ZyXEL P660HNT1 User Manual

Chapter 11 Filters

P-660HN-Tx User’s Guide

151

1

1.4 IPv6 Filter

Use this screen to create and apply IPv6 filters. Click Security > Filter > IPv6
Filter. The screen appears as shown.

Figure 69 Security > Filter > IPv6 Filter

The following table describes the labels in this screen.

Table 47 Security > Filter > IPv6 Filter

LABEL DESCRIPTION

Rule Type

Rule Type selection Select White List to specify traffic to allow and Black List to

specify traffic to block.

IPv6 Filter Rule Editing

IPv6 Filter Rule Index Select the index number of the filter rule.

Active Use this field to enable or disable the filter rule.

Interface Select the PVC to which to apply the filter.

Chapter 11 Filters

P-660HN-Tx User’s Guide

152

Direction Apply the filter to Incoming or Outgoing traffic direction.

Rule Type Use the IPv6 filter to block or allow traffic by IPv6 addresses.

Source IPv6 Address Enter the source IPv6 address of the packets you wish to filter.

This field is ignored if it is ::.

Source Prefix Length Enter the prefix length for the source IPv6 address

Destination IPv6
Address

Enter the destination IPv6 address of the packets you wish to
filter. This field is ignored if it is ::.

Destination Prefix
Length

Enter the prefix length for the destination IPv6 address.

ICMPv6 Type Select the ICMPv6 message type to filter. The following

message types can be selected:

1 / Destination Unreachable: 0 - no route to destination; 1 -
communication with destination administratively prohibited; 3 -
address unreachable; 4 - port unreachable

2 / Packet Too Big

3 / Time Exceeded: 0 - hop limit exceeded in transit; 1 -

fragment reassembly time exceeded

4 / Parameter Problem: 0 - erroneous header field
encountered; 1 - unrecognized Next Header type encountered;
2 - unrecognized IPv6 option encountered

128 / Echo Request

129 / Echo Response

130 / Listener Query - Multicast listener query

131 / Listener Report - Multicast listener report

132 / Listener Done - Multicast listener done

143 / Listener Reportv2 - Multicast listener report v2

133 / Router Solicitation

134 / Router Advertisement

135 / Neighbor Solicitation

136 / Neighbor Advertisement

137 / Redirect - Redirect message

Protocol This is the (upper layer) protocol that defines the service to

which this rule applies. By default it is ICMPv6.

IPv6 Filter Listing

IPv6 Filter Rule Index Select the index number of the filter set from the drop-down list

box.

# This is the index number of the rule in a filter set.

Active This field shows whether the rule is activated.

Interface This is the interface that the rule applies to.

Table 47 Security > Filter > IPv6 Filter

LABEL DESCRIPTION

Chapter 11 Filters

P-660HN-Tx User’s Guide

153

Direction The filter set applies to this traffic direction.

ICMPv6 Type The ICMPv6 message type to filter.

Src IP/PrefixLength This displays the source IPv6 address and prefix length.

Dest IP/PrefixLength This displays the destination IPv6 address and prefix length.

Protocol This is the (upper layer) protocol that defines the service to

which this rule applies. By default it is ICMPv6.

Apply Click this to apply your changes.

Delete Click this to remove the filter rule.

Cancel Click this to restore your previously saved settings.

Table 47 Security > Filter > IPv6 Filter

LABEL DESCRIPTION

Chapter 11 Filters

P-660HN-Tx User’s Guide

154

P-660HN-Tx User’s Guide

155

CHAPTER 12

Certificate

12.1 Overview

The ZyXEL Device can use certificates (also called digital IDs) to authenticate
users. Certificates are based on public-private key pairs. A certificate contains the
certificate owner’s identity and public key. Certificates provide a way to exchange
public keys for use in authentication.

12.1.1 What You Can Do in this Chapter

•The Trusted CA screen lets you save the certificates of trusted CAs to the
ZyXEL Device (

Section 12.3 on page 156).

1

2.2 What You Need to Know

The following terms and concepts may help as you read through this chapter.

