ZyXEL Communications P-660H-T1 User Manual Download

Page: 1 / 203

P-660 series

Support Notes

(For P-660R/H/HW-T1/T3/T7)

Version1.0

Sep. 2005

Summary of Contents for P-660H-T1

Page 1: ...P 660 series Support Notes For P 660R H HW T1 T3 T7 Version1 0 Sep 2005...

Page 2: ...upport 9 17 What are Device filters and Protocol filters 10 18 Why can t I configure device filters or protocol filters 10 19 How can I protect against IP spoofing attacks 10 General FAQ 12 1 How can...

Page 3: ...ck 20 10 What is LAND attack 20 11 What is Brute force attack 20 12 What is IP Spoofing attack 21 13 What are the default ACL firewall rules in P 660 21 Configuration 21 1 How do I configure the firew...

Page 4: ...ng Call Scheduling 99 13 Using IP Multicast 102 14 Using Bandwidth Management 104 15 Using Zero Configuration 107 Wireless Application Notes For P 660HW Only 112 1 Configure a Wireless Client to Ad ho...

Page 5: ...using TFTP 159 Using TFTP client software 159 Using TFTP command on Windows NT 160 Using TFTP command on UNIX 161 3 Using FTP to Upload the Firmware and Configuration Files 162 Using FTP command in t...

Page 6: ...baud rate is 9600bps you can change it to 115200bps in Menu 24 2 2 to speed up the SMT access 3 What is the default console port baud rate Moreover how do I change it The default console port baud ra...

Page 7: ...upload ROMFILE via console port In some situations you may need to upload the ROMFILE such as losing the system password or the need of resetting SMT to factory default The procedure for uploading RO...

Page 8: ...propriate header checksums and forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by ISP When reply packets from the external Internet are received...

Page 9: ...not allow users to login using the same IP address Thus users on the same network can not login to the same server simultaneously In this case it is better to use Many to Many No Overload or One to On...

Page 10: ...ease use the One to One mode The following table summarizes these types NAT Type IP Mapping One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3...

Page 11: ...s to protect against IP spoofing attacks The basic scheme is as follows For the input data filter Deny packets from the outside that claim to be from the inside Allow everything that is not spoofing u...

Page 13: ...for Generally the voice band uses the lower frequency ranging from 0 to 4KHz while ADSL data transmission uses the higher frequency The micro filter acts as a low pass filter for your telephone set to...

Page 14: ...mputer to be more easily accessed from various locations on the Internet To use the service you must first apply an account from several free Web servers such as http www dyndns org Without DDNS we al...

Page 15: ...way checks this source port during connections the port thus is not allowed to be changed 12 How do I setup my P 660 for routing IPSec packets over SUA For outgoing IPSec tunnels no extra setting is r...

Page 16: ...rate before yielding to other VCs The P 660 holds the parameters for shaping the traffic among its virtual channels If you do not need traffic shaping please set SCR 0 MBS 0 and PCR as the maximum val...

Page 17: ...many of the older cable networks are not capable of offering a return channel consequently such networks will need significant upgrading before they can offer high bandwidth services 2 What is the ex...

Page 18: ...icient 7 How do I know the details of my ADSL line statistics You can use the following CI commands to check the ADSL line statistics CI wan adsl perfdata CI wan adsl status CI sys log disp CI wan ads...

Page 19: ...basic types of firewalls Conceptually there are three types of firewalls 1 Packet Filtering Firewall 2 Application level Firewall 3 Stateful Inspection Firewall Packet Filtering Firewalls generally ma...

Page 20: ...matched session cache instead of going through every individual rule for a packet 5 The P 660 s firewall provides email service to notify you for routine reports and when alerts occur 5 Why do you ne...

Page 21: ...queue SYN ACKs are moved off the queue only when an ACK comes back or when an internal timer which is set a relatively long intervals terminates the TCP three way handshake Once the queue is full the...

Page 22: ...llows all connections from LAN to WAN and the other blocks all connections from WAN to LAN except of the DHCP packets Configuration 1 How do I configure the firewall P 660 supports a embedded web serv...

Page 23: ...onfiguration file using FTP over WAN 1 When the firewall is turned on all connections from WAN to LAN are blocked by the default ACL rule To enable FTP from WAN you must turn the firewall off Menu 21...

Page 24: ...igure up to 10 rules in a set so Y can be from 1 to 10 If the rule number shows 00 it means the Default Rule 3 How do I view the firewall log The log keeps 128 entries the new entries will overwrite t...

Page 25: ...want to receive the alert via Web Configurator 5 What does the alert show to us The alert shown in the Email is actually the evens of the attack So the Reason column shows Attack and the attack type P...

Page 26: ...nection To connect your computer to the P 660 s LAN port the computer must have an Ethernet adapter card installed For connecting a single computer to the P 660 we a cross over Eth use ernet cable 2 T...

Page 27: ...use console or Telnet for finishing these configurations 1 Configure P 660 as bridge mode in Menu 1 General Setup Menu 1 General setup System name P 660 Location Contact Person s Name Domain Name Edit...

