ZyXEL Prestige P-330W User Manual

P-330W

802.11g Secure Wireless Internet Sharing Router

User’s Guide

Version 1.1

July 2006

ZyXEL P-330W User’s Guide

Copyright

Copyright © 2005 by ZyXEL Communications Corporation.

The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.

Published by ZyXEL Communications Corporation. All rights reserved.

Disclaimer

ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.

Trademarks

ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.

Copyright 2

ZyXEL P-330W User’s Guide

Federal Communications

Commission (FCC) Interference

Statement

This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause
undesired operations.

This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.

If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and the receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Notice 1

Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.

Certifications

Go to www.us.zyxel.com

1 Select your product from the drop-down list box on the ZyXEL home page to go to that

product's page.

2 Select the certification you wish to view from this page

3 Federal Communications Commission (FCC) Interference Statement

ZyXEL P-330W User’s Guide

ZyXEL Limited Warranty

ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.

Note

Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.

To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.

Safety Warnings

1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.

2 Do not use this product near water, for example, in a wet basement or near a swimming

pool.

3 Avoid using this product during an electrical storm. There may be a remote risk of

electric shock from lightening.

This product has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.

ZyXEL Limited Warranty 4

ZyXEL P-330W User’s Guide

Please have the following information ready when you contact customer support.

• Product model and serial number.

• Warranty Information.

• Date that you received your device.

• Brief description of the problem and the steps you took to solve it.

Customer Support

METHOD

LOCATION

NORTH
AMERICA

SUPPORT E-MAIL TELEPHONE WEB SITE

SALES E-MAIL FAX FTP SITE

support@zyxel.com +1-800-978-7222

+1-714-632-0882

sales@zyxel.com +1-714-632-0858 ftp.us.zyxel.com

www.us.zyxel.com ZyXEL Communications Inc.

REGULAR MAIL

1130 N. Miller St.
Ana hei m

CA 92806- 2001
U.S.A.

5 Customer Support

ZyXEL P-330W User’s Guide

Table of Contents

Copyright ..................................................................................................................2

Federal Communications Commission (FCC) Interference Statement ............... 3

ZyXEL Limited Warranty.......................................................................................... 4

Customer Support.................................................................................................... 5

Preface ....................................................................................................................18

Chapter 1

Getting to Know Your P-330W............................................................................... 20

1.1 P-330W Internet Security Gateway Overview ....................................................20

1.2 P-330W Features ...............................................................................................20

1.2.1 Physical Features .....................................................................................20

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s) .......20

1.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s) .........................20

1.2.1.3 4-Port Switch ...................................................................................20

1.2.1.4 Time and Date .................................................................................21

1.2.1.5 Reset Button ...................................................................................21

1.2.2 Removable Antenna .................................................................................21

1.2.3 Non-Physical Features .............................................................................21

1.2.3.1 Firewall ............................................................................................21

1.2.3.2 802.11b Wireless LAN Standard .....................................................21

1.2.3.3 802.11g Wireless LAN Standard .....................................................22

1.2.3.4 Packet Filtering ...............................................................................22

1.2.3.5 Universal Plug and Play (UPnP) .....................................................22

1.2.3.6 PPPoE .............................................................................................22

1.2.3.7 PPTP Encapsulation .......................................................................22

1.2.3.8 Dynamic DNS Support ....................................................................22

1.2.3.9 Network Address Translation (NAT) ................................................23

1.2.3.10 Port Forwarding .............................................................................23

1.2.3.11 DHCP (Dynamic Host Configuration Protocol) ..............................23

1.2.3.12 Logging and Tracing ......................................................................23

1.2.3.13 Wireless Association List ..............................................................23

1.3 Applications for the P-330W ...............................................................................23

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem .................23

Table of Contents 6

ZyXEL P-330W User’s Guide

1.3.2 Internet Access Application ......................................................................24

Chapter 2

Introducing the Web Configurator........................................................................ 26

2.1 Web Configurator Overview ...............................................................................26

2.2 Accessing the P-330W Web Configurator ..........................................................26

2.2.1 Navigating the P-330W Web Configurator ................................................27

2.2.2 Navigation Panel .......................................................................................27

Chapter 3

Wizard Setup .......................................................................................................... 30

3.1 Wizard Setup Overview ......................................................................................30

3.2 Wizard Setup: Screen 2 .....................................................................................30

3.2.1 DHCP Client .............................................................................................30

3.2.2 Static IP .....................................................................................................30

3.2.3 PPPoE Encapsulation ...............................................................................31

3.2.4 PPTP Encapsulation .................................................................................32

3.2.5 L2TP Encapsulation ..................................................................................33

3.3 Wizard Setup: Screen 3 .....................................................................................34

3.4 Wizard Setup: Screen 4 .....................................................................................35

3.4.1 No Encryption ...........................................................................................36

3.4.2 WEP Encryption ........................................................................................36

3.4.3 WPA ..........................................................................................................37

3.4.4 WPA2 (AES) .............................................................................................37

3.4.5 WPA2 Mixed .............................................................................................38

3.5 Basic Setup Complete ........................................................................................39

2.2.0.1 Resetting the P-330W .....................................................................26

Chapter 4

System Screens ..................................................................................................... 40

4.1 Setup Wizard ......................................................................................................40

4.2 Operation Mode .................................................................................................40

4.3 LAN Overview ....................................................................................................41

4.3.1 DHCP Setup .............................................................................................42

4.3.2 IP Pool Setup ............................................................................................42

4.3.3 System DNS Servers ................................................................................42

4.3.4 LAN TCP/IP ..............................................................................................42

4.3.5 Factory LAN Defaults ................................................................................42

4.3.6 IP Address and Subnet Mask ...................................................................42

4.3.7 Configuring IP ...........................................................................................42

4.4 Configuring Password ........................................................................................44

4.5 Status Screen .....................................................................................................44

7 Table of Contents

ZyXEL P-330W User’s Guide

Chapter 5

Wireless .................................................................................................................. 46

5.1 Wireless LAN Overview .....................................................................................46

5.1.1 IBSS ..........................................................................................................46

5.1.2 BSS ...........................................................................................................46

5.1.3 ESS ...........................................................................................................47

5.1.4 RTS/CTS .................................................................................................48

5.2 Configuring Wireless ..........................................................................................49

5.3 Basic Settings ....................................................................................................49

5.4 Wireless Advanced Settings ..............................................................................51

5.4.1 Authentication ...........................................................................................51

5.4.2 Preamble Type ..........................................................................................52

5.5 Site Survey .........................................................................................................53

5.6 Wireless Security Overview ...............................................................................53

5.7 Security Parameters Summary ..........................................................................56

5.7.1 WEP Overview ..........................................................................................56

5.7.2 Data Encryption .......................................................................................56

5.7.3 Configuring WEP Encryption ....................................................................56

5.7.4 Introduction to WPA ..................................................................................59

5.7.4.1 User Authentication ........................................................................59

5.7.4.2 Encryption ......................................................................................59

5.7.4.3 WPA-PSK Application Example ......................................................60

5.7.5 Introduction to WPA2 ................................................................................60

5.7.6 Configuring WPA-PSK Authentication ......................................................60

5.7.7 Introduction to RADIUS ...........................................................................62

5.7.7.1 Types of RADIUS Messages ...........................................................62

5.7.7.2 Access-Challenge ...........................................................................62

5.7.7.3 Accounting-Request ........................................................................62

5.7.7.4 Accounting-Response .....................................................................62

5.7.7.5 EAP Authentication Overview .........................................................63

5.7.7.6 WPA with RADIUS Application Example .........................................63

5.7.8 Configuring WPA Authentication ...............................................................64

5.8 WDS Settings .....................................................................................................66

5.9 Wireless Trusted Stations ...................................................................................67

Chapter 6

Advanced Options ................................................................................................. 70

6.1 Access Control ...................................................................................................70

6.2 Dynamic DNS .....................................................................................................71

6.3 Configuring Dynamic DNS .................................................................................72

6.4 DMZ ...................................................................................................................73

6.5 Virtual Servers (Port Forwarding) .......................................................................73

6.5.0.1 Configuring Servers Behind SUA (Example) ..................................74

Table of Contents 8

ZyXEL P-330W User’s Guide

6.5.1 Configuring Virtual Servers .......................................................................75

6.6 Special Applications ...........................................................................................76

6.7 WAN Port ...........................................................................................................77

6.7.1 Static IP Encapsulation .............................................................................77

6.7.2 DHCP IP Encapsulation ............................................................................79

6.7.3 PPPoE Encapsulation ...............................................................................80

6.7.4 PPTP Encapsulation .................................................................................82

6.7.5 L2TP Encapsulation ..................................................................................84

6.8 Ping ....................................................................................................................86

6.9 DoS Setting ........................................................................................................87

6.10 Diagnostics .......................................................................................................88

Chapter 7

Administrator Options ........................................................................................... 90

7.1 Remote Management .........................................................................................90

7.2 Configuration Screen .........................................................................................90

7.2.1 Backup Configuration ...............................................................................91

7.2.2 Restore Configuration ..............................................................................91

7.2.3 Back to Factory Defaults ...........................................................................92

7.3 Logs ...................................................................................................................92

7.4 IP Filtering ..........................................................................................................94

7.5 MAC Filtering .....................................................................................................95

7.6 URL Filtering ......................................................................................................95

7.7 Statistics .............................................................................................................96

7.8 Time Zone Setting ..............................................................................................96

7.9 Upgrade Firmware .............................................................................................97

Appendix A

PPPoE ................................................................................................................... 100

Appendix B

PPTP......................................................................................................................102

Appendix C

Setting up Your Computer’s IP Address............................................................ 106

Appendix D

Wireless LAN and IEEE 802.11 ...........................................................................118

Appendix E

Wireless LAN With IEEE 802.1x .......................................................................... 122

Appendix F

Types of EAP Authentication.............................................................................. 124

Appendix G

9 Table of Contents

ZyXEL P-330W User’s Guide

Antenna Selection and Positioning Recommendation..................................... 126

Appendix H

Open Saftware Announcements......................................................................... 128

Table of Contents 10

ZyXEL P-330W User’s Guide

11 Table of Contents

ZyXEL P-330W User’s Guide

List of Figures

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem ................................ 24

Figure 2 Internet Access Application Example .................................................................... 24

Figure 3 The MAIN MENU Screen of the Web Configurator ............................................... 27

Figure 4 Wizard 2: DHCP Client Encapsulation .................................................................. 30

Figure 5 Wizard 2: Static IP Encapsulation ......................................................................... 31

Figure 6 Wizard 2: PPPoE Encapsulation ........................................................................... 32

Figure 7 Wizard 2: PPTP Encapsulation ............................................................................. 33

Figure 8 Wizard 2: L2TP Encapsulation .............................................................................. 34

Figure 9 Wizard 3: Wireless LAN Basic Setup .................................................................... 35

Figure 10 Wizard 4: Wireless LAN Setup: WEP Security ................................................... 36

Figure 11 Wizard 4: Wireless LAN Setup: WPA Security .................................................... 37

Figure 12 Wizard 4: Wireless LAN Setup: WPA2 Security .................................................. 38

Figure 13 Wizard 4: Wireless LAN Setup: WPA2 Security .................................................. 39

Figure 14 System Screen Menu Options ............................................................................ 40

Figure 15 Operation Mode Setup ....................................................................................... 41

Figure 16 LAN IP Setup ...................................................................................................... 43

Figure 17 Password ............................................................................................................ 44

Figure 18 Status .................................................................................................................. 45

Figure 19 IBSS (Ad-hoc) Wireless LAN .............................................................................. 46

Figure 20 Basic Service set ................................................................................................ 47

