The contents of this publication may not be reproduced in any part or as a whole, transcribed,
stored in a retrieval system, translated into any language, or transmitted in any form or by any
means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or
otherwise, without the prior written permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or
software described herein. Neither does it convey any license under its patent rights nor the
patent rights of others. ZyXEL further reserves the right to make changes in any products
described herein without notice. This publication is subject to change without notice.
Trademarks
ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL
Communications, Inc. Other trademarks mentioned in this publication are used for
identification purposes only and may be properties of their respective owners.
Copyright2
Page 3
ZyXEL P-330W User’s Guide
Federal Communications
Commission (FCC) Interference
Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two
conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause
undesired operations.
This equipment has been tested and found to comply with the limits for a Class B digital
device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a commercial environment. This equipment
generates, uses, and can radiate radio frequency energy, and if not installed and used in
accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate the equipment.
Certifications
Go to www.us.zyxel.com
1 Select your product from the drop-down list box on the ZyXEL home page to go to that
product's page.
2 Select the certification you wish to view from this page
3 Federal Communications Commission (FCC) Interference Statement
Page 4
ZyXEL P-330W User’s Guide
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects
in materials or workmanship for a period of up to two years from the date of purchase. During
the warranty period, and upon proof of purchase, should the product have indications of failure
due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the
defective products or components without charge for either parts or labor, and to whatever
extent it shall deem necessary to restore the product or components to proper operating
condition. Any replacement will consist of a new or re-manufactured functionally equivalent
product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not
apply if the product is modified, misused, tampered with, damaged by an act of God, or
subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the
purchaser. This warranty is in lieu of all other warranties, express or implied, including any
implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in
no event be held liable for indirect or consequential damages of any kind of character to the
purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return
Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of
purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of
ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products
will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty
gives you specific legal rights, and you may also have other rights that vary from country to
country.
Safety Warnings
1 To reduce the risk of fire, use only No. 26 AWG or larger telephone wire.
2 Do not use this product near water, for example, in a wet basement or near a swimming
pool.
3 Avoid using this product during an electrical storm. There may be a remote risk of
electric shock from lightening.
This product has been designed for the WLAN 2.4 GHz network throughout the EC region and
Switzerland, with restrictions in France.
ZyXEL Limited Warranty4
Page 5
ZyXEL P-330W User’s Guide
Please have the following information ready when you contact customer support.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
Table 49 Comparison of EAP Authentication Types ........................................................... 125
17 List of Tables
Page 18
ZyXEL P-330W User’s Guide
Preface
Congratulations on your purchase of the P-330W, 802.11g Secure Wireless Internet Sharing
Router. This manual is designed to guide you through the configuration of your P-330W for its
various applications.
This manual may refer to the P-330W or 802.11g Secure Wireless Internet Sharing Router as
the router.
Note: Register your product online to receive e-mail notices of
firmware upgrades and information at
About This User's Guide
This User’s Guide is designed to guide you through the configuration of your P-330W using
the web configurator(GUI). The web configurator parts of this guide contain background
information on features configurable by web configurator.
www.us.zyxel.com.
Related Documentation
• Support Disk
Refer to the included CD for support documents.
• Quick Start Guide
The Quick Start Guide is designed to help you get up and running right away. They
contain connection information and instructions on getting started.
• ZyXEL Glossary and Web Site
Please refer to www.us.zyxel.com for an online glossary of networking terms and
additional support documentation.
User Guide Feedback
Help us help you! E-mail all User Guide-related comments, questions or suggestions for
improvement to techwriters@zyxel.com
Syntax Conventions
• “Enter” means for you to type one or more characters. “Select” or “Choose” means for
you to use one predefined choices.
• Mouse action sequences are denoted using a comma. For example, “click the Apple icon,
Control Panels and then Modem” means first click the Apple icon, then point your
mouse pointer to Control Panels and then click Modem.
• For brevity’s sake, we will use “e.g.,” as a shorthand for “for instance”, and “i.e.,” for
“that is” or “in other words” throughout this manual.
Preface18
Page 19
ZyXEL P-330W User’s Guide
Graphics Icons Key
P-330WComputerNotebook computer
ServerDSLAMFirewall
ModemSwitchRouter
Wireless Signal
19 Preface
Page 20
ZyXELP-330W User’s Guide
CHAPTER 1
Getting to Know Your P-330W
This chapter introduces the main features and applications of the P-330W.
1.1 P-330W Internet Security Gateway Overview
The P-330W is the ideal secure gateway for all data passing between the Internet and LAN’s.
By integrating NAT, firewall, wireless access point and 4-port switch, ZyXEL’s P-330W is a
complete security solution that protects your Intranet and efficiently manages data traffic on
your network.
This auto-negotiation feature allows the P-330W to detect the speed of incoming
transmissions and adjust appropriately without manual intervention. It allows data transfer of
either 10 Mbps or 100 Mbps in either half-duplex or full-duplex mode depending on your
Ethernet network.
These interfaces automatically adjust to either a crossover or straight-through Ethernet cable.
1.2.1.3 4-Port Switch
A combination of switch and router makes your P-330W a cost-effective and viable network
solution. You can add up to four computers to the P-330W without the cost of a hub. Add
more than four computers to your LAN by using a hub.
Chapter 1 Getting to Know Your P-330W20
Page 21
ZyXEL P-330W User’s Guide
1.2.1.4 Time and Date
The P-330W allows you to get the current time and date from an external server when you turn
on your P-330W. You can also set the time manually.
1.2.1.5 Reset Button
The P-330W reset button is built into the rear panel. You can use this button to either cause the
P-330W to reboot, or to reset the P-330W to factor defaults. Use this button to restore the
factory default password to 1234; IP address to 192.168.10.1, subnet mask to 255.255.255.0
and DHCP server enabled with a pool of 32 IP addresses starting at 192.168.10.33. For further
instructions see Chapter 2.
1.2.2 Removable Antenna
The P-330W antenna uses an RP-SMA connection to attach to the P-330W. It is possible to
remove the antenna and replace it with another antenna that offers different performance
characteristics.
1.2.3 Non-Physical Features
1.2.3.1 Firewall
The P-330W is a home firewall with DoS (Denial of Service) protection. By default, all
incoming traffic from the WAN to the LAN is blocked unless it is initiated from the LAN.
1.2.3.2 802.11b Wireless LAN Standard
The P-330W, complies with the 802.11b wireless standard.
The 802.11b data rate and corresponding modulation techniques are as follows. The
modulation technique defines how bits are encoded onto radio waves.
Note: The P-330W may be prone to RF (Radio Frequency)
interference from other 2.4 GHz devices such as microwave
ovens, wireless phones, Bluetooth enabled devices, and other
wireless LANs
21 Chapter 1 Getting to Know Your P-330W
Page 22
1.2.3.3 802.11g Wireless LAN Standard
The P-330W, complies with the 802.11g wireless standard and is also fully compatible with
the 802.11b standard. This means an 802.11b radio card can interface directly with an 802.11g
device (and vice versa) at 11 Mbps or lower depending on range. 802.11g has several
intermediate rate steps between the maximum and minimum data rates. The 802.11g data rate
and modulation are as follows:
Table 2 IEEE 802.11g
DATA RATE (MBPS)MODULATION
6/9/12/18/24/36/48/54OFDM (Orthogonal Frequency Division Multiplexing)
1.2.3.4 Packet Filtering
The packet filtering mechanism blocks unwanted traffic from entering/leaving your network.
1.2.3.5 Universal Plug and Play (UPnP)
ZyXELP-330W User’s Guide
Using the standard TCP/IP protocol, the P-330W and other UPnP enabled devices can
dynamically join a network, obtain an IP address and convey its capabilities to other devices
on the network.
1.2.3.6 PPPoE
PPPoE facilitates the interaction of a host with an Internet modem to achieve access to highspeed data networks via a familiar "dial-up networking" user interface.
1.2.3.7 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using a
TCP/IP-based network.
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet. The P-330W supports one PPTP server connection at any given
time.
1.2.3.8 Dynamic DNS Support
With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for
a dynamic IP address, allowing the host to be more easily accessible from various locations on
the Internet. You must register for this service with a Dynamic DNS service provider.
Chapter 1 Getting to Know Your P-330W22
Page 23
ZyXEL P-330W User’s Guide
1.2.3.9 Network Address Translation (NAT)
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used on
the Internet).
1.2.3.10 Port Forwarding
Use this feature to forward incoming service requests to a server on your local network. You
may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server.
DHCP (Dynamic Host Configuration Protocol) allows the individual client computers to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The P-330W has
built-in DHCP server capability, enabled by default, which means it can assign IP addresses,
an IP default gateway and DNS servers to all systems that support the DHCP client.
1.2.3.12 Logging and Tracing
•System Logs
• Wireless Logs
•DoS Logs
1.2.3.13 Wireless Association List
With the Wireless Association List, you can see the list of the wireless stations that are
currently using the P-330W to access your wired network.
1.3 Applications for the P-330W
Here are some examples of what you can do with your P-330W.
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem
You can connect a cable modem, DSL or wireless modem to the P-330W for broadband
Internet access via an Ethernet or a wireless port on the modem. The P-330W guarantees not
only high speed Internet access, but secure internal network protection and traffic management
as well.
23 Chapter 1 Getting to Know Your P-330W
Page 24
Figure 1 Secure Internet Access via Cable, DSL or Wireless Modem
1.3.2 Internet Access Application
Add a wireless LAN to your existing network without expensive network cables. Wireless
stations can move freely anywhere in the coverage area and use resources on the wired
network.
ZyXELP-330W User’s Guide
Figure 2 Internet Access Application Example
Chapter 1 Getting to Know Your P-330W24
Page 25
ZyXEL P-330W User’s Guide
25 Chapter 1 Getting to Know Your P-330W
Page 26
Introducing the Web
This chapter describes how to access the P-330W web configurator and provides an overview
of its screens.
2.1 Web Configurator Overview
The embedded web configurator allows you to manage the P-330W from anywhere through a
browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0
and later or Netscape Navigator 7.0 and later versions with JavaScript enabled. It is
recommended that you set your screen resolution to 1024 by 768 pixels. The screens you see
in the web configurator may vary somewhat from the ones shown in this document due to
differences between individual P-330W models or firmware versions.