Page 28: ...ation RFC 1483 Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options No Incoming Telco Option Rem Login N A Allocated Budget min N A Rem Password N A Perio...

Page 29: ...ber Specify a VPI Virtual Path Identifier and a VCI Virtual Channel Identifier given to you by your ISP 2 Internet Access Using P 660 under Router mode For most Internet users having multiple computer...

Page 30: ...to the clients via DHCP if it is available For this setup in Windows we check the option Obtain an IP address automatically in its TCP IP setup Please see the example shown below S The following proc...

Page 31: ...of Client IP Pool 6 Primary DNS Server 168 95 1 1 Secondary DNS Server 168 95 192 1 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version R...

Page 32: ...Account comput IP Address Set to Dynamic if the ISP provides the IP for the P 660 dynamically Assignment Otherwise set to Static and enter the IP in the following IP Address field IP Address This fie...

Page 33: ...Pool Starting Address N A Size of Client IP Pool N A Primary DNS Server N A Secondary DNS Server N A Relay Server Address 192 168 1 2 TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0...

Page 34: ...g Table he required me 2 1 settings for the var s le1 appear as a single LAN users are inv e users cations such as Cu SeeM connect to the loc ed in menu 15 2 1 to for Generally we do no But for some a...

Page 35: ...t IP Cisco IP TV 2 0 0 None RealPlayer G2 None VDOLive None Quake1 064 None Default client IP QuakeII2 305 None Default client IP QuakeIII1 05 beta None StartCraft 6112 client IP Quick Time 4 0 None p...

Page 36: ...mware is too old to support such function you may have a work around solution please refer to ZyXEL website Support Xbox Live service support xbox htm 2 transmit and receive data therefore only one lo...

Page 37: ...of a server in the P 660 a server must have a fixed IP address and tially changes each time it is powered on n to the servers for specific upports a default server A e request that does not have a s...

Page 38: ...Port No IP Address 1 Default Default 0 0 0 0 2 80 80 192 168 1 10 3 0 0 0 0 0 0 4 0 0 0 0 0 0 5 0 0 0 0 0 0 6 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0 0 0 0 0 0 12 0...

Page 39: ...etwork level protocols TCP IP NetBEUI and IPX can be run correctly Windows NT Domain Login level security is pres Window98 PPTP Client Internet NT RAS Server Protocol Stack ppears as new modem type Vi...

Page 40: ...s how to dial to an ISP via the P 660 and then establish a tunnel to a private network There will be three items that you need to set up for PPTP application these are PPTP server WinNT PPTP client Wi...

Page 41: ...0 6 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 When you have finished the above settings you can ping to the remote Win9x client from WinNT This ping command is used to demo...

Page 42: ...cal IP addresses The IP addresses for the NAT can be either fixed it of In such case all incoming connections to your network will be filtered out by the P 660 thus preventing intruders from probing y...

Page 43: ...works that are subject to translation NAT operates ress IGA networks It replaces numbers and then f as if they had keeps track of have their original values restored e original IP source ards each pac...

Page 44: ...A1 IGA1 ILA2 IGA1 Outgoing Many to Many ILA2 IGA2 Ov erload ILA1 IGA1 ILA3 IGA1 ILA4 IGA2 Outgoing Many to Many No Overload Allocate by Connections ILA2 IGA3 ILA3 IGA2 ILA4 Outgoing ILA1 IGA1 IGA4 Ser...

Page 45: ...nt pr previous ZyNOS versions SMT M us 4 an displayed next The next figure how you Enter 4 from the Main Menu to go to M Menu 4 Internet Access Setup me ISP s Na CHT Encapsulation PPPoE Multiplexing L...

Page 46: ...n you select this option the SMT will use Address Mapping Set 1 Menu 15 1 see later for further discussion None NAT is disabled when you select this option Network Address Translation SUA Only e Addre...

Page 47: ...the NAT Address ing se for further information pping Sets and NAT Server Sets Use the Ad to a ress Mapping Sets menus and submen e mapping tab pping Set to use The P 660 has 8 remote nodes and NAT Ad...

Page 48: ...you want to create SUA This is the name of the set yo Idx This is the index or rule number 1 Local Start IP This is the starting local IP address ILA 0 0 0 0 for the Many to One type Local End IP all...

Page 49: ...of rules This is a required field Please if this field is left blank the entire set will be deleted Rule1 Action They are 4 actions The default is Edit Edit means you want to edit a selected rule see...

Page 50: ...d abo type Some examples follow to clarify f 5 types ve plus a server these a little more One to One Many to One Many to Many Overload Many to Many No Overload Server Start This is the starting local...

Page 51: ...er at IP addres for 192 168 1 33 Please note that a server can support more than one service e g a server can provide both FTP and Mail service while another provides only Web service The following pr...

Page 52: ...bers Service Port Number FTP 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 PPTP Point to Point Tunneling Protocol 1723 Examples Internet Access Only Internet Access with an Internal S...

Page 53: ...t sec 0 IP Address Assignment Dynamic IP Address N A Network Address Translation SUA Only Address Mapping Set N A Press ENTER to Confirm or ESC to Cancel From Menu 4 shown above simply choose the SUA...