Figure 21 Extended Service Set ......................................................................................... 48

Figure 22 RTS/CTS ............................................................................................................ 48

Figure 23 The Wireless Options Screen ............................................................................ 49

Figure 24 Wireless: Basic Settings .................................................................................... 50

Figure 25 WEP Authentication Steps .................................................................................. 51

Figure 26 Wireless: Advanced Settings ............................................................................. 52

Figure 27 Wireless: Site Survey .......................................................................................... 53

Figure 28 P-330W Wireless Security Levels ....................................................................... 54

Figure 29 Wireless Security Setup: No Security ................................................................. 55

Figure 30 Wireless Security Setup: WEP Encryption ......................................................... 57

Figure 31 Wireless Security Setup: WEP Encryption ......................................................... 58

Figure 32 WPA - PSK Authentication .................................................................................. 60

Figure 33 Wireless Security Setup: WPA-PSK ................................................................... 61

Figure 34 EAP Authentication ............................................................................................. 63

Figure 35 WPA with RADIUS Application Example ............................................................ 64

Figure 36 Wireless Security Setup: WPA With RADIUS ..................................................... 65

List of Figures 12

ZyXEL P-330W User’s Guide

Figure 37 Wireless: WDS Settings ...................................................................................... 66

Figure 38 Wireless: Trusted Stations MAC Address Filter .................................................. 68

Figure 39 The Advanced Menu Options ............................................................................. 70

Figure 40 Advanced: Access Control .................................................................................. 71

Figure 41 Advanced: Dynamic DNS ................................................................................... 72

Figure 42 Advanced: DMZ .................................................................................................. 73

Figure 43 Multiple Servers Behind NAT Example ............................................................... 75

Figure 44 Advanced: Virtual Servers .................................................................................. 75

Figure 45 Advanced: Special Applications .......................................................................... 77

Figure 46 Advanced: WAN Static IP Encapsulation ............................................................ 78

Figure 47 Advanced: WAN DHCP IP Encapsulation ........................................................... 79

Figure 48 Advanced: WAN PPPoE Encapsulation .............................................................. 81

Figure 49 Advanced: WAN PPTP Encapsulation ................................................................ 83

Figure 50 Advanced: WAN L2TP Encapsulation ................................................................. 85

Figure 51 Advanced: Ping ................................................................................................... 87

Figure 52 Advanced: DoS ................................................................................................... 88

Figure 53 Advanced: Diagnostic ......................................................................................... 89

Figure 54 Administrator: Remote Management .................................................................. 90

Figure 55 Administrator: Configuration File ......................................................................... 91

Figure 56 Temporarily Disconnected ................................................................................... 92

Figure 57 Administrator: Logs ............................................................................................. 93

Figure 58 Administrator: IP Filtering .................................................................................... 94

Figure 59 Administrator: MAC Filtering ............................................................................... 95

Figure 60 Administrator: URL Filtering ................................................................................ 96

Figure 61 Administrator: Time Zone Setting ........................................................................ 97

Figure 62 Administrator: Upgrade Firmware ....................................................................... 98

Figure 63 Upload Warning .................................................................................................. 98

Figure 64 Network Temporarily Disconnected .................................................................... 99

Figure 65 Single-Computer per Router Hardware Configuration ........................................ 101

Figure 66 P-330W as a PPPoE Client ................................................................................ 101

Figure 67 Transport PPP frames over Ethernet ................................................................. 102

Figure 68 PPTP Protocol Overview .................................................................................... 103

Figure 69 Example Message Exchange between Computer and an ANT .......................... 104

Figure 70 WIndows 95/98/Me: Network: Configuration ....................................................... 107

Figure 71 Windows 95/98/Me: TCP/IP Properties: IP Address ........................................... 108

Figure 72 Windows 95/98/Me: TCP/IP Properties: DNS Configuration .............................. 109

Figure 73 Windows XP: Start Menu .................................................................................... 110

Figure 74 Windows XP: Control Panel ................................................................................ 110

Figure 75 Windows XP: Control Panel: Network Connections: Properties ......................... 111

Figure 76 Windows XP: Local Area Connection Properties ................................................ 111

Figure 77 Windows XP: Advanced TCP/IP Settings ........................................................... 112

Figure 78 Windows XP: Internet Protocol (TCP/IP) Properties ........................................... 113

Figure 79 Macintosh OS 8/9: Apple Menu .......................................................................... 114

13 List of Figures

ZyXEL P-330W User’s Guide

Figure 80 Macintosh OS 8/9: TCP/IP .................................................................................. 115

Figure 81 Macintosh OS X: Apple Menu ............................................................................. 115

Figure 82 Macintosh OS X: Network ................................................................................... 116

Figure 83 Peer-to-Peer Communication in an Ad-hoc Network .......................................... 119

Figure 84 ESS Provides Campus-Wide Coverage ............................................................. 120

Figure 85 Sequences for EAP MD5–Challenge Authentication .......................................... 123

List of Figures 14

ZyXEL P-330W User’s Guide

15 List of Figures

ZyXEL P-330W User’s Guide

List of Tables

Table 1 IEEE 802.11b ......................................................................................................... 21

Table 2 IEEE 802.11g ......................................................................................................... 22

Table 3 Screens Summary ................................................................................................. 28

Table 4 Wizard 2: Ethernet Encapsulation ......................................................................... 31

Table 5 Wizard 2: PPPoE Encapsulation ........................................................................... 32

Table 6 Wizard 2: PPTP Encapsulation ............................................................................. 33

Table 7 Wizard 2: L2TP Encapsulation .............................................................................. 34

Table 8 Wizard 3: Wireless LAN Basic Setup .................................................................... 35

Table 9 Wizard 4: Wireless LAN Setup: WEP Security ...................................................... 36

Table 10 Wizard 4: Wireless LAN Setup: WPA Security .................................................... 37

Table 11 Wizard 4: Wireless LAN Setup: WPA2 Security ................................................... 38

Table 12 Wizard 4: Wireless LAN Setup: WPA2 Security .................................................. 39

Table 13 System General Setup ........................................................................................ 41

Table 14 LAN IP Setup ....................................................................................................... 43

Table 15 Password .............................................................................................................44

Table 16 Status ................................................................................................................... 45

Table 17 Wireless: Basic Settings ...................................................................................... 50

Table 18 Wireless: Advanced Settings ............................................................................... 52

Table 19 Wireless Security Setup: No Security .................................................................. 55

Table 20 Wireless Security Relational Matrix ..................................................................... 56

Table 21 Wireless Security Setup: Static WEP Encryption ................................................ 57

Table 22 Wireless Security Setup: WEP Encryption ......................................................... 58

Table 23 Wireless Security Setup: WPA-PSK .................................................................... 61

Table 24 Wireless Security Setup: WPA ............................................................................ 65

Table 25 Wireless: WDS Settings ...................................................................................... 66

Table 26 Wireless: Trusted Stations MAC Address Filter ................................................... 68

Table 27 Advanced: Access Control .................................................................................. 71

Table 28 Advanced: Dynamic DNS .................................................................................... 72

Table 29 Advanced: DMZ ................................................................................................... 73

Table 30 Services and Port Numbers ................................................................................. 74

Table 31 Advanced: Virtual Servers ................................................................................... 75

Table 32 Advanced: Special Applications ........................................................................... 77

Table 33 Advanced: WAN Static IP Encapsulation ............................................................. 78

Table 34 Advanced: WAN DHCP IP Encapsulation ........................................................... 79

Table 35 PPPoE Encapsulation ......................................................................................... 81

Table 36 Advanced: WAN PPTP Encapsulation ................................................................ 83

List of Tables 16

ZyXEL P-330W User’s Guide

Table 37 Advanced: WAN L2PT Encapsulation ................................................................. 85

Table 38 Advanced: Ping ................................................................................................... 87

Table 39 Advanced: DoS .................................................................................................... 88

Table 40 Advanced: Diagnostic .......................................................................................... 89

Table 41 Administrator: Remote Management ................................................................... 90

Table 42 Maintenance Restore Configuration .................................................................... 91

Table 43 Administrator: Remote Management ................................................................... 93

Table 44 Administrator: IP Filtering .................................................................................... 94

Table 45 Administrator: MAC Filtering ................................................................................ 95

Table 46 Administrator: URL Filtering ................................................................................ 96

Table 47 Administrator: Time Zone Setting ........................................................................ 97

Table 48 Administrator: Upgrade Firmware ........................................................................ 98

Table 49 Comparison of EAP Authentication Types ........................................................... 125

17 List of Tables

ZyXEL P-330W User’s Guide

Preface

Congratulations on your purchase of the P-330W, 802.11g Secure Wireless Internet Sharing
Router. This manual is designed to guide you through the configuration of your P-330W for its
various applications.

This manual may refer to the P-330W or 802.11g Secure Wireless Internet Sharing Router as
the router.

Note: Register your product online to receive e-mail notices of
firmware upgrades and information at

About This User's Guide

This User’s Guide is designed to guide you through the configuration of your P-330W using
the web configurator(GUI). The web configurator parts of this guide contain background
information on features configurable by web configurator.

www.us.zyxel.com.

Related Documentation

• Support Disk

Refer to the included CD for support documents.

• Quick Start Guide

The Quick Start Guide is designed to help you get up and running right away. They
contain connection information and instructions on getting started.

• ZyXEL Glossary and Web Site

Please refer to www.us.zyxel.com for an online glossary of networking terms and
additional support documentation.

User Guide Feedback

Help us help you! E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com

Syntax Conventions

• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choices.

• Mouse action sequences are denoted using a comma. For example, “click the Apple icon,
Control Panels and then Modem” means first click the Apple icon, then point your
mouse pointer to Control Panels and then click Modem.

• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for
“that is” or “in other words” throughout this manual.

Preface 18

ZyXEL P-330W User’s Guide

Graphics Icons Key

P-330W Computer Notebook computer

Server DSLAM Firewall

Modem Switch Router

Wireless Signal

19 Preface

ZyXELP-330W User’s Guide

CHAPTER 1

Getting to Know Your P-330W

This chapter introduces the main features and applications of the P-330W.

1.1 P-330W Internet Security Gateway Overview

The P-330W is the ideal secure gateway for all data passing between the Internet and LAN’s.

By integrating NAT, firewall, wireless access point and 4-port switch, ZyXEL’s P-330W is a
complete security solution that protects your Intranet and efficiently manages data traffic on
your network.

The embedded web configurator is easy to operate.

1.2 P-330W Features

The following sections describe P-330W features..

1.2.1 Physical Features

1.2.1.1 10/100M Auto-negotiating Ethernet/Fast Ethernet Interface(s)

This auto-negotiation feature allows the P-330W to detect the speed of incoming
transmissions and adjust appropriately without manual intervention. It allows data transfer of
either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your
Ethernet network.

1.2.1.2 Auto-crossover 10/100 Mbps Ethernet Interface(s)

These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.

1.2.1.3 4-Port Switch

A combination of switch and router makes your P-330W a cost-effective and viable network
solution. You can add up to four computers to the P-330W without the cost of a hub. Add
more than four computers to your LAN by using a hub.

Chapter 1 Getting to Know Your P-330W 20

ZyXEL P-330W User’s Guide

1.2.1.4 Time and Date

The P-330W allows you to get the current time and date from an external server when you turn
on your P-330W. You can also set the time manually.

1.2.1.5 Reset Button

The P-330W reset button is built into the rear panel. You can use this button to either cause the
P-330W to reboot, or to reset the P-330W to factor defaults. Use this button to restore the
factory default password to 1234; IP address to 192.168.10.1, subnet mask to 255.255.255.0
and DHCP server enabled with a pool of 32 IP addresses starting at 192.168.10.33. For further
instructions see Chapter 2.