ZyXELP-330W User’s Guide
CHAPTER 2
Configurator
2.2 Accessing the P-330W Web Configurator
1 Make sure your P-330W hardware is properly connected and prepare your computer/
computer network to connect to the P-330W (refer to the Quick Start Guide).
2 Launch your web browser.
3 Type "192.168.10.1" as the URL.
4 Type “admin” as the User Name
5 Type "1234" (default) as the password.
6 Click OK to login.
You should now see the MAIN MENU screen)
Note: The management session automatically times out when
there has been no activity for several minutes. Simply log back
into the P-330W if this happens to you.
2.2.0.1 Resetting the P-330W
If you forget your password or cannot access the web configurator, you will need to use the
RESET button at the back of the P-330W to reload the factory-default configuration file. This
means that you will lose all configurations that you had previously and the password will be
reset to “1234”.
Chapter 2 Introducing the Web Configurator26
Page 27
ZyXEL P-330W User’s Guide
2.2.0.1.1 Procedure To Use The Reset Button
1 Make sure the PWR LED is on (not blinking).
2 Press the RESET button for approximately ten seconds or until the PWR LED begins to
blink and then release it. When the PWR LED begins to blink, the defaults have been
restored and the P-330W restarts. (If you press the RESET button for less than 5 seconds,
the P-330W will reboot, but will not reset the configuration).
2.2.1 Navigating the P-330W Web Configurator
The following summarizes how to navigate the web configurator from the SITE MAP screen.
• Click SETUPWIZARD for initial configuration including general setup, Wireless LAN Setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address
assignment.
• Click a link under WIRELESS to configure wireless settings.
• Click a link under ADVANCED to configure advanced P-330W features.
• Click LOGOUT at any time to exit the web configurator.
• Click ADMINISTRATOR to view information about your P-330W or upgrade
configuration/firmware files. Administrator includes Statistics, Remote Management, Upgrade Firmware, Config File (Backup, Restore, Defaults) and Time Zone Settings.
Figure 3 The MAIN MENU Screen of the Web Configurator
2.2.2 Navigation Panel
After you log in, use the sub-menus on the navigation panel to configure P-330W features.
27 Chapter 2 Introducing the Web Configurator
Page 28
ZyXELP-330W User’s Guide
The following table describes the sub-menus.
Table 3 Screens Summary
LINKTABFUNCTION
SETUP WIZARDUse these screens for initial configuration including general
setup, Wireless LAN setup, ISP parameters for Internet Access
and WAN IP/DNS Server/MAC address assignment.
OPERATION
MODE
LANUse this screen to configure you LAN, including default IP
PAS SWOR DUse this screen to change your password.
STATUSThis screen contains administrative and system-related
WIRELESSBasic SettingsUse this screen to configure the wireless LAN.
Advanced
Settings
SecurityUse this screen to configure wireless encryption and
Trusted StationsUse this screen to set up MAC address filtering for WLAN clients.
ADVANCEDAccess ControlUse this screen to set up packet filtering policies.
Dynamic DNSUse this screen to configure dynamic DNS service settings.
DMZUse this screen to isolate a specific device from the rest of the
Virtual ServersUse this screen to configure servers behind the P-330W.
Special
Applications
ALGUse this screen to selection which applications require special
WAN PortUse this screen to change your P-330W’s WAN ISP settings.
PingUse this screen to verify network connectivity.
DoS SettingsUse this screen to configure Denial of Service settings.
DiagnosticsUse this page to look up DNS information.
AdministratorRemote
Management
Config FileUse this screen to backup and restore the configuration or reset
LogsUse this screen to change your P-330W’s log settings and to
IP FilteringUse this page to configure a list of IP addresses that the router
MAC FilteringUse the MAC filter screen to configure the P-330W to block
URL FilteringThis screen allows you to block sites containing certain web sites
Use this screen to switch the P-330W between gateway, bridge,
and wireless client mode.
address of the P-330W, LAN DHCP, and viewing current DHCP
clients.
information.
Use this screen to configured advanced wireless system
behavior.
authorization settings.
network.
Use this screen to change your P-330W’s trigger port settings.
NAT rules.
Use this page to allow remote clients to manage the P-330W.
the factory defaults to your P-330W.
view the logs for the categories that you selected.
will not allow traffic to or from.
access to devices or block the devices from accessing the P330W.
based on their URL.
Chapter 2 Introducing the Web Configurator28
Page 29
ZyXEL P-330W User’s Guide
Table 3 Screens Summary
LINKTABFUNCTION
AdministratorStat isticsThis screen contains administrative and system-related
LOG OUTClick this label to exit the web configurator.
Time Zone
Setting
Upgrade
Firmware
information.
Use this screen to change your P-330W’s time and date or
enable NTP server use.
Use this screen to upload firmware to your P-330W.
29 Chapter 2 Introducing the Web Configurator
Page 30
This chapter provides information on the Wizard Setup screens in the web configurator.
3.1 Wizard Setup Overview
The web configurator’s setup wizard helps you configure your device to access the Internet.
The second screen has five variations depending on what encapsulation type you use. Refer to
your ISP checklist in the Quick Start Guide to know what to enter in each field. Leave a field
blank if you don’t have that information.
The fifth wizard screen varies according to the type of encapsulation that you select in the
third wizard screen.
ZyXELP-330W User’s Guide
CHAPTER 3
Wizard Setup
3.2 Wizard Setup: Screen 2
The P-330W offers five choices of encapsulation. They are DHCP Client, Static IP,
PPP over Ethernet, L2TP or PPTP.
3.2.1 DHCP Client
Choose DHCP Client when the WAN port is used as regular Ethernet and your ISP assigns
you an IP address via DHCP.
Figure 4 Wizard 2: DHCP Client Encapsulation
3.2.2 Static IP
Choose Static IP when the WAN port is used as regular Ethernet and your ISP assigns you a
fixed IP address.
Chapter 3 Wizard Setup30
Page 31
ZyXEL P-330W User’s Guide
Figure 5 Wizard 2: Static IP Encapsulation
The following table describes the labels in this screen.
Table 4 Wizard 2: Ethernet Encapsulation
LABELDESCRIPTION
ISP Parameters for Internet Access
IP AddressThe fixed IP address should be in the same subnet as your broadband modem or
router. This should be provided to you by your ISP
Subnet Mask Enter a Subnet Mask appropriate to your network.
Default GatewayEnter the Gateway IP Address of the neighboring device, if you know it. If you do
not, leave the Gateway IP Address field blank.
DNSDNS (Domain Name System) is for mapping a domain name to its corresponding
CancelClick Cancel to abort the setup wizard.
BackClick Back to return to the previous screen.
NextClick Next to continue.
IP address and vice versa. The DNS server is extremely important because
without it, you must know the IP address of a computer before you can access it.
Enter your DNS Server IP address here.
3.2.3 PPPoE Encapsulation
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an
IETF (Internet Engineering Task Force) draft standard specifying how a host personal
computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to
achieve access to high-speed data networks.
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for instance, Radius). For the user, PPPoE provides a login
and authentication method that the existing Microsoft Dial-Up Networking software can
activate, and therefore requires no new learning or procedures for Windows users.
31 Chapter 3 Wizard Setup
Page 32
ZyXELP-330W User’s Guide
One of the benefits of PPPoE is the ability to let end users access one of multiple network
services, a function known as dynamic service selection. This enables the service provider to
easily create and offer new IP services for specific users.
Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it
requires no specific configuration of the broadband modem at the subscriber’s site.
By implementing PPPoE directly on the P-330W (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the P-330W does that part
of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.
Refer to the appendix for more information on PPPoE.
Figure 6 Wizard 2: PPPoE Encapsulation
The following table describes the labels in this screen.
Table 5 Wizard 2: PPPoE Encapsulation
LABELDESCRIPTION
ISP Parameter for Internet Access
User NameType the user name given to you by your ISP.
Password Type the password associated with the user name above.
CancelClick Cancel to abort the setup wizard.
NextClick Next to continue.
BackClick Back to return to the previous screen.
3.2.4 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public
networks, such as the Internet.
Chapter 3 Wizard Setup32
Page 33
ZyXEL P-330W User’s Guide
Refer to the appendix for more information on PPTP.
Figure 7 Wizard 2: PPTP Encapsulation
Note: The P-330W supports one PPTP server connection at
any given time.
The following table describes the fields in this screen
Table 6 Wizard 2: PPTP Encapsulation
LABELDESCRIPTION
ISP Parameters for Internet Access
IP AddressType the (static) IP address assigned to you by your ISP.
IP Subnet MaskType the subnet mask assigned to you by your ISP.
Default GatewayType the default gateway assigned to you by your ISP.
Server IP AddressType the IP address of the PPTP server.
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
CancelClick Cancel to abort the setup wizard.
BackClick Back to return to the previous screen.
NextClick Next to continue.
3.2.5 L2TP Encapsulation
Layer Two Tunneling Protocol (L2TP) is a network protocol that enables transfers of data
from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/
IP-based networks.
33 Chapter 3 Wizard Setup
Page 34
Figure 8 Wizard 2: L2TP Encapsulation
ZyXELP-330W User’s Guide
The following table describes the fields in this screen
Table 7 Wizard 2: L2TP Encapsulation
LABELDESCRIPTION
Attain IP
Automatically
Set IP ManuallySelect this if your ISP has assigned you a fixed IP address.
IP AddressType the (static) IP address assigned to you by your ISP.
IP Subnet MaskType the subnet mask assigned to you by your ISP.
Default GatewayType the default gateway assigned to you by your ISP.
Server IP AddressType the IP address of the L2TP server.
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
CancelClick Cancel to abort the setup wizard.
BackClick Back to return to the previous screen.
NextClick Next to continue.
Select this if your ISP automatically assigns you an IP Address.
3.3 Wizard Setup: Screen 3
Set up the basics of your wireless LAN using the third wizard screen.