Page 54: ...re configured SUA Only set to specify the as shown below Menu 15 2 1 NAT Server Setup Used for SUA Only Rule Start Port No End Port No IP Address 1 Default Default 0 0 0 0 2 21 21 192 168 1 33 3 0 0 0...

Page 55: ...68 1 10 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 e type to map the other clients to IGA3 web server and mail server with ILA3 Server allows us to specify multiple servers...

Page 56: ...R to Confirm or ESC to Cancel Step 2 Go to menu 15 1 and choose 1 not 255 SUA this time to begin configuring this new set Enter a Set Name choose the Edit Action and then select 1 from Select Rule fie...

Page 57: ...Press ENTER to Confirm or ESC to Cancel Rule 3 Setup Select Many to One type to map the other clients to IGA3 Menu 15 1 1 3 Rule 3 Type Many to One Local IP Start 0 0 0 0 End 255 255 255 255 Global IP...

Page 58: ...figured all four rules Menu 15 1 1 should look as follows Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 IGA1 1 1...

Page 59: ...0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0 0 0 0 0 0 12 0 0 0 0 0 0 Press ENTER to Confirm or ESC to Cancel 4 Support Non NAT Friendly Applications Some servers providin...

Page 60: ...168 1 12 Global IP Start Enter IGA1 End Enter IGA3 Press ENTER to Confirm or ESC to Cancel The three rules configured for using One to One mapping type is shown below Menu 15 1 1 1 Rule 1 Type One to...

Page 61: ...work About Filter Filter Examples configure up to twelve filter sets with six rules in each set an apply up to four filter sets to a f packets With each filter set having up to six 4 rules active for...

Page 62: ...packets i e the ISDN interface So the execution device and protocol The they act on the raw data from to the protocol category they act IP address and port number in the kets and after the SUA for WAN...

Page 63: ...sets The SMT will detect and prevent the mixing of different category rules within any filter set in Menu nd device filter rules cannot be active together if you try to activate a TCP IP or IPX filte...

Page 64: ...0 IP Mask 0 0 0 0 Port 0 Port Comp None Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None TCP Estab N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule P...

Page 65: ...r Sets Yes My Password Authen CHAP PAP Press ENTER to Confirm or ESC to Cancel Menu 11 5 Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filt...

Page 66: ...l with port number 80 l with port number 53 l with port number 53 3 Apply the filter set in menu 4 filter sets that were configu configuration into the new format it wi inconsistencies Please check th...

Page 67: ...Edit Comments Press ENTER to Confirm or ESC to Cancel 2 Rule 1 for a http packet TCP 06 Port number 80 Menu 21 1 1 TCP IP Filter Rule Filter 1 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol...

Page 68: ...ched Check Next Rule Press ENTER to Confirm or ESC to Cancel 4 Rule 3 for c DNS packet UDP 17 Port number 53 Menu 21 1 2 TCP IP Filter Rule Filter 1 3 Filter Type TCP IP Filter Rule Active Yes IP Prot...

Page 69: ...ter for Configuration 1 Create a filter set in M in the remote node setup blocking a specific client enu 21 e g set 1 Menu 21 Filter Set Configuration Filter Filter Set Comments Set Comments 1 Block a...

Page 70: ...addr Enter the client IP in this field IP Mask Here the IP mask is used to mask the bits of the IP address given in tation it is 255 255 255 255 Action Matched Set to Drop to drop all the packets from...

Page 71: ...84 9b 5d ca 84 0020 0 61 62 63 64 65 66 9b 63 08 00 45 5c 03 00 05 0 0030 f 70 71 72 73 74 75 76 67 68 69 6a 6b 6c 6d 6e 6 0040 8 69 77 61 62 63 64 65 66 67 6 TIME 37c060 enet0 XMIT len 74 call 0 000...

Page 72: ...router will send a reply to the client The following sample filter will utilize the Generic Filter Rule to bl ddress 00 80 c8 4c ea 63 m the incoming LAN packet we know the uninteresting source MAC r...

Page 73: ...xt Rule to start configuring the next new rule However please note not others Because the Generic and TCPIP IPX filter rules must be in different filter sets Turn Active to Yes Offset in bytes first o...

Page 74: ...P and IPX filters Menu 3 1 General Ethernet Setup Input Filter Sets protocol filters device filters 1 Output Filter Sets protocol filters device filters A filter for blocking the NetBIOS packets Intro...

Page 75: ...estination port number 137 with protocol number 17 UDP Rule 5 Destination port numbe Rule 6 Destination port number 139 w Filter Set 2 Rule 1 Source port number 1 number 6 TCP Rule 2 Source por number...

Page 76: ...rt Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Rule 2 Destination port number 137 with protocol number 17 UDP Menu 21 1 2 TCP IP Filter Rule Filter 1...

Page 77: ...rce Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 138 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None TCP Estab No More No Log None Action Matched Drop Action...

Page 78: ...ESC to Cancel Rule 5 Destination port number 139 with protocol number 6 TCP nu 21 1 5 TCP IP Filter Rule Me Filter 1 5 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 IP Source Route No Desti...

Page 79: ...he first filter set is finished you will get the complete rules summary as below Menu 21 2 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 2 Y IP Pr 17 SA...