1.2.2 Removable Antenna

The P-330W antenna uses an RP-SMA connection to attach to the P-330W. It is possible to
remove the antenna and replace it with another antenna that offers different performance
characteristics.

1.2.3 Non-Physical Features

1.2.3.1 Firewall

The P-330W is a home firewall with DoS (Denial of Service) protection. By default, all
incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN.

1.2.3.2 802.11b Wireless LAN Standard

The P-330W, complies with the 802.11b wireless standard.

The 802.11b data rate and corresponding modulation techniques are as follows. The
modulation technique defines how bits are encoded onto radio waves.

Table 1 IEEE 802.11b

DATA RATE (KBPS) MODULATION

1 DBPSK (Differential Binary Phase Shift Keyed)

2 DQPSK (Differential Quadrature Phase Shift Keying)

5.5 / 11 CCK (Complementary Code Keying)

Note: The P-330W may be prone to RF (Radio Frequency)
interference from other 2.4 GHz devices such as microwave
ovens, wireless phones, Bluetooth enabled devices, and other
wireless LANs

21 Chapter 1 Getting to Know Your P-330W

1.2.3.3 802.11g Wireless LAN Standard

The P-330W, complies with the 802.11g wireless standard and is also fully compatible with
the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g
device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several
intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate
and modulation are as follows:

Table 2 IEEE 802.11g

DATA RATE (MBPS) MODULATION

6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing)

1.2.3.4 Packet Filtering

The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.

1.2.3.5 Universal Plug and Play (UPnP)

ZyXELP-330W User’s Guide

Using the standard TCP/IP protocol, the P-330W and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.

1.2.3.6 PPPoE

PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high­speed data networks via a familiar "dial-up networking" user interface.

1.2.3.7 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.

PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet. The P-330W supports one PPTP server connection at any given
time.

1.2.3.8 Dynamic DNS Support

With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for
a dynamic IP address, allowing the host to be more easily accessible from various locations on
the Internet. You must register for this service with a Dynamic DNS service provider.

Chapter 1 Getting to Know Your P-330W 22

ZyXEL P-330W User’s Guide

1.2.3.9 Network Address Translation (NAT)

Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).

1.2.3.10 Port Forwarding

Use this feature to forward incoming service requests to a server on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server.

1.2.3.11 DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The P-330W has
built-in DHCP server capability, enabled by default, which means it can assign IP addresses,
an IP default gateway and DNS servers to all systems that support the DHCP client.

1.2.3.12 Logging and Tracing

•System Logs

• Wireless Logs

•DoS Logs

1.2.3.13 Wireless Association List

With the Wireless Association List, you can see the list of the wireless stations that are
currently using the P-330W to access your wired network.

1.3 Applications for the P-330W

Here are some examples of what you can do with your P-330W.

1.3.1 Secure Broadband Internet Access via Cable or DSL Modem

You can connect a cable modem, DSL or wireless modem to the P-330W for broadband
Internet access via an Ethernet or a wireless port on the modem. The P-330W guarantees not
only high speed Internet access, but secure internal network protection and traffic management
as well.

23 Chapter 1 Getting to Know Your P-330W

Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem

1.3.2 Internet Access Application

Add a wireless LAN to your existing network without expensive network cables. Wireless
stations can move freely anywhere in the coverage area and use resources on the wired
network.

ZyXELP-330W User’s Guide

Figure 2 Internet Access Application Example

Chapter 1 Getting to Know Your P-330W 24

ZyXEL P-330W User’s Guide

25 Chapter 1 Getting to Know Your P-330W

Introducing the Web

This chapter describes how to access the P-330W web configurator and provides an overview
of its screens.

2.1 Web Configurator Overview

The embedded web configurator allows you to manage the P-330W from anywhere through a
browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0
and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is
recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see
in the web configurator may vary somewhat from the ones shown in this document due to
differences between individual P-330W models or firmware versions.

ZyXELP-330W User’s Guide

CHAPTER 2

Configurator

2.2 Accessing the P-330W Web Configurator

1 Make sure your P-330W hardware is properly connected and prepare your computer/

computer network to connect to the P-330W (refer to the Quick Start Guide).

2 Launch your web browser.

3 Type "192.168.10.1" as the URL.

4 Type “admin” as the User Name

5 Type "1234" (default) as the password.

6 Click OK to login.

You should now see the MAIN MENU screen)

Note: The management session automatically times out when
there has been no activity for several minutes. Simply log back
into the P-330W if this happens to you.

2.2.0.1 Resetting the P-330W

If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the P-330W to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.

Chapter 2 Introducing the Web Configurator 26

ZyXEL P-330W User’s Guide

2.2.0.1.1 Procedure To Use The Reset Button

1 Make sure the PWR LED is on (not blinking).

2 Press the RESET button for approximately ten seconds or until the PWR LED begins to

blink and then release it. When the PWR LED begins to blink, the defaults have been
restored and the P-330W restarts. (If you press the RESET button for less than 5 seconds,
the P-330W will reboot, but will not reset the configuration).

2.2.1 Navigating the P-330W Web Configurator

The following summarizes how to navigate the web configurator from the SITE MAP screen.

• Click SETUP WIZARD for initial configuration including general setup, Wireless LAN
Setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address
assignment.

• Click a link under WIRELESS to configure wireless settings.

• Click a link under ADVANCED to configure advanced P-330W features.

• Click LOGOUT at any time to exit the web configurator.

• Click ADMINISTRATOR to view information about your P-330W or upgrade
configuration/firmware files. Administrator includes Statistics, Remote Management,
Upgrade Firmware, Config File (Backup, Restore, Defaults) and Time Zone Settings.

Figure 3 The MAIN MENU Screen of the Web Configurator

2.2.2 Navigation Panel

After you log in, use the sub-menus on the navigation panel to configure P-330W features.

27 Chapter 2 Introducing the Web Configurator

ZyXELP-330W User’s Guide

The following table describes the sub-menus.

Table 3 Screens Summary

LINK TAB FUNCTION

SETUP WIZARD Use these screens for initial configuration including general

setup, Wireless LAN setup, ISP parameters for Internet Access
and WAN IP/DNS Server/MAC address assignment.

OPERATION
MODE

LAN Use this screen to configure you LAN, including default IP

PAS SWOR D Use this screen to change your password.

STATUS This screen contains administrative and system-related

WIRELESS Basic Settings Use this screen to configure the wireless LAN.

Advanced
Settings

Security Use this screen to configure wireless encryption and

Trusted Stations Use this screen to set up MAC address filtering for WLAN clients.

ADVANCED Access Control Use this screen to set up packet filtering policies.

Dynamic DNS Use this screen to configure dynamic DNS service settings.

DMZ Use this screen to isolate a specific device from the rest of the

Virtual Servers Use this screen to configure servers behind the P-330W.

Special
Applications

ALG Use this screen to selection which applications require special

WAN Port Use this screen to change your P-330W’s WAN ISP settings.

Ping Use this screen to verify network connectivity.

DoS Settings Use this screen to configure Denial of Service settings.

Diagnostics Use this page to look up DNS information.

Administrator Remote

Management

Config File Use this screen to backup and restore the configuration or reset

Logs Use this screen to change your P-330W’s log settings and to

IP Filtering Use this page to configure a list of IP addresses that the router

MAC Filtering Use the MAC filter screen to configure the P-330W to block

URL Filtering This screen allows you to block sites containing certain web sites

Use this screen to switch the P-330W between gateway, bridge,
and wireless client mode.

address of the P-330W, LAN DHCP, and viewing current DHCP
clients.

information.

Use this screen to configured advanced wireless system
behavior.

authorization settings.

network.

Use this screen to change your P-330W’s trigger port settings.

NAT rules.

Use this page to allow remote clients to manage the P-330W.

the factory defaults to your P-330W.

view the logs for the categories that you selected.

will not allow traffic to or from.

access to devices or block the devices from accessing the P­330W.

based on their URL.

Chapter 2 Introducing the Web Configurator 28

ZyXEL P-330W User’s Guide

Table 3 Screens Summary

LINK TAB FUNCTION

Administrator Stat istics This screen contains administrative and system-related

LOG OUT Click this label to exit the web configurator.

Time Zone
Setting

Upgrade
Firmware

information.

Use this screen to change your P-330W’s time and date or
enable NTP server use.

Use this screen to upload firmware to your P-330W.

29 Chapter 2 Introducing the Web Configurator

This chapter provides information on the Wizard Setup screens in the web configurator.

3.1 Wizard Setup Overview

The web configurator’s setup wizard helps you configure your device to access the Internet.
The second screen has five variations depending on what encapsulation type you use. Refer to
your ISP checklist in the Quick Start Guide to know what to enter in each field. Leave a field
blank if you don’t have that information.

The fifth wizard screen varies according to the type of encapsulation that you select in the
third wizard screen.

ZyXELP-330W User’s Guide

CHAPTER 3

Wizard Setup

3.2 Wizard Setup: Screen 2

The P-330W offers five choices of encapsulation. They are DHCP Client, Static IP,
PPP over Ethernet, L2TP or PPTP.

3.2.1 DHCP Client

Choose DHCP Client when the WAN port is used as regular Ethernet and your ISP assigns
you an IP address via DHCP.

Figure 4 Wizard 2: DHCP Client Encapsulation

3.2.2 Static IP

Choose Static IP when the WAN port is used as regular Ethernet and your ISP assigns you a
fixed IP address.

Chapter 3 Wizard Setup 30

ZyXEL P-330W User’s Guide

Figure 5 Wizard 2: Static IP Encapsulation

The following table describes the labels in this screen.

Table 4 Wizard 2: Ethernet Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

IP Address The fixed IP address should be in the same subnet as your broadband modem or

router. This should be provided to you by your ISP

Subnet Mask Enter a Subnet Mask appropriate to your network.

Default Gateway Enter the Gateway IP Address of the neighboring device, if you know it. If you do

not, leave the Gateway IP Address field blank.

DNS DNS (Domain Name System) is for mapping a domain name to its corresponding

Cancel Click Cancel to abort the setup wizard.

Back Click Back to return to the previous screen.

Next Click Next to continue.

IP address and vice versa. The DNS server is extremely important because
without it, you must know the IP address of a computer before you can access it.
Enter your DNS Server IP address here.

3.2.3 PPPoE Encapsulation

Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) draft standard specifying how a host personal
computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to
achieve access to high-speed data networks.

For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for instance, Radius). For the user, PPPoE provides a login
and authentication method that the existing Microsoft Dial-Up Networking software can
activate, and therefore requires no new learning or procedures for Windows users.

31 Chapter 3 Wizard Setup

ZyXELP-330W User’s Guide

One of the benefits of PPPoE is the ability to let end users access one of multiple network
services, a function known as dynamic service selection. This enables the service provider to
easily create and offer new IP services for specific users.

Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it
requires no specific configuration of the broadband modem at the subscriber’s site.

By implementing PPPoE directly on the P-330W (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the P-330W does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.

Refer to the appendix for more information on PPPoE.

Figure 6 Wizard 2: PPPoE Encapsulation

The following table describes the labels in this screen.

Table 5 Wizard 2: PPPoE Encapsulation

LABEL DESCRIPTION

ISP Parameter for Internet Access

User Name Type the user name given to you by your ISP.

Password Type the password associated with the user name above.

Cancel Click Cancel to abort the setup wizard.

Next Click Next to continue.

Back Click Back to return to the previous screen.

3.2.4 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.

PPTP supports on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet.

