ZyXEL Communications P-660R-T1 User Manual Download

Page: 1 / 113

P-660 series

Support Notes

(For P-660R-T1/T3/T7)

Version3.40

Nov. 2005

Summary of Contents for P-660R-T1

Page 1: ...P 660 series Support Notes For P 660R T1 T3 T7 Version3 40 Nov 2005 ...

Page 2: ...AT support 7 17 What are Device filters and Protocol filters 7 18 Why can t I configure device filters or protocol filters 8 19 How can I protect against IP spoofing attacks 8 General FAQ 9 1 How can I manage P 660 9 2 What is the default user name and password to loging web configurator 9 3 How do I know the P 660 s WAN IP address assigned by the ISP 9 4 What is the micro filter or splitter used ...

Page 3: ...a DHCP Relay 21 4 SUA Notes 22 5 Using Multi NAT 31 6 About Filter Filter Examples 50 7 Using the Dynamic DNS DDNS 70 8 Network Management Using SNMP 72 9 Using syslog 78 10 Using IP Alias 82 11 Using IP Policy Routing 84 12 Using Call Scheduling 89 13 Using IP Multicast 92 14 Using Zero Configuration 94 Support Tool 99 1 LAN WAN Packet Trace 99 Online Trace 99 Offline Trace 104 2 Firmware Configu...

Page 4: ...n Menu 24 2 2 to speed up the SMT access 3 What is the default console port baud rate Moreover how do I change it The default console port baud rate is 9600bps When configuring the SMT please make sure the terminal baud rate is also 9600bps You can change the console baud rate from 9600bps to 115200bps in SMT menu 24 2 2 4 How do I update the firmware and configuration file You can upload the firm...

Page 5: ...upload the ROMFILE such as losing the system password or the need of resetting SMT to factory default The procedure for uploading ROMFILE via the console port is as follows a Enter debug mode when powering on the Prestige using a terminal emulator b Enter ATLC to start the uploading c Use X modem protocol to transfer ROMFILE d Enter ATGO to restart the Prestige 8 How do I restore SMT configuration...

Page 6: ...t as if it is originated from Prestige using the IP address assigned by ISP When reply packets from the external Internet are received by Prestige the original IP source address and TCP UDP source port numbers are written into the destination fields of the packet since it is now moving in the opposite direction the checksums are recomputed and the packet is delivered to its true destination This i...

Page 7: ...e same server simultaneously In this case it is better to use Many to Many No Overload or One to One NAT mapping types thus each user login to the server using a unique global IP address 15 What IP Port mapping does Multi NAT support NAT supports five types of IP port mapping They are One to One Many to One Many to Many Overload Many to Many No Overload and Server The details of the mapping betwee...

Page 8: ...LA3 IGA1 ILA4 IGA2 Many One to One ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 ILA4 IGA4 Server Server 1 IP IGA1 Server 2 IP IGA1 16 How many network users can the SUA NAT support The Prestige does not limit the number of the users but the number of the sessions The P 660 supports 1024 sessions that you can use the ip nat iface wanif0 st command in menu 24 8 to view the current active sessions 17 What are Devic...

Page 9: ... spoofing us Filter rule setup Filter type TCP IP Filter Rule Active Yes Source IP Addr a b c d Source IP Mask w x y z Action Matched Drop Action Not Matched Forward Where a b c d is an IP address on your local network and w x y z is your netmask For the output data filters Deny bounceback packet Allow packets that originate from us Filter rule setup Filter Type TCP IP Filter Rule Active Yes Desti...

Page 10: ...d for Generally the voice band uses the lower frequency ranging from 0 to 4KHz while ADSL data transmission uses the higher frequency The micro filter acts as a low pass filter for your telephone set to ensure that ADSL transmissions do not interfere with your voice transmissions For the details about how to connect the micro filter please refer to the user s manual 5 The P 660 supports Bridge and...