Page 80: ...TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel 1 Rule 2 Source port number 17 UDP number 137 Destination port number 53 w...

Page 81: ...ilter set in the Input protocol filters in the 3 NetBIOS_LAN Menu 3 for blocking the packets from LAN Menu 3 1 General Ethernet Setup Input Filter Sets protocol filters 2 device filters Output Filter...

Page 82: ...ettings in the P 660 you must register an ccount from the DDNS server such as WWW DYNDNS ORG first After the registration you have a hostname for your internal server and a password 2 Configure Dynami...

Page 83: ...you rd Enter the password that the DDNS Ena le at the ailable b Enter the hostname for the wildcard function th Wildcard WWW DYNDNS ORG supports Note that Wildcard option is av only when the provider...

Page 84: ...that are maintained by the devices Writes Write is used to control the managed devices NMSs write variables that are stored in the managed devices There are two versions of SNMP Version 1 and Version...

Page 85: ...sly report certain events to NMSs use trap al operations SNMPv1 Operations SNM as below P itself is efined Allows variable from the agent GetNex s or list within an agen a simple request response prot...

Page 86: ...The second part contain The SNMP PDU contains the following fields PDU Request ID Associates requests with responses Error status Indicates an error and an error type type Specifies the type of PDU E...

Page 87: ...message of the fatal SNMPv1 operation ZyXEL permits one community string so that the router c belong to only one com happens 1 coldStart de 1 warmStart defined in RFC 1 If the m 2 lin achine warmstart...

Page 88: ...60 for SNMP The SNMP related settings in The following steps describe a simple settings P 660 are configured in menu 22 SNMP Configuration setup procedure for configuring all SNMP Menu 22 SNMP Configu...

Page 89: ...er the IP address of the NMS The P 660 will only respond to messages coming from this IP address If 0 0 0 0 is entered the respond to all NMS managers SNMP P 660 will Trap Community Enter the communit...

Page 90: ...ing line at the end of the etc syslog conf file zyxel log is the full path of the log file logs all data phone line activity if set to Yes UNIX Setup 1 Make sure that your syslog starts with r argumen...

Page 91: ...xxxx C02 CLID call refused C02 Call Terminated Example Feb 14 16 57 17 192 168 1 1 ZyXEL Communications Corp board 0 line 0 channel 0 call 18 C01 Incoming Call OK Feb 14 17 07 18 192 168 1 1 ZyXEL Com...

Page 92: ...po Source port Jul 19 14 44 09 192 168 1 1 ZyXEL Communications Corp IP Src 202 132 154 1 Dst 192 168 1 33 UDP spo 0035 dpo 05d4 S03 R01mF Jul 19 14 44 13 192 168 1 1 ZyXEL Communications Corp IP Src...

Page 93: ...s not required For example the network manager can divide the local network into three networks and connect them to the Internet using P 660 s single user account See the figure below The P 660 suppor...

Page 94: ...Edit the first network in address Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 6 Primary DNS Server 168 95 1 1 Secondary DN...

Page 95: ...ilters IP Alias 2 Yes IP Address 192 168 3 1 IP Subnet Mask 255 255 255 0 RIP Direction None Version RIP 1 Incoming protocol filters Outgoing protocol filters Enter here to CONFIRM or ESC to CANCEL Ke...

Page 96: ...mong multiple paths tting the f the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on hig a g low path for batch traffic...

Page 97: ...ac hence the outgoing interface and the TOS and precede IPPR follows the existing packet filtering facilit implementation The policies a together A use defines the p node in the same fashion as the fi...

Page 98: ...P 80 80 P 6 GW 192 168 1 254 2 N ___________ ___________________________ ____________________________________ __________________________________________________________________________ 3 N ___ _______...

Page 99: ...nu 3 2 TCP IP and DHCP Setup C DH P Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 0 Remote DHCP Server...

Page 100: ...ables the mechanism for the P 660 to run the remote nod connection acco time Users can apply at most 4 schedule sets in Menu 11 Remote Node Setu configure each schedule in Menu 26 Schedule Setup The r...

Page 101: ...5 _______________ 11 _______________ 6 _______________ 12 _______________ Enter Schedule Set Number to Configure 1 Edit Name ZyXEL Press ENTER to Confirm or ESC to Cancel 3 The Menu 26 1 Schedule Set...

Page 102: ...de denies any demand dial during the period For the existing abl The re Dial On Demand connected nodes it will be dropped after idle timeout and no triggered up Start Time Duration Start Time and Dura...

Page 103: ...2 132 154 1 Current Time 00 11 38 New Time hh mm ss 00 11 36 Current Date 2000 01 01 New Date yyyy mm dd 2000 01 01 Time Zone GMT 0800 Daylight Saving No Start Date mm dd 01 00 End Date mm dd 01 00 Pr...

Page 104: ...also compatible with version 1 The multicast setting c be turned on or off on Ethernet and remote nodes IP Multicast Setup Enable IG Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Poo...

Page 105: ...raff may consume high bandwidth such as FTP File Transfer Protocol if you are downloading or uploading files with large size Some other traffic may not require high bandwidth but they requires stable...