Chapter 3 Wizard Setup 32

ZyXEL P-330W User’s Guide

Refer to the appendix for more information on PPTP.

Figure 7 Wizard 2: PPTP Encapsulation

Note: The P-330W supports one PPTP server connection at

any given time.

The following table describes the fields in this screen

Table 6 Wizard 2: PPTP Encapsulation

LABEL DESCRIPTION

ISP Parameters for Internet Access

IP Address Type the (static) IP address assigned to you by your ISP.

IP Subnet Mask Type the subnet mask assigned to you by your ISP.

Default Gateway Type the default gateway assigned to you by your ISP.

Server IP Address Type the IP address of the PPTP server.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Cancel Click Cancel to abort the setup wizard.

Back Click Back to return to the previous screen.

Next Click Next to continue.

3.2.5 L2TP Encapsulation

Layer Two Tunneling Protocol (L2TP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.

33 Chapter 3 Wizard Setup

Figure 8 Wizard 2: L2TP Encapsulation

ZyXELP-330W User’s Guide

The following table describes the fields in this screen

Table 7 Wizard 2: L2TP Encapsulation

LABEL DESCRIPTION

Attain IP
Automatically

Set IP Manually Select this if your ISP has assigned you a fixed IP address.

IP Address Type the (static) IP address assigned to you by your ISP.

IP Subnet Mask Type the subnet mask assigned to you by your ISP.

Default Gateway Type the default gateway assigned to you by your ISP.

Server IP Address Type the IP address of the L2TP server.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Cancel Click Cancel to abort the setup wizard.

Back Click Back to return to the previous screen.

Next Click Next to continue.

Select this if your ISP automatically assigns you an IP Address.

3.3 Wizard Setup: Screen 3

Set up the basics of your wireless LAN using the third wizard screen.

Chapter 3 Wizard Setup 34

ZyXEL P-330W User’s Guide

Figure 9 Wizard 3: Wireless LAN Basic Setup

The following table describes the labels in this screen.

Table 8 Wizard 3: Wireless LAN Basic Setup

LABEL DESCRIPTION

Band Choose the operating mode of your wireless access point. 2.4Ghz (B+G) offers the

SSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless

Channel
Number

Disable
Access Point

Cancel Click Cancel to abort the setup wizard.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

greatest compatibility. 2.4 GHz (B) will only allow 802.11b clients to connect to the
wireless LAN. 2.4 GHz (G) will only allow 802.11g clients to connect to the wireless
LAN.

LAN.
If you change this field on the P-330W, make sure all wireless stations use the same

SSID in order to access the network.

To manually set the P-330W to use a channel, select a channel from the drop-down list
box.

Select this check box to disable the wireless LAN capabilities of your P-330W.

Note: The wireless stations and P-330W must use the same
SSID, channel ID and encryption key (if encryption is enabled)
for wireless communication

3.4 Wizard Setup: Screen 4

There are 5 different versions of this page depending on what method of encryption you want
to enable on your wireless LAN.

35 Chapter 3 Wizard Setup

3.4.1 No Encryption

Choose None to allow the WLAN to operate without encryption. Warning: With no
encryption enabled anyone will be able to access your network and view any data you send
over the wireless LAN.

3.4.2 WEP Encryption

Choose WEP to setup WEP Encryption parameters.

Figure 10 Wizard 4: Wireless LAN Setup: WEP Security

ZyXELP-330W User’s Guide

The following table describes the labels in this screen.

Table 9 Wizard 4: Wireless LAN Setup: WEP Security

LABEL DESCRIPTION

Key Length Select 64-bit WEP or 128-bit WEP data encryption.

Key Format Select ASCII in order to enter ASCII characters as the WEP keys.

Select Hex to enter hexadecimal characters as the WEP keys.

Default Tx Key This key refers to which key below will be used as the default key.

Key 1 to Key 4 The WEP keys are used to encrypt data. Both the P-330W and the wireless stations

must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal

characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal

characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.

The default key is key 1.

Chapter 3 Wizard Setup 36

ZyXEL P-330W User’s Guide

Table 9 Wizard 4: Wireless LAN Setup: WEP Security

LABEL DESCRIPTION

Cancel Click Cancel to abort the setup wizard.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

3.4.3 WPA

Choose WPA security in the Wireless LAN Setup screen to set up a Pre-Shared Key using
TKIP or AES encryption.

Figure 11 Wizard 4: Wireless LAN Setup: WPA Security

The following table describes the labels in this screen.

Table 10 Wizard 4: Wireless LAN Setup: WPA Security

LABEL DESCRIPTION

WPA Format You can choose to enter the pre-shared key manually in HEX format or use a

Pre-Shared
Key

Cancel Click Cancel to abort the setup wizard.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

3.4.4 WPA2 (AES)

Choose WPA2 (AES) security in the Wireless LAN Setup screen to set up a Pre-Shared Key
using AES encryption.

passphrase. Note, many client devices only allow entry via passphrase.

For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.

37 Chapter 3 Wizard Setup

Figure 12 Wizard 4: Wireless LAN Setup: WPA2 Security

The following table describes the labels in this screen.

Table 11 Wizard 4: Wireless LAN Setup: WPA2 Security

LABEL DESCRIPTION

ZyXELP-330W User’s Guide

WPA Format You can choose to enter the pre-shared key manually in HEX format or use a

Pre-Shared
Key

Cancel Click Cancel to abort the setup wizard.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

3.4.5 WPA2 Mixed

Choose WPA2 Mixed security in the Wireless LAN Setup screen to set up a Pre-Shared Key
using both TKIP and AES encryption. This allows both WPA and WPA2 clients to connect.

passphrase. Note, many client devices only allow entry via passphrase.

For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.

Chapter 3 Wizard Setup 38

ZyXEL P-330W User’s Guide

Figure 13 Wizard 4: Wireless LAN Setup: WPA2 Security

The following table describes the labels in this screen.

Table 12 Wizard 4: Wireless LAN Setup: WPA2 Security

LABEL DESCRIPTION

WPA Format You can choose to enter the pre-shared key manually in HEX format or use a

Pre-Shared
Key

Cancel Click Cancel to abort the setup wizard.

Back Click Back to display the previous screen.

Next Click Next to proceed to the next screen.

passphrase. Note, many client devices only allow entry via passphrase.

For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.

3.5 Basic Setup Complete

Click Finish to complete the wizard setup and save your configuration.

Well done! You have successfully set up your P-330W to operate on your network and access
the Internet

39 Chapter 3 Wizard Setup

ZyXEL P-330W User’s Guide

CHAPTER 4

System Screens

This chapter provides information on the options configurable from the main System screens.

Figure 14 System Screen Menu Options

4.1 Setup Wizard

See the Setup Wizard chapter for more information on this selection.

4.2 Operation Mode

Click Operation Mode to open the Operation Mode screen.

Chapter 4 System Screens 40

ZyXEL P-330W User’s Guide

Figure 15 Operation Mode Setup

The following table describes the labels in this screen.

Table 13 System General Setup

LABEL DESCRIPTION

Gateway This is the standard operating mode. The P-330W takes on all the usual roles of

Bridge Select this to turn your P-330W into a pure bridge, directly linking all computers

Wireless ISP In this mode, the wireless LAN is disabled and instead the wireless module is acts

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

4.3 LAN Overview

Local Area Network (LAN) is a shared communication system to which many computers are
attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses,
and partition your physical network into logical networks.

a home router, including NAT, DHCP Server, and Firewall.

on your network to the WAN. In this mode, you have no protection from Internet
based threats.

as a client to connect to a Wireless ISP. All the normal router functions are
enabled.

41 Chapter 4 System Screens

4.3.1 DHCP Setup

DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the P­330W as a DHCP server or disable it. When configured as a server, the P-330W provides the
TCP/IP configuration for the clients. If DHCP service is disabled, you must have another
DHCP server on your LAN, or else the computer must be manually configured.

4.3.2 IP Pool Setup

The P-330W is pre-configured with a pool of 33 IP addresses starting from 192.168.10.33 to

192.168.10.65. This configuration leaves 32 IP addresses (excluding the P-330W itself) in the
lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc.,
that you may have.

4.3.3 System DNS Servers

Refer to the IP Address and Subnet Mask section in the Setup Wizard chapter.

ZyXEL P-330W User’s Guide

4.3.4 LAN TCP/IP

The P-330W has built-in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.

4.3.5 Factory LAN Defaults

The LAN parameters of the P-330W are preset in the factory with the following values:

• IP address of 192.168.10.1 with subnet mask of 255.255.255.0 (24 bits)

• DHCP server enabled with 33 client IP addresses starting from 192.168.10.33.

These parameters should work for the majority of installations. If your ISP gives you explicit
DNS server address(es), read the embedded web configurator help regarding what fields need
to be configured.

4.3.6 IP Address and Subnet Mask

Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this
information.

4.3.7 Configuring IP

Click LAN to open the IP screen.

Chapter 4 System Screens 42

ZyXEL P-330W User’s Guide

Figure 16 LAN IP Setup

The following table describes the labels in this screen.

Table 14 LAN IP Setup

LABEL DESCRIPTION

IP Address Type the IP address of your P-330W in dotted decimal notation 192.168.10.1

IP Subnet Mask The subnet mask specifies the network number portion of an IP address. Your P-

DHCP DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows

DHCP Client Range This field specifies the contiguous addresses in the IP address pool.

Show DHCP Client Push this button opens a new window which will show you a list of the clients that

MAC Address Type the MAC address of computer which you want to assign specific IP on you

Lease IP Address Type the IP address that you want to assign the computer on your LAN.

Save Click Apply to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

(factory default).

330W will automatically calculate the subnet mask based on the IP address that
you assign. Unless you are implementing subnetting, use the subnet mask
computed by the P-330W 255.255.255.0.

individual clients (computers) to obtain TCP/IP configuration at startup from a
server. Choose Server box selected unless your ISP instructs you to do
otherwise. Choose Disabled the P-330W acting as a DHCP server. When
configured as a server, the P-330W provides TCP/IP configuration for the clients.
If not, DHCP service is disabled and you must have another DHCP server on
your LAN, or else the computers must be manually configured. When set as a
server, fill in the following four fields.

have recieved an IP address from the internal DHCP server.

LAN.

43 Chapter 4 System Screens

4.4 Configuring Password

To change your P-330W’s password (recommended), click the Password tab. The screen
appears as shown. This screen allows you to change the P-330W’s password.

Figure 17 Password

The following table describes the labels in this screen.

Table 15 Password

ZyXEL P-330W User’s Guide

LABEL DESCRIPTION

New Password Type the new password in this field. The password is case sensitive and may

Confirmed Password Type the new password again in this field.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

4.5 Status Screen

Click STATUS to open the Status screen, which you can use to monitor your P-330W. Note
that these fields are READ-ONLY and only for diagnostic purposes.

be up to 36 characters long.

Chapter 4 System Screens 44

ZyXEL P-330W User’s Guide

Figure 18 Status

The following table describes the labels in this screen.

Table 16 Status

LABEL DESCRIPTION

Connection
Method

Internet IP Address This is the WAN port IP address.

Connection Details This button opens a new window that provides you with more detail on the WAN

LAN

IP Address This is the LAN port IP address.

IP Subnet Mask This is the LAN port subnet mask.

DHCP Server This is the LAN port DHCP role - Server (ON) or Disabled.

System

Firmware Version Displays the current version number of the firmware on the P-330W.

System Data Provides a greater level of detail on your current system configuration.

Refresh Screen Causes the P-330W to refresh the screen with the latest information.

This is the method you have selected for connection to the Internet. You can
change it using the Setup Wizard.

connection.