Page 11: ...omputer to be more easily accessed from various locations on the Internet To use the service you must first apply an account from several free Web servers such as http www dyndns org Without DDNS we always tell the users to use the WAN IP of the P 660 to reach our internal server It is inconvenient for the users if this IP is dynamic With DDNS supported by the P 660 you apply a DNS name e g www zy...

Page 12: ...eway checks this source port during connections the port thus is not allowed to be changed 12 How do I setup my P 660 for routing IPSec packets over SUA For outgoing IPSec tunnels no extra setting is required For forwarding the inbound IPSec ESP tunnel A Default server set in menu 15 2 1 is required It is because SUA makes your LAN appear as a single machine to the outside world LAN users are invi...

Page 13: ... rate before yielding to other VCs The P 660 holds the parameters for shaping the traffic among its virtual channels If you do not need traffic shaping please set SCR 0 MBS 0 and PCR as the maximum value according to the line rate for example 2 3 Mbps line rate will result PCR as 5424 cell sec 15 Why do we perform traffic shaping in the P 660 The P 660 must manage traffic fairly and provide bandwi...

Page 14: ...y many of the older cable networks are not capable of offering a return channel consequently such networks will need significant upgrading before they can offer high bandwidth services 2 What is the expected throughput In our test we can get about 1 6Mbps data rate on 15Kft using the 26AWG loop The shorter the loop the better the throughput Besides please do not stay in menu 24 1 it will slow down...

Page 15: ...ficient 7 How do I know the details of my ADSL line statistics You can use the following CI commands to check the ADSL line statistics CI wan adsl perfdata CI wan adsl status CI sys log disp CI wan adsl linedata far CI wan adsl linedata near 8 What are the possible reasons when the ADSL link is down The physical ADSL line may not be up if 1 The DSLAM is not Alcatel 2 If it is Alcatel the firmware ...

Page 16: ...onnection To connect your computer to the P 660 s LAN port the computer must have an Ethernet adapter card installed For connecting a single computer to the P 660 we use a cross over Ethernet cable 2 TCP IP configuration In most cases the IP address of the computer is assigned by the ISP dynamically so you have to configure the computer as a DHCP client which obtains the IP from the ISP using DHCP...

Page 17: ... use console or Telnet for finishing these configurations 1 Configure P 660 as bridge mode in Menu 1 General Setup Menu 1 General setup System name P 660 Location Contact Person s Name Domain Name Edit Dynamic DNS No Route IP No Bridge Yes 2 Configure a LAN IP for the P 660 and turn off DHCP Server in Menu 3 2 TCP IP Ethernet Setup We use 192 168 1 1 in this case 16 All contents copyright 2005 ZyX...

Page 18: ...lation RFC 1483 Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options No Incoming Telco Option Rem Login N A Allocated Budget min N A Rem Password N A Period hr N A Outgoing Schedule Sets N A My Login N A Nailed Up Connection N A My Password N A Session Options Authen N A Edit Filter Sets No Idle Timeout sec N A Key Settings Option Description Encapsula...

Page 19: ...mber Specify a VPI Virtual Path Identifier and a VCI Virtual Channel Identifier given to you by your ISP 2 Internet Access Using P 660 under Router mode For most Internet users having multiple computers want to share an Internet account for Internet access they have to install an Internet sharing device like a router In this case we use the P 660 which works as a general Router plus an ADSL Modem ...

Page 20: ...NS to the clients via DHCP if it is available For this setup in Windows we check the option Obtain an IP address automatically in its TCP IP setup Please see the example shown below Set up your P 660 The following procedure shows you how to configure your P 660 as Router mode for routing traffic We will use SMT menu to guide you through the related menu You can use console or Telnet for finishing ...

Page 21: ...of Client IP Pool 6 Primary DNS Server 168 95 1 1 Secondary DNS Server 168 95 192 1 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies Edit IP Alias No 3 Configure for Internet setup in Menu 4 Internet Access Setup Menu 4 Internet Access Setup ISP s Name CHT Encapsulation PPPoE Multiplexing LLC based V...

