to display the configuration screen Chapter 4 Advanced 58 ZyXEL P 336M User s Guide Figure 25 Advanced Firewall FIREWALL The DMZ Demilitarized Zone option provides you with an option to set a single computer on your network outside of the router If you have a computer that cannot run Internet applications successfully from behind the router then you can place the computer into the DMZ for unrestricted Internet access Note Putting a computer in the DMZ may expose that computer to a variety of security risks Use of this option is only recommended as a last resort FIREWALL SETTINGS Enable SPI v Enable DMZ DMZ IP Address I 0 0 0 The following table describes the labels in this screen Table 24 Advanced Firewall LABEL DESCRIPTION Enable SPI Select this option to activate Stateful packet inspection Clear this check box to disable this feature Enable DMZ Select this option to activate the DMZ feature to protect the specified device on the LAN DMZ IP Address Enter the IP address in dotted decimal notation of a computer which you want to protect on the LAN 4 10 Inbound Filter An inbound filter allows you to filter packets based on IP ad
29. screens you use to configure login passwords system time logs DDNS and firmware and configuration settings 5 1 Administrator Settings You can change the login account passwords enable UPnP and configure remote access settings in the Admin screen 5 1 1 Login Accounts You can log into the web configurator using one of the following accounts Administrator admin This is the system administrator s account with full access rights You can view system status and set the configuration screens using this account Normal User user This account allows you to view device system status and configuration settings in the web configurator configuration 1s allowed 5 1 2 UPnP Universal Plug and Play UPnP is a distributed open networking standard that uses TCP IP for simple peer to peer network connectivity between devices A UPnP device can dynamically join a network obtain an IP address convey its capabilities and learn about other devices on the network In turn a device can leave a network smoothly and automatically when it is no longer in use 5 1 3 The Admin Screen Use the Admin screen to configure login passwords remote management and UPnP You can also restore and backup the device configuration in this screen Click Tools gt Admin to display the configuration screen Chapter 5 Tools 66 ZyXEL P 336M User s Guide Figure 30 Tools Admin Administrator Settings The Admin option is used to set a p
30. the screen as shown Figure 38 Tools System SYSTEM System Settings The System Settings section allows you to reboot the device or restore the router to the factory default settings Restoring the unit to the Factory default settings will erase all settings including any rules that you have created REBOOT amp RESET TO DEFAULT SETTING Restore all Settings to the Factory Defaults 5 5 1 Rebooting Your P 336M Note When you reboot the device all unsaved changes will be lost Follow the steps below to restart your P 336M 1 In the web configurator click Tools gt System and click Reboot the Device 2 A screen displays Click OK to continue Figure 39 Tools System Reboot the Device Microsoft Internet Explorer x 9 Are you sure you want to reboot the device Rebooting will disconnect any currently active sessions cma 3 Wait until the P 336M finishes rebooting before accessing the web configurator 5 5 2 Device Reset Note When you reset the device all custom changes will be lost Follow the steps below to reset your P 336M 75 Chapter 5 Tools ZyXEL P 336M User s Guide 1 In the web configurator click Tools gt System and click Restore all Settings to the Factory Defaults 2 A screen displays Click OK to continue Figure 40 Tools System Reset DITETTTITTCEE Are you sure you want to reset the device to its Factory default settings This will cause all current settings
31. to be lost 3 Wait until the P 336M finishes rebooting before accessing the web configurator 5 6 Firmware Use the Firmware screen to update the firmware on your P 336M 1 Download the latest firmware file from www zyxel com 2 In the web configurator click Tools gt Firmware 3 In the Uplaod field enter the new firmware file name or click Browse to locate it 4 Click Upload to start the file transfer process Note Do not turn off the P 336M while the file transfer process is taking place 5 Wait for the P 336M finishes rebooting before accessing the web configurator again Check the firmware version and date in the Firmware screen Figure 41 Tools Firmware FIRMWARE Firmware Upgrade The Firmware Upgrade section can be used to update your router to the latest firmware code to improve functionality and performance os oo FIRMWARE INFORMATION Current Firmware Version P 336M V1 1 Current Firmware Date 16 Dec 2005 FIRMWARE UPGRADE Note Some firmware upgrades reset the router s configuration options to the factory defaults Before performing an upgrade be sure to save the current configuration from the Tools gt Admin screen To upgrade the firmware your PC must have a wired connection to the router Enter the name of the firmware upgrade file and click on the Upload button Upload l Browse EE Chapter 5 Tools 76 ZyXEL P 336M User s Guide 5 7 DDNS Dynamic DNS DDNS
32. your P 336M the P 336M s wireless communications are accessible to any wireless networking device that is in the coverage area 3 7 1 WEP WEP Wired Equivalent Privacy encryption scrambles all data packets transmitted between the P 336M and other wireless stations to keep network communications private Both the wireless stations and the access points must use the same WEP key for data encryption and decryption There are two ways to create WEP keys in your P 336M Automatic WEP key generation based on a password phrase called a passphrase The passphrase is case sensitive You must use the same passphrase for all WLAN adapters with this feature in the same WLAN Enter the WEP keys manually Your P 336M allows you to configure up to four 64 bit or 128 bit WEP keys and only one key is used as the default key at any one time 3 7 1 1 Authentication Type The IEEE 802 11b g standard describes a simple authentication method between the wireless stations and AP Three authentication modes are defined Open and Shared Key 35 Chapter 3 Basic ZyXEL P 336M User s Guide Open mode is implemented for ease of use and when security is not an issue The wireless station and the AP do not share a secret key Thus the wireless stations can associate with any AP and listen to any data transmitted plaintext Shared Key mode involves a shared secret key to authenticate the wireless station to the AP This requires you to
33. 1 3 2 wireless LAN Cere svi ep oo er an EA 33 SEINE E E E A E L E E 33 ie meV E A AE E NA E EO ON I EA E AEN 33 35 3 hansmission Rate TX Rate Pet ina 33 3 5 3 1 SuperGTM eene nennen 33 3 8 Basic Wireless LAM Seta uoeccun Lernen cera eu RR PH E REYE Lan pARURE EB Aa EGER Le pua n Kia EA 33 3 7 Wireless LAN Security DVOIVIBW iuisisieesccci teste cci eoeeu e ob dquve kc eL i teet k a bx Une ka Ei pIQA 35 MAR LI M t 35 Dek ala PICU IS vtr 35 ek e EEE UO NR C M 36 LA EAP Authentication RET 36 xd suc AT iae E E R 36 27 3 Usar i is oopis aAa 36 eT ie a EEA AE px A D PAE E A A A T 36 3 8 WLAN Security SelUp ssriissrioriissiinn rin in 37 38 1 WLAN Securty Stup WEP ooccnsbisiniisidshi iihi A 37 3 8 2 WLAN Security Setup WPA Personal sesssseessssssseeersreesernneserrsneersineasaees 39 3 8 3 WLAN Security Setup WPA Enterprise ssssssssssssssss 39 Chapter 4 Pa oe e E L E E A T EE ORTA 42 SAEC PONO E T A A 42 AZ Vinual Seyer T TEE 43 4 2 1 Common Services and Port Numbers sss 44 42 a Coniguing Virlual Server eR danene ian n 44 AO APPICAIONS me 46 Ao TAUG a a a a rene opener cant reed 46 22 2 POCOO snaa 46 223 3 Configuring Special AOpliGa DIS pti ia eer ER ERES RII a te ea 47 SP E prp eee mere E 49 4O ROUND m M 52 AE PSS CO rro MR Pr 53 ar GB TUBE ccoeudsdniefte
34. 2 improves data encryption by using Temporal Key Integrity Protocol TKIP or Advanced Encryption Standard AES Message Integrity Check MIC and IEEE 802 1x Temporal Key Integrity Protocol TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server It includes a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism Chapter 3 Basic 36 ZyXEL P 336M User s Guide TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically AES Advanced Encryption Standard is a newer method of data encryption that also uses a secret key This implementation of AES applies a 128 bit key to 128 bit blocks of data The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed t
35. 5 Tools 70 ZyXEL P 336M User s Guide Figure 35 Tools Time Time Configuration The Time Configuration option allows you to configure update and maintain the correct time on the internal system clock From this section you can set the time zone that you are in and set the NTP Network Time Protocol Server Daylight Saving can also be configured to automatically adjust the time when needed Save Settings Discard Settings TIME ADJUSTMENT Time Zone GMT 08 00 Pacific Time US Canada Tijuana Enable Daylight Saving n Daylight Saving Offset E 1 00 Month Week Day of Week Time DST Start apr 1st Sun 2 am Daylight Saving Settings DST End o Z sth 7 sun 7 2 am x AUTOMATIC TIME SETTING Enable NTP server NTP Server Used lt lt Select NTP Server SET THE DATE AND TIME MANUALLY Current Gateway Time Sunday February 01 2004 9 30 41 PM Year 2004 Month Feb Day Hour e z Minute 26 Second 34 z PM z Copy Your Computer s Time Settings The following table describes the labels in this screen Table 29 Tools Time LABEL DESCRIPTION Time Adjustment Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Saving Daylight saving is a period from late spring to early fall when many countries set Settings their clocks ahead of normal local time by one hour to
36. IP MODES Choose the mode to be used by the router to connect to the Internet WAN Mode StaticIP C Dynamic IP PPPoE STATIC IP Enter the static address information provided by your Internet Service Provider ISP IP Address 0 0 0 0 Subnet Mask 255 255 255 0 Default Gateway o 0 0 0 The following table describes the related fields in this screen Table 7 Basic WAN Static IP LABEL DESCRIPTION MODES WAN Select Static IP if your ISP gives you a fixed public IP address Static IP IP Address Enter your WAN IP address in dotted decimal notation for example 192 168 1 1 Subnet Mask Enter the IP subnet mask if your ISP gave you one in dotted decimal notation for example 255 255 255 0 Default Gateway zi the gateway IP address if your ISP gave you one in dotted decimal notation 3 2 5 WAN Configuration PPPoE The P 336M supports PPPoE Point to Point Protocol over Ethernet PPPoE is an IETF Draft standard RFC 2516 specifying how a computer interacts with a broadband modem DSL cable wireless etc connection The PPPoE option is for a dial up connection using PPPoE For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learnin
37. P 336M V1 1 16 Dec 2005 DHCP Client Connected O day s 6 19 20 00 13 49 22 F9 DF 172 23 23 66 255 255 255 0 172 23 23 254 172 23 5 1 172 23 5 2 The following table lists the various web configurator screens within the sub links Table 2 Web Configurator Screen Sub Menus BASIC ADVANCED TOOLS STATUS HELP Start Game Hosting Admin Device Info Menu WAN Virtual Server Time Wireless Basic LAN Applications Syslog Logs Advanced DHCP StreamEngine E mail Statistics Tools Wireless Routing System Status Access Control Firmware Glossary Web Filter DDNS MAC Filter Firewall Inbound Filter Wireless Schedules Chapter 2 The Web Configurator ZyXEL P 336M User s Guide 2 4 Web Configurator Screen Buttons The following table describes the common button in the web configurator Table 3 Web Configurator Screen Icons BUTTON DESCRIPTION Click this button to save all changes permanently to the device Click this button to discard all changes Note All unsaved changes in all screens will be lost Click this button to save the changes of a configuration screen for the current session Click this button to start configuring a screen again 9 Click this button to change the settings of the selected rule Click this button to remove the selected rule 2 5 Saving Configuration Changes Note You must save the current configuration in the P 336M