45 Chapter 4 System Screens

This chapter discusses how to configure the Wireless screens on the P-330W.

5.1 Wireless LAN Overview

This section introduces the wireless LAN(WLAN) and some basic scenarios.

5.1.1 IBSS

An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest
WLAN configuration. An IBSS is defined as two or more computers with wireless adapters
within range of each other that from an independent (wireless) network without the need of an
access point (AP).

ZyXEL P-330W User’s Guide

CHAPTER 5

Wireless

Figure 19 IBSS (Ad-hoc) Wireless LAN

5.1.2 BSS

A Basic Service Set (BSS) exists when all communications between wireless stations or
between a wireless station and a wired network client go through one access point (AP).

Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled,
wireless station A and B can access the wired network and communicate with each other.
When Intra-BSS is disabled, wireless station A and B can still access the wired network but
cannot communicate with each other.

Chapter 5 Wireless 46

ZyXEL P-330W User’s Guide

Figure 20 Basic Service set

5.1.3 ESS

An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification)
uniquely identifies each ESS. All access points and their associated wireless stations within
the same ESS must have the same ESSID in order to communicate.

47 Chapter 5 Wireless

Figure 21 Extended Service Set

ZyXEL P-330W User’s Guide

5.1.4 RTS/CTS

A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot “hear” each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.

Figure 22 RTS/CTS

When station A sends data to the P-330W, it might not know that station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.

Chapter 5 Wireless 48

ZyXEL P-330W User’s Guide

5.2 Configuring Wireless

Note: If you are configuring the P-330W from a computer

connected to the wireless LAN and you change the P-330W’s
SSID or WEP settings, you will lose your wireless connection
when you press Save. You must then change the wireless
settings of your computer to match the P-330W’s new settings.

Click the WIRELESS link to open the Wireless Options screen.

Figure 23 The Wireless Options Screen

5.3 Basic Settings

Click BASIC SETTINGS to configure the basic settings of your wireless LAN.

49 Chapter 5 Wireless

ZyXEL P-330W User’s Guide

Figure 24 Wireless: Basic Settings

The following table describes the basic wireless LAN labels in this screen.

Table 17 Wireless: Basic Settings

LABEL DESCRIPTION

Disable Access
Point

Band Choose the operating mode of your wireless access point. 2.4Ghz (B+G) offers the

Mode Mode allows you to change the wireless behavior of the P-330W. AP allows wireless

Network Type Used when operating in Client mode. This allows you to switch between

SSID (Service Set IDentity) The SSID identifies the Service Set with which a wireless

Select this check box to disable the wireless LAN capabilities of your P-330W.

greatest compatibility. 2.4 GHz (B) will only allow 802.11b clients to connect to the
wireless LAN. 2.4 GHz (G) will only allow 802.11g clients to connect to the wireless
LAN.

clients to connect to the P-330W. Client mode activates the Wireless ISP mode of
the router. Use this mode to connect to a WISP or metro-area wireless network.

Infrastructure and Ad Hoc networking modes.

station is associated. Wireless stations associating to the access point (AP) must
have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII
characters) for the wireless LAN.

Note: If you are configuring the P-330W from a computer connected
to the wireless LAN and you change the P-330W’s SSID or WEP
settings, you will lose your wireless connection when you press Apply
to confirm. You must then change the wireless settings of your
computer to match the P-330W’s new settings.

Channel
Number

Associated
Clients

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

To manually set the P-330W to use a channel, select a channel from the drop-down
list box.

Click Show Active Clients to be shown a list of wireless clients currently connected
to the Wireless LAN

Chapter 5 Wireless 50

ZyXEL P-330W User’s Guide

5.4 Wireless Advanced Settings

Click ADVANCED SETTINGS to configure the advanced settings of your wireless LAN.

5.4.1 Authentication

Three different methods can be used to authenticate wireless stations to the network: Open
System, Shared Key, and Auto. The following figure illustrates the steps involved.

Figure 25 WEP Authentication Steps

Open system authentication involves an unencrypted two-message procedure. A wireless
station sends an open system authentication request to the AP, which will then automatically
accept and connect the wireless station to the network. In effect, open system is not
authentication at all as any station can gain access to the network.

Shared key authentication involves a four-message procedure. A wireless station sends a
shared key authentication request to the AP, which will then reply with a challenge text
message. The wireless station must then use the AP’s default WEP key to encrypt the
challenge text and return it to the AP, which attempts to decrypt the message using the AP’s
default WEP key. If the decrypted message matches the challenge text, the wireless station is
authenticated.

51 Chapter 5 Wireless

When your P-330W's authentication method is set to open system, it will only accept open
system authentication requests. The same is true for shared key authentication. However,
when it is set to auto authentication, the P-330W will accept either type of authentication
request and the P-330W will fall back to use open authentication if the shared key does not
match.

5.4.2 Preamble Type

A preamble is used to synchronize the transmission timing in your wireless network. There are
two preamble modes: Long and Short.

Short preamble takes less time to process and minimizes overhead, so it should be used in a
good wireless network environment when all wireless clients support it.

Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless
clients support as all IEEE 802.11b compliant wireless adapters must support long preamble.
However, not all wireless adapters support short preamble. Use long preamble if you are
unsure what preamble mode the wireless adapters support, to ensure interpretability between
the P-330W and the wireless stations and to provide more reliable communication in ‘noisy’
networks..

ZyXEL P-330W User’s Guide

Note: The P-330W and the wireless stations MUST use the
same preamble mode in order to communicate.

Figure 26 Wireless: Advanced Settings

The following table describes the advanced wireless LAN labels in this screen.

Table 18 Wireless: Advanced Settings

LABEL DESCRIPTION

Authentication
Type

Preamble Type Select a preamble type from the drop-down list menu. Choices are Long or Short.

Chapter 5 Wireless 52

Select Auto, Open System or Shared Key from the menu..

The default setting is Long.

ZyXEL P-330W User’s Guide

Table 18 Wireless: Advanced Settings

LABEL DESCRIPTION

Broadcast SSID Select this to hide the SSID in the outgoing beacon frame so a station cannot obtain

IAPP Used in a multiple AP environment where 802.1x is used for authentication.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

5.5 Site Survey

Click Site Survey to scan the wireless network. If any Access Point or IBSS is found, you
could choose to connect it when P330’s wireless mode is set to Client mode.

Figure 27 Wireless: Site Survey

the SSID through passive scanning using a site survey tool.

5.6 Wireless Security Overview

Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.

The figure below shows the possible wireless security levels. EAP (Extensible Authentication
Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires
interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the
WAN or your LAN to provide authentication service for wireless stations.

53 Chapter 5 Wireless

ZyXEL P-330W User’s Guide

Figure 28 P-330W Wireless Security Levels

If you do not enable any wireless security on your P-330W, your network is accessible to any
wireless networking device that is within range.

Select NONE for Encryption to allow wireless stations to communicate with the access
points without any data encryption.

Chapter 5 Wireless 54

ZyXEL P-330W User’s Guide

Figure 29 Wireless Security Setup: No Security

The following table describes the labels in this screen.

Table 19 Wireless Security Setup: No Security

LABEL DESCRIPTION

Encryption Choose None from the drop-down list box.

Use 802.1x
Authentication

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

Mark this check box to enable 802.1x security using an external RADIUS server.
Data will not be encrypted, however wireless clients will be required to authenticate
before they are allowed to pass traffic to the network. Both the client and the
RADIUS server will need to support the same EAP protocols.

55 Chapter 5 Wireless

5.7 Security Parameters Summary

Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. You enter manual keys by first
selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the
keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not
dependent on how you configure these security features.

Table 20 Wireless Security Relational Matrix

ZyXEL P-330W User’s Guide

AUTHENTICATION METHOD/
KEY MANAGEMENT
PROTOCOL

Open None No Disabled

Open WEP No Enable with 802.1x

Shared WEP No Enable with 802.1x

WPA TKIP No Enable

WPA-PSK TKIP Ye s Disabled

WPA2 AES No Enable

WPA2-PSK AES Ye s Disabled

WPA2-Mixed AES & TKIP No Enable

WPA2-Mixed PSK AES & TKIP Ye s Disabled

5.7.1 WEP Overview

WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods
for both data encryption and wireless station authentication.

ENCRYPTION
METHOD

ENTER

MANUAL KEY

Yes Disabled

Yes Disable

IEEE 802.1X

5.7.2 Data Encryption

WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the
wireless stations must use the same WEP key to encrypt and decrypt data. Your P-330W
allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be
enabled at any one time.

5.7.3 Configuring WEP Encryption

In order to configure and enable WEP encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select Static WEP from the
Encryption list.

Chapter 5 Wireless 56

ZyXEL P-330W User’s Guide

Figure 30 Wireless Security Setup: WEP Encryption

The following table describes the wireless LAN security labels in this screen

Table 21 Wireless Security Setup: Static WEP Encryption

LABEL DESCRIPTION

Encryption Choose WEP from the drop-down list box.

Set WEP Key Click this to configure WEP without 802.1x.

Use 802.1x
Authentication

WEP
Encryption

Authentication RADIUS Server

Port The port number on the RADIUS server.

IP Address

Password

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

Mark the check box here to use 802.1x authentication.

Select 64-bit WEP or 128-bit WEP. Used only when using 802.1x authentication.

Enter the IP address of the RADIUS server.

Enter the password (shared secret) for the RADIUS server.

Click SET WEP KEY to configure WEP encryption.

57 Chapter 5 Wireless

Figure 31 Wireless Security Setup: WEP Encryption

ZyXEL P-330W User’s Guide

The following table describes the wireless LAN security labels in this screen

Table 22 Wireless Security Setup: WEP Encryption

LABEL DESCRIPTION

Key Length Select 64-bit WEP or 128-bit WEP.

Key Format ASCII: Select this option in order to enter ASCII characters as WEP key.

Hex: Select this option in order to enter hexadecimal characters as a WEP key.

Default Tx Key You must configure at least one key, only one key can be activated at any one time.

Encryption Key
1 to 4

Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate WEP KEY.

Save Click Save to save your changes back to the P-330W.

Close Click Close to close this window.

Reset Click Reset to reload the previous configuration for this screen.

The default key is key 1.

The WEP keys are used to encrypt data. Both the P-330W and the wireless stations
must use the same WEP key for data transmission.

If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").

If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").

The P-330W automatically generates a WEP key.

Chapter 5 Wireless 58

ZyXEL P-330W User’s Guide

5.7.4 Introduction to WPA

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.

5.7.4.1 User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using
appendices for more information on IEEE 802.1x, RADIUS and EAP. Your wireless client
will need to be able to support 802.1x authentication to use RADIUS authentication.

Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA ­Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.

5.7.4.2 Encryption

an external RADIUS database. See later in this chapter and the

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice.
AP that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.

The RADIUS server distributes a Pairwise Master Key (PMK) key to the

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to­use, consistent, single, alphanumeric password.

59 Chapter 5 Wireless

5.7.4.3 WPA-PSK Application Example

A WPA-PSK application looks as follows.

1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key

(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).

2 The AP checks each client’s password and (only) allows it to join the network if it

matches its password.

3 The AP derives and distributes keys to the wireless clients.

4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged

between them.

Figure 32 WPA - PSK Authentication

ZyXEL P-330W User’s Guide

5.7.5 Introduction to WPA2

WPA2 is based on the same 802.11i spec as WPA. The primary difference between WPA and
WPA2 is that WPA2 uses AES encryption in places of TKIP. Like WPA, WPA2 can function
either using a pre-shared key or by using a RADIUS server to perform authentication. WPA2
also offers a mixed mode which allows WPA clients to authenticate and use TKIP encryption
while still allowing WPA2 clients to use AES. Configuration of WPA2 is the same as WPA.