Page 22: ...local computers IP Address Assignment Set to Dynamic if the ISP provides the IP for the P 660 dynamically Otherwise set to Static and enter the IP in the following IP Address field IP Address This field can not be configured if the ISP provides the IP for the P 660 dynamically Otherwise enter the IP that the ISP gives to you 3 Setup the P 660 as a DHCP Relay What is DHCP Relay DHCP stands for Dyna...

Page 23: ...P Pool Starting Address N A Size of Client IP Pool N A Primary DNS Server N A Secondary DNS Server N A Relay Server Address 192 168 1 2 TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies Edit IP Alias No Press ENTER to Confirm or ESC to Cancel 4 SUA Notes Tested SUA NAT Applications e g Cu SeeMe ICQ NetMeeting 22 All content...

Page 24: ...e the menu 15 2 1 to make the outgoing connection work After the required menu 15 2 1 settings are completed the internal server or client applications can be accessed by using the P 660 s WAN IP address SUA Supporting Table The following are the required menu 15 2 1 settings for the various applications running SUA mode ZyXEL SUA Supporting Table1 Required Settings in Menu 15 2 1 Port IP Applicat...

Page 25: ...t IP Cisco IP TV 2 0 0 None RealPlayer G2 None VDOLive None Quake1 064 None Default client IP QuakeII2 305 None Default client IP QuakeIII1 05 beta None StartCraft 6112 client IP Quick Time 4 0 None pcAnywhere 8 0 None 5631 client IP 5632 client IP 22 client IP IPsec ESP tunneling mode None one client only Default Client Microsoft Messenger Service 3 0 6901 client IP 6901 client IP Microsoft Messe...

Page 26: ... not be able to provide information of that server on the internet 5 Quake II has the same limitations as that of Quake I 6 P 660 support MSN Messenger 4 6 4 7 5 0 video voice pass through NAT since new firmware version In addition for the Windows OS supported UPnP Universal Plug and Play such as Windows XP and Windows ME UPnP supported in P 660 is an alternative solution to pass through MSN Messe...

Page 27: ...dress of a server in the P 660 a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on In addition to the servers for specific services SUA supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default server is not defined the service requ...

Page 28: ... Port No IP Address 1 Default Default 0 0 0 0 2 80 80 192 168 1 10 3 0 0 0 0 0 0 4 0 0 0 0 0 0 5 0 0 0 0 0 0 6 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0 0 0 0 0 0 12 0 0 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Port numbers for some services Service Port Number FTP 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 Configure a PPTP server behind S...

Page 29: ... NetBEUI and IPX can be run correctly Windows NT Domain Login level security is preserved even across the Internet Window98 PPTP Client Internet NT RAS Server Protocol Stack PPTP appears as new modem type Virtual Private Networking Adapter that can be selected when setting up a connection in the Dial Up Networking folder The VPN Adapter type does not appear elsewhere in the system Since PPTP encap...

Page 30: ...twork There will be three items that you need to set up for PPTP application these are PPTP server WinNT PPTP client Win9x and the P 660 1 PPTP server setup WinNT Add the VPN service from Control Panel Network Add an user account for PPTP logged on user Enable RAS port Select the network protocols from RAS such as IPX TCP IP NetBEUI Set the Internet gateway to P 660 2 PPTP client setup Win9x Add o...

Page 31: ...Win9x client from WinNT This ping command is used to demonstrate that remote the Win9x can be reached across the Internet If the Internet connection between two LANs is achievable you can place a VPN call from the remote Win9x client For example C ping 203 66 113 2 When a dial up connection to ISP is established a default gateway is assigned to the router traffic through that connection Therefore ...

Page 32: ... is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP In addition you can designate servers e g a web server and a telnet server on your local network and make them ac...

Page 33: ...en forwards each packet to the Internet ISP thus making them appear as if they had come from the NAT system itself e g the P 660 router The P 660 keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored NAT Mapping Types NAT supports five types of IP port mapping They are One to One In One to One mode the P 660 maps one ILA to one IGA...