Page 106: ...secondly and so on If Fairn n then the bandwidth is allocated by ratio Which means if A class needs 300 kbps B class needs 600 kbps then the ratio of A and B s actual bandwidth is 1 2 So if we get 450...

Page 107: ...e Give this class a name for example App Bandwidth Configure the speed you would like to allocate to this class Budget Priority Enter a number between 0 and 7 to set the priority of this class The hig...

Page 108: ...never system ADSL links up system will send out some probing patterns system will analyze the packets returned from ISP and decide which services the ISP may provide Because ADSL is based on a ATM net...

Page 109: ...x vpi vci service bit hex wan atm vchunt save Note remote node input the remote node index 1 8 vpi vpi value vci vci value service it s a hex value bit0 PPPoE VC 1 bit1 PPPoE LLC 2 bit2 PPPoA VC 4 bit...

Page 110: ...ow suggest to use 3f which include all PPP possiblities Command Description wan atm vchunt Add remoteNodeIndex vpi vci service bit hex Add a entry to hunting pool remote node input the remote node ind...

Page 111: ...attern again Send C auto result Check the result of V hunting 1 After configure the auto haunting preconfigured table You just need a PC account if your ISP provide PPPoE or PPPoA service 3 After key...

Page 112: ...0 series Support Notes conigured in the auto haunting preconfigured table Basically the zero configuration only work on the VC that was pre 111 All contents copyright 2005 ZyXEL Communications Corpora...

Page 113: ...to other client units just as using a cross over Ethernet cable connecting 2 host together via a NIC card for direct connection when configured in Ad hoc mode without an access point being present Ad...

Page 114: ...SID and select a channel you want to use than press OK to apply 4 Since there is no DHCP server to give the host IP you must first designate a static IP for your station From Windows Start select Cont...

Page 115: ...ries Support Notes 5 From general tab select TCP IP and click property 6 Fill in your network IP address and subnet mask and click OK to finish 114 All contents copyright 2005 ZyXEL Communications Cor...

Page 116: ...sk bar the your windows screen 2 Select configuration tab 3 Select Ad hoc from the operation mode pull down menu fill you an SSID and 4 Since there is no DHCP server to give the host IP you must first...

Page 117: ...general tab select TCP IP and click property 6 Fill in your network IP address and subnet mask and click OK to finish 7 Station A now are able to connect to Station B 116 All contents copyright 2005...

Page 118: ...nfrastructure mode the client unit can associate with an 802 11b Wi Fi Access Point and communicate with other clients in infrastructure mode through that access point Infrastructure mode sometimes re...

Page 119: ...3 Configure ESSID Channel ID WEP Default Key and Keys as you desire nfigurator 1 From the e display W Configure Wireless Access Point to Infrastructure mode using Web co To configure Infrastructure mo...

Page 120: ...e utility icon in your windows task bar the utility will pop up on your windows screen 2 Select configuration tab 3 Select Infrastructu leave it as any if you wish to connect to effect re from the ope...

Page 121: ...nt have associated with the selected AP The linked AP s channel current linkup rate SSID page You now successfully associate with link quality and signal strength will show on the Link Info the select...

Page 122: ...tion ZyXEL s MAC Filter Implementation allows users to define a list to allow or block association from STAs The filter set allows users to input 12 entries in the list If Allow Association is selecte...

Page 123: ...0 00 6 0 00 00 00 30 00 00 00 00 00 00 0 00 00 00 00 00 18 00 00 00 7 0 19 00 00 00 00 00 00 31 00 00 00 00 00 00 0 00 00 00 00 00 8 0 00 00 00 00 00 00 32 00 00 00 00 00 00 0 00 00 00 00 00 20 9 00 0...

Page 124: ...the MAC Addresses which you may want to apply the filter to allow or ociations from 6 Click Apply to make your setting work field Default LAN IP is 192 168 1 1 default password to login web configurat...

Page 125: ...ss is a shared mediu everything that is transmitted WEP relies on a secret key that is shared between a mobile station e g a laptop with a wireless Ethernet card and an access po ensure that packages...

Page 126: ...ce consortium WPA uses Temporal Key Integrity Protocol TKIP TKIP is designed to allow WEP to be upgraded This means that all the main building blocks of WEP are present but corrective measures have be...

Page 127: ...bit WEP key secret key with 58 hexadecimal digits You can set up the Access Point by SMT or Web configurator Setting up the Access Point from SMT Menu 3 5 P660HW T1 hold up to 4 WEP Keys You have to s...

Page 128: ...98jui 64 bit W 10 hexadecimal digits 0 9 A F 0x123456789A Key2 0x23456789AB Key3 0x3456789ABC Key4 0x456789ABCD EP with Key1 128 bit WEP with 13 characters Key1 2e3f4w345ytre Key2 5y7jse8r4i038 Key3...

Page 129: ...tation will use Key 3 to decrypt data So the Key 3 of station has to equal to the Key 3 of access point Though access point use Key 3 as default key but the station can use the other Key as its defaul...

Page 130: ...transmission Setting up the Station Key settings 1 Double click on the utility icon in your windows task bar or right click the utility icon then select Show Config Utility The utility will pop up on...