5.7.6 Configuring WPA-PSK Authentication

In order to configure and enable WPA-PSK encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select WPA (TKIP) from the
Encryption list. Select PERSONAL under WPA Encryption Mode.

Chapter 5 Wireless 60

ZyXEL P-330W User’s Guide

Figure 33 Wireless Security Setup: WPA-PSK

The following table describes the labels in this screen.

Table 23 Wireless Security Setup: WPA-PSK

LABEL DESCRIPTION

Encryption Choose WPA from the drop-down list box for TKIP encryption.

Choose WPA2 (AES) from the drop-down list box to use WPA2’s AES encryption.
Choose WPA2 Mixed from the drop-down list box to allow both TKIP or AES

encryption.

WPA
Authentication
Mode

WPA Format Choose whether to enter the PSK by either Passphrase or Hex key.

Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only

Group Key Life
TIme

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

Choose Personal to enable PSK mode.

difference between the two is that WPA-PSK uses a simple common password,
instead of user-specific credentials.

Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols) or 64 hex characters.

The Group Key Life Time is the rate at which the AP sends a new group key out
to all clients. The re-keying process is the WPA equivalent of automatically
changing the WEP key for an AP and all stations in a WLAN on a periodic basis.

61 Chapter 5 Wireless

5.7.7 Introduction to RADIUS

RADIUS is based on a client-sever model that supports authentication and accounting, where
access point is the client and the server is the RADIUS server. The RADIUS server handles
the following tasks among others:

• Authentication

Determines the identity of the users.

• Accounting

Keeps track of the client’s network activity.

RADIUS user is a simple package exchange in which your P-330W acts as a message relay
between the wireless station and the network RADIUS server.

5.7.7.1 Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:

ZyXEL P-330W User’s Guide

• Access-Request

Sent by an access point requesting authentication.

• Access-Reject

Sent by a RADIUS server rejecting access.

• Access-Accept

Sent by a RADIUS server allowing access.

5.7.7.2 Access-Challenge

Sent by a RADIUS server requesting more information in order to allow access. The access
point sends a proper response from the user and then sends another Access-Request message.

The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:

5.7.7.3 Accounting-Request

Sent by the access point requesting accounting.

5.7.7.4 Accounting-Response

Sent by the RADIUS server to indicate that it has started or stopped accounting.

Chapter 5 Wireless 62

ZyXEL P-330W User’s Guide

In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
wired network from unauthorized access.

5.7.7.5 EAP Authentication Overview

EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.

The type of authentication you use depends on the RADIUS server or the AP. The P-330W
supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP
Authentication appendix for descriptions on the four common types.

Your P-330W supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS.

The following figure shows an overview of authentication when you specify a RADIUS server
on your access point.

Figure 34 EAP Authentication

The details below provide a general description of how IEEE 802.1x EAP authentication
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.

1 The wireless station sends a “start” message to the P-330W.

2 The P-330W sends a “request identity” message to the wireless station for identity

information.

3 The wireless station replies with identity information, including username and password.

4 The RADIUS server checks the user information against its user profile database and

determines whether or not to authenticate the wireless station.

5.7.7.6 WPA with RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA application example with an external RADIUS server looks
as follows. “A” is the RADIUS server. “DS” is the distribution system.

1 The AP passes the wireless client’s authentication request to the RADIUS server.

63 Chapter 5 Wireless

ZyXEL P-330W User’s Guide

2 The RADIUS server then checks the user's identification against its database and grants

or denies network access accordingly.

3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then

sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.

Figure 35 WPA with RADIUS Application Example

5.7.8 Configuring WPA Authentication

In order to configure and enable WPA encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select the mode (WPA, WPA2, WPA2
Mixed) from the Encryption list. Select ENTERPRISE under WPA Encryption Mode.

Chapter 5 Wireless 64

ZyXEL P-330W User’s Guide

Figure 36 Wireless Security Setup: WPA With RADIUS

The following table describes the labels in this screen.

Table 24 Wireless Security Setup: WPA

LABEL DESCRIPTION

Encryption Choose WPA from the drop-down list box for TKIP encryption.

Choose WPA2 (AES) from the drop-down list box to use WPA2’s AES
encryption.

Choose WPA2 Mixed from the drop-down list box to allow both TKIP or AES
encryption.

WPA Group Key
Update Timer

Authentication Server

IP Address Enter the IP address of the external authentication server in dotted decimal

Port Enter the port number of the external authentication server. The default port

The WPA Group Key Update Timer is the rate at which the AP (if using WPA-
PSK key management) or RADIUS server (if using WPA key management)
sends a new group key out to all clients. The re-keying process is the WPA
equivalent of automatically changing the WEP key for an AP and all stations in a
WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also
supported in WPA-PSK mode. The P-330W default is 1800 seconds (30
minutes).

notation.

number is 1812.

You need not change this value unless your network administrator instructs you
to do so with additional information.

65 Chapter 5 Wireless

Table 24 Wireless Security Setup: WPA

LABEL DESCRIPTION

ZyXEL P-330W User’s Guide

Password

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

5.8 WDS Settings

The WDS (Wireless Distribution System) allows you to configure the P-330W to connect two
or more APs via wireless when P330’s wireless mode is set to WDS or AP+WDS mode. An
AP using WDS can function as a wireless network bridge allowing you to wirelessly connect
two wired network segments.

Figure 37 Wireless: WDS Settings

Enter a password (up to 31 alphanumeric characters) as the key to be shared
between the external authentication server and the P-330W.

The key must be the same on the external authentication server and your P­330W. The key is not sent over the network.

The following table describes the labels in this screen.

Table 25 Wireless: WDS Settings

LABEL DESCRIPTION

Enable WDS Select this check box to enable the WDS.

MAC Address Enter the MAC addresses of the neighboring AP(s) that particapates in the

WDS. Enter the MAC addresses in a valid MAC address format, that is, six
hexadecimal character pairs, for example, 001349556677.

Comment Enter in a descriptive name so you know which device the MAC address is

associated with.

Chapter 5 Wireless 66

ZyXEL P-330W User’s Guide

Table 25 Wireless: WDS Settings

LABEL DESCRIPTION

Set Security Click Set Security to set up the wireless security for WDS. When enabled,

please make sure each WDS device has adopted the same encryption
algorithm and key.

Show Statistics Click Show Statistics to show the WDS connection status.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

Current WDS AP List

Delete Selected Click this button to delete selected WDS AP from the WDS AP list.

Delete All Click this button to delete all WDS AP from the WDS AP list.

5.9 Wireless Trusted Stations

The Trusted Stations screen allows you to configure the P-330W to give exclusive access to up
to 20 devices. Every Ethernet device has a unique MAC (Media Access Control) address. The
MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for
example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure
this screen.

To change your P-330W’s Trusted Stations settings, click the WIRELESS link, then the
Trusted Stations link. The screen appears as shown.

67 Chapter 5 Wireless

Figure 38 Wireless: Trusted Stations MAC Address Filter

The following table describes the labels in this menu.

ZyXEL P-330W User’s Guide

Table 26 Wireless: Trusted Stations MAC Address Filter

LABEL DESCRIPTION

Wireless
Access
Control Mode

MAC Address

Description

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to reload the previous configuration for this screen.

Current Access Control List

Delete
Selected

Delete All Click this button to delete all clients from the trusted station list.

Select Allow Listed from the drop down list box to enable MAC address filtering.

Enter the MAC addresses of the wireless station that are allowed or denied access to
the P-330W in these address fields. Enter the MAC addresses in a valid MAC address
format, that is, six hexadecimal character pairs, for example, 123456789abc.

Enter in a descriptive name so you know which device the MAC address is associated
with.

Click this button to delete selected clients from the trusted station list.

Chapter 5 Wireless 68

ZyXEL P-330W User’s Guide

69 Chapter 5 Wireless

ZyXEL P-330W User’s Guide

CHAPTER 6

Advanced Options

This chapter covers the options available under the ADVANCED section of the menu.

Figure 39 The Advanced Menu Options

6.1 Access Control

This screen allows you to block access to specified Internet services based on port number
used. This can be used restrict Internet access to only certain applications or to block
applications you feel may be harmful.

To change your P-330W’s Access Controls, click ADVANCED, then the Access Control
link. The screen appears as shown.

Chapter 6 Advanced Options 70

ZyXEL P-330W User’s Guide

Figure 40 Advanced: Access Control

The following table describes the labels in this screen.

Table 27 Advanced: Access Control

LABEL DESCRIPTION

Enable Access Control Check this box to enable Access Controls.

Select Services to
Block

Port Range Enter in a range of ports to block.

Protocol Choose to block either TCP, UDP, or Both.

Description Give the rule you have created an easy to identify name.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.2 Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many
dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You
can also access your FTP server or Web site on your own computer using a domain name (for
instance myhost.dhs.org, where myhost is a name of your choice) that will never change
instead of using an IP address that changes each time you reconnect. Your friends or relatives
will always be able to call you even if they don't know your IP address.

The P-330W comes preconfigured with settings for many common services.
You can choose one to activate from the pull down menu.

71 Chapter 6 Advanced Options

First of all, you need to have registered a dynamic DNS account with either www.dyndns.org
or www.tzo.com. This is for people with a dynamic IP from their ISP or DHCP server that
would still like to have a domain name. The Dynamic DNS service provider will give you a
password or key.

Note: If you have a private WAN IP address, then you cannot
use Dynamic DNS.

6.3 Configuring Dynamic DNS

To change your P-330W’s DDNS, click ADVANCED then the Dynamic DNS link. The
screen appears as shown.

Figure 41 Advanced: Dynamic DNS

ZyXEL P-330W User’s Guide

The following table describes the labels in this screen.

Table 28 Advanced: Dynamic DNS

LABEL DESCRIPTION

Enable DDNS Select this check box to use dynamic DNS.

Service Provider Select the name of your Dynamic DNS service provider.

Domain Name Enter the host names in the field provided.

User Name Enter your user name.

Password Enter the password assigned to you.

Result Tells you the current result from trying to register your IP address with the

DDNS provider.

Chapter 6 Advanced Options 72

ZyXEL P-330W User’s Guide

Table 28 Advanced: Dynamic DNS

LABEL DESCRIPTION

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.4 DMZ

If the DMZ Host Function is enabled, it means that you set up DMZ host at a particular
computer to be exposed to the Internet so that some applications/software, especially Internet /
online game can have two-way connections. A device acting as DMZ is not protected by the P­330W’s firewall.

To enable DMZ, click ADVANCED then the DMZ link. The screen appears as shown.

Figure 42 Advanced: DMZ

The following table describes the labels in this screen.

Table 29 Advanced: DMZ

LABEL DESCRIPTION

Enable DMZ Select this check box to enable DMZ.

Host IP Address Enter the IP address of the device you which to be accessible from the

Internet.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.5 Virtual Servers (Port Forwarding)

The Virtual Server function is a list of inside (behind NAT on the LAN) servers, for example,
web or FTP, that you can make visible to the outside world even though NAT makes your
whole inside network appear as a single computer to the outside world.

73 Chapter 6 Advanced Options

ZyXEL P-330W User’s Guide

You may enter a single port number or a range of port numbers to be forwarded, and the local
IP address of the desired server. The port number identifies a service; for example, web
service is on port 80 and FTP on port 21. In some cases, such as for unknown services or
where one server can support more than one service (for example both FTP and web service),
it might be better to specify a range of port numbers. You can allocate a server IP address that
corresponds to a port or a range of ports.