Page 34: ...ILA1 IGA1 ILA2 IGA1 Outgoing Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Outgoing Many to Many No Overload Allocate by Connections ILA1 IGA1 ILA2 IGA3 ILA3 IGA2 ILA4 IGA4 Outgoing Server Server 1 IP IGA1 Server 2 IP IGA1 Incoming SUA Versus NAT SUA Single User Account in previous ZyNOS versions is a NAT set with 2 rules Many to One and Server The P 660 now has Full Feature NAT su...

Page 35: ...figure how you apply NAT for Internet access in menu 4 Enter 4 from the Main Menu to go to Menu 4 Internet Access Setup Menu 4 Internet Access Setup ISP s Name CHT Encapsulation PPPoE Multiplexing LLC based VPI 0 VCI 33 ATM QoS Type CBR Peak Cell Rate PCR 0 Sustain Cell Rate SCR 0 Maximum Burst Size MBS 0 My Login cso hinet net My Password Idle Timeout sec 0 IP Address Assignment Static IP Address...

Page 36: ...n you select this option the SMT will use Address Mapping Set 1 Menu 15 1 see later for further discussion None NAT is disabled when you select this option Network Address Translation SUA Only When you select this option the SMT will use Address Mapping Set 255 Menu 15 1 see later for further discussion This option use basically Many to One Overload mapping Select Full Feature when you require oth...

Page 37: ... can see nine NAT Address Mapping sets in Menu 15 1 You can only configure from Set 1 to Set 8 Set 255 is used for SUA When you select Full Feature in menu 4 or 11 3 you must enter correct NAT Set as well When you select SUA Only the SMT will use Set 255 The NAT Server Set is a list of LAN side servers mapped to external ports To use this set one set for the P 660 a server rule must be set up insi...

Page 38: ... or enter the name of a new set you want to create SUA Idx This is the index or rule number 1 Local Start IP This is the starting local IP address ILA 0 0 0 0 for the Many to One type Local End IP This is the starting local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP ad...

Page 39: ... a required field Please note that if this field is left blank the entire set will be deleted Rule1 Action They are 4 actions The default is Edit Edit means you want to edit a selected rule see following field Insert Before means to insert a new rule before the rule selected The rule after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all t...

Page 40: ...g types discussed above plus a server type Some examples follow to clarify these a little more One to One Many to One Many to Many Overload Many to Many No Overload Server Start This is the starting local IP address ILA 0 0 0 0 Local IP End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A f...

Page 41: ...her at IP address 192 168 1 33 Please note that a server can support more than one service e g a server can provide both FTP and Mail service while another provides only Web service The following procedures show how to configure a server behind NAT Step 1 Enter 15 in the Main Menu to go to Menu 15 NAT Setup Step 2 Enter 2 to go to Menu 15 2 1 NAT Server Setup Step 3 Enter the service port number i...

Page 42: ...mbers Service Port Number FTP 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 PPTP Point to Point Tunneling Protocol 1723 Examples Internet Access Only Internet Access with an Internal Server Using Multiple Global IP addresses for clients and servers Support Non NAT Friendly Applications 1 Internet Access Only In our Internet Access example we only need one rule where all our ILAs m...

Page 43: ...out sec 0 IP Address Assignment Dynamic IP Address N A Network Address Translation SUA Only Address Mapping Set N A Press ENTER to Confirm or ESC to Cancel From Menu 4 shown above simply choose the SUA Only option from the NAT field This is the Many to One mapping discussed earlier The SUA read only option from the NAT field in menu 4 and 11 3 is specifically pre configured to handle this case 42 ...