Chapter 3 Wizard Setup34
Page 35
ZyXEL P-330W User’s Guide
Figure 9 Wizard 3: Wireless LAN Basic Setup
The following table describes the labels in this screen.
Table 8 Wizard 3: Wireless LAN Basic Setup
LABELDESCRIPTION
BandChoose the operating mode of your wireless access point. 2.4Ghz (B+G) offers the
SSIDEnter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless
Channel
Number
Disable
Access Point
CancelClick Cancel to abort the setup wizard.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
greatest compatibility. 2.4 GHz (B) will only allow 802.11b clients to connect to the
wireless LAN. 2.4 GHz (G) will only allow 802.11g clients to connect to the wireless
LAN.
LAN.
If you change this field on the P-330W, make sure all wireless stations use the same
SSID in order to access the network.
To manually set the P-330W to use a channel, select a channel from the drop-down list
box.
Select this check box to disable the wireless LAN capabilities of your P-330W.
Note: The wireless stations and P-330W must use the same
SSID, channel ID and encryption key (if encryption is enabled)
for wireless communication
3.4 Wizard Setup: Screen 4
There are 5 different versions of this page depending on what method of encryption you want
to enable on your wireless LAN.
35 Chapter 3 Wizard Setup
Page 36
3.4.1 No Encryption
Choose None to allow the WLAN to operate without encryption. Warning: With no
encryption enabled anyone will be able to access your network and view any data you send
over the wireless LAN.
3.4.2 WEP Encryption
Choose WEP to setup WEP Encryption parameters.
Figure 10 Wizard 4: Wireless LAN Setup: WEP Security
ZyXELP-330W User’s Guide
The following table describes the labels in this screen.
Table 9 Wizard 4: Wireless LAN Setup: WEP Security
LABELDESCRIPTION
Key LengthSelect 64-bit WEP or 128-bit WEP data encryption.
Key FormatSelect ASCII in order to enter ASCII characters as the WEP keys.
Select Hex to enter hexadecimal characters as the WEP keys.
Default Tx Key This key refers to which key below will be used as the default key.
Key 1 to Key 4 The WEP keys are used to encrypt data. Both the P-330W and the wireless stations
must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
You must configure at least one key, only one key can be activated at any one time.
The default key is key 1.
Chapter 3 Wizard Setup36
Page 37
ZyXEL P-330W User’s Guide
Table 9 Wizard 4: Wireless LAN Setup: WEP Security
LABELDESCRIPTION
CancelClick Cancel to abort the setup wizard.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
3.4.3 WPA
Choose WPA security in the Wireless LAN Setup screen to set up a Pre-Shared Key using
TKIP or AES encryption.
Figure 11 Wizard 4: Wireless LAN Setup: WPA Security
The following table describes the labels in this screen.
Table 10 Wizard 4: Wireless LAN Setup: WPA Security
LABELDESCRIPTION
WPA FormatYou can choose to enter the pre-shared key manually in HEX format or use a
Pre-Shared
Key
CancelClick Cancel to abort the setup wizard.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
3.4.4 WPA2 (AES)
Choose WPA2 (AES) security in the Wireless LAN Setup screen to set up a Pre-Shared Key
using AES encryption.
passphrase. Note, many client devices only allow entry via passphrase.
For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.
37 Chapter 3 Wizard Setup
Page 38
Figure 12 Wizard 4: Wireless LAN Setup: WPA2 Security
The following table describes the labels in this screen.
Table 11 Wizard 4: Wireless LAN Setup: WPA2 Security
LABELDESCRIPTION
ZyXELP-330W User’s Guide
WPA FormatYou can choose to enter the pre-shared key manually in HEX format or use a
Pre-Shared
Key
CancelClick Cancel to abort the setup wizard.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
3.4.5 WPA2 Mixed
Choose WPA2 Mixed security in the Wireless LAN Setup screen to set up a Pre-Shared Key
using both TKIP and AES encryption. This allows both WPA and WPA2 clients to connect.
passphrase. Note, many client devices only allow entry via passphrase.
For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.
Chapter 3 Wizard Setup38
Page 39
ZyXEL P-330W User’s Guide
Figure 13 Wizard 4: Wireless LAN Setup: WPA2 Security
The following table describes the labels in this screen.
Table 12 Wizard 4: Wireless LAN Setup: WPA2 Security
LABELDESCRIPTION
WPA FormatYou can choose to enter the pre-shared key manually in HEX format or use a
Pre-Shared
Key
CancelClick Cancel to abort the setup wizard.
BackClick Back to display the previous screen.
NextClick Next to proceed to the next screen.
passphrase. Note, many client devices only allow entry via passphrase.
For Passphrase: Type from 8 to 63 case-sensitive ASCII characters.
For HEX: Type a 64 character hex key.
3.5 Basic Setup Complete
Click Finish to complete the wizard setup and save your configuration.
Well done! You have successfully set up your P-330W to operate on your network and access
the Internet
39 Chapter 3 Wizard Setup
Page 40
ZyXEL P-330W User’s Guide
CHAPTER 4
System Screens
This chapter provides information on the options configurable from the main System screens.
Figure 14 System Screen Menu Options
4.1 Setup Wizard
See the Setup Wizard chapter for more information on this selection.
4.2 Operation Mode
Click Operation Mode to open the Operation Mode screen.
Chapter 4 System Screens40
Page 41
ZyXEL P-330W User’s Guide
Figure 15 Operation Mode Setup
The following table describes the labels in this screen.
Table 13 System General Setup
LABELDESCRIPTION
GatewayThis is the standard operating mode. The P-330W takes on all the usual roles of
BridgeSelect this to turn your P-330W into a pure bridge, directly linking all computers
Wireless ISPIn this mode, the wireless LAN is disabled and instead the wireless module is acts
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
4.3 LAN Overview
Local Area Network (LAN) is a shared communication system to which many computers are
attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses,
and partition your physical network into logical networks.
a home router, including NAT, DHCP Server, and Firewall.
on your network to the WAN. In this mode, you have no protection from Internet
based threats.
as a client to connect to a Wireless ISP. All the normal router functions are
enabled.
41 Chapter 4 System Screens
Page 42
4.3.1 DHCP Setup
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual
clients to obtain TCP/IP configuration at start-up from a server. You can configure the P330W as a DHCP server or disable it. When configured as a server, the P-330W provides the
TCP/IP configuration for the clients. If DHCP service is disabled, you must have another
DHCP server on your LAN, or else the computer must be manually configured.
4.3.2 IP Pool Setup
The P-330W is pre-configured with a pool of 33 IP addresses starting from 192.168.10.33 to
192.168.10.65. This configuration leaves 32 IP addresses (excluding the P-330W itself) in the
lower range for other server computers, for instance, servers for mail, FTP, TFTP, web, etc.,
that you may have.
4.3.3 System DNS Servers
Refer to the IP Address and Subnet Mask section in the Setup Wizard chapter.
ZyXEL P-330W User’s Guide
4.3.4 LAN TCP/IP
The P-330W has built-in DHCP server capability that assigns IP addresses and DNS servers to
systems that support DHCP client capability.
4.3.5 Factory LAN Defaults
The LAN parameters of the P-330W are preset in the factory with the following values:
• IP address of 192.168.10.1 with subnet mask of 255.255.255.0 (24 bits)
• DHCP server enabled with 33 client IP addresses starting from 192.168.10.33.
These parameters should work for the majority of installations. If your ISP gives you explicit
DNS server address(es), read the embedded web configurator help regarding what fields need
to be configured.
4.3.6 IP Address and Subnet Mask
Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this
information.
4.3.7 Configuring IP
Click LAN to open the IP screen.
Chapter 4 System Screens42
Page 43
ZyXEL P-330W User’s Guide
Figure 16 LAN IP Setup
The following table describes the labels in this screen.
Table 14 LAN IP Setup
LABELDESCRIPTION
IP AddressType the IP address of your P-330W in dotted decimal notation 192.168.10.1
IP Subnet MaskThe subnet mask specifies the network number portion of an IP address. Your P-
DHCP Client Range This field specifies the contiguous addresses in the IP address pool.
Show DHCP ClientPush this button opens a new window which will show you a list of the clients that
MAC AddressType the MAC address of computer which you want to assign specific IP on you
Lease IP AddressType the IP address that you want to assign the computer on your LAN.
SaveClick Apply to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
(factory default).
330W will automatically calculate the subnet mask based on the IP address that
you assign. Unless you are implementing subnetting, use the subnet mask
computed by the P-330W 255.255.255.0.
individual clients (computers) to obtain TCP/IP configuration at startup from a
server. Choose Server box selected unless your ISP instructs you to do
otherwise. Choose Disabled the P-330W acting as a DHCP server. When
configured as a server, the P-330W provides TCP/IP configuration for the clients.
If not, DHCP service is disabled and you must have another DHCP server on
your LAN, or else the computers must be manually configured. When set as a
server, fill in the following four fields.
have recieved an IP address from the internal DHCP server.
LAN.
43 Chapter 4 System Screens
Page 44
4.4 Configuring Password
To change your P-330W’s password (recommended), click the Password tab. The screen
appears as shown. This screen allows you to change the P-330W’s password.
Figure 17 Password
The following table describes the labels in this screen.
Table 15 Password
ZyXEL P-330W User’s Guide
LABELDESCRIPTION
New PasswordType the new password in this field. The password is case sensitive and may
Confirmed PasswordType the new password again in this field.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
4.5 Status Screen
Click STATUS to open the Status screen, which you can use to monitor your P-330W. Note
that these fields are READ-ONLY and only for diagnostic purposes.
be up to 36 characters long.
Chapter 4 System Screens44
Page 45
ZyXEL P-330W User’s Guide
Figure 18 Status
The following table describes the labels in this screen.
Table 16 Status
LABELDESCRIPTION
Connection
Method
Internet IP Address This is the WAN port IP address.
Connection Details This button opens a new window that provides you with more detail on the WAN
LAN
IP AddressThis is the LAN port IP address.
IP Subnet MaskThis is the LAN port subnet mask.
DHCP ServerThis is the LAN port DHCP role - Server (ON) or Disabled.