Many residential broadband ISP accounts do not allow you to run any server processes (such
as a Web or FTP server) from your location. Your ISP may periodically check for servers and
may suspend your account if it discovers any active services at your location. If you are
unsure, refer to your ISP.

The most often used port numbers are shown in the following table. Please refer to RFC 1700
for further information about port numbers. .

Table 30 Services and Port Numbers

SERVICES PORT NUMBER

ECHO 7

FTP (File Transfer Protocol) 21

SMTP (Simple Mail Transfer Protocol) 25

DNS (Domain Name System) 53

Finger 79

HTTP (Hyper Text Transfer protocol or WWW, Web) 80

POP3 (Post Office Protocol) 110

NNTP (Network News Transport Protocol) 119

SNMP (Simple Network Management Protocol) 161

SNMP trap 162

PPTP (Point-to-Point Tunneling Protocol) 1723

6.5.0.1 Configuring Servers Behind SUA (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the
example), port 80 to another (B in the example) and assign a default server IP address of

192.168.10.35 to a third (C in the example). You assign the LAN IP addresses and the ISP
assigns the WAN IP address. The NAT network appears as a single host on the Internet

Chapter 6 Advanced Options 74

ZyXEL P-330W User’s Guide

Figure 43 Multiple Servers Behind NAT Example

6.5.1 Configuring Virtual Servers

To configure Virtual Server, click ADVANCED then the VIRTUAL SERVERS link. The
screen appears as shown.

Figure 44 Advanced: Virtual Servers

The following table describes the labels in this screen.

Table 31 Advanced: Virtual Servers

LABEL DESCRIPTION

Enable Virtual
Servers

Servers By selection an option in the pull down menu, the P-330W will automatically

75 Chapter 6 Advanced Options

Put a check in the box to enable Virtual Servers

populate the settings for the corresponding service.

Table 31 Advanced: Virtual Servers

LABEL DESCRIPTION

ZyXEL P-330W User’s Guide

Local IP
Address

Protocol You can select to forward TCP, UDP, or both type of traffic.

Name Enter a name to identify this port-forwarding rule.

Port Range Enter a port number here. To forward only one port, enter it again in the End Port

Description Enter in a description for this Virtual Server.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Enter the inside IP address of the server here.

field. To specify a range of ports, enter the last port to be forwarded in the End Port
field.

6.6 Special Applications

Some Internet applications (such as video conferencing and Internet games) require multiple
connections between the clients and the server. These applications do not work through NAT­enabled networks. You P-330W is a NAT-enabled device. In order to allow these applications
to work in your network, you have to configure the P-330W to forward these applications to
ports on a computer hosting that service.

To set the P-330W to forward applications to allowed ports, click ADVANCED and the
Special Applications link. The screen appears as shown.

Chapter 6 Advanced Options 76

ZyXEL P-330W User’s Guide

Figure 45 Advanced: Special Applications

The following table describes the labels in this screen.

Table 32 Advanced: Special Applications

LABEL DESCRIPTION

Enable Put a check in this box next to the ALG rule you want to activate.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.7 WAN Port

To change your P-330W’s WAN ISP settings, click ADVANCED, then the WA N link. The
screen differs by the encapsulation.

6.7.1 Static IP Encapsulation

The screen shown next is for Static IP encapsulation.

77 Chapter 6 Advanced Options

Figure 46 Advanced: WAN Static IP Encapsulation

ZyXEL P-330W User’s Guide

The following table describes the labels in this screen.

Table 33 Advanced: WAN Static IP Encapsulation

LABEL DESCRIPTION

WAN Access Type You must choose the Static IP option when the WAN port is used as a regular

IP Address Enter your WAN IP address in this field.

My WAN IP Subnet
Mask

DNS 1 - 3 Enter in your ISP’s DNS server IP address here. You must enter in 1.

Clone MAC
Address

Respond to WAN
Ping

Enable UPnP UPnP (Universal Plug and Play) allows automatic discovery and configuration of

IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN

PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN

L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN

Ethernet with a fixed IP address.

Type your network's IP subnet Mask.

Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.

Put a check in this box to reply to ping packets.

the Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a
check in this box to allow the router configuration to be changed by UPnP devices.

connections to servers on the Internet.

connections to servers on the Internet.

connections to servers on the Internet.

Chapter 6 Advanced Options 78

ZyXEL P-330W User’s Guide

Table 33 Advanced: WAN Static IP Encapsulation

LABEL DESCRIPTION

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.7.2 DHCP IP Encapsulation

The screen shown next is for DHCP IP encapsulation.

Figure 47 Advanced: WAN DHCP IP Encapsulation

The following table describes the labels in this screen.

Table 34 Advanced: WAN DHCP IP Encapsulation

LABEL DESCRIPTION

WAN Access Type You must choose the DHCP Client option when the WAN port is used as a regular

Ethernet using DHCP to be assigned an IP address.

Attain DNS
Automatically

Set DNS Manually Use this if your ISP does not assign a DNSP server when it assigns you an IP

DNS 1 - 3 Enter in your ISP’s DNS server IP address here. You must enter in 1.

Clone MAC
Address

Respond to WAN
Ping

79 Chapter 6 Advanced Options

Select this if your ISP assigns you a DNS server at the same time it assigns you
an IP Address.

address.

Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.

Put a check in this box to reply to ping packets.

Table 34 Advanced: WAN DHCP IP Encapsulation

LABEL DESCRIPTION

Enable UPnP UPnP (Universal Plug and Play) allows automatic discovery and configuration of

the Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a
check in this box to allow the router configuration to be changed by UPnP devices.

IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN

connections to servers on the Internet.

PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN

connections to servers on the Internet.

L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN

connections to servers on the Internet.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

6.7.3 PPPoE Encapsulation

The P-330W supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft
standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband
modem (DSL, cable, wireless, etc.) connection. The PPP over Ethernet option is for a dial­up connection using PPPoE.

ZyXEL P-330W User’s Guide

For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example Radius). PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate,
and therefore requires no new learning or procedures for Windows users.

One of the benefits of PPPoE is the ability to let you access one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP services for individuals.

Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.

By implementing PPPoE directly on the P-330W (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the P-330W does that part
of the task. Furthermore, with NAT, all of the LANs’ computers will have access.

The screen shown next is for PPPoE encapsulation.

Chapter 6 Advanced Options 80

ZyXEL P-330W User’s Guide

Figure 48 Advanced: WAN PPPoE Encapsulation

The following table describes the labels in this screen.

Table 35 PPPoE Encapsulation

LABEL DESCRIPTION

WAN Access
Type

User Name Type the User Name given to you by your ISP.

Password Type the password associated with the User Name above.

Service Name Type the PPPoE service name provided to you. PPPoE uses a service name to

Connection Type Select Continuous if you do not want the connection to time out.

Idle Time The amount of time before the PPPoE session times out and drops connection.

MTU Size Enter in the maximum MTU (packet size) here.

Attain DNS
Automatically

You must choose the PPPoE option when the WAN port is used with PPPoE.

identify and reach the PPPOE server.

Select Connect On Demand if you want to only connect when you are sending
data.

Select Manual if you do not want manually log the P-330W in via the GUI.

Select this if your ISP assigns you a DNS server at the same time it assigns you an
IP Address.

81 Chapter 6 Advanced Options

Table 35 PPPoE Encapsulation

LABEL DESCRIPTION

ZyXEL P-330W User’s Guide

Set DNS
Manually

DNS 1 - 3 Enter in your ISP’s DNS server IP address here. You must enter in 1.

Clone MAC
Address

Respond to WAN
Ping

Enable UPnP UPnP (Universal Plug and Play) allows automatic discovery and configuration of the

IPSec
Passthrough

PPTP
Passthrough

L2TP
Passthrough

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Use this if your ISP does not assign a DNSP server when it assigns you an IP
address.

Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.

Put a check in this box to reply to ping packets.

Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a check
in this box to allow the router configuration to be changed by UPnP devices.

Put a check in this box to enable computers on your LAN to make IPSec VPN
connections to servers on the Internet.

Put a check in this box to enable computers on your LAN to make PPTP VPN
connections to servers on the Internet.

Put a check in this box to enable computers on your LAN to make L2TP VPN
connections to servers on the Internet.

6.7.4 PPTP Encapsulation

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.

PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet.

The screen shown next is for PPTP encapsulation.

Chapter 6 Advanced Options 82

ZyXEL P-330W User’s Guide

Figure 49 Advanced: WAN PPTP Encapsulation

The following table describes the labels in this screen.

Table 36 Advanced: WAN PPTP Encapsulation

LABEL DESCRIPTION

WAN Access Type You must choose the PPTP option when the WAN port is used with PPTP.

IP Address Type the (static) IP address assigned to you by your ISP.

IP Subnet Mask Type the subnet mask assigned to you by your ISP.

Default Gateway Type the default gateway assigned to you by your ISP.

Server IP Address Type the IP address of the PPTP server.

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

MTU Size Enter in the maximum MTU (packet size) here.

Attain DNS
Automatically

Set DNS Manually Use this if your ISP does not assign a DNSP server when it assigns you an IP

DNS 1 - 3 Enter in your ISP’s DNS server IP address here. You must enter in 1.

83 Chapter 6 Advanced Options

Select this if your ISP assigns you a DNS server at the same time it assigns
you an IP Address.

address.

ZyXEL P-330W User’s Guide

Table 36 Advanced: WAN PPTP Encapsulation

LABEL DESCRIPTION

Clone MAC Address Your ISP may require a particular MAC address in order for you to connect to

the Internet. This MAC address is the PC’s MAC address that your ISP had
originally connected your Internet connection to. Type in this Clone MAC
address in this section to replace the WAN MAC address with the MAC
address of that PC.

Respond to WAN Ping Put a check in this box to reply to ping packets.

Enable UPnP UPnP (Universal Plug and Play) allows automatic discovery and configuration

of the Wireless Router. UPnP is by supported by Windows ME, XP, or later.
Put a check in this box to allow the router configuration to be changed by
UPnP devices.

IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN

connections to servers on the Internet.

PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN

connections to servers on the Internet.

L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

connections to servers on the Internet.

6.7.5 L2TP Encapsulation

Layer Two Tunneling Protocol (L2TP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.

The screen shown next is for L2TP encapsulation.

Chapter 6 Advanced Options 84

ZyXEL P-330W User’s Guide

Figure 50 Advanced: WAN L2TP Encapsulation

The following table describes the labels in this screen.

Table 37 Advanced: WAN L2PT Encapsulation

LABEL DESCRIPTION

WAN Access Type You must choose the L2TP option when the WAN port is used with L2TP.

Attain IP Automatically Select this if your ISP dynamically assigns you an IP Address

Set IP Manually Select this if your IP has assigned you a static IP address

IP Address Type the (static) IP address assigned to you by your ISP.

IP Subnet Mask Type the subnet mask assigned to you by your ISP.

Default Gateway Type the default gateway assigned to you by your ISP.

Server IP Address Type the IP address of the L2TP server.

85 Chapter 6 Advanced Options

ZyXEL P-330W User’s Guide

Table 37 Advanced: WAN L2PT Encapsulation

LABEL DESCRIPTION

User Name Type the user name given to you by your ISP.

Password Type the password associated with the User Name above.

Idle Time The amount of time before the L2TP session times out and drops connection.

MTU Size Enter in the maximum MTU (packet size) here.

Attain DNS
Automatically

Set DNS Manually Use this if your ISP does not assign a DNSP server when it assigns you an IP

DNS 1 - 3 Enter in your ISP’s DNS server IP address here. You must enter in 1.

Clone MAC Address Your ISP may require a particular MAC address in order for you to connect to

Respond to WAN Ping Put a check in this box to reply to ping packets.