Certification Authority

A Certification Authority (CA) issues certificates and guarantees the identity of
each certificate owner. There are commercial certification authorities like
CyberTrust or VeriSign and government certification authorities. The certification
authority uses its private key to sign certificates. Anyone can then use the
certification authority's public key to verify the certificates. You can use the ZyXEL
Device to generate certification requests that contain identifying information and
public keys and then send the certification requests to a certification authority.

Certificate File Format

The certification authority certificate that you want to import has to be in one of
these file formats:

• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64
ASCII characters to convert a binary X.509 certificate into a printable form.

Chapter 12 Certificate

P-660HN-Tx User’s Guide

156

1

2.3 The Trusted CA Screen

Click Security > Certificates to open the following screen. This screen displays a
summary list of certificates of the certification authorities that you have set the
ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate
signed by a certification authority on this list as being trustworthy; thus you do
not need to import any certificate that is signed by one of these certification
authorities.

Figure 70 Trusted CA

The following table describes the fields in this screen.

Table 48 Trusted CA

LABEL DESCRIPTION

Name This field displays the name used to identify this certificate.

Subject This field displays information that identifies the owner of the

certificate, such as Common Name (CN), OU (Organizational Unit or
department), Organization (O), State (ST) and Country (C). It is
recommended that each certificate have unique subject information.

Type This field displays general information about the certificate. ca means

that a Certification Authority signed the certificate.

Action Click View to open a screen with an in-depth list of information about

the certificate.

Click Remove to delete the certificate.

Import
Certificate

Click this button to open a screen where you can save the certificate of
a certification authority that you trust to the ZyXEL Device.

Chapter 12 Certificate

P-660HN-Tx User’s Guide

157

1

2.3.1 View Trusted CA Certificate

Click the View button in the Trusted CA screen to open the following screen. Use
this screen to view in-depth information about the certification authority’s
certificate.

Figure 71 Trusted CA: View

The following table describes the fields in this screen.

Table 49 Trusted CA: View

LABEL DESCRIPTION

Name This field displays the identifying name of this certificate.

Type This field displays general information about the certificate. ca means

that a Certification Authority signed the certificate.

Subject This field displays information that identifies the owner of the

certificate, such as Common Name (CN), Organizational Unit (OU),
Organization (O) and Country (C).

Certificate This read-only text box displays the certificate in Privacy Enhanced

Mail (PEM) format. PEM uses 64 ASCII characters to convert the binary
certificate into a printable form.

You can copy and paste the certificate into an e-mail to send to friends
or colleagues or you can copy and paste the certificate into a text
editor and save the file on a management computer for later
distribution (via floppy disk for example).

Back Click this button to return to the previous screen.

Chapter 12 Certificate

P-660HN-Tx User’s Guide

158

1

2.3.2 Import Trusted CA Certificate

Click the Import Certificate button in the Trusted CA screen to open the
following screen. The ZyXEL Device trusts any valid certificate signed by any of
the imported trusted CA certificates.

Figure 72 Trusted CA: Import Certificate

The following table describes the fields in this screen.

Table 50 Trusted CA: Import Certificate

LABEL DESCRIPTION

Browse Click this button to locate the certificate file on your computer.

Back Click this button to return to the previous screen.

Apply Click this button to save your changes back to the ZyXEL Device.

P-660HN-Tx User’s Guide

159

CHAPTER 13

Static Route

13.1 Overview

The ZyXEL Device usually uses the default gateway to route outbound traffic from
computers on the LAN to the Internet. To have the ZyXEL Device send data to
devices not reachable through the default gateway, use static routes.

For example, the next figure shows a computer (A) connected to the ZyXEL
Device’s LAN interface. The ZyXEL Device routes most traffic from A to the
Internet through the ZyXEL Device’s default gateway (R1). You create one static
route to connect to services offered by your ISP behind router R2. You create
another static route to communicate with a separate network behind a router R3
connected to the LAN.