38. Properties 97 Figure 56 Macintosh OS 8 9 Apple Menu ssseeeeeenen 98 Figure 57 Macintosh OS 8 9 TOPP iuuuaecscscccie er everti herd erret anani 98 Figure 58 Macintosh OS X Apple Menu eiecti eene eet ont nn ooh to inr 99 Figure 59 Macintosh OS X NebNOEI uuisitens epa ERE pF AR PERRIFI IE EFUp DIA EAA 100 13 List of Figures ZyXEL P 336M User s Guide List of Tables Tobe 1 Front Panel LEDS e eodd bt n t n aset Dl ls eub Hv e n had 19 Table 2 Web Configurator Screen Sub Menus sss 21 Table 3 Web Configurator Screen CONS 1 aisi erinnere tant renean ie 22 Tablp 4 Changa Passware aucndiesezisitepyut i eso Ep a A 23 Table 5 Private IP Address Ranges iuessducstetvios de bep Ea S EE E FH RAE ERU das e RE oo ENT ELA RERUM TA 25 Table 6 Basic WAN Dynamic IP 1 uucccisse rrt tradite bv tran an az inse puerta 26 Table 7 Basis WAN SINE siisii iiaia pua e ERV rv e aaa LEER pude E eid 28 Table 8 Basic WADE PPPOE 2astessecabittivN NM EE das EEE NIMM opp ERA EMI ESi iH DME 29 Tople J BASE LAN aMMCT M 30 Bou DHO we rr TTE 32 Table 11 Basic Wireless Basic Wlreless LAN Setup sssessssss 34 Table 12 Basic Wireless WLAN Security Setup WEP sssseeseeess 38 Table 13 Basic WLAN Security Setup WPA Personal sseses 39 Table 14 Basic WLAN Security Setup WPA Enterprise
39. ZyXEL P 336M 802 11g Wireless MIMO Router User s Guide Version 1 00 Edition 1 00 1 2006 ZyXEL ZyXEL P 336M User s Guide Copyright Copyright O 2006 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Copyright 2 ZyXEL P 336M User s Guide Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two co
40. a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless stations This all happens in the background automatically AES Advanced Encryption Standard also uses a secret key This implementation of AES applies a 128 bit key to 128 bit blocks of data The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet 1s dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC TKIP makes it much more difficult to decrypt data on a Wi Fi network than WEP making it difficult for an intruder to break into the network The encryption mechanisms used for WPA and WPA PSK are the same The only difference
41. able 39 Status LOGS A 83 US SB fecic T 84 Table 37 Comparison of EAP Authentication Types eene 87 Table 38 Wireless Security Relational Matrix 89 List of Tables 14 ZyXEL P 336M User s Guide 15 List of Tables ZyXEL P 336M User s Guide Preface Congratulations on your purchase of the ZyXEL P 336M 802 11g Wireless MIMO Router upgrades and information at www zyxel com for global products or at www us zyxel com for North American products D Note Register your product online to receive e mail notices of firmware Your P 336M is easy to install and configure About This User s Guide This manual is designed to guide you through the configuration of your P 336M for its various applications Syntax Conventions Enter means for you to type one or more characters Select or Choose means for you to use one predefined choices The SMT menu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar Mouse action sequences are denoted using a comma For example click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mouse pointer to Control Panels and then click Modem For brevity
42. ad involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size Note Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy 4 11 2 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size between 256 and 2432 bytes that can be sent in the wireless network before the Prestige will fragment the packet into smaller data frames A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference If the Fragmentation Threshold value is smaller than the RTS CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 4 11 3 Configuring Advanced Wireless Settings To configure advanced wireless settings click Advanced gt Wireless to display the screen Chapter 4 Advanced 62 ZyXEL P 336M User s Guide Figure 28 Advanced Wireless ADVANCED WIRELESS If you are not Familiar with these Advanced Wireless settings please read the help section
43. anging from 192 168 1 100 to 192 168 1 199 to DHCP clients This configuration leaves some IP addresses excluding the P 336M itself in the lower and upper ranges for other server computers for instance servers for mail FTP TFTP web etc that you may have 3 4 2 DHCP Setup Click Basic gt DHCP to display the configuration screen Figure 10 Basic DHCP DHCP Server Use this section to configure the built in DHCP Server to assign IP addresses to the computers on your network Save Settings Discard Settings ENABLE Enable DHCP Server V DHCP SETTINGS DHCP IP Address Range fioo to jiss addresses within the LAN subnet DHCP Lease Time i440 minutes Always broadcast V compatibility For some DHCP Clients NUMBER OF DYNAMIC DHCP CLIENTS 0 Computer Name MAC Address IP Address ADD STATIC DHCP CLIENT Enable v IP Address o 0 0 0 lt lt Select Machine z MAC Address 00 00 00 00 00 00 Clone Your PC s MAC Address Computer Name STATIC DHCP CLIENT LIST Enable Computer Name IP Address 31 Chapter 3 Basic ZyXEL P 336M User s Guide The following table describes the labels in this screen Table 10 Basic DHCP LABEL DESCRIPTION ENABLE Enable DHCP DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows Server individual clients workstations to obtain TCP IP configuration at startup from a server
44. assword for access to the Web based management It is highly recommended that you create a password to keep your new router secure The maximum character length can t over fifteen Save Settings Discard Settings ADMIN PASSWORD Please enter the same password into both boxes for confirmation Password Verify Password pm USER PASSWORD Please enter the same password into both boxes for confirmation Password Verify Password e ADMINISTRATION Gateway Name sso Enable Remote Management V Remote Admin Port feosa Remote Admin Inbound Filter allow All z Admin Idle Timeout fis minutes Enable UPnP SAVE AND RESTORE CONFIGURATION Browse Restore Configuration from File Save Configuration EN The following table describes the labels in this screen Table 28 Tools Admin LABEL DESCRIPTION Admin Password Password Type the new password in this field Verify Password Type the new password again in this field User Password Password Type the new password in this field Verify Password Type the new password again in this field Administration 67 Chapter 5 Tools ZyXEL P 336M User s Guide Table 28 Tools Admin LABEL DESCRIPTION Gateway Name Enter a descriptive name up to 32 characters for your P 336M This is for identification purposes only Enable Remote Management Remote management
45. ates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication methods such as PAP CHAP MS CHAP and MS CHAP v2 Appendix A 86 ZyXEL P 336M User s Guide PEAP Protected EAP Like EAP TTLS server side certificate authentication is used to establish a secure connection then use simple username and password methods through the secured connection to authenticate the clients thus hiding client identity However PEAP only supports EAP methods such as EAP MD5 EAP MSCHAPv2 and EAP GTC EAP Generic Token Card for client authentication EAP GTC is implemented only by Cisco LEAP LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it 1s not necessary to configure a default encryption key in the Wireless screen You
46. before attempting to modify these settings ADVANCED WIRELESS SETTINGS Fragmentation Threshold 2346 256 65535 2346 1 65535 100 20 1000 RTS Threshold Beacon Period DTIM Interval 802 11d Enable Transmit Power WDS Enable WDS AP MAC Address 1 1 255 O High T Vv uf a A aoo sf e Leave blank to disable WDS for that slot The following table describes the labels in this screen Table 26 Advanced Wireless LABEL DESCRIPTION Advanced Wireless Settings Fragmentation This is the threshold number of bytes for the fragmentation boundary for directed Threshold messages It is the maximum data fragment size that can be sent Enter a value between 256 and 2432 RTS Threshold The RTS Request To Send threshold number of bytes is for enabling RTS CTS Data with its frame size larger than this value will perform the RTS CTS handshake Setting this value to be larger than the maximum MSDU MAC service data unit size turns off RTS CTS Setting this value to zero turns on RTS CTS Enter a new value between 0 and 2432 Beacon Period A wireless AP sets out a beacon to announce its presence and maintain an orderly communication between other wireless devices Enter the time between 20 and 1000 ms the P 336M waits before sending a beacon to the wireless clients DTIM Interval A DTIM Delivery Traffic Indication Message is included in a beaco
47. ce 5 Services 44 shared key authentication 36 SMTP 44 SNMP 44 Spain Contact Information 7 SSID Service Set Identity 33 Status 21 Subnet Mask 30 support CD 17 Support E mail 6 Sweden Contact Information 7 syntax conventions 16 T Telephone 6 Temporal Key Integrity Protocol TKIP 88 transmission rate 35 transmission rate Tx Rate 33 U Universal Plug and Play UPnP 66 User Authentication 88 W Web configuration Screen summary 21 Web configurator Home 21 Web Site 6 WEP 35 manual setup 35 passphrase 35 WEP Wired Equivalent Privacy 35 38 wireless LAN authentication 35 channel 33 security 35 SSID 33 transmission rate 33 WLAN Security parameters 89 Worldwide Contact Information 6 Z ZyXEL Limited Warranty Note 5 103 Index
48. col 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 4 2 2 Configuring Virtual Server To set the virtual server settings click Advanced gt Virtual Server to display the configuration screen Chapter 4 Advanced 44 ZyXEL P 336M User s Guide Figure 17 Advanced Virtual Server VIRTUAL SERVER The Virtual Server option allows you to define a single public port on your router For redirection to an internal LAN IP Address and Private LAN port if required This feature is useful For hosting online services such as FTP or Web Servers ADD VIRTUAL SERVER Enable v Name lt lt Select Virtual Server x IP Address o 0 0 0 Select Machine z Protocol TCP E Private Port fo Public Port fo Inbound Filter allow All z Schedule apply Always z VIRTUAL SERVERS LIST Enable Name Protocol Private Port Public Inbound Schedule Address Port Filter The following table describes the labels in this screen Table 17 Advanced Virtual Server LABEL DESCRIPTION Active Select this check box to enable this virtual server setting Clear this check box to disallow forwarding of these ports to an inside server without having to delete the entry Name Enter a name to identify this port forwarding rule Alternatively select a pre defined name from the drop down list box to have the P 336M fill in the default port numbers for the selected service
49. computer Computer Name Enter the name of the DHCP client computer This is for identification purposes Save Click Save to save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again STATIC DHCP CLIENT LIST Enable This field displays whether this static DHCP setting is active or not Computer Name This field displays the name of the DHCP client computer MAC Address This field displays the MAC address IP Address This field displays the IP address of the MAC address Chapter 3 Basic 32 ZyXEL P 336M User s Guide 3 5 Wireless LAN Overview This section introduces the wireless LAN features 3 5 1 SSID The SSID Service Set Identity is a unique name shared among all wireless devices in a wireless network Wireless devices must have the same SSID to communicate with each other 3 5 2 Channel A radio frequency used by a wireless device is called a channel 3 5 3 Transmission Rate Tx Rate The P 336M provides various transmission data rate options for you to select In most networking scenarios the factory default Best Automatic setting proves the most efficient This setting allows your P 336M to operate at the maximum transmission data rate When the communication quality drops below a certain level the P 336M automatically switches to a lower transmission data rate Transmission at lower data speeds i
50. csi nion moniti de nitent n iv E d n 55 LN esq RU 56 2 8 PIENE AIEE AEA A DU TR PU ERE g A SOAT ES I Ep REPE 58 ZO P DII 1bscairse nr aio und HRS bd FA I ERE DE UP FEN d READ SEP OR RERO OU 58 Luder e ERE 58 APO bound SC NE TT S eran prtem ern 59 LIBI T Y 61 9 Table of Contents ZyXEL P 336M User s Guide r UNE IIpc e TP 61 4 11 2 Fragmentation Threshold cL 62 4 11 3 Configuring Advanced Wireless Settings seeeses 62 2 T2 SONEOHIB isha Ne ted ode aie dite tacente n Rec Rete asc dO RE 64 Chapter 5 jo 66 pori 2 ze ine eri re arene nye errr ert eae ren ryenn print ye mryerthereeyeynn lt Teue rrr 66 SIT LOO gots o c etie ete b ion pr re nnd e rr rere crest ie tre rrr mer errs 66 20a Re DRUP pocnaa a a et nemer eenerremmer ne ee eres 66 SL The nnl 66 me Comigo BACKUP c an E 68 5 1 5 Configuration Reslore sesnssisnsprsisni reisir inr NA E nEri 69 9 2 Gystem Time ond Dale m kasin nanni in DE i 70 Don 0 eC O EN T2 m4 El aa eni qus bios 73 TON inaa 75 boi Rebooting Your PSS uiua cer bre ERE Th ERE C eU EnaA I ERR RA NE EEREN 13 55 2 DEVICE REBEL iuiconadd dites iur Post ALANI aaa VU ants 75 SX ORTI RE DD UT 1L A 76 or BIDS us green meee era Pere box Eb M estves ufa ter ee ener ery ambu qund elus rete mer tet I RU TT Chapter 6 CIT me a