System
Firmware VersionDisplays the current version number of the firmware on the P-330W.
System DataProvides a greater level of detail on your current system configuration.
Refresh ScreenCauses the P-330W to refresh the screen with the latest information.
This is the method you have selected for connection to the Internet. You can
change it using the Setup Wizard.
connection.
45 Chapter 4 System Screens
Page 46
This chapter discusses how to configure the Wireless screens on the P-330W.
5.1 Wireless LAN Overview
This section introduces the wireless LAN(WLAN) and some basic scenarios.
5.1.1 IBSS
An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest
WLAN configuration. An IBSS is defined as two or more computers with wireless adapters
within range of each other that from an independent (wireless) network without the need of an
access point (AP).
ZyXEL P-330W User’s Guide
CHAPTER 5
Wireless
Figure 19 IBSS (Ad-hoc) Wireless LAN
5.1.2 BSS
A Basic Service Set (BSS) exists when all communications between wireless stations or
between a wireless station and a wired network client go through one access point (AP).
Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS is enabled,
wireless station A and B can access the wired network and communicate with each other.
When Intra-BSS is disabled, wireless station A and B can still access the wired network but
cannot communicate with each other.
Chapter 5 Wireless46
Page 47
ZyXEL P-330W User’s Guide
Figure 20 Basic Service set
5.1.3 ESS
An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an
access point, with each access point connected together by a wired network. This wired
connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification)
uniquely identifies each ESS. All access points and their associated wireless stations within
the same ESS must have the same ESSID in order to communicate.
47 Chapter 5 Wireless
Page 48
Figure 21 Extended Service Set
ZyXEL P-330W User’s Guide
5.1.4 RTS/CTS
A hidden node occurs when two stations are within range of the same access point, but are not
within range of each other. The following figure illustrates a hidden node. Both stations (STA)
are within range of the access point (AP) or wireless gateway, but out-of-range of each other,
so they cannot “hear” each other, that is they do not know if the channel is currently being
used. Therefore, they are considered hidden from each other.
Figure 22 RTS/CTS
When station A sends data to the P-330W, it might not know that station B is already using the
channel. If these two stations send data at the same time, collisions may occur when both sets
of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Chapter 5 Wireless48
Page 49
ZyXEL P-330W User’s Guide
5.2 Configuring Wireless
Note: If you are configuring the P-330W from a computer
connected to the wireless LAN and you change the P-330W’s
SSID or WEP settings, you will lose your wireless connection
when you press Save. You must then change the wireless
settings of your computer to match the P-330W’s new settings.
Click the WIRELESS link to open the Wireless Options screen.
Figure 23 The Wireless Options Screen
5.3 Basic Settings
Click BASIC SETTINGS to configure the basic settings of your wireless LAN.
49 Chapter 5 Wireless
Page 50
ZyXEL P-330W User’s Guide
Figure 24 Wireless: Basic Settings
The following table describes the basic wireless LAN labels in this screen.
Table 17 Wireless: Basic Settings
LABELDESCRIPTION
Disable Access
Point
BandChoose the operating mode of your wireless access point. 2.4Ghz (B+G) offers the
ModeMode allows you to change the wireless behavior of the P-330W. AP allows wireless
Network TypeUsed when operating in Client mode. This allows you to switch between
SSID(Service Set IDentity) The SSID identifies the Service Set with which a wireless
Select this check box to disable the wireless LAN capabilities of your P-330W.
greatest compatibility. 2.4 GHz (B) will only allow 802.11b clients to connect to the
wireless LAN. 2.4 GHz (G) will only allow 802.11g clients to connect to the wireless
LAN.
clients to connect to the P-330W. Client mode activates the Wireless ISP mode of
the router. Use this mode to connect to a WISP or metro-area wireless network.
Infrastructure and Ad Hoc networking modes.
station is associated. Wireless stations associating to the access point (AP) must
have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII
characters) for the wireless LAN.
Note: If you are configuring the P-330W from a computer connected
to the wireless LAN and you change the P-330W’s SSID or WEP
settings, you will lose your wireless connection when you press Apply
to confirm. You must then change the wireless settings of your
computer to match the P-330W’s new settings.
Channel
Number
Associated
Clients
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
To manually set the P-330W to use a channel, select a channel from the drop-down
list box.
Click Show Active Clients to be shown a list of wireless clients currently connected
to the Wireless LAN
Chapter 5 Wireless50
Page 51
ZyXEL P-330W User’s Guide
5.4 Wireless Advanced Settings
Click ADVANCED SETTINGS to configure the advanced settings of your wireless LAN.
5.4.1 Authentication
Three different methods can be used to authenticate wireless stations to the network: Open
System, Shared Key, and Auto. The following figure illustrates the steps involved.
Figure 25 WEP Authentication Steps
Open system authentication involves an unencrypted two-message procedure. A wireless
station sends an open system authentication request to the AP, which will then automatically
accept and connect the wireless station to the network. In effect, open system is not
authentication at all as any station can gain access to the network.
Shared key authentication involves a four-message procedure. A wireless station sends a
shared key authentication request to the AP, which will then reply with a challenge text
message. The wireless station must then use the AP’s default WEP key to encrypt the
challenge text and return it to the AP, which attempts to decrypt the message using the AP’s
default WEP key. If the decrypted message matches the challenge text, the wireless station is
authenticated.
51 Chapter 5 Wireless
Page 52
When your P-330W's authentication method is set to open system, it will only accept open
system authentication requests. The same is true for shared key authentication. However,
when it is set to auto authentication, the P-330W will accept either type of authentication
request and the P-330W will fall back to use open authentication if the shared key does not
match.
5.4.2 Preamble Type
A preamble is used to synchronize the transmission timing in your wireless network. There are
two preamble modes: Long and Short.
Short preamble takes less time to process and minimizes overhead, so it should be used in a
good wireless network environment when all wireless clients support it.
Select Long if you have a ‘noisy’ network or are unsure of what preamble mode your wireless
clients support as all IEEE 802.11b compliant wireless adapters must support long preamble.
However, not all wireless adapters support short preamble. Use long preamble if you are
unsure what preamble mode the wireless adapters support, to ensure interpretability between
the P-330W and the wireless stations and to provide more reliable communication in ‘noisy’
networks..
ZyXEL P-330W User’s Guide
Note: The P-330W and the wireless stations MUST use the
same preamble mode in order to communicate.
Figure 26 Wireless: Advanced Settings
The following table describes the advanced wireless LAN labels in this screen.
Table 18 Wireless: Advanced Settings
LABELDESCRIPTION
Authentication
Type
Preamble Type Select a preamble type from the drop-down list menu. Choices are Long or Short.
Chapter 5 Wireless52
Select Auto, Open System or Shared Key from the menu..
The default setting is Long.
Page 53
ZyXEL P-330W User’s Guide
Table 18 Wireless: Advanced Settings
LABELDESCRIPTION
Broadcast SSID Select this to hide the SSID in the outgoing beacon frame so a station cannot obtain
IAPPUsed in a multiple AP environment where 802.1x is used for authentication.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
5.5 Site Survey
Click Site Survey to scan the wireless network. If any Access Point or IBSS is found, you
could choose to connect it when P330’s wireless mode is set to Client mode.
Figure 27 Wireless: Site Survey
the SSID through passive scanning using a site survey tool.
5.6 Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless
stations, access points and the wired network.
The figure below shows the possible wireless security levels. EAP (Extensible Authentication
Protocol) is used for authentication and utilizes dynamic WEP key exchange. It requires
interaction with a RADIUS (Remote Authentication Dial-In User Service) server either on the
WAN or your LAN to provide authentication service for wireless stations.
53 Chapter 5 Wireless
Page 54
ZyXEL P-330W User’s Guide
Figure 28 P-330W Wireless Security Levels
If you do not enable any wireless security on your P-330W, your network is accessible to any
wireless networking device that is within range.
Select NONE for Encryption to allow wireless stations to communicate with the access
points without any data encryption.
Chapter 5 Wireless54
Page 55
ZyXEL P-330W User’s Guide
Figure 29 Wireless Security Setup: No Security
The following table describes the labels in this screen.
Table 19 Wireless Security Setup: No Security
LABELDESCRIPTION
EncryptionChoose None from the drop-down list box.
Use 802.1x
Authentication
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
Mark this check box to enable 802.1x security using an external RADIUS server.
Data will not be encrypted, however wireless clients will be required to authenticate
before they are allowed to pass traffic to the network. Both the client and the
RADIUS server will need to support the same EAP protocols.
55 Chapter 5 Wireless
Page 56
5.7 Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. You enter manual keys by first
selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the
keys (in ASCII or hexadecimal format) in the key text boxes. MAC address filters are not
dependent on how you configure these security features.
Table 20 Wireless Security Relational Matrix
ZyXEL P-330W User’s Guide
AUTHENTICATION METHOD/
KEY MANAGEMENT
PROTOCOL
Open NoneNoDisabled
OpenWEPNoEnable with 802.1x
SharedWEP NoEnable with 802.1x
WPA TKIPNoEnable
WPA-PSK TKIPYe sDisabled
WPA2AESNoEnable
WPA2-PSKAESYe sDisabled
WPA2-MixedAES & TKIPNoEnable
WPA2-Mixed PSKAES & TKIPYe sDisabled
5.7.1 WEP Overview
WEP (Wired Equivalent Privacy) as specified in the IEEE 802.11 standard provides methods
for both data encryption and wireless station authentication.
ENCRYPTION
METHOD
ENTER
MANUAL KEY
YesDisabled
YesDisable
IEEE 802.1X
5.7.2 Data Encryption
WEP provides a mechanism for encrypting data using encryption keys. Both the AP and the
wireless stations must use the same WEP key to encrypt and decrypt data. Your P-330W
allows you to configure up to four 64-bit or 128-bit WEP keys, but only one key can be
enabled at any one time.
5.7.3 Configuring WEP Encryption
In order to configure and enable WEP encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select Static WEP from the
Encryption list.
Chapter 5 Wireless56
Page 57
ZyXEL P-330W User’s Guide
Figure 30 Wireless Security Setup: WEP Encryption
The following table describes the wireless LAN security labels in this screen
Set WEP KeyClick this to configure WEP without 802.1x.