Figure 73 Example of Static Routing Topology

WAN

R1

R2

A

R3

LAN

Chapter 13 Static Route

P-660HN-Tx User’s Guide

160

1

3.1.1 What You Can Do in the Static Route Screens

•Use the Static Route screens (

Section 13.2 on page 160) to view and configure

I

P static routes on the ZyXEL Device.

•Use the IPv6 Static Route screens (

Section 13.2.2 on page 162) to view and

configure IPv6 static routes on the ZyXEL Device.

13.2 The Static Route Screen

Use this screen to view the static route rules. Click Advanced > Static Route to
open the Static Route screen.

Figure 74 Advanced > Static Route

The following table describes the labels in this screen.

Table 51 Advanced > Static Route

LABEL DESCRIPTION

# This is the number of an individual static route.

Destination This parameter specifies the IP network address of the final destination.

Routing is always based on network number.

Netmask This parameter specifies the IP network subnet mask of the final

destination.

Gateway This is the IP address of the gateway. The gateway is a router or switch

on the same network segment as the device's LAN or WAN port. The
gateway helps forward packets to their destinations.

Modify Click the Edit icon to go to the screen where you can set up a static route

on the ZyXEL Device.

Click the Remove icon to remove a static route from the ZyXEL Device. A
window displays asking you to confirm that you want to delete the route.

Chapter 13 Static Route

P-660HN-Tx User’s Guide

161

1

3.2.1 Static Route Edit

Use this screen to configure the required information for a static route. Select a
static route index number and click Edit. The screen shown next appears.

Figure 75 Advanced > Static Route: Edit

The following table describes the labels in this screen.

Table 52 Advanced > Static Route: Edit

LABEL DESCRIPTION

Static Route Setup

Destination IP
Address

This parameter specifies the IP network address of the final destination.
Routing is always based on network number. If you need to specify a
route to a single host, use a subnet mask of 255.255.255.255 in the
subnet mask field to force the network number to be identical to the host
ID.

IP Subnet
Mask

Enter the IP subnet mask here.

Gateway IP
Address

Enter the IP address of the gateway. The gateway is a router or switch on
the same network segment as the device's LAN or WAN port. The
gateway helps forward packets to their destinations.

Back Click this to return to the previous screen without saving.

Apply Click this to save your changes.

Cancel Click this to restore your previously saved settings.

Chapter 13 Static Route

P-660HN-Tx User’s Guide

162

1

3.2.2 IPv6 Static Route

Use this screen to view the IPv6 static route rules. Click Advanced > Static
Route > IPv6 Static Route to open the IPv6 Static Route screen.

Figure 76 Advanced > Static Route > IPv6 Static Route

The following table describes the labels in this screen.

Table 53 Advanced > Static Route > IPv6 Static Route

LABEL DESCRIPTION

# This is the number of an individual static route.

Destination This parameter specifies the IP network address of the final destination.

Routing is always based on network number.

Prefix Length An IPv6 prefix length specifies how many most significant bits (starting

from the left) in the address compose the network address. This field
displays the bit number of the IPv6 subnet mask.

Gateway This is the IP address of the gateway. The gateway is a router or switch

on the same network segment as the device's LAN or WAN port. The
gateway helps forward packets to their destinations.

Device This specifies the LAN or WAN PVC.

Modify Click the Edit icon to go to the screen where you can set up a static route

on the ZyXEL Device.

Click the Remove icon to remove a static route from the ZyXEL Device. A
window displays asking you to confirm that you want to delete the route.

Chapter 13 Static Route

P-660HN-Tx User’s Guide

163

1

3.2.3 IPv6 Static Route Edit

Use this screen to configure the required information for an IPv6 static route.
Select an IPv6 static route index number and click Edit. The screen shown next
appears.

Figure 77 Advanced > Static Route > IPv6 Static Route: Edit

The following table describes the labels in this screen.

Table 54 Advanced > Static Route > IPv6 Static Route: Edit

LABEL DESCRIPTION

Static Route Setup

Destination
IPv6 Address

This parameter specifies the IP network address of the final destination.
Routing is always based on network number. If you need to specify a
route to a single host, use a prefix length of 128 in the prefix length field
to force the network number to be identical to the host ID.