51. ct this option to activate the filter action on the specified IP address range Clear this check box to disable the filter action on the IP address range Source IP Start Enter the start of the source IP address range Source IP End Enter the end of the source IP address range Save Click Save to save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again Inbound Filter Rules List Name This field displays the name of the inbound filter Chapter 4 Advanced 60 ZyXEL P 336M User s Guide Table 25 Advanced Inbound Filter continued LABEL DESCRIPTION Action This field displays the action on the packets from the specified IP address range Source IP Range This field displays the source IP address range s 4 11 Wireless This section describes advanced wireless LAN features For more information refer to Section 3 5 on page 33 4 11 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range of each other so they cannot hear each other that is they do not know if the channel is currently being used Therefore they are considered hidden from each other Figure27 RTS CTS RTS Range CTS Range Wireless AP T Se T
52. ddress of a computer on the client side LAN The problem is that port forwarding only forwards a service to a single LAN IP address In order to use the same service on a different LAN computer you have to manually replace the LAN computer s IP address in the forwarding port with another LAN computer s IP address Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service The P 336M records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol trigger port and protocol When the P 336M s WAN port receives a response with Chapter 4 Advanced 46 ZyXEL P 336M User s Guide a specific port number and protocol input port and protocol the P 336M forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application 4 3 3 Configuring Special Applications To allow ALG passthroughs and configure port triggering click Advanced gt Applications to display the configuration screen Figure 18 Advanced Applications SPECIAL APPLICATIONS The Special Application option is used to open single or multiple ports on your router when the router senses da
53. dresses You can use inbound filters to control access to network resources such as a web server or for remote management of the device Click Advanced gt Inbound Filter to display the configuration screen 59 Chapter 4 Advanced ZyXEL P 336M User s Guide Figure 26 Advanced Inbound Filter INBOUND FILTER Inbound Filter Rules The Inbound Filter option is an advanced method of controlling data received from the Internet With this Feature you can configure inbound data filtering rules that control data based on an IP address range Inbound Filters may be used for limiting access to a server on your network to a system or group of systems Filter rules can be used with Virtual Server Gaming or Remote Administration Features os ooo ADD INBOUND FILTER RULE Name Action Deny z Source IP Range Enable Source IP Start Source IP End 0 0 0 0 255 255 255 255 m a z Ea INBOUND FILTER RULES LIST Name Action Source IP Range The following table describes the labels in this screen Table 25 Advanced Inbound Filter LABEL DESCRIPTION Add Inbound Filter Rule Name Enter a descriptive name up to 16 characters for this filter setting This is for identification purposes only Action Select Deny to block packets from the specified IP address es Select Allow to forward packets from the specified IP address es Source IP Range Enable Sele
54. e After you enter the passphrase click Generate to have the P 336M generate four different WEP keys automatically The keys display in the fields below Key 1 4 The WEP keys are used to encrypt data Both the P 336M and the wireless stations must use the same WEP key for data transmission If you want to manually set the WEP keys enter the key in the field provided If you chose 64 bit then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F The values for the WEP keys must be set up exactly the same on all wireless devices in the same wireless LAN You must configure all four keys but only one key can be used at any one time The default key is key 1 Default Key Select a default WEP key to use for data encryption Authentication Select an authentication method Choices are Shared Key and Open Chapter 3 Basic 38 ZyXEL P 336M User s Guide 3 8 2 WLAN Security Setup WPA Personal If you want better WLAN security than WEP but do not have a RADIUS server on your network select WPA Personal in the Security Mode field in the Wireless screen Figure 14 Basic Wireless WLAN Security Setup WPA Personal WIRELESS SECURITY SETTINGS Security Mode C None C WEP wPa Personal WPA Enterprise WPA WPA requires stations to use high grade encryption and authentication NOTE WDS will not function with
55. e following Web based Setup Wizard is designed to assist you in connecting your new ZyXEL Router to the Internet This Setup Wizard will quide you through step by step instructions on how to get your Internet connection up and running Click the button below to begin Launch Internet Connection Setup Wizard Note Before launching these wizards please make sure you have followed all steps outlined in the Quick Installation Guide included in the package WIRELESS SECURITY SETUP WIZARD The following Web based Setup Wizard is designed to assist you in your wireless network setup This Setup Wizard will quide you through step by step instructions on how to set up your wireless network and how to make it secure Launch Wireless Security Setup Wizard Note Some changes made using this Setup Wizard may require you to change some settings on your wireless client adapters so they can still connect to the ZyXEL Router Refer to the Quick Start Guide for how to configure wizard screens You can configure advanced settings in the WAN screen Chapter 3 Basic 24 ZyXEL P 336M User s Guide 3 2 WAN Overview The P 336M offers three Internet access modes Static IP Dynamic IP and PPPoE To configure advanced Internet access settings click Basic gt WAN to display the configuration screen This screen varies depending on the Internet access mode you select 3 2 1 WAN IP Address Assignment Every computer on the Internet must have a unique
56. eady Blinking The P 336M is resetting to the factory defaults LAN Off No device is connected to this port Green On An Ethernet device is connected to this port Blinking The P 336M is sending receiving data on this port WAN Off The WAN connection is not ready or has failed Green On The P 336M has a successful WAN connection Blinking The P 336M is sending receiving data WLAN Off The WLAN connection is turned off Green On The WLAN is active Blinking The WLAN is sending receiving data USB Off The USB port is currently not in use Green Blinking 3 Windows Connect Now setup is successful Times Blinking Windows Connect Now setup is not successful Continuous 19 Chapter 1 Getting Started ZyXEL P 336M User s Guide CHAPTER 2 The Web Configurator This chapter introduces you to the P 336M web configurator gives an overview of the screen menus and describes the common screen buttons 2 1 Introduction The web configurator is an HTML based management interface that allows easy Prestige setup and management via Internet browser Use Internet Explorer 6 0 and later or Netscape Navigator 7 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabl
57. ect TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 91 Appendix B ZyXEL P 336M User s Guide 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab Ifyour IP address is dynamic select Obtain an IP address automatically Ifyou have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 48 Windows 95 98 Me TCP IP Properties IP Address Bindings Advanced NeBIOS DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below C Specify an IP address v Detect connection to network media Cancel 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS Ifyou know your DNS information select Enable DNS and type the information in the fields below you may not
58. ed by default Note By default you can only access the web configurator through a LAN port To access via the WAN enable remote management in the Admin screen 2 2 Login Follow the steps below to log into the web configurator 1 Start your web browser 2 Type http and the IP address of the Prestige for example the default is 192 168 1 1 in the Location or Address field Press ENTER 3 The login screen appears Select admin in the User Name field to log in as an administrator 4 Enter the associated password The default administrative login password is 1234 Figure 1 Web Configurator Login P 336M XtremeMIMO Wireless Router Welcome to P 336M Web based Configuration Enter User Name Password to Login User Name admin z Password I Login Chapter 2 The Web Configurator 20 ZyXEL P 336M User s Guide 5 Click Login to view the first web configurator screen 2 3 The DEVICE INFO Screen The Device Info screen is the first screen that displays when you access the web configurator Figure 2 Device Info Device Information All of your Internet and network connection details are displayed on this page The firmware version is also displayed here GENERAL Time Firmware Version Connection Type Connection Up Time MAC Address IP Address Subnet Mask Default Gateway Primary DNS Server Secondary DNS Server Sunday February 01 2004 12 41 14 AM
59. el dk ZyXEL Communications A S Columbusvej DENMARK sales zyxel dk 45 39 55 07 07 2860 Soeborg Denmark support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy FINLAND Malminkaari 10 sales zyxel fi 358 9 4780 8448 00700 Helsinki Finland info zyxel fr 33 4 72 52 97 97 www zyxel fr ZyXEL France 1 rue des Vergers FRANCE 33 4 72 52 19 20 Bat 1 C 69760 Limonest France support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH GERMANY Adenauerstr 20 A2 D 52146 sales zyxel de 49 2405 6909 99 Wuerselen Germany support zyxel hu 36 1 3361649 www zyxel hu ZyXEL Hungary HUNGARY 48 Zoldlomb Str info zyxel hu 36 1 3259100 H 1025 Budapest Hungary http zyxel kz support 7 3272 590 698 www zyxel kz ZyXEL Kazakhstan 43 Dostyk ave Office 414 KAZAKHSTAN sales zyxel kz 7 3272 590 689 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan support zyxel com 1 800 255 4101 www us zyxel com ZyXEL Communications Inc 1 714 632 0882 1130 N Miller St NORTH AMERICA Anaheim sales zyxel com 1 714 632 0858 ftp us zyxel com T MEE support zyxel no 47 22 80 61 80 www zyxel no ZyXEL Communications A S NORWAY Nils Hansens vei 13 sales zyxel no 47 22 80 61 81 0667 Oslo Norway Customer Support ZyXEL P 336M User s Guide METHOD LOCATION SUPPORT E MAIL TELEPHONE WEB SITE SALES E MAIL FAX FTP SITE REGULAR MAIL in
60. en 70 Figure 39 Tools TIME e 71 Figure 25 TOBls OYSIOQ shs AEA 73 Foo oT TORS acp Me 74 Figure 38 Toolsi System sirrinin aaia aunts E A sani uaareins 75 List of Figures 12 ZyXEL P 336M User s Guide Figure 39 Tools System Reboot the Device seeeeeeeeeeeenennnee 75 Figu re 40 Tools System Reset isscddssssvsiveisscvencwess sanboadenesenpnaduats shina cndsenenciulaud oneies 76 Figure XE Inu sccicaaiscccsessrensmvsiwrccserenieccsurnesi need ieee 76 Figura 42 Tove DONS sassen y dn alana T7 Figure 49 Slats Davee jp 80 Figure 44 Status I f 82 Faure 4o Status Aon eC T 83 Eiguig Ss Sane OUO Gusebuianen ninne rae 84 Figure 47 WIndows 95 98 Me Network Configuration eeeesse 91 Figure 48 Windows 95 98 Me TCP IP Properties IP Address 92 Figure 49 Windows 95 98 Me TCP IP Properties DNS Configuration 93 Figure 50 Windows XP Start MODU dausssdeeexerispeesvktbutp ei suyo pe iE HR Lex MU E ES d 94 Figure 91 Windows XP Control Parel iuiicisakekuce bi FHU tinae FEHPU Lose RotacIp eR EH CLE ISP FERMER 94 Figure 52 Windows XP Control Panel Network Connections Properties 95 Figure 53 Windows XP Local Area Connection Properties 95 Figure 54 Windows XP Advanced TCP IP Settings sssseeeeee 96 Figure 55 Windows XP Internet Protocol TCP IP
61. enable the WEP encryption and specify a WEP key on both the wireless station and the AP 3 7 2 IEEE 802 1x The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication can be done using an external RADIUS server 3 7 2 1 EAP Authentication EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station and a RADIUS server perform authentication The type of authentication you use depends on the RADIUS server and an intermediary AP s that supports IEEE 802 1x 3 7 3 WPA 2 Wi Fi Protected Access WPA is a subset of the IEEE 802 111 standard Key differences between WPA 2 and WEP are user authentication and improved data encryption 3 7 3 1 User Authentication WPA 2 applies IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database Therefore if you don t have an external RADIUS server you should use WPA 2 PSK WPA Pre Shared Key that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a client will be granted access to a WLAN 3 7 3 2 Encryption WPA