Page 131: ...AN Card IEEE802 11b WLAN Card 2 Select the Encryption tab t encryption type corresponding with access point Set up 4 Keys which correspond with the WEP Keys of access point Selec And select on WEP key...

Page 133: ...interfering signals Walls doors elevator shafts and other obstacles offer different degree of attenuation This will cause the RF coverage pattern be irregular and hard to predict Site survey can help...

Page 134: ...P required 4 Determine the preliminary access point location on the facility diagram base on the service area needed obstacles power wall jack considerations Survey on Site 1 With the diagram with all...

Page 135: ...om corner of the room Repeat step 1 5 and now you should be able to mark an RF coverage area as completion you will have an diagram and information of site survey As illustrated below 6 illustrated in...

Page 136: ...w it works and how to configure VPN rules in both Prestige and your wireless station The following diagram depicts the scenario We can protect the wireless connection between the laptop and Prestige S...

Page 137: ...ireless LAN environment including configuration in both your WLAN station and Prestige WLAN If you have not complete them yet please go back to application notes for how to configure WLAN in Infrastru...

Page 138: ...shared key and press Next 4 Give this preshared key a name ZyWALL And then enter the preshared key 12345678 in both Shared secret and Confirm shared secret fields Finally press Finish 137 All contents...

Page 139: ...ort Notes 5 Press Apply in Main menu to save the above settings for latter use 6 Switch to Security Policy tab Choose VPN connections and then press Add 138 All contents copyright 2005 ZyXEL Communica...

Page 140: ...VPN Gateway Name box Enter Prestige address Connection window will pop out Press IP button besides s LAN IP address in Gateway IP 8 Press button besides Remote network 139 All contents copyright 2005...

Page 141: ...VPN Connection 9 Network Editor Window wi ZyWALL in Networ in Subnet Mask field T window 10 Choose ZyWALL as Authentication Key Then click OK to save In SSH Sentinel Policy Editor you will g ZyWALL c...

Page 142: ...eck the boxes of al IP address and Extended authentication Acquire virtu ithm as DES Integrity function as MD5 IKE mode as main mode IKE group as MODP 768 group 1 and IPSec proposal to Tune IKE propos...

Page 143: ...series Support Notes egrity funciton as HMAC MD5 PFS group as none Encryption algorithm as DES Int ettings Press Apply to save all of the s 142 All contents copyright 2005 ZyXEL Communications Corpor...

Page 144: ...ilding VPN between Sentinel initiated from Prestige side Please always initiate B VPN tunnel ftp telnet HTTP etc You can VPN from SSH Sentinel tray NOTE Please check your Prestige s release note if yo...

Page 145: ...and click Apply Press Advanced button to set IKE phase 1 and phase 2 parameters Telnet or console connect to Prestige SMT menu 24 8 and then issue this command ipsec route lan on Please note that if y...

Page 147: ...d by the authentication Configuration for Access Point C Wh Wi Fi Protected Access WPA is a subs draft Key differences between WAP and data encryption WAP applies IEEE 802 1x Extensible Authentication...

Page 148: ...PA PSK Application example for your reference Configuration for Access point anced security methods for both the authent users o for an unlimited number of users ess Wireless link d from the Wireless...

Page 149: ...finish Configuration for your PC 1 Double click on your wireless utility icon here is the Centrion on Windows XP in on from the Switch Radio your windows task bar the utility will pop up on your wind...

Page 151: ...button 8 Se P from the twork Authentication field e KIP from the Data Encryption field 10 Type the Pre Share Key 8 63 character in the Pass phrase fie C k Finish to exit the Profile Wizard screen lec...

Page 152: ...t Notes 12 click A r you finis he pro but o assoc fte Connect hed t ton t file settings choose the profile you configured Then iate with the Access Point 151 All contents copyright 2005 ZyXEL Communic...

Page 153: ...upport Notes 13 Click the General option we will see the following information that means the a ted and thenticated with AP successfully PC ssocia au 152 All contents copyright 2005 ZyXEL Communicatio...

Page 154: ...mit length protocol destIP port There are two ways to dump the trace Onlin e display the trace real time on screen Offlin capture the trace first and display later e ils for ca the T menu 24 8 are as...

Page 155: ...N 060 TCP 192 168 1 2 1108 192 31 7 130 80 9 11 ET0 R 0 10 11883 650 ENET0 R 0062 TCP 192 168 1 2 1109 192 31 7 130 80 P 660 s trcd parse sy 0000 N NET0 CV Size 2 62 Time 12089 790 sec LA Frame E RE 6...

Page 156: ...thernet Header De ation MAC Add 80 84CEA63 stin r 00 C Source MAC Addr A0 11 00 C59213 Ne k Type 0x0800 TCP IP twor IP Header IP Version 4 Header Length 20 Type rvice 0x00 0 of Se To ength 02C tal L 0...

Page 157: ...008 CEA63 r 0C84 Ne pe P IP twork Ty 0x0800 TC H er IP ead IP Version 4 Head r Length 20 e Type of Service 0x00 0 To ength 0x0028 tal L 40 e n 50B 9 Id tificatio 0x3 1357 Flags 0x02 Fragment Offset 0x...