IPv6 Prefix
Length

Enter the address prefix to specify how many most significant bits
compose the network address.

Gateway IPv6
Address

Enter the IP address of the gateway. The gateway is a router or switch on
the same network segment as the device's LAN or WAN port. The
gateway helps forward packets to their destinations.

PVC IPv6
Address

Select the interface through which the traffic is routed.

Back Click this to return to the previous screen without saving.

Apply Click this to save your changes.

Cancel Click this to restore your previously saved settings.

Chapter 13 Static Route

P-660HN-Tx User’s Guide

164

P-660HN-Tx User’s Guide

165

CHAPTER 14

Quality of Service (QoS)

14.1 Overview

Use the QoS screen to set up your ZyXEL Device to use QoS for traffic
management.

Quality of Service (QoS) refers to both a network’s ability to deliver data with
minimum delay, and the networking methods used to control bandwidth. QoS
allows the ZyXEL Device to group and prioritize application traffic and fine-tune
network performance.

Without QoS, all traffic data are equally likely to be dropped when the network is
congested. This can cause a reduction in network performance and make the
network inadequate for time-critical applications such as video-on-demand.

The ZyXEL Device assigns each packet a priority and then queues the packet
accordingly. Packets assigned with a high priority are processed more quickly than
those with low priorities if there is congestion, allowing time-sensitive applications
to flow more smoothly. Time-sensitive applications include both those that require
a low level of latency (delay) and a low level of jitter (variations in delay) such as
Voice over IP (VoIP) or Internet gaming, and those for which jitter alone is a
problem such as Internet radio or streaming video.

In the following figure, your Internet connection has an upstream transmission
speed of 50 Mbps. You configure a classifier to assign the highest priority queue
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get
delayed when there is network congestion. Traffic from the boss’s IP address
(192.168.1.23 for example) is mapped to queue 5. Traffic that does not match

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

166

t

hese two classes are assigned priority queue based on the internal QoS mapping

table on the ZyXEL Device.

Figure 78 QoS Example

14.1.1 What You Can Do in the QoS Screens

•Use the General screen (Section 14.2 on page 167) to enable QoS on the
Z

yXEL Device, and specify the type of scheduling.

•Use the QoS Summary List screen (

Section 14.2.1 on page 168) to check the

summary of QoS rules and actions you configured for the ZyXEL Device.

•Use the Queue Setup screen (Section 14.3 on page 168) to configure QoS
settings on the ZyXEL Device.

•Use the Class Setup screen (

Section 14.4 on page 170) to configure QoS

settings on the ZyXEL Device.

14.1.2 What You Need to Know About QoS

802.1p

QoS is used to prioritize source-to-destination traffic flows. All packets in the same
flow are given the same priority. 802.1p is a way of managing traffic in a network
by grouping similar types of traffic together and treating each type as a class. You
can use 802.1p to give different priorities to different packet types.

Tagging and Marking

In a QoS class, you can configure whether to add or change the DiffServ Code
Point (DSCP) value and IEEE 802.1p priority level in a matched packet. When the
packet passes through a compatible network, the networking device, such as a
backbone switch, can provide specific treatment or service based on the tag or
marker.

50 Mbps

DSL

VoIP: Queue 6

Boss: Queue 5
IP=192.168.1.23

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

167

F

inding Out More

See Section on page 171 for advanced technical information on QoS.

1

4.2 The General Screen

Use this screen to enable or disable QoS.

Click Advanced Setup > QoS to open the screen as shown next.

Figure 79 Advanced Setup > QoS

The following table describes the labels in this screen.

Table 55 Advanced Setup > QoS

LABEL DESCRIPTION

QoS Use this field to turn on QoS to improve your network

performance.

You can give priority to traffic that the ZyXEL Device forwards out
through the WAN interface. Give high priority to voice and video
to make them run more smoothly. Similarly, give low priority to
many large file downloads so that they do not reduce the quality
of other applications.