Use 802.1x
Authentication
WEP
Encryption
Authentication RADIUS Server
PortThe port number on the RADIUS server.
IP Address
Password
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
Mark the check box here to use 802.1x authentication.
Select 64-bit WEP or 128-bit WEP. Used only when using 802.1x authentication.
Enter the IP address of the RADIUS server.
Enter the password (shared secret) for the RADIUS server.
Click SET WEP KEY to configure WEP encryption.
57 Chapter 5 Wireless
Page 58
Figure 31 Wireless Security Setup: WEP Encryption
ZyXEL P-330W User’s Guide
The following table describes the wireless LAN security labels in this screen
Table 22 Wireless Security Setup: WEP Encryption
LABELDESCRIPTION
Key LengthSelect 64-bit WEP or 128-bit WEP.
Key FormatASCII: Select this option in order to enter ASCII characters as WEP key.
Hex: Select this option in order to enter hexadecimal characters as a WEP key.
Default Tx KeyYou must configure at least one key, only one key can be activated at any one time.
Encryption Key
1 to 4
PassphraseEnter a Passphrase (up to 32 printable characters) and clicking Generate WEP KEY.
SaveClick Save to save your changes back to the P-330W.
CloseClick Close to close this window.
ResetClick Reset to reload the previous configuration for this screen.
The default key is key 1.
The WEP keys are used to encrypt data. Both the P-330W and the wireless stations
must use the same WEP key for data transmission.
If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal
characters ("0-9", "A-F").
If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal
characters ("0-9", "A-F").
The P-330W automatically generates a WEP key.
Chapter 5 Wireless58
Page 59
ZyXEL P-330W User’s Guide
5.7.4 Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
Key differences between WPA and WEP are user authentication and improved data
encryption.
5.7.4.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using
appendices for more information on IEEE 802.1x, RADIUS and EAP. Your wireless client
will need to be able to support 802.1x authentication to use RADIUS authentication.
Therefore, if you don’t have an external RADIUS server you should use WPA-PSK (WPA Pre-Shared Key) that only requires a single (identical) password entered into each access
point, wireless gateway and wireless client. As long as the passwords match, a client will be
granted access to a WLAN.
5.7.4.2 Encryption
an external RADIUS database. See later in this chapter and the
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice.
AP that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function
in which the receiver and the transmitter each compute and then compare the MIC. If they do
not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi
network than WEP, making it difficult for an intruder to break into the network.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs an easier-touse, consistent, single, alphanumeric password.
59 Chapter 5 Wireless
Page 60
5.7.4.3 WPA-PSK Application Example
A WPA-PSK application looks as follows.
1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key
(PSK) must consist of between 8 and 63 ASCII characters (including spaces and
symbols).
2 The AP checks each client’s password and (only) allows it to join the network if it
matches its password.
3 The AP derives and distributes keys to the wireless clients.
4 The AP and wireless clients use the TKIP encryption process to encrypt data exchanged
between them.
Figure 32 WPA - PSK Authentication
ZyXEL P-330W User’s Guide
5.7.5 Introduction to WPA2
WPA2 is based on the same 802.11i spec as WPA. The primary difference between WPA and
WPA2 is that WPA2 uses AES encryption in places of TKIP. Like WPA, WPA2 can function
either using a pre-shared key or by using a RADIUS server to perform authentication. WPA2
also offers a mixed mode which allows WPA clients to authenticate and use TKIP encryption
while still allowing WPA2 clients to use AES. Configuration of WPA2 is the same as WPA.
5.7.6 Configuring WPA-PSK Authentication
In order to configure and enable WPA-PSK encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select WPA (TKIP) from the
Encryption list. Select PERSONAL under WPA Encryption Mode.
Chapter 5 Wireless60
Page 61
ZyXEL P-330W User’s Guide
Figure 33 Wireless Security Setup: WPA-PSK
The following table describes the labels in this screen.
Table 23 Wireless Security Setup: WPA-PSK
LABELDESCRIPTION
EncryptionChoose WPA from the drop-down list box for TKIP encryption.
Choose WPA2 (AES) from the drop-down list box to use WPA2’s AES encryption.
Choose WPA2 Mixed from the drop-down list box to allow both TKIP or AES
encryption.
WPA
Authentication
Mode
WPA FormatChoose whether to enter the PSK by either Passphrase or Hex key.
Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same. The only
Group Key Life
TIme
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
Choose Personal to enable PSK mode.
difference between the two is that WPA-PSK uses a simple common password,
instead of user-specific credentials.
Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including
spaces and symbols) or 64 hex characters.
The Group Key Life Time is the rate at which the AP sends a new group key out
to all clients. The re-keying process is the WPA equivalent of automatically
changing the WEP key for an AP and all stations in a WLAN on a periodic basis.
61 Chapter 5 Wireless
Page 62
5.7.7 Introduction to RADIUS
RADIUS is based on a client-sever model that supports authentication and accounting, where
access point is the client and the server is the RADIUS server. The RADIUS server handles
the following tasks among others:
• Authentication
Determines the identity of the users.
• Accounting
Keeps track of the client’s network activity.
RADIUS user is a simple package exchange in which your P-330W acts as a message relay
between the wireless station and the network RADIUS server.
5.7.7.1 Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user authentication:
ZyXEL P-330W User’s Guide
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
5.7.7.2 Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access
point sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the
RADIUS server for user accounting:
5.7.7.3 Accounting-Request
Sent by the access point requesting accounting.
5.7.7.4 Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
Chapter 5 Wireless62
Page 63
ZyXEL P-330W User’s Guide
In order to ensure network security, the access point and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
wired network from unauthorized access.
5.7.7.5 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server or the AP. The P-330W
supports EAP-TLS, EAP-TTLS and PEAP with RADIUS. Refer to the Types of EAP Authentication appendix for descriptions on the four common types.
Your P-330W supports EAP-MD5 (Message-Digest Algorithm 5) with RADIUS.
The following figure shows an overview of authentication when you specify a RADIUS server
on your access point.
Figure 34 EAP Authentication
The details below provide a general description of how IEEE 802.1x EAP authentication
works. For an example list of EAP-MD5 authentication steps, see the IEEE 802.1x appendix.
1 The wireless station sends a “start” message to the P-330W.
2 The P-330W sends a “request identity” message to the wireless station for identity
information.
3 The wireless station replies with identity information, including username and password.
4 The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.
5.7.7.6 WPA with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA application example with an external RADIUS server looks
as follows. “A” is the RADIUS server. “DS” is the distribution system.
1 The AP passes the wireless client’s authentication request to the RADIUS server.
63 Chapter 5 Wireless
Page 64
ZyXEL P-330W User’s Guide
2 The RADIUS server then checks the user's identification against its database and grants
or denies network access accordingly.
3 The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients.
Figure 35 WPA with RADIUS Application Example
5.7.8 Configuring WPA Authentication
In order to configure and enable WPA encryption; click the SECURITY link under
WIRELESS to display the Wireless Security screen. Select the mode (WPA, WPA2, WPA2
Mixed) from the Encryption list. Select ENTERPRISE under WPA Encryption Mode.
Chapter 5 Wireless64
Page 65
ZyXEL P-330W User’s Guide
Figure 36 Wireless Security Setup: WPA With RADIUS
The following table describes the labels in this screen.
Table 24 Wireless Security Setup: WPA
LABELDESCRIPTION
EncryptionChoose WPA from the drop-down list box for TKIP encryption.
Choose WPA2 (AES) from the drop-down list box to use WPA2’s AES
encryption.
Choose WPA2 Mixed from the drop-down list box to allow both TKIP or AES
encryption.
WPA Group Key
Update Timer
Authentication Server
IP AddressEnter the IP address of the external authentication server in dotted decimal
PortEnter the port number of the external authentication server. The default port
The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management)
sends a new group key out to all clients. The re-keying process is the WPA
equivalent of automatically changing the WEP key for an AP and all stations in a
WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also
supported in WPA-PSK mode. The P-330W default is 1800 seconds (30
minutes).
notation.
number is 1812.
You need not change this value unless your network administrator instructs you
to do so with additional information.
65 Chapter 5 Wireless
Page 66
Table 24 Wireless Security Setup: WPA
LABELDESCRIPTION
ZyXEL P-330W User’s Guide
Password
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
5.8 WDS Settings
The WDS (Wireless Distribution System) allows you to configure the P-330W to connect two
or more APs via wireless when P330’s wireless mode is set to WDS or AP+WDS mode. An
AP using WDS can function as a wireless network bridge allowing you to wirelessly connect
two wired network segments.
Figure 37 Wireless: WDS Settings
Enter a password (up to 31 alphanumeric characters) as the key to be shared
between the external authentication server and the P-330W.
The key must be the same on the external authentication server and your P330W. The key is not sent over the network.
The following table describes the labels in this screen.
Table 25 Wireless: WDS Settings
LABELDESCRIPTION
Enable WDSSelect this check box to enable the WDS.
MAC AddressEnter the MAC addresses of the neighboring AP(s) that particapates in the
WDS. Enter the MAC addresses in a valid MAC address format, that is, six
hexadecimal character pairs, for example, 001349556677.
CommentEnter in a descriptive name so you know which device the MAC address is
associated with.
Chapter 5 Wireless66
Page 67
ZyXEL P-330W User’s Guide
Table 25 Wireless: WDS Settings
LABELDESCRIPTION
Set SecurityClick Set Security to set up the wireless security for WDS. When enabled,
please make sure each WDS device has adopted the same encryption
algorithm and key.
Show StatisticsClick Show Statistics to show the WDS connection status.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
Current WDS AP List
Delete SelectedClick this button to delete selected WDS AP from the WDS AP list.
Delete AllClick this button to delete all WDS AP from the WDS AP list.
5.9 Wireless Trusted Stations
The Trusted Stations screen allows you to configure the P-330W to give exclusive access to up
to 20 devices. Every Ethernet device has a unique MAC (Media Access Control) address. The
MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for
example, 00:A0:C5:00:00:02. You need to know the MAC address of the devices to configure
this screen.