62. esL Station se ae RTS 7 J Sa 88 f gm H Daa amp I ACK 2 gt hear each other They can hear the AP When station A sends data to the Prestige it might not know that the station B is already using the channel If these two stations send data at the same time collisions may occur when both sets of data arrive at the AP at the same time resulting in a loss of messages for both stations RTS CTS is designed to prevent collisions due to hidden nodes An RTS CTS defines the biggest size data frame you can send before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission 61 Chapter 4 Advanced ZyXEL P 336M User s Guide Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhe
63. et the optimum Uplink Speed WAN connection speed Measured This field displays the detected transmission speed of the WAN connection that was Uplink Speed last established This uplink speed may be different from the actual transmission speed depending on your network environment and line condition Chapter 4 Advanced 50 ZyXEL P 336M User s Guide Table 19 Advanced StreamEngine continued LABEL DESCRIPTION Uplink Speed This field is not applicable when you select the Automatic Uplink Speed option above Enter a number to manually set the uplink speed for the WAN connection Alternatively select a pre defined choice from the drop down list box Connection Select Auto detect to set the P 336M to automatically detect the Internet connection Type type Select xDSL or Other Frame Relay Network if the P 336M connects to the Internet via a DSL modem Select Cable or Other Broadband Network if the P 336M connects to the Internet via a cable modem Detected xDSL or Framerelay Network This field is applicable when you select Auto detect in the Connection Type field This field displays the name of the detected line connection type Add StremEngine Rule Enable Select this option to enable this rule Name Enter a descriptive name for identification purposes Priority Specify a priority for the traffic type specified below Enter a number between 1 highest and 255 lowest Pr
64. ffic such as FTP or Web For best performance use the Automatic Classification option to automatically set the priority For your applications os coco ENABLE Enable StreamEngine STREAMENGINE SETUP Automatic Classification Dynamic Fragmentation v Automatic Uplink Speed V Measured Uplink Speed 14427 kbps Uplink Speed a kbps lt lt Select Transmission Rate Connection Type atodtet xz Detected xDSL Or Other Frame Relay Network No ADD STREAMENGINE RULE Enable v Name sid Priority 0 0 255 255 is the lowest priority Protocol bo lt lt select Protocol Source IP Range 0 0 0 0 to 255 255 255 255 _ Source Port Range i to fos Destination IP Range looo to 255 255 255 255 _ Destination Port Range i to joss STREAMENGINE RULES LIST Enable Name Priority Source Destination Protocol Ports IP Range IP Range The following table describes the labels in this screen Table 19 Advanced StreamEngine LABEL DESCRIPTION Enable Select this option to enable this feature StreamEngine StreamEngine Automatic Select this option to set the P 336M to automatically classify the traffic based on the Classification default Dynamic Select this option to set the P 336M to break up large packets with high priority This Fragmentation improves transmission quality Automatic Select this option to set the P 336M to automatically detect and s
65. fo pl zyxel com 48 22 5286603 www pl zyxel com ZyXEL Communications ul Emilli Plater 53 POLAND 48 22 5206701 00 113 Warszawa Poland http zyxel ru support 7 095 542 89 29 www zyxel ru ZyXEL Russia RUSSIA Ostrovityanova 37a Str sales zyxel ru 7 095 542 89 25 Moscow 117279 Russia support zyxel es 34 902 195 420 www zyxel es ZyXEL Communications SPAIN Alejandro Villegas 33 sales zyxel es 34 913 005 345 1 28043 Madrid Spain support zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S SWEDEN Sj porten 4 41764 G teborg sales zyxel se 46 31 744 7701 Sweden support ua zyxel com 380 44 247 69 78 www ua zyxel com ZyXEL Ukraine UKRAINE 13 Pimonenko Str sales ua zyxel com 380 44 494 49 32 Kiev 04050 Ukraine UNITED KINGDOM support zyxel co uk 44 1344 303044 08707 555779 UK only www zyxel co uk sales zyxel co uk 44 1344 303034 ftp zyxel co uk ZyXEL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Berkshire RG12 2XB United Kingdom UK a is the prefix number you enter to make an international telephone call Customer Support ZyXEL P 336M User s Guide Table of Contents slg eT ner ter errr 2 Federal Communications Commission FCC Interference Statement 3 ZYXEL Limited Warranty iiie ceo cepere aaia 5 TC Slime D m 6 Table
66. g high performance wireless router that supports high speed wireless networking in the Home SOHO or SMB network environments Unlike most routers the P 336M provides data transfers at up to 108 Mbps compared to the standard 54 Mbps when connecting to other compatible MIMO Multiple Input Multiple Output devices The P 336M is also backwards compatible with older IEEE 802 11b networks making it a true versatile device This means that there is no need to change your entire network to maintain connectivity IEEE 802 11b has a lower throughput rate than IEEE 802 11g but any IEEE 802 11b devices can still connect to an IEEE 802 11g network You may choose to slowly change your network by gradually replacing IEEE 802 11b devices with IEEE 802 11g devices 1 2 Features The following lists the features of your P 336M Supports IEEE 802 11b g 2 4GHz WLAN with 2 412 to 2 484GHz frequency band operation Supports MIMO to increase both transmission speed with SuperG and range of your wireless network Intelligent receiving with directional antennas for faster throughput and longer ranges ntelligent transmissions for a more efficient performing network Built in StreamEngine feature allowing intelligent and automatic traffic prioritizing Datarates of 1 2 5 5 6 9 11 12 18 24 36 48 54Mbps and Turbo Mode speed at up to 108Mbps Note Turbo Mode is an Atheros proprietary speed boosting technology that must be used in conj
67. g or procedures for Windows users One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site Chapter 3 Basic 28 ZyXEL P 336M User s Guide By implementing PPPoE directly on the P 336M rather than individual computers the computers on the LAN do not need PPPoE software installed since the P 336M does that part of the task Furthermore with NAT all of the LAN computers will have access Select PPPoE in the WAN screen Figure 8 Basic WAN PPPoE MODES Choose the mode to be used by the router to connect to the Internet WAN Mode PPPoE StaticIP Dynamic IP PPPoE Enter the information provided by your Internet Service Provider ISP Username Password Verify Password Service Name Reconnect Mode Maximum Idle Time i I RN pee oo optional C alwayson Ondemand Manual 5 minutes O infinite The following table describes the related fields in this screen Table 8 Basic WAN PPPoE LABEL DESCRIPTION MODES WAN Select PPPoE if your ISP gives you Internet access account information such as the username and pass
68. hat the data has been tampered with and the packet 1s dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC TKIP makes it much more difficult to decode data on a Wi Fi network than WEP making it difficult for an intruder to break into the network The encryption mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials The common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs an easier to use consistent single alphanumeric password 3 8 WLAN Security Setup Configure wireless LAN security settings in the Wireless screen Click Basic gt Wireless to display the configuration screen This screen varies depending on the option you select in the Security Mode field Figure 12 Basic Wireless WLAN Security Setup WIRELESS SECURITY SETTINGS Security Mode None C WEP WPA Personal WPA Enterprise 3 8 1 WLAN Security Setup WEP To configure basic WEP key encryption select WEP in the Security Mode field in the Wireless screen 37 Chapter 3 Basic ZyXEL P 336M User s Guide Figure 13 Basic Wireless WLAN Security Setup WEP WIRELESS SECURITY SETTINGS Security Mode C None wEP C WPA Personal WPA Enterprise WEP WEP i
69. hat this product is free from any defects in materials or workmanship for a period of up to two 2 years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without pro
70. he wireless standard the wireless client is using Rate This field displays the transmission rate in megabits per second of the wireless client Signal 96 This field displays the relative measurement of the signal strength in percentage 6 3 Logs To view system logs click Status gt Logs Chapter 6 Status 82 ZyXEL P 336M User s Guide Figure 45 Status Logs System Logs Use this option to view the router logs You can define what types of events you want to view and the event levels to view This router also has external syslog server support so you can send the log files to a computer on your network that is running a syslog utility LOG OPTIONS What to View V Firewall amp Security MW System M Router Status View Levels V Critical I warning V Informational LOG DETAILS INFO Mon Feb 02 16 37 49 2004 Log viewed by IP address 172 23 23 115 INFO Mon Feb 02 16 37 49 2004 Log cleared by IP address 172 23 23 115 The following table describes the labels in this screen Table 35 Status Logs LABEL DESCRIPTION Log Options What to View Select the type of logs to display in this screen View Levels Select the log severity level to display in this screen Apply Log Settings Click this button to save the changes in this screen Now Log Details Refresh Click Refresh to update this screen Clear Click Clear to delete all the logs Once deleted you cann
71. hem into smaller packets Ideally you should set this to match the MTU of the connection to your ISP Select this option to use the default MTU Clear this checkbox to manually enter an MTU size below MTU Enter the MTU size between 256 and 2296 Typical values are 1500 bytes for an Ethernet connection and 1492 bytes for a PPPoE connection Make sure the MTU size matches the ISP s network or Internet connection may fail WAN Port Speed Select a port speed in the field Respond to WAN Ping Select this option to set the P 336M to reply to ping packets Clear this check box if you don t want the P 336M to send ping replies WAN Ping Inbound Filter Select a control action for accessing the P 336M on the WAN You can configure the filter settings in the Advanced gt Inbound Filter screen MAC Cloning Select this option to set the P 336M to copy the MAC address of your computer Enabled MAC Address Enter the IP address of the computer on the LAN whose MAC you are cloning It is recommended that you clone the MAC address prior to hooking up the WAN port Clone Your PC s Click Clone Your PC s MAC Address to have the P 336M automatically copy MAC Address the MAC address from your computer 3 2 4 WAN Configuration Static IP Select Dynamic IP in the WAN screen when your ISP gives you a fixed public IP address 27 Chapter 3 Basic ZyXEL P 336M User s Guide Figure 7 Basic WAN Static
72. ibility Status Select Invisible to hide the SSID in so a station cannot obtain the SSID through AP scanning Select Visible to make the ESSID visible so a station can obtain the SSID through AP scanning Automatic Channel Select Select this option to set the P 336M to select the optimum channel in the wireless network Chapter 3 Basic 34 ZyXEL P 336M User s Guide Table 11 Basic Wireless Basic Wlreless LAN Setup continued LABEL DESCRIPTION Channel The radio frequency used by IEEE 802 11 wireless devices is called a channel Select a channel from the drop down list box Transmission Rate Select a transmission speed from the drop down list box 802 11 Mode Select 802 11b only to have the P 336M connect to an IEEE 802 11b wireless device only and vice versa Select Mixed 802 11b and 802 11g to have the P 336M connect to either an IEEE 802 11g or IEEE 802 11b wireless device Select 802 11g only to have the P 336M connect to an IEEE 802 11g wireless device only and vice versa SuperG Mode Select the check box to have the P 336M transmit at up to 108 Mbps when connected to an AP or wireless router with the SuperG feature enabled 3 7 Wireless LAN Security Overview Wireless LAN security is vital to your network to protect wireless communications Configure the wireless LAN security using the Wireless screen If you do not enable any wireless security on