Apply Click this to save your changes.

Rule&Action
Summary

Click this to display a summary of configured rules and actions.

Cancel Click this to restore your previously saved settings.

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

168

1

4.2.1 The QoS Summary List Screen

Use this screen to display a summary of rules and actions configured for the
ZyXEL Device. In the Advanced > QoS screen, click the Rule&Action Summary
button to open the following screen.

Figure 80 Advanced Setup > QoS > QoS Summary List

The following table describes the labels in this screen.

14.3 The Queue Setup Screen

Use this screen to configure QoS queue disciplines and priorities.

Table 56 Advanced Setup > QoS > QoS Summary List

LABEL DESCRIPTION

# This is the rule’s index number.

Active This shows whether the rule is enabled or disabled.

Physical Ports This is the physical port associated with the rule.

Classification
Criteria

This shows criteria specified in this rule, for example the interface
from which traffic of this class should come and the source MAC
address of traffic that matches this classifier.

Forward To This is the interface through which traffic that matches the rule is

forwarded out.

IPP/TOS (DSCP) This shows the IPP/TOS or DSCP settings.

802.1p This is the 802.1p priority level.

IPP/TOS (DSCP)
Remarking

The ZyXEL Device re-assigns the priority values specified in this field
to matched traffic.

802.1p Remarking The ZyXEL Device re-assigns the priority levels specified in this field
to matched traffic.

To Q u eu e The ZyXEL Device assigns the queue level specified in this field to

matched traffic.

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

169

C

lick Advanced Setup > QoS > Queue Setup to open the screen as shown

next.

Figure 81 Advanced Setup > QoS > Queue Setup

The following table describes the labels in this screen.

Table 57 Advanced Setup > QoS > Queue Setup

LABEL DESCRIPTION

Queue Editing

Queue Discipline Select weighted round-robin (WRR) scheduling to allow packets

of all priorities to transmit depending on their assigned relative
weight. Select Strict Priority to require traffic transmit in order
of priority.

Queue Index Specify the queue index.

Queue Enable Specify to enable or disable the queue.

Queue Weight If you selected WRR, specify the WRR weight for each queue

index. A higher weight indicates higher priority while a lower
weight indicates lower priority. For example, 15 is higher priority
than 1.

Queue Priority If you selected strict priority, specify the queue priority for each

queue index.

Add Click this to add the queue to the list.

Delete Click this to delete the specified queue index.

Cancel Click this to restore your previously saved settings.

Queue List

Queue Index This is the specified queue index.

Active This specifies if the queue is enabled or disabled.

Priority This specifies the assigned priority.

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

170

1

4.4 The Class Setup Screen

Use this screen to set up QoS class rules and have the ZyXEL Device assign
priority levels to traffic according to the port range, IEEE 802.1p priority level and/
or IP precedence.

Click Advanced Setup > QoS > Class Setup to open the screen as shown next.

Figure 82 Advanced Setup > QoS > Class Setup

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

171

T

he following table describes the labels in this screen. QoS Technical Reference

Table 58 Advanced Setup > QoS > Class Setup

LABEL DESCRIPTION

Class Rule

Rule Index Select the rule’s index number from the drop-down list box.

Rule Enable Use this field to enable or disable the rule.

Application Select an application from the drop-down list box. The Destination Port

Range and Protocol ID fields may change depending on the type of
applications you choose.

Physical Ports Select Enet1 to apply the rule to the Ethernet port.

Destination
MAC

Type a destination MAC address here. QoS is then applied to traffic
containing this destination MAC address. Leave it blank to apply the rule
to all MAC addresses.

Destination IP Enter a destination IP address in dotted decimal notation. QoS is then

applied to traffic containing this destination IP address. A blank
destination IP address means any destination IP address.

Destination
SubNet Mask

Enter a destination subnet mask here.

Destination
Port Range

Either use the default value set by the application you choose, or enter
the port number to which the rule should be applied.

Source MAC Type a source MAC address here. QoS is then applied to traffic containing

this source MAC address. Leave it blank to apply the rule to all MAC
addresses.