Page 44: ...Server behind the NAT as shown in the NAT as shown below Menu 15 2 1 NAT Server Setup Used for SUA Only Rule Start Port No End Port No IP Address 1 Default Default 0 0 0 0 2 21 21 192 168 1 33 3 0 0 0 0 0 0 4 0 0 0 0 0 0 5 0 0 0 0 0 0 6 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0 0 0 0 0 0 12 0 0 0 0 0 0 Press ENTER to Confirm or ESC to Cancel 43 All contents copyrigh...

Page 45: ...192 168 1 10 to IGA1 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to IGA2 Rule 3 Many to One type to map the other clients to IGA3 Rule 4 Server type to map a web server and mail server with ILA3 192 168 1 20 to IGA3 Type Server allows us to specify multiple servers of different types to other machines behind NAT on the LAN Step 1 In this case we need to configure Address ...

Page 46: ...ER to Confirm or ESC to Cancel Step 2 Go to menu 15 1 and choose 1 not 255 SUA this time to begin configuring this new set Enter a Set Name choose the Edit Action and then select 1 from Select Rule field Press ENTER to confirm See the following setup for the four rules in our case Rule 1 Setup Select One to One type to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 Menu 15 1 1 1 Rule 1 Type O...

Page 47: ...Press ENTER to Confirm or ESC to Cancel Rule 3 Setup Select Many to One type to map the other clients to IGA3 Menu 15 1 1 3 Rule 3 Type Many to One Local IP Start 0 0 0 0 End 255 255 255 255 Global IP Start Enter IGA3 End N A Press ENTER to Confirm or ESC to Cancel Rule 4 Setup Select Server type to map our web server and mail server with ILA3 192 168 1 20 to IGA3 46 All contents copyright 2005 Zy...

Page 48: ...nfigured all four rules Menu 15 1 1 should look as follows Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 IGA1 1 1 2 192 168 1 11 IGA2 1 1 3 0 0 0 0 255 255 255 255 IGA3 M 1 4 IGA3 Server 5 6 7 8 9 10 Press ESC or RETURN to Exit 47 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 49: ... 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0 0 0 0 0 0 12 0 0 0 0 0 0 Press ENTER to Confirm or ESC to Cancel 4 Support Non NAT Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address In this case it is better to use Many to Many No Overload or One to One NAT mapping types thus ...

Page 50: ...168 1 12 Global IP Start Enter IGA1 End Enter IGA3 Press ENTER to Confirm or ESC to Cancel The three rules configured for using One to One mapping type is shown below Menu 15 1 1 1 Rule 1 Type One to One Local IP Start 192 168 1 10 End N A Global IP Start Enter IGA1 End N A Press ENTER to Confirm or ESC to Cancel Menu 15 1 1 2 Rule 2 49 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 51: ...r Examples How does ZyXEL filter work Filter Structure The P 660 allows you to configure up to twelve filter sets with six rules in each set for a total of 72 filter rules in the system You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port The following dia...

Page 52: ...e executed before SUA for WAN outgoing packets and after the SUA for WAN incoming IP packets But at the same time the Generic filter rules must be applied at the point when the P 660 is receiving and sending the packets i e the ISDN interface So the execution sequence has to be changed The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet from LAN to W...

Page 53: ... different filter sets The SMT will detect and prevent the mixing of different category rules within any filter set in Menu 21 In the following example you will receive an error message Protocol and device filter rules cannot be active together if you try to activate a TCP IP or IPX filter rule in a filter set that has already had one or more active Generic filter rules You will receive the same e...

Page 54: ... 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None TCP Estab N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Saving to ROM Please wait Protocol and device rule cannot be active together To separate the device and protocol filter categories two new menus Menu 11 5 and ...

Page 55: ...ter Sets Yes My Password Authen CHAP PAP Press ENTER to Confirm or ESC to Cancel Menu 11 5 Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in Menu 3 1 11 5 or entering a device filter set to the protocol fi...

Page 56: ...e following information 1 The outbound packet type protocol port number 2 The source IP address Generally the outbound packets for Web service could be as following a HTTP packet TCP 06 protocol with port number 80 b DNS packet TCP 06 protocol with port number 53 or c DNS packet UDP 17 protocol with port number 53 For all workstation on the LAN the source IP address will be 0 0 0 0 Otherwise you h...