73. ication Layer Gateway 46 authentication 38 authentication method 35 open system 36 shared key 36 C CA 86 Certificate Authority 86 channel 33 Configuration 30 Copyright 2 CTS Clear to Send 61 Customer Support 6 D Denial of Service 58 Denmark Contact Information 6 DHCP 30 77 Domain Name 25 44 Dynamic DNS 77 Dynamic WEP Key Exchange 87 E ECHO 44 Encryption 88 ESSID Extended Service Set Identification 34 Index F FCC3 Finger 44 Finland Contact Information 6 Fragmentation Threshold 62 Fragmentation threshold 62 France Contact Information 6 FTP 31 44 77 G Germany Contact Information 6 getting started 18 graphics icons key 17 H Hidden node 61 HTTP 44 initialization vector IV 88 IP Address 25 30 IP Pool Setup 31 Message Integrity Check MIC 88 Metric 53 N Network Management 44 Index 102 ZyXEL P 336M User s Guide NNTP 44 North America Contact Information 6 Norway Contact Information 6 P Pairwise Master Key PMK 88 passphrase 35 password phrase 35 Point to Point Tunneling Protocol 44 POP3 44 PPPoE Point to Point Protocol over Ethernet 28 PPTP 44 Private IP Address 25 Q Quick Start Guide 17 19 R Radio frequency 35 Regular Mail 6 Related Documentation 17 RFC 2516 28 RTS Request To Send 61 RTS Request To Send threshold 63 RTS Threshold 61 62 RTS CTS threshold 35 S security 35 Security Parameters 89 Servi
74. ications continued LABEL DESCRIPTION Save Click Save to save the changes of a configuration screen for the current Clear Click Clear to start configuring a screen again Special Applications Rule List Enable Select this check box to enable this trigger port setting Clear this setting to Name This field displays the descriptive name of this trigger port setting Trigger Protocol This field displays the trigger port or port range and the trigger protocol type Ports Input Protocol Ports This field displays the input port or port range and the input protocol type Schedule This field displays the name of the schedule to use Use the StreamEngine screen to configure traffic priorities This improves network quality for your applications such as online gaming StreamEngine improves your online gaming experience by ensuring that your game traffic is prioritized over other network traffic such as FTP or Web For better performance use the Automatic Classification option to automatically set the priority for your applications Click Advanced gt StreamEngine to display the configuration screen 49 Chapter 4 Advanced ZyXEL P 336M User s Guide Figure 19 Advanced StreamEgine STREAMENGINE Lise this section to configure ZyXEL s StreamEngine Technology StreamEngine improves your online gaming experience by ensuring that your game traffic is prioritized over other network tra
75. ick Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add e Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add e Click OK when finished 7 Inthe Internet Protocol TCP IP Properties window the General tab in Windows XP Appendix B 96 ZyXEL P 336M User s Guide e Click Obtain DNS server address automatically if you do not know your DNS server IP address es Ifyou know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Figure 55 Windows XP Internet Protocol TCP IP Properties Internet Protocol TCP IP Properties General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain a
76. ine z MAC ADDRESS LIST ES co Deny access to everyone except the machines in this list Enable MAC Address The following table describes the labels in this screen Table 23 Advanced MAC Filter LABEL DESCRIPTION Enable Select Enable MAC Address Filter to activate this setting Clear this check box to disable it Filter Settings Mode Select only deny listed machines to block frames to from the specified MAC address es Select only allow listed machines to forward frames to from the specified MAC address es Filter Wireless Clients Select this option to apply the filter settings to the wireless clients Filter Wired Select this option to apply the filter settings to the wired computers on the LAN Clients Add MAC Address Enable Select Enable to activate this filter setting Clear this check box to disable it MAC Address Enter the MAC address in six pairs of dotted haxidecimal notation of a computer whose traffic you want to filter Or select a computer from the drop down list box 57 Chapter 4 Advanced ZyXEL P 336M User s Guide Table 23 Advanced MAC Filter continued LABEL DESCRIPTION Copy Your PC s Click this button to copy the MAC address of your computer MAC Address Note In order for the P 336M to copy your computer s MAC address your computer must be connected directly to the P 336M Save Click Save t
77. ipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment under 47 CFR 2 1093 paragraph d 2 2 This Transmitter must not be co located or operating in conjunction with any other antenna or transmitter 3 Federal Communications Commission FCC Interference Statement ZyXEL P 336M User s Guide Certifications 1 Go to www zyxel com 2 Select your product from the drop down list box on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page GOR CUTS RRR Fa BEBE Trade Name Tested Model Number To Comply With FCC Standards FOR HOME OR OFFICE USE BAR KURERE AN GUERRE JERSE TT ERRET ERISH gt SEPERATE ais n HE d xt PSU BH KAPERA REIK DAI S BC aa T CREE RU ri USE ze die TRES a Hae H AGB ESE AUR EIRAS Si tit anm o SS TAI fe BCR BP Be are H RUBER PETERS RU gt KREST Federal Communications Commission FCC Interference Statement ZyXEL P 336M User s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser t
78. ity Setup WEP 1 eese inna 38 Figure 14 Basic Wireless WLAN Security Setup WPA Personal 39 Figure 15 Basic Wireless WLAN Security Setup WPA Enterprise 40 Figure 15 Advanced Game Hosting aiunooppipbestc ici b rre ipe PEE PIRE rrna 42 Figure 17 Advanced Virtual SBFVBE 1d oet doi ein gd e Le sta re d edu 45 Figure 18 Advanced Applications sss 47 Figure 19 Advanced SICRIMEGQING 22er tnn titor rtnai tierra Eust eap ennan 50 Figure 20 Example of Static Routing Topology eene 52 ESVLEAEIS T ues P codeine nnan 52 Figure 22 Advanced Access Control iiussieiece c tette ettet rea pete pc bU i uude 54 Figure 23 Advanced Web Filter Liuius Dota Ehre d k Rrrx na ER aa 56 Figure 24 Advanced MAC PUE ausssendenktenteta ben eiadscnisese tote mam im bof ps Rap UE 57 Figure 25 Advanced Firewall 1 5 a ptt Rh Lt ERE E ER ERE E RRHLL EE RH L EE 59 Figure 26 Advanced Inbound Filter 2e ke crm ka tt tad kr trend 60 dl 2 USGS m TR 61 Figure 29 Advanced Wireless uudusssodexeiiesiindoskeia dde en MO ADAE dpa redux 63 Fig re 20 Advanced Schedule eee 64 Figute SO Tools np 67 Figure 31 Tools Admin File Download iuc osrecn cort dba dart E ERE 69 Figure 32 Toole Admin Save AS auuoieetetepnietredaesietetepia blvie ei obu aud 69 Figura S3 TODOS PERI dues tn eb rDt e REC Ap Le ti a t Ld a o e dn 69 Figure 34 Tools Admin Configuration Restore Progress ee
79. m then you must also enter mysite zyxel com in this screen Note Do NOT enter http Save Click Save to save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again Allowed Web Site This table lists the addresses of the web sites that you want to allow access List Enable Select this option to allow access to this web site Clear this check box to block access Web Site This field displays the web site address 4 8 MAC Filter MAC address filtering means sifting traffic going through the P 336M based on the source and or destination MAC addresses You can set the P 336M to filter packets from connected wireless clients or computers on the wired LAN Click Advanced gt MAC Filter to display the configuration screen Chapter 4 Advanced 56 ZyXEL P 336M User s Guide Figure 24 Advanced MAC Filter MAC ADDRESS FILTER The MAC Media Access Controller Address Filter option is used to control network access based on the MAC Address of the network adapter A MAC address is a unique ID assigned by the manufacturer of the network adapter This feature can be configured to ALLOW or DENY network Internet access Save Settings ENABLE Discard Settings Enable MAC Address Filter JY FILTER SETTINGS Mode only allow listed machines z Filter Wireless Clients V Filter Wired Clients V ADD MAC ADDRESS Enable v MAC Address select Mach
80. may still configure and store keys here but they will not be used while Dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair 1s more practical The following table is a comparison of the features of authentication types Table 37 Comparison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Moderate Client Identity Protection No No Yes Yes No 87 Appendix A ZyXEL P 336M User s Guide WPA User Authentication WPA applies IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless stations using an external RADIUS database Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP or Advanced Encryption Standard AES Message Integrity Check MIC and IEEE 802 1x TKIP uses 128 bit keys that are dynamically generated and distributed by the authentication server It includes
81. me DNS SETTINGS Use these DNS Servers Primary DNS Server b 0 0 0 Secondary DNS Server p 0 0 0 NEDITNN Use the default MTU V MTU fi 500 bytes WAN Port Speed Auto T Respond to WAN Ping WAN Ping Inbound Filter Allow All x MAC Cloning Enabled MAC Address Plone four PEZ lt Azididrezz The following table describes the fields in this screen Table 6 Basic WAN Dynamic IP LABEL DESCRIPTION MODES WAN Select Dynamic IP if you are not given a fixed public IP address and account information such as the user name and password Dynamic IP Chapter 3 Basic 26 ZyXEL P 336M User s Guide Table 6 Basic WAN Dynamic IP continued LABEL DESCRIPTION Hostname This field is optional Enter your computer s hostname which the ISP checks before Internet access is allowed DNS Settings Use these DNS Servers Select this option to manually enter the DNS server IP address es in the field s provided Primary Secondary Enter the IP address provided by your ISP of the DNS server in dotted decimal DNS Server notation For example 192 168 1 1 Advanced Click Advanced to display advanced WAN configuration fields Use the Default MTU Maximum Transmission Unit MTU is a parameter that determines the largest packet size in bytes that the P 336M will send to the WAN If LAN devices send larger packets the P 336M will break t
82. me Hosting and Virtual Server Click Advanced gt Schedule to display the configuration screen Figure 29 Advanced Schedule The Schedule configuration option is used to manage schedule rules for various Firewall and parental control features os oo ADD SCHEDULE RULE Name Day s al week select Day s sun Mon Tue wed thu I Fri F sat All Day 24 hrs Start Time fo z z hour minute 12 hour time End Time An hour minute 12 hour time SCHEDULE RULES LIST Name Day s Time Frame The following table describes the labels in this screen Table 27 Advanced Schedule LABEL DESCRIPTION Name Enter a descriptive name up to 16 characters for this schedule setting This is for identification purposes only Day s Select All Week or Select Day s to specify the day s of the week All Day 24 hrs Select this option to enable the schedule for the entire day for the specified day s Chapter 4 Advanced 64 ZyXEL P 336M User s Guide Table 27 Advanced Schedule continued LABEL DESCRIPTION Start Time Set the start of the schedule End Time Set the end of the schedule Save Click Save to save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again 65 Chapter 4 Advanced ZyXEL P 336M User s Guide CHAPTER 5 Tools This chapter describes the Tools
83. n IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your P 336M and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 97 Appendix B ZyXEL P 336M User s Guide Figure 56 Macintosh OS 8 9 Apple Menu File Edit View Window Special Help About This Computer D Apple System Profiler E Calculator gt Chooser Control Panels Favorites d Key caps Network Browser G Recent Applications il Recent Documents tif Remote Access Status Scrapbook 49 Sherlock 2 Speakable Items Stickies 2 Select Ethernet built in from the Connect via list ADSL Control and Status Appearance Apple Menu Options AppleTalk ColorSync Control Strip Date amp Time DialAssist Energy Saver Extensions Manager File Exchange File Sharing General Controls Internet Keyboard Keychain Acce