Enable UPnP UPnP (Universal Plug and Play) allows automatic discovery and configuration

IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN

PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN

L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Select this if your ISP assigns you a DNS server at the same time it assigns
you an IP Address.

address.

the Internet. This MAC address is the PC’s MAC address that your ISP had
originally connected your Internet connection to. Type in this Clone MAC
address in this section to replace the WAN MAC address with the MAC
address of that PC.

of the Wireless Router. UPnP is by supported by Windows ME, XP, or later.
Put a check in this box to allow the router configuration to be changed by
UPnP devices.

connections to servers on the Internet.

connections to servers on the Internet.

connections to servers on the Internet.

6.8 Ping

The Ping screen allows you to send out PING requests from your P-330W to a network
address you specify and then reports back the test result. You can use this command to help
diagnose network problems.

To access the Ping command, click ADVANCED then the Ping link. The screen appears as
shown.

Chapter 6 Advanced Options 86

ZyXEL P-330W User’s Guide

Figure 51 Advanced: Ping

The following table describes the labels in this screen.

Table 38 Advanced: Ping

LABEL DESCRIPTION

IP Address /
Host Name

Run Performs the Ping command.

Reset Click Reset to begin configuring this screen afresh.

Response The results of your ping request will show up here.

6.9 DoS Setting

DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and
connection requests, using so much bandwidth and so many resources that Internet access
becomes unavailable. The Wireless Router incorporates protection against DoS attacks. This
screen allows you to configure DoS protection.

To access the DoS settings, click ADVANCED then the DoS link. The screen appears as
shown.

Enter in a host name or IP address that you would like to ping.

87 Chapter 6 Advanced Options

Figure 52 Advanced: DoS

ZyXEL P-330W User’s Guide

The following table describes the labels in this screen.

Table 39 Advanced: DoS

LABEL DESCRIPTION

Enable DoS
Protection

Select All Puts a check next to all DoS protection services.

Clear All Resets all check boxes to blank.

Apply Changes Applies DoS protections.

Put a check in this box to enable DoS protection.

6.10 Diagnostics

This screen allows you to perform a DNS lookup on any host name you enter. This can be
used to help diagnose network problems.

Chapter 6 Advanced Options 88

ZyXEL P-330W User’s Guide

To access the Diagnostic service, click ADVANCED then the DIAGNOSTIC link. The
screen appears as shown.

Figure 53 Advanced: Diagnostic

The following table describes the labels in this screen.

Table 40 Advanced: Diagnostic

LABEL DESCRIPTION

Domain Name/
URL

Start Lookup Click this button to activate the DNS lookup.

Enter the domain name you want to lookup.

89 Chapter 6 Advanced Options

Administrator Options

7.1 Remote Management

Remote management allows you to remotely configure your P-330W over your Internet
connection. Since this is a potential security risk, this feature is turned off by default.

To access the Remote Management configuration screen, click ADMINISTRATOR then
the REMOTE MANAGEMENT link. The screen appears as shown.

Figure 54 Administrator: Remote Management

ZyXEL P-330W User’s Guide

CHAPTER 7

The following table describes the labels in this screen.

Table 41 Administrator: Remote Management

LABEL DESCRIPTION

Enable Web
Server Access
via WAN

Port Number Enter in the port number you want the P-330W to respond on when accessed from

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Put a check in this box to allow your P-330W to be accessed over the Internet.

the Internet.

7.2 Configuration Screen

Click Administrator, and then the Config File link. The screen you are presented with is
next.

Chapter 7 Administrator Options 90

ZyXEL P-330W User’s Guide

Figure 55 Administrator: Configuration File

7.2.1 Backup Configuration

Backup configuration allows you to back up (save) the P-330W’s current configuration to a
file on your computer. Once your P-330W is configured and functioning properly, it is highly
recommended that you back up your configuration file before making configuration changes.
The backup configuration file will be useful in case you need to return to your previous
settings.

Click Download to save the P-330W’s current configuration to your computer.

7.2.2 Restore Configuration

Restore configuration allows you to upload a new or previously saved configuration file from
your computer to your P-330W.

Table 42 Maintenance Restore Configuration

LABEL DESCRIPTION

File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.

Browse... Click Browse... to find the file you want to upload. Remember that you must decompress

compressed (.ZIP) files before you can upload them.

Restore Click Restore to begin the upload process.

Note: Do not turn off the P-330W while configuration file upload
is in progress

The P-330W automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.

91 Chapter 7 Administrator Options

Figure 56 Temporarily Disconnected

7.2.3 Back to Factory Defaults

Pressing the Restore Defaults button in this section clears all user-entered configuration
information and returns the P-330W to its factory defaults.

You can also press the RESET button on the rear panel to reset the factory defaults of your P­330W. Refer to the Introducing the Web Configurator chapter for more information on the
RESET button.

7.3 Logs

ZyXEL P-330W User’s Guide

The Logs record various types of activity on the Wireless Router. This data is useful for
troubleshooting, but enabling all logs will generate a large amount of data and adversely affect
performance.

To access the Logs configuration screen, click ADMINISTRATOR then the LOGS link. The
screen appears as shown.

Chapter 7 Administrator Options 92

ZyXEL P-330W User’s Guide

Figure 57 Administrator: Logs

The following table describes the labels in this screen.

Table 43 Administrator: Remote Management

LABEL DESCRIPTION

Enable Log Activates the logging function.

System All Activates all logging functions.

Wireless Only Only logs related to the wireless LAN will be recorded.

DoS Only Only logs related to the DoS protection will be recorded.

WAN Only Only logs related to the WAN will be recorded.

DHCP Server
Only

URL Filter Only Only logs related to the URL Filter will be recorded.

Apply Changes Activate the logging feature.

Refresh Refreshes the current display to show the latest log activity.

Clear Deletes the logs.

Only logs related to the DHCP Server will be recorded.

93 Chapter 7 Administrator Options

7.4 IP Filtering

Entries in this table are used to restrict certain types of data packets from your local network to
Internet through the Router. Here you can restrict local LAN clients to access Internet
application/services by IP Address. Use of such filters can be helpful in securing or restricting
your local network.

To access the IP Filtering configuration screen, click ADMINISTRATOR then the IP
FILTERING link. The screen appears as shown.

Figure 58 Administrator: IP Filtering

ZyXEL P-330W User’s Guide

The following table describes the labels in this screen.

Table 44 Administrator: IP Filtering

LABEL DESCRIPTION

Enable IP
Filtering

Local IP
Address

Description Enter in a descriptive description for this rule.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Chapter 7 Administrator Options 94

Enables IP Filtering.

Enter the IP address of the local device whose access you want to restrict.

ZyXEL P-330W User’s Guide

7.5 MAC Filtering

This screen is used to restrict devices on your local network from being able to access the
Internet. You do this by entering the MAC address of any device you want to restrict.

To access the MAC Filtering configuration screen, click ADMINISTRATOR then the MAC
FILTERING link. The screen appears as shown.

Figure 59 Administrator: MAC Filtering

The following table describes the labels in this screen.

Table 45 Administrator: MAC Filtering

LABEL DESCRIPTION

Enable MAC
Filtering

MAC Address Enter the MAC address of the local device whose access you want to restrict.

Description Enter in a descriptive description for this rule.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

7.6 URL Filtering

This screen is used to restrict devices on your local network from being able to access the
Internet. You can enter in a list of Internet URL’s that you wish to restrict access to.

To access the URL Filtering configuration screen, click ADMINISTRATOR then the URL
FILTERING link. The screen appears as shown.

Enables MAC Filtering.

95 Chapter 7 Administrator Options

Figure 60 Administrator: URL Filtering

The following table describes the labels in this screen.

Table 46 Administrator: URL Filtering

ZyXEL P-330W User’s Guide

LABEL DESCRIPTION

Enable URL
Filtering

URL Address Enter the URL address of the Internet site you want to restrict.

Exempt IP Pool
Star t

Pool Size Enter the size of exempt IP Pool.

Apply Changes Click Apply Changes to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Enables URL Filtering.

Enter the initial IP address you want to allow to access the blocked URLs.

7.7 Statistics

The statistics screen provides you with information on each interface on your P-330W. This
includes the WAN, LAN, and wireless network connections. This page will show you how
many packets of data have been sent and received.

7.8 Time Zone Setting

To change your P-330W’s time and date, click ADMINISTRATOR, then the Time Zone
Setting link. The screen appears as shown. Use this screen to configure the P-330W’s time

based on your local time zone.

Chapter 7 Administrator Options 96

ZyXEL P-330W User’s Guide

Figure 61 Administrator: Time Zone Setting

The following table describes the labels in this screen.

Table 47 Administrator: Time Zone Setting

LABEL DESCRIPTION

Current Time This field displays the time of your P-330W.

If you are not using an NTP server, you can make changes here and they will be
applied when you click Save.

Enable NTP client
update

Time Zone Select Choose the Time Zone of your location. This will set the time difference between

NTP Server Select Auto or Enter the IP address manually. Check with your ISP/network

Daylight Saving Time Put a check in this box to enable the use of Daylight Saving Time.

Save Click Save to save your changes back to the P-330W.

Reset Click Reset to begin configuring this screen afresh.

Refresh Click Refresh to display the current time.

Put a check in this box to enable the use of an external NTP server.

your time zone and Greenwich Mean Time (GMT).

administrator if you are unsure of this information.

7.9 Upgrade Firmware

Find firmware at www.us.zyxel.com in a file that (usually) uses the system model name with a
"*.bin" extension, e.g., "P-330W.bin". The upload process uses HTTP (Hypertext Transfer
Protocol) and may take up to two minutes. After a successful upload, the system will reboot.

Click Administrator, and then the Upgrade Firmware link. Follow the instructions in this
screen to upload firmware to your P-330W.

97 Chapter 7 Administrator Options

ZyXEL P-330W User’s Guide

Figure 62 Administrator: Upgrade Firmware

The following table describes the labels in this screen.

Table 48 Administrator: Upgrade Firmware

LABEL DESCRIPTION

Select File Type in the location of the file you want to upload in this field or click Browse ... to find it.

Browse... Click Browse... to find the .bin file you want to upload. Remember that you must

decompress compressed (.zip) files before you can upload them.

Star t
Upgrade

Click Start Upgrade to begin the upload process. This process may take up to two
minutes.

Note: Do not turn off the P-330W while firmware upload is in
progress!

After you see the Firmware Upload in Process screen, wait two minutes before logging into
the P-330W again.

Figure 63 Upload Warning

The P-330W automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.

Chapter 7 Administrator Options 98

ZyXEL P-330W User’s Guide

Figure 64 Network Temporarily Disconnected

After two minutes, log in again and check your new firmware version in the System Status
screen.

If the upload was not successful, a warning screen will appear. Click Return to go back to the
F/W Upload screen.

99 Chapter 7 Administrator Options

PPPoE in Action

An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from
your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access
Concentrator where the PPP session terminates (see the next figure). One PVC can support
any number of PPP sessions from your LAN. PPPoE provides access control and billing
functionality in a manner similar to dial-up services using PPP.

Benefits of PPPoE

PPPoE offers the following benefits:

ZyXEL P-330W User’s Guide

Appendix A

PPPoE

• It provides you with a familiar dial-up networking (DUN) user interface.

• It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP
on multiple switches for thousands of users. For GSTN (PSTN and ISDN), the switching
fabric is already in place.

• It allows the ISP to use the existing dial-up model to authenticate and (optionally) to
provide differentiated services.

Traditional Dial-up Scenario

The following diagram depicts a typical hardware configuration where the computers use
traditional dial-up networking.

Appendix A PPPoE 100