Page 57: ...1 Edit Comments Press ENTER to Confirm or ESC to Cancel 2 Rule 1 for a http packet TCP 06 Port number 80 Menu 21 1 1 TCP IP Filter Rule Filter 1 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 80 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port Port Comp None TCP Estab No More No Log None Action Matched Drop A...

Page 58: ...tched Check Next Rule Press ENTER to Confirm or ESC to Cancel 4 Rule 3 for c DNS packet UDP 17 Port number 53 Menu 21 1 2 TCP IP Filter Rule Filter 1 3 Filter Type TCP IP Filter Rule Active Yes IP Protocol 17 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 53 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port Port Comp None TCP Estab No More No Log None Action Matched ...

Page 59: ...he remote node setup A filter for blocking a specific client Configuration 1 Create a filter set in Menu 21 e g set 1 Menu 21 Filter Set Configuration Filter Filter Set Comments Set Comments 1 Block a client 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______...

Page 60: ...Source IP addr Enter the client IP in this field IP Mask Here the IP mask is used to mask the bits of the IP address given in the Source IP Addr field for one workstation it is 255 255 255 255 Action Matched Set to Drop to drop all the packets from this client Action Not Matched Set to Forward to allow the packets from other clients 3 Apply the filter set number 1 to the Output Protocol Filter Set...

Page 61: ...a 84 9b 5d ca 84 0020 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66 0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 0040 77 61 62 63 64 65 66 67 68 69 TIME 37c060 enet0 XMIT len 74 call 0 0000 00 80 c8 4c ea 63 00 a0 c5 01 23 45 08 00 45 00 0010 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84 0020 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66 0030 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74...

Page 62: ...ngly The following sample filter will utilize the Generic Filter Rule to block the MAC address 00 80 c8 4c ea 63 1 First from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet TIME 37c060 enet0 RECV len 74 call 0 0000 00 a0 c5 01 23 45 00 80 c8 4c ea 63 08 00 45 00 0010 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84 0020 9b 63 08 00 45 5c 03 00 05 00 61 ...

Page 63: ...k the incoming source MAC address 00 80 c8 4c ea 63 Value in hexadecimal Specify the MAC address 00 80 c8 4c ea 63 that the P 660 should use to compare with the masked packet If the result from the masked packet matches the Value then the packet is considered matched Action Matched Enter the action you want if the masked packet matches the Value In this case we will drop it Action Not Matched Ente...

Page 64: ...PIP and IPX filters Menu 3 1 General Ethernet Setup Input Filter Sets protocol filters device filters 1 Output Filter Sets protocol filters device filters A filter for blocking the NetBIOS packets Introduction The NETBIOS protocol is used to share a Microsoft comupter of a workgroup For the security concern the NetBIOS connection to a outside host is blocked by P 660 router as factory defaults Use...

Page 65: ...1 Source port number 137 Destination port number 53 with protocol number 6 TCP Rule 2 Source port number 137 Destination port number 53 with protocol number 17 UDP Before starting to set the filter rules please enter a name for each filter set in the Comments field first Menu 21 Filter Set Configuration Filter Filter Set Comments Set Comments 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______...

Page 66: ...ort Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Rule 2 Destination port number 137 with protocol number 17 UDP Menu 21 1 2 TCP IP Filter Rule Filter 1 2 Filter Type TCP IP Filter Rule Active Yes IP Protocol 17 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 137 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port ...

Page 67: ...urce Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 138 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Rule 4 Destination port number 138 with protocol number 17 UDP Menu 21 1 4 TCP IP Filter Rule Filter 1 4 Filter Type TCP IP Filter ...

Page 68: ...r ESC to Cancel Rule 5 Destination port number 139 with protocol number 6 TCP Menu 21 1 5 TCP IP Filter Rule Filter 1 5 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 139 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 0 Port Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Check ...