84. n to synchronize wireless transmission DTIM is a countdown information for wireless clients to listen to the next broadcast or multicast messages Enter the time between 1 and 255 ms the P 336M waits between sending a beacon with DTIM 802 11d is a wireless communication specification for countries where other IEEE802 11 devices are not allowed 802 11d is suitable if you want global roaming that is using your wireless devices worldwide Select this option to enable this feature 802 11d Enable 63 Chapter 4 Advanced ZyXEL P 336M User s Guide Table 26 Advanced Wireless continued LABEL DESCRIPTION Transmission Select an option in this field to set the transmission power of the antennas to Power reduce your wireless coverage area WDS Enable Select this option to activate the WDS Wireless Distribution System feature A Distribution System DS is a wired connection between two or more APs while a WDS is a wireless connection An AP using WDS can function as a wireless network bridge allowing you to wirelessly connect two wired network segments Note You cannot enable WPA and WDS at the same time WDS AP MAC Enter the MAC address in six paris of dotted haxidecimal notation of the Address neighboring AP s that participates in the WDS 4 12 Schedule You can define schedule settings on the P 336M and apply these schedule settings in other configuration screens such as Ga
85. nd interface settings Click Status gt Device Status to display the screen Figure 43 Status Device Info DEVICE INFO Device Information All of your Internet and network connection details are displayed on this page The Firmware version is also displayed here GENERAL Time Firmware Version Connection Type Connection Up Time MAC Address IP Address Subnet Mask Default Gateway Primary DNS Server Secondary DNS Server MAC Address IP Address Subnet Mask DHCP Server WIRELESS LAN Wireless Radio MAC Address Network Name SSID Channel Turbo Mode Security Type Monday February 02 2004 1 03 41 AM P 336M V1 1 16 Dec 2005 DHCP Client Connected 0 day s 0 41 05 Orly anasi 00 13 49 22 F9 DF 172 23 23 4 255 255 255 0 172 23 23 254 172 23 5 1 172 23 5 2 DHCP Release 00 13 49 22 F9 E0 192 168 1 1 255 255 255 0 Disabled off 00 13 49 22 F9 E0 ZyXEL 6 Disabled None Chapter 6 Status ZyXEL P 336M User s Guide The following table describes the labels in this screen Table 33 Tools Admin LABEL DESCRIPTION General Time This field displays the current system date and time Firmware Version This field displays the firmware version and the date created WAN Connection Type This field displays the connection status Connection Up Time This field displays the time since the connection was up
86. nditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help Notice 1 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This product has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France Caution 1 The equ
87. o sszsszsszss Bom s poco 255 255 255 255 BOTH pooo sszsszsszss eom E ACCESS CONTROL RULES LIST Donni Enable Policy Machine Schedule Web Filtering The following table describes the labels in this screen Table 21 Advanced Access Control LABEL DESCRIPTION Enable Select Enable Access Control to activate this feature Add Access Set the following fields to configure an access control rule Control Rule Enable Select this option to enable this rule Clear this check box to disable this rule Policy Name Enter a descriptive name for identification purposes Address Type Select the address type this rule checks Chapter 4 Advanced 54 ZyXEL P 336M User s Guide Table 21 Advanced Access Control continued LABEL DESCRIPTION IP Address This field is applicable when you select IP in the Address Type field above Enter the IP address of a device to which you want to apply this rule Alternatively select a device name from the drop down list box MAC Address This field is applicable when you select MAC in the Address Type field Enter the MAc address of the device to which you want to apply this rule Alternatively select a device name from the drop down list box Copy Your PC s This button is applicable when you select MAC in the Address Type field MAC Address Click this button to copy the MAC address of your computer Schedule Specify the time this rule is
88. o save the settings in this part of the screen Clear Click Clear to start configuring this part of the screen again MAC Address List Enable Select this option to activate this filter setting Clear this check box to disable it without deleting it MAC Address This field displays the MAC address of a computer whose traffic you want to filter 4 9 Firewall Stateful packet inspection SPI firewalls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integrity of the connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access control or caching that some proxies support The P 336M firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated The P 336M s purpose is to allow a private Local Area Network LAN to be securely connected to the Internet The P 336M can be used to prevent theft destruction and modification of data as well as log events which may be important to the security of your network The P 336M also has packet filtering capabilities 4 9 1 DMZ The DeMilitarized Zone DMZ provides a way for public servers Web e mail FTP etc to be visible to the outside world while still being protected from DoS Denial
89. of of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Online Registration Register online at www zyxel com for free future product updates and information 5 ZyXEL Limited Warranty ZyXEL P 336M User s Guide Customer Support Please have the following information ready when you contact customer support Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it METHOD SUPPORT E MAIL TELEPHONE WEB SITE REGULAR MAIL LOCATION SALES E MAIL FAX FTP SITE support zyxel com tw 886 3 578 3942 www zyxel com ZyXEL Communications Corp CORPORATE www europe zyxel com 6 Innovation Road II HEADQUARTERS Science Park WORLDWIDE sales zyxel com tw 886 3 578 2439 ftp zyxel com Hsinchu 300 ftp europe zyxel com Taiwan CZECH REPUBLIC info cz zyxel com 420 241 091 350 info cz zyxel com 420 241 091 359 www zyxel cz ZyXEL Communications Czech s r o Modranska 621 143 01 Praha 4 Modrany Ceska Republika support zyxel dk 45 39 55 07 00 www zyx
90. ools gt Syslog Chapter 5 Tools 72 ZyXEL P 336M User s Guide Figure 36 Tools Syslog SYSLOG The SysLog options allow you to send log information to a SysLog Server ENABLE Discard Settings Enable Logging To Syslog Serv M SYSLOG SETTINGS Syslog Server IP Address 0 0 0 0 lt lt Select Machine The following table describes the labels in this screen Table 30 Tools Syslog LABEL DESCRIPTION Enable Select Enable Logging To Syslog Server to activate this feature Syslog Settings Syslog Server IP Address Enter the IP address in dotted decimal notation of the syslog server to which the P 336M is to send logs Alternatively select a computer from the drop down list box 5 4 E mail Click Tools gt E mail configure where the P 336M is to send logs and alerts 73 Chapter 5 Tools ZyXEL P 336M User s Guide Figure 37 Tools E mail Email Settings The Email feature can be used to send the system log files router alert messages and firmware update notification to your email address Save Settings Discard Settings ENABLE Enable Email Notification EMAIL SETTINGS From Email Address To Email Address SMTP Server Address Enable Authentication Account Name Password Verify Password EMAIL LOG WHEN FULL OR ON SCHEDULE OnLogFull On Schedule Schedule Block Always The foll
91. operties 4 Local Area Connection Properties General Authentication Advanced Connect using l B Accton EN1207D TX PCI Fast Ethernet Adapter This connection uses the following items v E Client for Microsoft Networks v mr File and Printer Sharing for Microsoft Networks vi Z QoS Packet Scheduler Internet Protocol TCP IP Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP e Ifyou have a dynamic IP address click Obtain an IP address automatically 95 Appendix B ZyXEL P 336M User s Guide Ifyou have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 54 Windows XP Advanced TCP IP Settings Advanced TCP IP Settings CIP Settings DNS WINS Options IP addresses IP address Subnet mask DHCP Enabled Default gateways Gateway Metric Automatic metric 6 If you do not know your gateway s IP address remove any previously installed gateways in the IP Settings tab and click OK Do one or more of the following if you want to configure additional IP addresses Inthe IP Settings tab in IP addresses cl
92. orts in various Formats including Port Ranges 100 50 Individual Ports 80 68 888 or Mixed 1020 5000 689 Save Settings Discard Settings ADD GAME RULE Enable v Name Select Game IP Address pooo lt Selet Machine E TCP Ports to Open UDP Ports to Open Inbound Filter allow All gt Schedule Apply Always GAME RULES LIST Enable Name IP Address TCP Ports UDP Ports Inbound Filter Schedule Chapter 4 Advanced 42 ZyXEL P 336M User s Guide The following table describes the fields in this screen Table 15 Advanced Game Hosting LABEL DESCRIPTION Enable Click Enable to activate this feature Clear this check box to deactivate this feature Note that some Internet applications may not work in your network behind the P 336M Name Enter a descriptive name for this setting Alternatively select a pre defined application name from the drop down list box The pre configured port number ranges for the selected application will be automatically displayed below IP Address Enter the IP address in dotted decimal notation of a local computer hosting the selected service Alternatively select from the drop down list box The IP address of the selected computer will be displayed in this field TCP Ports to Open Specify the TCP port s for the application You can enter a port number and or a range of ports For example 6159 6180 99 UDP Por
93. ot view the logs again Email Now Click Email Now to send the logs to the e mail you specified in the Tools gt E mail screen Save Log Click Save Log to store the logs to a file on your computer 6 4 Statistics To view the LAN WAN and WLAN statistics click Status gt Statistics 83 Chapter 6 Status ZyXEL P 336M User s Guide Figure 46 Status Statistics STATISTICS Network Traffic Stats Traffic Statistics display Receive and Transmit packets passing through your router LAN STATISTICS Sent Received TX Packets Dropped RX Packets Dropped Collisions Errors WAN STATISTICS Sent Received TX Packets Dropped RX Packets Dropped Collisions Errors WIRELESS STATISTICS Sent Received TX Packets Dropped Errors The following table describes the labels in this screen Table 36 Status Statistics LABEL DESCRIPTION LAN Statistics Sent This field displays the number of packets sent on the LAN Tx Packets This field displays the number of transmitted packets that were dropped on the Dropped LAN Collisions This field displays the number of packets sent with collision errors on the LAN Received This field displays the number of packets received on the LAN Rx Packets This field displays the number of packets received that were dropped on the LAN Dropped Errors This field displays the number of packets received with e
94. otocol Enter the protocol number or select a pre defined protocol type from the drop down list box Source IP Specify one or a range of source IP addresses in the fields provided Enter the same Range IP address in the to field if you want to specify one IP address Source Port Specify one or a range of source port numbers Enter the same number in the to field Range if you want to specify one source port Destination IP Range Specify one or a range of destination IP addresses in the fields provided Enter the same IP address in the to field if you want to specify one IP address Destination Port Range Specify one or a range of destination port numbers Enter the same number in the to field if you want to specify one destination port Save Click Save to save the settings Clear Click Clear to start configuring this part of the screen again StreamEngine Rule List Enable Select this option to activate this rule Clear this check box to disable this rule without deleting it Name THis field displays the descriptive name for the rule Priority This field displays the priority level 1 to 255 of this rule ae IP This field displays one or a range of source IP addresses ange Destination IP Range This field displays one or a range of destination IP addresses Protocol Ports This field displays the protocol and port numbers 51 Chapter 4 Advanced ZyXEL P 336M User s Guide