To change your P-330W’s Trusted Stations settings, click the WIRELESS link, then the
Trusted Stations link. The screen appears as shown.
67 Chapter 5 Wireless
Page 68
Figure 38 Wireless: Trusted Stations MAC Address Filter
The following table describes the labels in this menu.
ZyXEL P-330W User’s Guide
Table 26 Wireless: Trusted Stations MAC Address Filter
LABELDESCRIPTION
Wireless
Access
Control Mode
MAC Address
Description
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to reload the previous configuration for this screen.
Current Access Control List
Delete
Selected
Delete AllClick this button to delete all clients from the trusted station list.
Select Allow Listed from the drop down list box to enable MAC address filtering.
Enter the MAC addresses of the wireless station that are allowed or denied access to
the P-330W in these address fields. Enter the MAC addresses in a valid MAC address
format, that is, six hexadecimal character pairs, for example, 123456789abc.
Enter in a descriptive name so you know which device the MAC address is associated
with.
Click this button to delete selected clients from the trusted station list.
Chapter 5 Wireless68
Page 69
ZyXEL P-330W User’s Guide
69 Chapter 5 Wireless
Page 70
ZyXEL P-330W User’s Guide
CHAPTER 6
Advanced Options
This chapter covers the options available under the ADVANCED section of the menu.
Figure 39 The Advanced Menu Options
6.1 Access Control
This screen allows you to block access to specified Internet services based on port number
used. This can be used restrict Internet access to only certain applications or to block
applications you feel may be harmful.
To change your P-330W’s Access Controls, click ADVANCED, then the Access Control
link. The screen appears as shown.
Chapter 6 Advanced Options70
Page 71
ZyXEL P-330W User’s Guide
Figure 40 Advanced: Access Control
The following table describes the labels in this screen.
Table 27 Advanced: Access Control
LABELDESCRIPTION
Enable Access Control Check this box to enable Access Controls.
Select Services to
Block
Port RangeEnter in a range of ports to block.
ProtocolChoose to block either TCP, UDP, or Both.
DescriptionGive the rule you have created an easy to identify name.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.2 Dynamic DNS
Dynamic DNS allows you to update your current dynamic IP address with one or many
dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You
can also access your FTP server or Web site on your own computer using a domain name (for
instance myhost.dhs.org, where myhost is a name of your choice) that will never change
instead of using an IP address that changes each time you reconnect. Your friends or relatives
will always be able to call you even if they don't know your IP address.
The P-330W comes preconfigured with settings for many common services.
You can choose one to activate from the pull down menu.
71 Chapter 6 Advanced Options
Page 72
First of all, you need to have registered a dynamic DNS account with either www.dyndns.org
or www.tzo.com. This is for people with a dynamic IP from their ISP or DHCP server that
would still like to have a domain name. The Dynamic DNS service provider will give you a
password or key.
Note: If you have a private WAN IP address, then you cannot
use Dynamic DNS.
6.3 Configuring Dynamic DNS
To change your P-330W’s DDNS, click ADVANCED then the Dynamic DNS link. The
screen appears as shown.
Figure 41 Advanced: Dynamic DNS
ZyXEL P-330W User’s Guide
The following table describes the labels in this screen.
Table 28 Advanced: Dynamic DNS
LABELDESCRIPTION
Enable DDNSSelect this check box to use dynamic DNS.
Service ProviderSelect the name of your Dynamic DNS service provider.
Domain NameEnter the host names in the field provided.
User NameEnter your user name.
PasswordEnter the password assigned to you.
ResultTells you the current result from trying to register your IP address with the
DDNS provider.
Chapter 6 Advanced Options72
Page 73
ZyXEL P-330W User’s Guide
Table 28 Advanced: Dynamic DNS
LABELDESCRIPTION
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.4 DMZ
If the DMZ Host Function is enabled, it means that you set up DMZ host at a particular
computer to be exposed to the Internet so that some applications/software, especially Internet /
online game can have two-way connections. A device acting as DMZ is not protected by the P330W’s firewall.
To enable DMZ, click ADVANCED then the DMZ link. The screen appears as shown.
Figure 42 Advanced: DMZ
The following table describes the labels in this screen.
Table 29 Advanced: DMZ
LABELDESCRIPTION
Enable DMZSelect this check box to enable DMZ.
Host IP AddressEnter the IP address of the device you which to be accessible from the
Internet.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.5 Virtual Servers (Port Forwarding)
The Virtual Server function is a list of inside (behind NAT on the LAN) servers, for example,
web or FTP, that you can make visible to the outside world even though NAT makes your
whole inside network appear as a single computer to the outside world.
73 Chapter 6 Advanced Options
Page 74
ZyXEL P-330W User’s Guide
You may enter a single port number or a range of port numbers to be forwarded, and the local
IP address of the desired server. The port number identifies a service; for example, web
service is on port 80 and FTP on port 21. In some cases, such as for unknown services or
where one server can support more than one service (for example both FTP and web service),
it might be better to specify a range of port numbers. You can allocate a server IP address that
corresponds to a port or a range of ports.
Many residential broadband ISP accounts do not allow you to run any server processes (such
as a Web or FTP server) from your location. Your ISP may periodically check for servers and
may suspend your account if it discovers any active services at your location. If you are
unsure, refer to your ISP.
The most often used port numbers are shown in the following table. Please refer to RFC 1700
for further information about port numbers. .
Table 30 Services and Port Numbers
SERVICESPORT NUMBER
ECHO7
FTP (File Transfer Protocol)21
SMTP (Simple Mail Transfer Protocol)25
DNS (Domain Name System)53
Finger79
HTTP (Hyper Text Transfer protocol or WWW, Web)80
POP3 (Post Office Protocol)110
NNTP (Network News Transport Protocol)119
SNMP (Simple Network Management Protocol)161
SNMP trap162
PPTP (Point-to-Point Tunneling Protocol)1723
6.5.0.1 Configuring Servers Behind SUA (Example)
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the
example), port 80 to another (B in the example) and assign a default server IP address of
192.168.10.35 to a third (C in the example). You assign the LAN IP addresses and the ISP
assigns the WAN IP address. The NAT network appears as a single host on the Internet
Chapter 6 Advanced Options74
Page 75
ZyXEL P-330W User’s Guide
Figure 43 Multiple Servers Behind NAT Example
6.5.1 Configuring Virtual Servers
To configure Virtual Server, click ADVANCED then the VIRTUAL SERVERS link. The
screen appears as shown.
Figure 44 Advanced: Virtual Servers
The following table describes the labels in this screen.
Table 31 Advanced: Virtual Servers
LABELDESCRIPTION
Enable Virtual
Servers
ServersBy selection an option in the pull down menu, the P-330W will automatically
75 Chapter 6 Advanced Options
Put a check in the box to enable Virtual Servers
populate the settings for the corresponding service.
Page 76
Table 31 Advanced: Virtual Servers
LABELDESCRIPTION
ZyXEL P-330W User’s Guide
Local IP
Address
ProtocolYou can select to forward TCP, UDP, or both type of traffic.
NameEnter a name to identify this port-forwarding rule.
Port RangeEnter a port number here. To forward only one port, enter it again in the End Port
DescriptionEnter in a description for this Virtual Server.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Enter the inside IP address of the server here.
field. To specify a range of ports, enter the last port to be forwarded in the End Port
field.
6.6 Special Applications
Some Internet applications (such as video conferencing and Internet games) require multiple
connections between the clients and the server. These applications do not work through NATenabled networks. You P-330W is a NAT-enabled device. In order to allow these applications
to work in your network, you have to configure the P-330W to forward these applications to
ports on a computer hosting that service.
To set the P-330W to forward applications to allowed ports, click ADVANCED and the Special Applications link. The screen appears as shown.
Chapter 6 Advanced Options76
Page 77
ZyXEL P-330W User’s Guide
Figure 45 Advanced: Special Applications
The following table describes the labels in this screen.
Table 32 Advanced: Special Applications
LABELDESCRIPTION
EnablePut a check in this box next to the ALG rule you want to activate.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.7 WAN Port
To change your P-330W’s WAN ISP settings, click ADVANCED, then the WA N link. The
screen differs by the encapsulation.
6.7.1 Static IP Encapsulation
The screen shown next is for Static IP encapsulation.
77 Chapter 6 Advanced Options
Page 78
Figure 46 Advanced: WAN Static IP Encapsulation
ZyXEL P-330W User’s Guide
The following table describes the labels in this screen.
Table 33 Advanced: WAN Static IP Encapsulation
LABELDESCRIPTION
WAN Access TypeYou must choose the Static IP option when the WAN port is used as a regular
IP AddressEnter your WAN IP address in this field.
My WAN IP Subnet
Mask
DNS 1 - 3Enter in your ISP’s DNS server IP address here. You must enter in 1.
Clone MAC
Address
Respond to WAN
Ping
Enable UPnPUPnP (Universal Plug and Play) allows automatic discovery and configuration of
IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN
PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN
L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN
Ethernet with a fixed IP address.
Type your network's IP subnet Mask.
Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.
Put a check in this box to reply to ping packets.
the Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a
check in this box to allow the router configuration to be changed by UPnP devices.
connections to servers on the Internet.
connections to servers on the Internet.
connections to servers on the Internet.
Chapter 6 Advanced Options78
Page 79
ZyXEL P-330W User’s Guide
Table 33 Advanced: WAN Static IP Encapsulation
LABELDESCRIPTION
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.7.2 DHCP IP Encapsulation
The screen shown next is for DHCP IP encapsulation.
Figure 47 Advanced: WAN DHCP IP Encapsulation
The following table describes the labels in this screen.
Table 34 Advanced: WAN DHCP IP Encapsulation
LABELDESCRIPTION
WAN Access TypeYou must choose the DHCP Client option when the WAN port is used as a regular
Ethernet using DHCP to be assigned an IP address.
Attain DNS
Automatically
Set DNS ManuallyUse this if your ISP does not assign a DNSP server when it assigns you an IP
DNS 1 - 3Enter in your ISP’s DNS server IP address here. You must enter in 1.