Source IP Enter a source IP address in dotted decimal notation. QoS is then applied

to traffic containing this source IP address. A blank source IP address
means any source IP address.

Source SubNet
Mask

Enter a source subnet mask here.

Source Port
Range

Enter the port number to which the rule should be applied. 0 means any
source port number. See Appendix F on page 305 for some common
services and port numbers.

Protocol ID Select an IP protocol type from the drop-down list box.

Vlan ID Range Enter the source VLAN ID in this field.

IPP/DS Field Select IPP/TOS to specify an IP precedence range and type of services.

Select DSCP to specify a DiffServ Code Point (DSCP) range.

IP Precedence
Range

Enter a range from 0 to 7 for IP precedence. Zero is the lowest priority
and seven is the highest.

Typ e of
Service

Select a type of service from the drop-down list box.

Available options are: Normal service, Minimize delay, Maximize
throughput, Maximize reliability and Minimize monetary cost.

DSCP Range Specify a DSCP number between 0 and 63 in this field.

802.1p Select a priority level (0 to 7) from the drop-down list box.

Action

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

172

1

4.5 QoS Technical Reference

This section provides some technical background information about the topics
covered in this chapter.

Forward To Select the interface through which traffic that matches the rule is

forwarded out. If you select Unchange, the ZyXEL Device forwards
traffic of this class according to the default routing table.

If traffic of this class comes from a WAN interface and is in a queue that
forwards traffic through the LAN/WLAN interface, the ZyXEL Device
ignores the setting here.

IPP/DS Field Select IPP/TOS to specify an IP precedence range and type of services.

Select DSCP to specify a DiffServ Code Point (DSCP) range.

IP Precedence
Remarking

Enter a range from 0 to 7 to re-assign IP precedence to matched traffic.
Zero is the lowest priority and seven is the highest.

Typ e of
Service
Remarking

Select a type of service to re-assign the priority level to matched traffic.

Available options are: Normal service, Minimize delay, Maximize
throughput, Maximize reliability and Minimize monetary cost.

DSCP
Remarking

Specify a DSCP number between 0 and 63 to re-assign the priority level
to matched traffic.

802.1p

Remarking

Select a priority level (0 to 7) to re-assign the priority level to matched
traffic.

Queue # Specify a queue tag to matched traffic. Traffic assigned to a higher queue

gets through faster while traffic in lower queues is dropped when there is
network congestion.

Add Click this to add the rule.

Delete Click this to remove the rule.

Cancel Click this to restore previously saved settings.

Table 58 Advanced Setup > QoS > Class Setup

LABEL DESCRIPTION

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

173

1

4.5.1 IEEE 802.1p

IEEE 802.1p specifies the user priority field and defines up to eight separate traffic
types. The following table describes the traffic types defined in the IEEE 802.1d
standard (which incorporates the 802.1p).

14.5.2 IP Precedence

Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to
prioritize packets in a layer-3 network. IP precedence uses three bits of the eight­bit ToS (Type of Service) field in the IP header. There are eight classes of services
(ranging from zero to seven) in IP precedence. Zero is the lowest priority level and
seven is the highest.

14.5.3 Automatic Priority Queue Assignment

If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base
on the IEEE 802.1p priority level, IP precedence and/or packet length to assign
priority to traffic which does not match a class.

The following table shows you the internal layer-2 and layer-3 QoS mapping on
the ZyXEL Device. On the ZyXEL Device, traffic assigned to higher priority queues

Table 59 IEEE 802.1p Priority Level and Traffic Type

PRIORITY
LEVEL

TRAFFIC TYPE

Level 7 Typically used for network control traffic such as router configuration

messages.

Level 6 Typically used for voice traffic that is especially sensitive to jitter (jitter is the

variations in delay).

Level 5 Typically used for video that consumes high bandwidth and is sensitive to

jitter.

Level 4 Typically used for controlled load, latency-sensitive traffic such as SNA

(Systems Network Architecture) transactions.