95. owing table describes the labels in this screen Table 31 Tools E mail LABEL DESCRIPTION Enable Select Enable Email Notification to activate this feature Email Settings From Email Enter an e mail as the sender Address To Email Address Enter the e mail address to which notifications are sent SMTP Server SMTP Simple Mail Transfer Protocol is the message exchange standard for the Address Internet SMTP enables you to move messages from one e mail server to another Enter the IP address in dotted decimal notation of the mail server Enable Select the check box to activate SMTP authentication If mail server authentication Authentication is needed but this feature is disabled you will not receive the e mail logs Account Name Enter the user name up to 31 characters usually the user name of a mail account Password Enter the password associated with the user name above Verify Password Enter the password again for verification Email Log When Full or On Schedule Chapter 5 Tools 74 ZyXEL P 336M User s Guide Table 31 Tools E mail continued LABEL DESCRIPTION On Log Full Select this option to send logs when all log entries are filled On Schedule Select this option to send logs at the time defined in the selected schedule 5 5 System Use the System screen to reboot or reset your P 336M Click Tools gt System to display
96. r Configuration computer Cancel Click Cancel to start configuring this screen again 5 1 4 Configuration Backup Note Do not turn off the P 336M while the file transfer process is taking place Follow the steps below to back up the current configuration of the P 336M 1 In the web configurator click Tools gt Admin see Figure 30 on page 67 2 Scroll to the bottom of the ADMIN screen and click Save Configuration 3 A File Download screen displays Click Save Chapter 5 Tools 68 ZyXEL P 336M User s Guide Figure 31 Tools Admin File Download LI x 9 Some files can harm your computer If the file information below bf looks suspicious or you do not fully trust the source do not open or save this file File name gateway settings gws File type From 172 2323 4 Would you like to open the file or save it to your computer pen sae Cancel Morelnto Iv Always ask before opening this type of file 4 A Save As screen displays Accept the default file location and name or specify a location and name Click Save to back up the configuration file Figure 32 Tools Admin Save As Save in Am Documents rx E3 E History Music AA Lj My eBooks 5 2x My Pictures Desktop My Webs L WebWorks Projects ve m Corel User Files My Documents ux m My Computer t e File name gateway settings My Network P Save as type ows Document z Cancel 5 Af
97. r to the outside world Chapter 4 Advanced ZyXEL P 336M User s Guide You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 4 2 1 Common Services and Port Numbers The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Table 16 Virtual Server Common Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Proto
98. rom the Internet L2TP Select this option to allow multiple computers on the LAN to connect to a remote network using the L2TP protocol Add Special Applications Rule Enable Select this option to activate this rule Name Enter a descriptive name for identification purposes Alternatively select a pre defined application name from the drop down list box to have the P 336M fill in the default port numbers and protocol type for the selected application Trigger Port Range The trigger port is a port or a range of ports that causes or triggers the P 336M to record the IP address of the LAN computer that sent the traffic to a server on the WAN Specify a port or a range of ports Trigger Protocol Select a protocol type for the application Input Port Range Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The P 336M forwards the traffic with this port or range of ports to the client computer on the LAN that requested the service Specify a port or a range of ports Input Protocol Select the protocol used by the traffic coming to the router through the opened port range Schedule Select the name of a time setting during which this setting is active You can configure schedules in the Schedules screen Chapter 4 Advanced 48 ZyXEL P 336M User s Guide 4 4 StreamEngine Table 18 Advanced Appl
99. rrors on the LAN WAN Statistics Sent This field displays the number of packets sent on the WAN Tx Packets This field displays the number of transmitted packets that were dropped on the Dropped WAN Collisions This field displays the number of packets sent with collision errors on the WAN Received This field displays the number of packets received on the WAN Rx Packets This field displays the number of packets received that were dropped on the WAN Dropped Errors This field displays the number of packets received with errors on the WAN WLAN Statistics Sent This field displays the number of packets sent on the WLAN Tx Packets This field displays the number of transmitted packets that were dropped on the Dropped WLAN Chapter 6 Status 84 ZyXEL P 336M User s Guide Table 36 Status Statistics continued LABEL DESCRIPTION Received This field displays the number of packets received on the WLAN Errors This field displays the number of packets received with errors on the WLAN 85 Chapter 6 Status ZyXEL P 336M User s Guide Appendix A Types of EAP Authentication This appendix discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LEAP The type of authentication you use depends on the RADIUS server or the AP consult your network administrator for more information Your wireless LAN device may not support all authentication types EAP MD5 Me
100. rule is applied Schedule This field displays the name of the schedule to use Web Filter This field indicates whether web filters apply to this access control rule Logged This field indicates whether Internet access activities are logged 4 7 WebFilter The Web Filter screen gives you the ability to allow access only to web sites that you specify Chapter 4 Advanced ZyXEL P 336M User s Guide Click Advanced gt Web Filter to display the configuration screen Figure 23 Advanced Web Filter WEB FILTER The Web Filter options allows you to set up a list of allowed Web sites that can be used by multiple users When Web Filter is enabled all other Web sites not listed on this page will be blocked To use this Feature you must also select the Apply Web Filter checkbox in the Access Control section ADD WEB SITE Enable v Web Site eg www zyxel com ALLOWED WEB SITE LIST Enable Web Site The following table describes the labels in this screen Table 22 Advanced Web Filter LABEL DESCRIPTION Add Web Site Enable Select this option to activate this setting Clear this check box to disable it Web Site Enter the web site address to which you want to restrict access For example www zyxel com For web sites that obtain data from another web site you need to allow access to those web sites too For example if www zyxel com gets a graphic file from mysite zyxel co
101. s field displays the name of the filter on the incoming traffic Schedule This field displays the name of the schedule to use 4 3 Applications You can enable Application Layer Gateway ALG to allow certain NAT un friendly applications such as SIP to operate properly through the P 336M Alternatively you can configure port triggering to allow computers on the LAN to dynamically take turns using the service 4 3 1 ALG Some applications cannot operate through NAT are NAT un friendly because they embed IP addresses and port numbers in their packets data payload The P 336M examines and uses IP address and port number information embedded in the data stream When a device behind the P 336M uses an application for which the P 336M has ALG service enabled the P 336M translates the device s private IP address inside the data stream to a public IP address It also records session port numbers and dynamically creates implicit NAT port forwarding and firewall rules for the application s traffic to come in from the WAN to the LAN You may have to configure the server setting for an application in the Virtual Server screen see Chapter 4 on page 43 4 3 2 Port Triggering Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side With regular port forwarding or virtual server setup you set a forwarding port in NAT to forward a service coming in from the server on the WAN to the IP a
102. s sake we will use e g as a shorthand for for instance and 1 e for that is or in other words throughout this manual The ZyXEL P 336M 802 11g Wireless MIMO Router may be referred to as the P 336M in this user s guide Preface 16 ZyXEL P 336M User s Guide Graphics Icons Key NS lt Wireless Access Point Computer Notebook Computer SSS N Server Modem Wireless Signal Telephone Switch Router a gt Internet Cloud p e Related Documentation Supporting Disk Refer to the included CD for support documents Quick Start Guide The Quick Start Guide is designed to help you get up and running right away They contain hardware installation connection information ZyXEL Glossary and Web Site Please refer to www zyxel com for an online glossary of networking terms and additional support documentation User Guide Feedback Help us help you E mail all User Guide related comments questions or suggestions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan Thank you 17 ZyXEL P 336M User s Guide CHAPTER 1 Getting Started This chapter introduces the P 336M features and front panel LEDs 1 1 About Your P 336M The ZyXEL P 336M 802 11g Wireless MIMO Router is an 802 11
103. s the MAC address of the WLAN interface on the P 336M Network Name SSID This field displays the name of the wireless network Channel This field displays the wireless channel number the P 336M is using Turbo Mode This field displays whether the turbo mode is active or not Security Type This field displays the wireless LAN security type 81 Chapter 6 Status ZyXEL P 336M User s Guide 6 2 Wireless To view a list of wireless clients currently connected to the P 336M click Status gt Wireless Figure 44 Status Wireless WIRELESS Associated Wireless Client List Use this option to view the wireless clients that are connected to your wireless router NUMBER OF WIRELESS CLIENTS 0 MAC Address IP Address Mode Rate Signal 9 o The following table describes the fields in this screen Table 34 Association List LABEL DESCRIPTION Number of This field displays the number of wireless clients currently connected to the P 336M Wireless Clients MAC Address This field displays the MAC Media Access Control address of an associated wireless station Every Ethernet device has a unique MAC address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 IP Address This field displays the LAN IP address of the wireless client Mode This field displays t
104. s the wireless encryption standard To use it you must enter the same key s into the router and the wireless stations For 64 bit keys you must enter 10 hex digits into each key box For 128 bit keys you must enter 26 hex digits into each key box A hex digit is either a number from 0 to 9 or aletter from A to F For the most secure use of WEP set the authentication type to Shared Key when WEP is enabled You may also enter any text string into a WEP key box in which case it will be converted into a hexadecimal key using the ASCII values of the characters A maximum of 5 text characters can be entered for 64 bit keys and a maximum of 13 characters for 128 bit keys WEP Key Length 64 bit 10 hex digits or 5 ASCII char length applies to all keys Passphrase i xx rr Generate WEP Key 1 Preise WEP Key 2 Pree 0 WEP Key 3 9 9 7000000 WEP Key 4 Prise Default WEP Key WEP Key 1 gt Authentication Open x The following table describes the related fields in this screen Table 12 Basic Wireless WLAN Security Setup WEP LABEL DESCRIPTION WEP WEP Key Length WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network Select 64 bit or 128 bit to use data encryption Passphrase Enter a passphrase password phrase of up to 63 case sensitive printable characters and click Generate to have the P 336M create four different WEP keys Generat
105. s usually more reliable However when the communication quality improves again the P 336M gradually increases the transmission data rate again until it reaches the highest available transmission rate You can select any of the above options If you wish to balance speed versus reliability select 54 Mbps in a networking environment where you are certain that all wireless devices can communicate at the highest transmission data rate 1 Mbps or 2 Mbps are used often in networking environments where the range of the wireless connection is more important than speed 3 5 3 1 SuperG The SuperG technology works with IEEE 802 11 a b g products It doubles IEEE 802 11g performance by bonding two 54Mbps channels and allowing larger frames to be sent IEEE 802 11g wireless LAN devices using Super G can transmit at up to 108 Mbps 3 6 Basic Wireless LAN Setup Click Basic gt Wireless to display the configuration screen 33 Chapter 3 Basic ZyXEL P 336M User s Guide Figure 11 Basic Wireless Basic Wireless LAN Setup WIRELESS Wireless Network Settings Lise this section to configure the wireless settings For your ZyXEL Router Please note that changes made on this section may also need to be duplicated on your Wireless Client To protect your privacy you can configure wireless security features This device supports three wireless security modes including WEP WPA Personal and WPA Enterprise WEP is the original wireless encryp