Clone MAC
Address
Respond to WAN
Ping
79 Chapter 6 Advanced Options
Select this if your ISP assigns you a DNS server at the same time it assigns you
an IP Address.
address.
Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.
Put a check in this box to reply to ping packets.
Page 80
Table 34 Advanced: WAN DHCP IP Encapsulation
LABELDESCRIPTION
Enable UPnPUPnP (Universal Plug and Play) allows automatic discovery and configuration of
the Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a
check in this box to allow the router configuration to be changed by UPnP devices.
IPSec Passthrough Put a check in this box to enable computers on your LAN to make IPSec VPN
connections to servers on the Internet.
PPTP Passthrough Put a check in this box to enable computers on your LAN to make PPTP VPN
connections to servers on the Internet.
L2TP Passthrough Put a check in this box to enable computers on your LAN to make L2TP VPN
connections to servers on the Internet.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
6.7.3 PPPoE Encapsulation
The P-330W supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft
standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband
modem (DSL, cable, wireless, etc.) connection. The PPP over Ethernet option is for a dialup connection using PPPoE.
ZyXEL P-330W User’s Guide
For the service provider, PPPoE offers an access and authentication method that works with
existing access control systems (for example Radius). PPPoE provides a login and
authentication method that the existing Microsoft Dial-Up Networking software can activate,
and therefore requires no new learning or procedures for Windows users.
One of the benefits of PPPoE is the ability to let you access one of multiple network services,
a function known as dynamic service selection. This enables the service provider to easily
create and offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires
no specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the P-330W (rather than individual computers), the
computers on the LAN do not need PPPoE software installed, since the P-330W does that part
of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
The screen shown next is for PPPoE encapsulation.
Chapter 6 Advanced Options80
Page 81
ZyXEL P-330W User’s Guide
Figure 48 Advanced: WAN PPPoE Encapsulation
The following table describes the labels in this screen.
Table 35 PPPoE Encapsulation
LABELDESCRIPTION
WAN Access
Type
User NameType the User Name given to you by your ISP.
PasswordType the password associated with the User Name above.
Service NameType the PPPoE service name provided to you. PPPoE uses a service name to
Connection TypeSelect Continuous if you do not want the connection to time out.
Idle TimeThe amount of time before the PPPoE session times out and drops connection.
MTU SizeEnter in the maximum MTU (packet size) here.
Attain DNS
Automatically
You must choose the PPPoE option when the WAN port is used with PPPoE.
identify and reach the PPPOE server.
Select Connect On Demand if you want to only connect when you are sending
data.
Select Manual if you do not want manually log the P-330W in via the GUI.
Select this if your ISP assigns you a DNS server at the same time it assigns you an
IP Address.
81 Chapter 6 Advanced Options
Page 82
Table 35 PPPoE Encapsulation
LABELDESCRIPTION
ZyXEL P-330W User’s Guide
Set DNS
Manually
DNS 1 - 3Enter in your ISP’s DNS server IP address here. You must enter in 1.
Clone MAC
Address
Respond to WAN
Ping
Enable UPnPUPnP (Universal Plug and Play) allows automatic discovery and configuration of the
IPSec
Passthrough
PPTP
Passthrough
L2TP
Passthrough
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Use this if your ISP does not assign a DNSP server when it assigns you an IP
address.
Your ISP may require a particular MAC address in order for you to connect to the
Internet. This MAC address is the PC’s MAC address that your ISP had originally
connected your Internet connection to. Type in this Clone MAC address in this
section to replace the WAN MAC address with the MAC address of that PC.
Put a check in this box to reply to ping packets.
Wireless Router. UPnP is by supported by Windows ME, XP, or later. Put a check
in this box to allow the router configuration to be changed by UPnP devices.
Put a check in this box to enable computers on your LAN to make IPSec VPN
connections to servers on the Internet.
Put a check in this box to enable computers on your LAN to make PPTP VPN
connections to servers on the Internet.
Put a check in this box to enable computers on your LAN to make L2TP VPN
connections to servers on the Internet.
6.7.4 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.
PPTP supports on-demand, multi-protocol and virtual private networking over public
networks, such as the Internet.
The screen shown next is for PPTP encapsulation.
Chapter 6 Advanced Options82
Page 83
ZyXEL P-330W User’s Guide
Figure 49 Advanced: WAN PPTP Encapsulation
The following table describes the labels in this screen.
Table 36 Advanced: WAN PPTP Encapsulation
LABELDESCRIPTION
WAN Access TypeYou must choose the PPTP option when the WAN port is used with PPTP.
IP AddressType the (static) IP address assigned to you by your ISP.
IP Subnet MaskType the subnet mask assigned to you by your ISP.
Default GatewayType the default gateway assigned to you by your ISP.
Server IP AddressType the IP address of the PPTP server.
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
MTU SizeEnter in the maximum MTU (packet size) here.
Attain DNS
Automatically
Set DNS ManuallyUse this if your ISP does not assign a DNSP server when it assigns you an IP
DNS 1 - 3Enter in your ISP’s DNS server IP address here. You must enter in 1.
83 Chapter 6 Advanced Options
Select this if your ISP assigns you a DNS server at the same time it assigns
you an IP Address.
address.
Page 84
ZyXEL P-330W User’s Guide
Table 36 Advanced: WAN PPTP Encapsulation
LABELDESCRIPTION
Clone MAC AddressYour ISP may require a particular MAC address in order for you to connect to
the Internet. This MAC address is the PC’s MAC address that your ISP had
originally connected your Internet connection to. Type in this Clone MAC
address in this section to replace the WAN MAC address with the MAC
address of that PC.
Respond to WAN PingPut a check in this box to reply to ping packets.
Enable UPnPUPnP (Universal Plug and Play) allows automatic discovery and configuration
of the Wireless Router. UPnP is by supported by Windows ME, XP, or later.
Put a check in this box to allow the router configuration to be changed by
UPnP devices.
IPSec PassthroughPut a check in this box to enable computers on your LAN to make IPSec VPN
connections to servers on the Internet.
PPTP PassthroughPut a check in this box to enable computers on your LAN to make PPTP VPN
connections to servers on the Internet.
L2TP PassthroughPut a check in this box to enable computers on your LAN to make L2TP VPN
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
connections to servers on the Internet.
6.7.5 L2TP Encapsulation
Layer Two Tunneling Protocol (L2TP) is a network protocol that enables secure transfer of
data from a remote client to a private server, creating a Virtual Private Network (VPN) using
TCP/IP-based networks.
The screen shown next is for L2TP encapsulation.
Chapter 6 Advanced Options84
Page 85
ZyXEL P-330W User’s Guide
Figure 50 Advanced: WAN L2TP Encapsulation
The following table describes the labels in this screen.
Table 37 Advanced: WAN L2PT Encapsulation
LABELDESCRIPTION
WAN Access TypeYou must choose the L2TP option when the WAN port is used with L2TP.
Attain IP AutomaticallySelect this if your ISP dynamically assigns you an IP Address
Set IP ManuallySelect this if your IP has assigned you a static IP address
IP AddressType the (static) IP address assigned to you by your ISP.
IP Subnet MaskType the subnet mask assigned to you by your ISP.
Default GatewayType the default gateway assigned to you by your ISP.
Server IP AddressType the IP address of the L2TP server.
85 Chapter 6 Advanced Options
Page 86
ZyXEL P-330W User’s Guide
Table 37 Advanced: WAN L2PT Encapsulation
LABELDESCRIPTION
User NameType the user name given to you by your ISP.
PasswordType the password associated with the User Name above.
Idle TimeThe amount of time before the L2TP session times out and drops connection.
MTU SizeEnter in the maximum MTU (packet size) here.
Attain DNS
Automatically
Set DNS ManuallyUse this if your ISP does not assign a DNSP server when it assigns you an IP
DNS 1 - 3Enter in your ISP’s DNS server IP address here. You must enter in 1.
Clone MAC AddressYour ISP may require a particular MAC address in order for you to connect to
Respond to WAN PingPut a check in this box to reply to ping packets.
Enable UPnPUPnP (Universal Plug and Play) allows automatic discovery and configuration
IPSec PassthroughPut a check in this box to enable computers on your LAN to make IPSec VPN
PPTP PassthroughPut a check in this box to enable computers on your LAN to make PPTP VPN
L2TP PassthroughPut a check in this box to enable computers on your LAN to make L2TP VPN
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Select this if your ISP assigns you a DNS server at the same time it assigns
you an IP Address.
address.
the Internet. This MAC address is the PC’s MAC address that your ISP had
originally connected your Internet connection to. Type in this Clone MAC
address in this section to replace the WAN MAC address with the MAC
address of that PC.
of the Wireless Router. UPnP is by supported by Windows ME, XP, or later.
Put a check in this box to allow the router configuration to be changed by
UPnP devices.
connections to servers on the Internet.
connections to servers on the Internet.
connections to servers on the Internet.
6.8 Ping
The Ping screen allows you to send out PING requests from your P-330W to a network
address you specify and then reports back the test result. You can use this command to help
diagnose network problems.
To access the Ping command, click ADVANCED then the Ping link. The screen appears as
shown.
Chapter 6 Advanced Options86
Page 87
ZyXEL P-330W User’s Guide
Figure 51 Advanced: Ping
The following table describes the labels in this screen.
Table 38 Advanced: Ping
LABELDESCRIPTION
IP Address /
Host Name
RunPerforms the Ping command.
ResetClick Reset to begin configuring this screen afresh.
ResponseThe results of your ping request will show up here.
6.9 DoS Setting
DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and
connection requests, using so much bandwidth and so many resources that Internet access
becomes unavailable. The Wireless Router incorporates protection against DoS attacks. This
screen allows you to configure DoS protection.
To access the DoS settings, click ADVANCED then the DoS link. The screen appears as
shown.
Enter in a host name or IP address that you would like to ping.
87 Chapter 6 Advanced Options
Page 88
Figure 52 Advanced: DoS
ZyXEL P-330W User’s Guide
The following table describes the labels in this screen.
Table 39 Advanced: DoS
LABELDESCRIPTION
Enable DoS
Protection
Select AllPuts a check next to all DoS protection services.