Level 3 Typically used for “excellent effort” or better than best effort and would

include important business traffic that can tolerate some delay.

Level 2 This is for “spare bandwidth”.

Level 1 This is typically used for non-critical “background” traffic such as bulk

transfers that are allowed but that should not affect other applications and
users.

Level 0 Typically used for best-effort traffic.

Chapter 14 Quality of Service (QoS)

P-660HN-Tx User’s Guide

174

ge

ts through faster while traffic in lower index queues is dropped if the network is

congested.

Table 60 Internal Layer2 and Layer3 QoS Mapping

PRIORITY
QUEUE

LAYER 2 LAYER 3

IEEE 802.1P
USER PRIORITY
(ETHERNET
PRIORITY)

TOS (IP
PRECEDENCE)

DSCP

IP PACKET
LENGTH (BYTE)

0 1 0 000000

12

2 0 0 000000 >1100

3 3 1 001110

001100

001010

001000

250~1100

4 4 2 010110

010100

010010

010000

5 5 3 011110

011100

011010

011000

<250

6 6 4 100110

100100

100010

100000

5 101110

101000

7 7 6 110000

111000

7

P-660HN-Tx User’s Guide

175

CHAPTER 15

Dynamic DNS Setup

15.1 Overview

Dynamic DNS allows you to update your current dynamic IP address with one or
many dynamic DNS services so that anyone can contact you (in NetMeeting, CU­SeeMe, etc.). You can also access your FTP server or Web site on your own
computer using a domain name (for instance myhost.dhs.org, where myhost is a
name of your choice) that will never change instead of using an IP address that
changes each time you reconnect. Your friends or relatives will always be able to
call you even if they don't know your IP address.

First of all, you need to have registered a dynamic DNS account with
www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP
server that would still like to have a domain name. The Dynamic DNS service
provider will give you a password or key.

15.1.1 What You Can Do in the DDNS Screen

Use the Dynamic DNS screen (Section 15.2 on page 176) to enable DDNS and
c

onfigure the DDNS settings on the ZyXEL Device.

15.1.2 What You Need To Know About DDNS

DYNDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be
aliased to the same IP address as yourhost.dyndns.org. This feature is useful if
you want to be able to use, for example, www.yourhost.dyndns.org and still reach
your hostname.

If you have a private WAN IP address, then you cannot use Dynamic DNS.

Chapter 15 Dynamic DNS Setup

P-660HN-Tx User’s Guide

176

1

5.2 The Dynamic DNS Screen

Use this screen to change your ZyXEL Device’s DDNS. Click Advanced >
Dynamic DNS. The screen appears as shown.

Figure 83 Advanced > Dynamic DNS

The following table describes the fields in this screen.

Table 61 Advanced > Dynamic DNS

LABEL DESCRIPTION

Dynamic DNS Setup

Active
Dynamic DNS

Select this check box to use dynamic DNS.

Service
Provider

This is the name of your Dynamic DNS service provider.

Dynamic DNS
Typ e

Select the type of service that you are registered for from your Dynamic
DNS service provider.

Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic

DNS provider.

You can specify up to two host names in the field separated by a comma
(",").

User Name Type your user name.

Password Type the password assigned to you.

Enable
Wildcard
Option

Select the check box to enable DynDNS Wildcard.

Apply Click this to save your changes.

Cancel Click this to restore your previously saved settings.

P-660HN-Tx User’s Guide

177

CHAPTER 16

Remote Management

16.1 Overview

Remote management allows you to determine which services/protocols can access
which ZyXEL Device interface (if any) from which computers.

The following figure shows remote management of the ZyXEL Device coming in
from the WAN.

Figure 84 Remote Management From the WAN

Note: When you configure remote management to allow management from the WAN,

you still need to configure a IP filter rule to allow access.

You may manage your ZyXEL Device from a remote location via:

•Internet (WAN only)

•LAN only

•LAN and WAN

• None (Disable)

To disable remote management of a service, select Disable in the corresponding
Service Access field.