106. ss Launcher Location Manager Memory Modem Monitors Mouse Multiple Users Numbers QuickTime Settings Remote Access Software Update Sound Speech Startup Disk Text USB Printer Sharing Figure 57 Macintosh OS 8 9 TCP IP Comect vla Setup Configure Using DHCP Server DHCP Client ID IP Address Marne server addr lt will be supplied by server gt Suret mask lt will be supplied by server gt Router address lt will be supplied by server gt lt will be supplied by server gt Search comans 3 For dynamically assigned settings select Using DHCP Server from the Configure list Appendix B 98 ZyXEL P 336M User s Guide 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your P 336M in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your P 336M and restart your computer 1f prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 58 Macintosh OS X Apple Menu Grab File Edit Capt About This Mac Get Mac OS X Software
107. ssage Digest Algorithm 5 MDS authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless station The wireless station proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sent in plain text However MD5 authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MDS authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless stations for mutual authentication The server presents a certificate to the client After validating the identity of the server the client sends a different certificate to the server The exchange of certificates is done in the open before a secured tunnel is created This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certific
108. ta sent to the Internet on a trigger port or port range Special Applications rules apply to all computers on your internal network APPLICATION LEVEL GATEWAY ALG CONFIGURATION r Windows PPTP v IPSec YPN V RTSP V Messenger Vv FIP v NetMeeting v SIP V Wake On LAN V AOL v MMS 7 12TP v ADD SPECIAL APPLICATIONS RULE Enable Name SSCS Select Special Application Trigger Port Range ex 100 200 588 Trigger Protocol Both Input Port Range ex 100 200 588 Input Protocol Both Schedule Apply Always SPECIAL APPLICATIONS RULES LIST Enable Name TriggerProtocol Ports Input Protocol Ports Schedule The following table describes the labels in this screen Table 18 Advanced Applications LABEL DESCRIPTION Application Level Gateway ALG Application PPTP Select this option to allow multiple computers on the LAN to connect to a remote network using the PPTP protocol IPSec VPN Select this option to allow multiple VPN clients to connect to a remote network using the IPSec protocol This ALG may affect VPN connections for VPN clients using NAT traversal In this case clear this check box to disable this ALG 47 Chapter 4 Advanced ZyXEL P 336M User s Guide Table 18 Advanced Applications continued LABEL DESCRIPTION RTSP Select this option to allow applications such as QuickTime and Real Player that use Real Time
109. ter the back up process is complete a Download complete screen displays Click Close to close the screen Figure 33 Tools Admin Download complete Lis vb Download Complete Saved gateway_settings gws from 172 23 23 4 Downloaded 87 1 KB in 1 sec Download to C Documents gateway_settings gws Transfer rate 87 1 KB Sec Close this dialog box when download completes Open Open Folder E 5 1 5 Configuration Restore Note Do not turn off the P 336M while the file transfer process is taking place Follow the steps below to restore a previously saved configuration file to the P 336M 69 Chapter 5 Tools ZyXEL P 336M User s Guide 1 In the web configurator click Tools gt Admin see Figure 30 on page 67 2 Scroll to the bottom of the Admin screen Enter a configuration file name in the field provided or click Browse to locate it 3 Click Restore a Configuration File to start the file upload process A status screen displays showing the restoration progress Figure 34 Tools Admin Configuration Restore Progress RESTORING SETTINGS PLEASE WAIT Converted local data Done Unpacked local data Done Unpacked saved data Done Converted saved data Done Repacked Done Converted Done Saving 5 2 System Time and Date To change your P 336M s time and date click Tools gt Time Use this screen to configure the P 336M s system time based on your local time zone Chapter
110. the labels in this screen Table 20 Advanced Routing LABEL DESCRIPTION Add Route Enable Select this option to activate this setting This field is not applicable for pre defined routes Destination IP Enter the destination IP address in dotted decimal notation Netmask Enter the subnet mask Gateway Enter the IP address of the gateway device for the selected interface below Interface Select an interface to which you want to apply the setting Metric Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Save Click Save to save the settings Clear Click Clear to start configuring this part of the screen again Routes List Enable Select this option to activate this rule Clear this check box to disable this rule without deleting it Destination IP This field displays the destination IP address Netmask This field displays the subnet mask for the destination IP address above Gateway This field displays the IP address of the gateway device Metric This field displays the cost of this route Interface This field displays the interface to which this routing setting is applied
111. tion standard WPA provides higher level of security WPA Personal does not require an authentication server The WPA Enterprise option requires an external RADIUS server os ooo WIRELESS RADIO STATUS Wireless Radio ON BASIC WIRELESS SETTINGS Wireless Network Name ZyXEL Also called the SSID Visibility Status visible C Invisible Auto Channel Select v Channel 2 437 GHz CH 6 Transmission Rate 802 11 Mode Super G Mode Best automatic z Mbit s H mixed 802 119 and 802 11b z Disabled z WIRELESS SECURITY SETTINGS Security Mode None C wep C WPA Personal C WPA Enterprise THe following table describes the related labels in this screen Table 11 Basic Wireless Basic Wlreless LAN Setup LABEL DESCRIPTION WIRELESS RADIO STATUS This field displays whether the wireless LAN feature is enabled ON or disabled OFF You can enable and disable the wireless LAN feature on the P 336M by using the wireless LAN switch at the rear panel of the P 336M Refer to the Quick Start Guide for more information BASIC WIRELESS SETTINS Wireless Network Name The SSID Service Set IDentification is a unique name to identify the P 336M in the wireless LAN Wireless stations associating to the Prestige must have the same SSID Enter a descriptive name of up to 32 printable characters including spaces alphabetic characters are case sensitive Vis
112. to make the changes take effect Do NOT turn off the P 336M during the updating process as it may corrupt the firmware and make your P 336M unusable Follow the steps below to save the configuration changes 1 Click Save Settings on the top of a configuration screen 2 A Success screen displays Click Reboot the Device to restart the P 336M and make the changes take effect Wait before the P 336M finishes rebooting before accessing the web configurator again Click Continue to return to the previous configuration screen without saving the changes Figure 3 Save Settings Success SUCCESS The new settings have been saved The router must be rebooted before the new settings will take effect You can reboot the router now using the button below or make other changes and then use the reboot button on the Tools System page J Reboot theDevies ELE Chapter 2 The Web Configurator 22 ZyXEL P 336M User s Guide 2 6 Changing Your Password It is highly recommended that you periodically change the password for accessing the Prestige If you didn t change the default one after you logged in or you want to change to a new password again then click Tools gt Admin to display the screen as shown next Configure the password fields click Save Settings and reboot the device to make the changes take effect Figure 4 Change Password Administrator Settings The Admin option is used to set a password for access to the
113. ts to Open Specify the UDP port s for the application You can enter a port number and or a range of ports For example 6159 6180 99 Inbound Filter Select a filter action on the traffic Select You can configure filter actions in the Inbound Filter screen Schedule Select the name of a time setting during which this setting is active You can configure schedules in the Schedules screen Save Click Save to save the changes of a configuration screen for the current session Clear Click Clear to start configuring a screen again Game Rules List Enable Select this option to activate this setting Clear this checkbox to disable this setting Name This field displays the descriptive name for this setting IP Address This field displays the IP address of the local computer to which the specified traffic is forwarded TCP Ports This field displays the TCP port s the specified traffic is forwarded UDP Ports This field displays the UDP port s the specified traffic is forwarded Inbound Filter This field displays the name of the filter on the incoming traffic Schedule This field displays the name of the schedule to use 4 2 Virtual Server With the virtual server also known as port forwarding feature you can make inside behind NAT on the LAN servers for example web or FTP visible to the outside world even though NAT makes your whole inside network appear as a single compute
114. unction with other devices using the Atheros radio technology Hardware encryption for Wi Fi Protected Access WPA2 WPA and Wired Equivalent Privacy WEP without performance degradation Chapter 1 Getting Started 18 ZyXEL P 336M User s Guide WPA2 WPA Wi Fi Protected Access authorizes and identifies users based with a secret key that changes automatically at regular intervals for example Pre Shared Key mode means that the home user without a RADIUS server will obtain a new security key every time he or she connects to the network vastly improving the safety of communications on the said network User friendly configuration and diagnostic utilities connection Connect multiple computers to a Cable or DSL modem to share a single Internet DHCP server enables all networked computers to automatically receive IP addresses Web based interface for easy management and configuration Supports multi connection applications Equipped with four 10 100 Ethernet ports one WAN port all with Auto MDI MDIX 1 3 Hardware Connection and Wizard Setup Follow the instructions in the Quick Start Guide to connect the P 336M and configure the wizard screens 1 3 1 Front Panel LEDs The following table describes the front panel LEDs Table1 Front Panel LEDs LED COLOR STATUS DESCRIPTION PWR Off The P 336M is not receiving power Green On The P 336M is receiving power and r
115. word Username Type the user name given to you by your ISP Password Type the password associated with the user name above Verify Password Type your password again to make sure that you have entered is correctly Service Name Type the PPPoE service name provided to you PPPoE uses a service name to identify and reach the PPPoE server Reconnect Mode Specify how you want to re establish an Internet connection after the idle timeout Select Always On when you want your connection up all the time The P 336M will try to bring up the connection automatically if it is disconnected Select On Demand when you don t want the connection up all the time and specify an idle time out in the Maximum Idle Timeout field Select Manual when you want to manually re establish the connection if it is disconnected Maximum Idle Time This value specifies the time in seconds that elapses before the P 336M automatically disconnects from the PPPoE server 29 Chapter 3 Basic ZyXEL P 336M User s Guide 3 3 LAN Setup Local Area Network LAN is a shared communication system to which many computers are attached Use LAN screen to set the IP address and subnet mask of the LAN interface on the P 336M Click Basic gt LAN to display the configuration screen Figure 9 Basic LAN Network Settings Use this section to configure the internal network settings of your router The IP Address that is configured here
Download Pdf Manuals
Related Search