Clear AllResets all check boxes to blank.
Apply ChangesApplies DoS protections.
Put a check in this box to enable DoS protection.
6.10 Diagnostics
This screen allows you to perform a DNS lookup on any host name you enter. This can be
used to help diagnose network problems.
Chapter 6 Advanced Options88
Page 89
ZyXEL P-330W User’s Guide
To access the Diagnostic service, click ADVANCED then the DIAGNOSTIC link. The
screen appears as shown.
Figure 53 Advanced: Diagnostic
The following table describes the labels in this screen.
Table 40 Advanced: Diagnostic
LABELDESCRIPTION
Domain Name/
URL
Start LookupClick this button to activate the DNS lookup.
Enter the domain name you want to lookup.
89 Chapter 6 Advanced Options
Page 90
Administrator Options
7.1 Remote Management
Remote management allows you to remotely configure your P-330W over your Internet
connection. Since this is a potential security risk, this feature is turned off by default.
To access the Remote Management configuration screen, click ADMINISTRATOR then
the REMOTE MANAGEMENT link. The screen appears as shown.
Figure 54 Administrator: Remote Management
ZyXEL P-330W User’s Guide
CHAPTER 7
The following table describes the labels in this screen.
Table 41 Administrator: Remote Management
LABELDESCRIPTION
Enable Web
Server Access
via WAN
Port NumberEnter in the port number you want the P-330W to respond on when accessed from
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Put a check in this box to allow your P-330W to be accessed over the Internet.
the Internet.
7.2 Configuration Screen
Click Administrator, and then the Config File link. The screen you are presented with is
next.
Chapter 7 Administrator Options90
Page 91
ZyXEL P-330W User’s Guide
Figure 55 Administrator: Configuration File
7.2.1 Backup Configuration
Backup configuration allows you to back up (save) the P-330W’s current configuration to a
file on your computer. Once your P-330W is configured and functioning properly, it is highly
recommended that you back up your configuration file before making configuration changes.
The backup configuration file will be useful in case you need to return to your previous
settings.
Click Download to save the P-330W’s current configuration to your computer.
7.2.2 Restore Configuration
Restore configuration allows you to upload a new or previously saved configuration file from
your computer to your P-330W.
Table 42 Maintenance Restore Configuration
LABELDESCRIPTION
File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Browse... Click Browse... to find the file you want to upload. Remember that you must decompress
compressed (.ZIP) files before you can upload them.
Restore Click Restore to begin the upload process.
Note: Do not turn off the P-330W while configuration file upload
is in progress
The P-330W automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.
91 Chapter 7 Administrator Options
Page 92
Figure 56 Temporarily Disconnected
7.2.3 Back to Factory Defaults
Pressing the Restore Defaults button in this section clears all user-entered configuration
information and returns the P-330W to its factory defaults.
You can also press the RESET button on the rear panel to reset the factory defaults of your P330W. Refer to the Introducing the Web Configurator chapter for more information on the RESET button.
7.3 Logs
ZyXEL P-330W User’s Guide
The Logs record various types of activity on the Wireless Router. This data is useful for
troubleshooting, but enabling all logs will generate a large amount of data and adversely affect
performance.
To access the Logs configuration screen, click ADMINISTRATOR then the LOGS link. The
screen appears as shown.
Chapter 7 Administrator Options92
Page 93
ZyXEL P-330W User’s Guide
Figure 57 Administrator: Logs
The following table describes the labels in this screen.
Table 43 Administrator: Remote Management
LABELDESCRIPTION
Enable LogActivates the logging function.
System AllActivates all logging functions.
Wireless OnlyOnly logs related to the wireless LAN will be recorded.
DoS OnlyOnly logs related to the DoS protection will be recorded.
WAN OnlyOnly logs related to the WAN will be recorded.
DHCP Server
Only
URL Filter OnlyOnly logs related to the URL Filter will be recorded.
Apply ChangesActivate the logging feature.
RefreshRefreshes the current display to show the latest log activity.
ClearDeletes the logs.
Only logs related to the DHCP Server will be recorded.
93 Chapter 7 Administrator Options
Page 94
7.4 IP Filtering
Entries in this table are used to restrict certain types of data packets from your local network to
Internet through the Router. Here you can restrict local LAN clients to access Internet
application/services by IP Address. Use of such filters can be helpful in securing or restricting
your local network.
To access the IP Filtering configuration screen, click ADMINISTRATOR then the IP FILTERING link. The screen appears as shown.
Figure 58 Administrator: IP Filtering
ZyXEL P-330W User’s Guide
The following table describes the labels in this screen.
Table 44 Administrator: IP Filtering
LABELDESCRIPTION
Enable IP
Filtering
Local IP
Address
DescriptionEnter in a descriptive description for this rule.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Chapter 7 Administrator Options94
Enables IP Filtering.
Enter the IP address of the local device whose access you want to restrict.
Page 95
ZyXEL P-330W User’s Guide
7.5 MAC Filtering
This screen is used to restrict devices on your local network from being able to access the
Internet. You do this by entering the MAC address of any device you want to restrict.
To access the MAC Filtering configuration screen, click ADMINISTRATOR then the MAC FILTERING link. The screen appears as shown.
Figure 59 Administrator: MAC Filtering
The following table describes the labels in this screen.
Table 45 Administrator: MAC Filtering
LABELDESCRIPTION
Enable MAC
Filtering
MAC AddressEnter the MAC address of the local device whose access you want to restrict.
DescriptionEnter in a descriptive description for this rule.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
7.6 URL Filtering
This screen is used to restrict devices on your local network from being able to access the
Internet. You can enter in a list of Internet URL’s that you wish to restrict access to.
To access the URL Filtering configuration screen, click ADMINISTRATOR then the URL FILTERING link. The screen appears as shown.
Enables MAC Filtering.
95 Chapter 7 Administrator Options
Page 96
Figure 60 Administrator: URL Filtering
The following table describes the labels in this screen.
Table 46 Administrator: URL Filtering
ZyXEL P-330W User’s Guide
LABELDESCRIPTION
Enable URL
Filtering
URL AddressEnter the URL address of the Internet site you want to restrict.
Exempt IP Pool
Star t
Pool SizeEnter the size of exempt IP Pool.
Apply ChangesClick Apply Changes to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
Enables URL Filtering.
Enter the initial IP address you want to allow to access the blocked URLs.
7.7 Statistics
The statistics screen provides you with information on each interface on your P-330W. This
includes the WAN, LAN, and wireless network connections. This page will show you how
many packets of data have been sent and received.
7.8 Time Zone Setting
To change your P-330W’s time and date, click ADMINISTRATOR, then the Time Zone
Setting link. The screen appears as shown. Use this screen to configure the P-330W’s time
based on your local time zone.
Chapter 7 Administrator Options96
Page 97
ZyXEL P-330W User’s Guide
Figure 61 Administrator: Time Zone Setting
The following table describes the labels in this screen.
Table 47 Administrator: Time Zone Setting
LABELDESCRIPTION
Current TimeThis field displays the time of your P-330W.
If you are not using an NTP server, you can make changes here and they will be
applied when you click Save.
Enable NTP client
update
Time Zone SelectChoose the Time Zone of your location. This will set the time difference between
NTP ServerSelect Auto or Enter the IP address manually. Check with your ISP/network
Daylight Saving Time Put a check in this box to enable the use of Daylight Saving Time.
SaveClick Save to save your changes back to the P-330W.
ResetClick Reset to begin configuring this screen afresh.
RefreshClick Refresh to display the current time.
Put a check in this box to enable the use of an external NTP server.
your time zone and Greenwich Mean Time (GMT).
administrator if you are unsure of this information.
7.9 Upgrade Firmware
Find firmware at www.us.zyxel.com in a file that (usually) uses the system model name with a
"*.bin" extension, e.g., "P-330W.bin". The upload process uses HTTP (Hypertext Transfer
Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Click Administrator, and then the Upgrade Firmware link. Follow the instructions in this
screen to upload firmware to your P-330W.
97 Chapter 7 Administrator Options
Page 98
ZyXEL P-330W User’s Guide
Figure 62 Administrator: Upgrade Firmware
The following table describes the labels in this screen.
Table 48 Administrator: Upgrade Firmware
LABELDESCRIPTION
Select FileType in the location of the file you want to upload in this field or click Browse ... to find it.
Browse... Click Browse... to find the .bin file you want to upload. Remember that you must
decompress compressed (.zip) files before you can upload them.
Star t
Upgrade
Click Start Upgrade to begin the upload process. This process may take up to two
minutes.
Note: Do not turn off the P-330W while firmware upload is in
progress!
After you see the Firmware Upload in Process screen, wait two minutes before logging into
the P-330W again.
Figure 63 Upload Warning
The P-330W automatically restarts in this time causing a temporary network disconnect. In
some operating systems, you may see the following icon on your desktop.
Chapter 7 Administrator Options98
Page 99
ZyXEL P-330W User’s Guide
Figure 64 Network Temporarily Disconnected
After two minutes, log in again and check your new firmware version in the System Status
screen.
If the upload was not successful, a warning screen will appear. Click Return to go back to the
F/W Upload screen.
99 Chapter 7 Administrator Options
Page 100
PPPoE in Action
An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from
your computer to an ATM PVC (Permanent Virtual Circuit) which connects to a DSL Access
Concentrator where the PPP session terminates (see the next figure). One PVC can support
any number of PPP sessions from your LAN. PPPoE provides access control and billing
functionality in a manner similar to dial-up services using PPP.
Benefits of PPPoE
PPPoE offers the following benefits:
ZyXEL P-330W User’s Guide
Appendix A
PPPoE
• It provides you with a familiar dial-up networking (DUN) user interface.
• It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP
on multiple switches for thousands of users. For GSTN (PSTN and ISDN), the switching
fabric is already in place.
• It allows the ISP to use the existing dial-up model to authenticate and (optionally) to
provide differentiated services.
Traditional Dial-up Scenario
The following diagram depicts a typical hardware configuration where the computers use
traditional dial-up networking.
Appendix A PPPoE100
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.