Page 158: ...lay the detailed trace online by entering Ex pl P 660 sys trcp channel enet0 none P 660 sys trcp channel mpoa00 bothway P 660 sys trcp sw on sys trcl sw on P 660 P 660 sys trcd brief 0 12367 680 MPOA0...

Page 159: ...08 00 0010 39 40 EE 06 A9 9 04 8B B1 00 AB C0 1F 07 82 CA 84 0020 9B 61 00 50 28 1E D3 E9 59 63 50 19 a P Y cP 85 00 C1 8F 0030 FA F0 37 35 00 00 DF 33 AF 62 58 37 52 3D 79 99 75 3 bX7R y 0040 A5 3C...

Page 160: ...LAN Us g T loa ZyNOS via LAN T yo irst before running the software Type the CI command stdio 0 to disable con le timeout in M 24 8 and stay in Menu 24 8 Run the TFTP client software as to Prestige Af...

Page 161: ...e Pres To u he rati Prestig An example The local file is the source file of your configuration file your hard disk ote ile na aved in Pres ber 69 a et blocks for TFT Check Binary mode for file transfe...

Page 162: ...pw ux cppw et 192 168 u faelin u teln 1 1 Trying 192 168 1 1 Conne 2 168 cted to 19 1 1 Escape character is Passw ord Copyright 2005 Zy L Communications Corp c 1994 XE Prestige 660 Main Menu G ing Sta...

Page 163: ...l cppwu faelinux cppwu tftp I 192 168 1 1 get ras local ras download firmware cppw linux cppw I 192 168 1 1 put local ras ras upload firmware u fae u tftp 3 Us FTP to U the Firm e and Configuration Fi...

Page 164: ...I p tige bin ras ut pres ftp 200 Port command okay 150 O g data connection for STOR ras penin 226 Fi ceived OK le re ftp 92 bytes sent in Seconds 191 41K 4512 4 83 bytes sec ftp Here the prestige bin...

Page 165: ...e transfer type to A Binary uto Detect or sof 2 Pr to ig serna prompt ess OK nore the U me 3 To upload the firmware file we transfer the local ras file to overwrite the remote To upload the configurat...

Page 166: ...Notes ot om 0 e r rem file 4 T power off the router at this m he estige automa e uploading is f o nt Pr reboots tically after th me inished Please do not 165 All contents copyright 2005 ZyXEL Communi...

Page 167: ...enet0 mpoa00 Command Description sys adjtime trive date and time re from Internet cbuf display a f u splay cbuf a all f di free u used cnt cbuf static display splay cbuf static di clear clear cbuf st...

Page 168: ...rap m phone for outcalls hnu maintain extra numbers add 3 1st ne num 2nd phone tra phone set 1 pho add ex num numbers display hone bers display extra p num node emote num set all extend phone number t...

Page 169: ...logs record and alert th w forward 0 n 1 log record web forward url one logs clear r log clea display s display all log errlog or clear display log err disp g error clear lo or log online turn on off...

Page 170: ...log mbuf cnt sp display system mbuf count di clear clear system mbuf count link link list system mbuf link pool id type list system mbuf pool status display system mbuf status disp address display mb...

Page 171: ...display a f u start end display queue by given status and range numbers ndisp qid display a queue by a given number quit quit CI command mode reboot code reboot system code 0 cold boot 1 immediately b...

Page 172: ...channel name none incoming outgoing bothway channel name enet0 sdsl00 fr0 set packet trace direction for a given channel string enable smt trace log switch on off turn on off the packet trace disp di...

Page 173: ...ump dump spt raw data root dump spt root data rn dump spt remote node data user dump spt user data slot dump spt slot data save save spt data size display spt record size clear clear spt data cmgr tra...

Page 174: ...utilization 2 Exit Related Commands Command Description exit exit smt menu 3 Ethernet Related Commands ch name enet0 mpoa00 Command Description ether config display LAN configuration information driv...

Page 175: ...ite memory data in address test ch_id test_id arg3 arg4 do LAN test pncconfig ch_name do pnc config mac src_ch dest_ch ipaddr fake mac address 4 IP Related Commands hostid format xxx xxx xxx xxx ip Ad...

Page 176: ...lizes for PWC purposes leasetime period set dhcp leasetime netmask netmask set dhcp netmask pool startIP numIP set dhcp ip pool renewaltime period set dhcp renew time rebindtime period set dhcp rebind...

Page 177: ...dcast addr mtu value dynamic configure network interface ifdrop iface chaek if iface is available ping hostid ping remote host pong hostid size time interval pong remote host extping target address t...

Page 178: ...ination errcnt disp display routing statistic counters clear clear routing statistic counters status display ip statistic counters adjTcp iface mss adjust the TCP mss of iface udp status display udp s...

Page 179: ...ff trace for debugging window tcb TCP input window size samenet iface1 iface2 display the ifaces that in the same net uninet iface set the iface to uninet tftp support pritn if tfpt is support stats d...