LAN

WAN

HTTP

Telnet

Chapter 16 Remote Management

P-660HN-Tx User’s Guide

178

1

6.1.1 What You Can Do in the Remote Management Screens

•Use the WWW screen (

Section 16.2 on page 179) to configure through which

i

nterface(s) and from which IP address(es) users can use HTTP to manage the

ZyXEL Device.

•Use the Telnet screen (

Section 16.3 on page 180) to configure through which

interface(s) and from which IP address(es) users can use Telnet to manage the
ZyXEL Device.

•Use the FTP screen (

Section 16.4 on page 180) to configure through which

interface(s) and from which IP address(es) users can use FTP to access the
ZyXEL Device.

• Your ZyXEL Device can act as an SNMP agent, which allows a manager station to
manage and monitor the ZyXEL Device through the network. Use the SNMP
screen (see

Section 16.5 on page 181) to configure through which interface(s)

and from which IP address(es) users can use SNMP to access the ZyXEL Device.

•Use the ICMP screen (Section 16.6 on page 184) to set whether or not your
ZyXEL Device will respond to pings and probes for services that you have not
made available.

16.1.2 What You Need to Know About Remote Management

Remote Management Limitations

Remote management does not work when:

• You have not enabled that service on the interface in the corresponding remote
management screen.

• You have disabled that service in one of the remote management screens.

• The IP address in the Secured Client IP Address field does not match the
client IP address. If it does not match, the ZyXEL Device will disconnect the
session immediately.

• There is a firewall rule that blocks it.

Remote Management and NAT

When NAT is enabled:

• Use the ZyXEL Device’s WAN IP address when configuring from the WAN.

• Use the ZyXEL Device’s LAN IP address when configuring from the LAN.

Chapter 16 Remote Management

P-660HN-Tx User’s Guide

179

1

6.2 The WWW Screen

Use this screen to specify how to connect to the ZyXEL Device from a web
browser, such as Internet Explorer.

16.2.1 Configuring the WWW Screen

Click Advanced > Remote MGMT to display the WWW screen.

Figure 85 Advanced > Remote MGMT > WWW

The following table describes the labels in this screen.

Table 62 Advanced > Remote Management > WWW

LABEL DESCRIPTION

Server Port You may change the server port number for a service, if needed.

However, you must use the same port number in order to use that
service for remote management.

Server Access Select the interface(s) through which a computer may access the ZyXEL

Device using this service.

Secured Client
IP Address

A secured client is a “trusted” computer that is allowed to communicate
with the ZyXEL Device using this service.

Select All to allow any computer to access the ZyXEL Device using this
service.

Choose Selected to just allow the computer with the IP address that
you specify to access the ZyXEL Device using this service.

Apply Click this to save your changes.

Cancel Click this to restore your previously saved settings.

Chapter 16 Remote Management

P-660HN-Tx User’s Guide

180

1

6.3 The Telnet Screen

You can use Telnet to access the ZyXEL Device’s command line interface. Specify
which interfaces allow Telnet access and from which IP address the access can
come.

Click Advanced > Remote MGMT > Telnet tab to display the screen as shown.

Figure 86 Advanced > Remote MGMT > Telnet

The following table describes the labels in this screen.

16.4 The FTP Screen

You can use FTP (File Transfer Protocol) to upload and download the ZyXEL
Device’s firmware and configuration files. Please see the User’s Guide chapter on
firmware and configuration file maintenance for details. To use this feature, your
computer must have an FTP client.

Table 63 Advanced > Remote Management > Telnet

LABEL DESCRIPTION

Server Port You may change the server port number for a service if needed, however

you must use the same port number in order to use that service for
remote management.

Server Access Select the interface(s) through which a computer may access the ZyXEL

Device using this service.

Secured Client
IP Address

A secured client is a “trusted” computer that is allowed to communicate
with the ZyXEL Device using this service.

Select All to allow any computer to access the ZyXEL Device using this
service.

Choose Selected to just allow the computer with the IP address that you
specify to access the ZyXEL Device using this service.

Apply Click this to save your changes.

Cancel Click this to restore your previously saved settings.