Page 180: ...able counter flag nat timeout gre timeout set nat gre timeout value iamt timeout set nat iamt timeout value generic timeout set nat generic timeout value reset timeout set nat reset timeout value tcp...

Page 181: ...edit forwardip ip set nat server server ip edit protocol protocol id set nat server protocol service irc on off turn on off irc flag resetport reset all nat server table entries incikeport on off turn...

Page 182: ...ndorid ADSL vendor information utopia Show ADSL utopia information cellcnt Show ADSL cell counter display shutdown Show the counter of rate adaptive mechanism happening rateup Show real status that ra...

Page 183: ...ck on off Turn on off detect table checking default is on txgain value Set the CTRLE register 0xc3 the value is from 0xfa to 0x06 targetnoise value Set the CTRLE register 0xc4 the value is from 0xfa t...

Page 184: ...tion 6 PPP Related Command Command Description ppp bod remote iface show remote bod information reset reset bod setremote iface set remote bod status wan_iface show wan port bod status clear wan_iface...

Page 185: ...om remote peer try configure value set display fsm try config failure value set display fsm try failure terminate value set display fsm try terminate compress on off set compress flag slots slot_num s...

Page 186: ...lay pfc flag debug on off set display ccp debug flag iface iface ipcp show the ipcp status of the given iface iface ipxcp show the ipxcp status of the given iface iface atcp iface ccp reset skip flush...

Page 187: ...set channel reset blt data traffic display local LAN traffic table monitor on off turn on off traffice monotor Default is off Time sec set blt re init interval brt related to bridge route table Disp i...

Page 188: ...threshold fragmentation value wep type none 64 128 256 Set WEP key to 64 128 or 256 bits Key Set set value Set WEP key value per set Key Default set Set WEP default key set macfilter Enable Enable ma...

Page 189: ...e level trace show all supplications in the supplication table user username show the specified user status in the supplicant table 11 Configuration Related Command Command Description config The para...

Page 190: ...rt return addr e mail address Edit the mail address for returning an email alert e mail to e mail address Edit the mail address to send the alert policy full hourly daily weekly Edit email schedule wh...

Page 191: ...threshold block minute 0 255 Only valid when sets Block to yes The unit is minute minute high 0 255 The threshold to start to delete the old half opened sessions to minute low minute low 0 255 The th...

Page 192: ...ds Edit the wait time for the SYN TCP sessions before it is terminated fin wait timeout seconds Edit the wait time for FIN in concluding a TCP session before it is terminated tcp idle timeout seconds...

Page 193: ...he function will send an email to the SMTP destination address and log an alert srcaddr single ip address Select and edit a source address of a packet which complies to this rule srcaddr subnet ip add...

Page 194: ...ort of a packet which comply to this rule For non consecutive port numbers the user may repeat this command line to enter the multiple port numbers tcp destport range start port end port Select and ed...

Page 195: ...rule Remove a specified rule in a set from the firewall configuration insert firewal l e mail Insert email alert settings attack Insert attack alert settings set set Insert a specified rule set to the...

Page 196: ...on off Set system bridge on off Menu 1 sys routeip on off Set system IP routing on off Menu 1 sys hostname hostname Set system name Menu 1 sys display Display hostname routing bridge mode information...

Page 197: ...3 2 1 lan ipaddr address subnet mask Set LAN IP address and subnet mask Example lan ipaddr 192 168 1 1 255 255 255 0 Menu 3 2 lan rip none in out both rip1 rip2b rip2m Set LAN IP RIP mode and RIP ver...

Page 198: ...f wan node Menu 11 1 wan node enable Enable the wan profile Menu 11 1 wan node disable Disable the wan profile Menu 11 1 wan node encap 1483 pppoa pppoe enet Set the wan protocol Menu 11 1 wan node mu...

Page 199: ...f WAN node wan node display Display WAN profile configuration in buffer Display Menu 11 ip route addrom index Rule Select a Static Route index 1 16 to edit Menu 12 1 ip route addrom name Name Set Rule...

Page 200: ...the server sets Menu 15 2 ip nat server save Save the NAT server set buffer into flash Menu 15 2 ip nat server clear set Clear the server set set must use ave command to let it save into flash Menu 15...

Page 201: ...destination port and compare type compare type could be 0 none 1 equal 2 not equal 3 less 4 greater Menu 21 filter sets sys filter set srcip address subnet mask Set the source IP address and subnet m...

Page 202: ...sys snmp trap destination IP address Set the destination address of trap Menu 22 SNMP sys snmp discard Discard changes sys snmp clear Clear Working Buffer sys snmp save Set the SNMP parameters Menu 22...

Page 203: ...3 5 for wireless LAN wlan wep type none 64 128 Set the wep type to be none 64bit or 128bits Menu 3 5 for wireless LAN wlan wep key set key set 1 4 key value Set wep key value Menu 3 5 for wireless LAN...

Search results

Summary of Contents for P-660H-T1

Reviews:

Related manuals for P-660H-T1

Brands by name

Popular brands

ZyXEL Communications P-660H-T1, Support Notes

Search results

Summary of Contents for P-660H-T1

Reviews:

Related manuals for P-660H-T1

Brands by name

Popular brands