Page 69: ... the first filter set is finished you will get the complete rules summary as below Menu 21 2 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 2 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 3 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 5 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D N 6 Y IP Pr 17 SA 0 0 0 0...

Page 70: ...al TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel 1 Rule 2 Source port number 137 Destination port number 53 with protocol number 17 UDP Menu 21 2 2 TCP IP Filter Rule Filter 2 2 Filter Type TCP IP Filter Rule Active Yes IP Protocol 17 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 53 Port Comp Equal...

Page 71: ... filter set NetBIOS_LAN in the Input protocol filters in the Menu 3 for blocking the packets from LAN Menu 3 1 General Ethernet Setup Input Filter Sets protocol filters 2 device filters Output Filter Sets protocol filters device filters 7 Using the Dynamic DNS DDNS What is DDNS The DDNS service an IP Registry provides a public central database where information such as email addresses hostnames IP...

Page 72: ... still usable The DDNS server stores password protected email addresses with IPs and hostnames and accepts queries based on email addresses So there must be an email entry in the P 660 menu 1 The DDNS servers the P 660 supports currently is WWW DYNDNS ORG where you apply the DNS from and update the WAN IP to Setup the DDNS 1 Before configuring the DDNS settings in the P 660 you must register an ac...

Page 73: ... password that the DDNS server gives to you Enable Wildcard Enter the hostname for the wildcard function that the WWW DYNDNS ORG supports Note that Wildcard option is available only when the provider is http www dyndns org 8 Network Management Using SNMP SNMP Overview The Simple Network Management Protocol SNMP is an applications layer protocol used to exchange the management information between n...

Page 74: ... data is self defining For example the encoding of a text string includes an indication that the data unit is a string along with its length and value ASN 1 is a flexible way of defining protocols especially for network management protocols where nodes may support different sets of manageable variables The net of variables that each node supports is called the Management Information Base MIB The M...

Page 75: ...es to asynchronously report certain events to NMSs use trap SNMPv1 Operations SNMP itself is a simple request response protocol 4 SNMPv1 operations are defined as below Get Allows the NMS to retrieve an object variable from the agent GetNext Allows the NMS to retrieve the next object variable from a table or list within an agent In SNMPv1 when a NMS wants to retrieve all elements of a table 74 All...

Page 76: ...SNMPv1 message format The SNMP PDU contains the following fields PDU type Specifies the type of PDU Request ID Associates requests with responses Error status Indicates an error and an error type Error index Associates the error with a particular object variable Variable bindings Associates particular object with their value ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P...

Page 77: ...rface group 3 linkUp defined in RFC 1215 If any link of IDSL or WAN is up the trap will be sent with the port number The port number is its interface index under the interface group 4 authenticationFailure defined in RFC 1215 When receiving any SNMP get or set requirement with wrong community this trap is sent to the manager 5 whyReboot defined in ZYXEL MIB When the system is going to restart warm...

Page 78: ...660 for SNMP The SNMP related settings in P 660 are configured in menu 22 SNMP Configuration The following steps describe a simple setup procedure for configuring all SNMP settings Menu 22 SNMP Configuration SNMP 77 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 79: ...nter the IP address of the NMS The P 660 will only respond to SNMP messages coming from this IP address If 0 0 0 0 is entered the P 660 will respond to all NMS managers Trap Community Enter the community name in each sent trap to the NMS This Trap Community must match what the NMS is expecting The default is public Trap Destination Enter the IP address of the NMS that you wish to send the traps to...

Page 80: ... the syslog services The default setting is not enabled 2 Edit the file etc syslog conf by adding the following line at the end of the etc syslog conf file local1 var log zyxel log Where var log zyxel log is the full path of the log file 3 Restart syslogd ZyXEL Syslog Message Format CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet triggered The first 48 bytes or oc...

Page 81: ...fused L02 Call Terminated C02 Call Terminated Example Feb 14 16 57 17 192 168 1 1 ZyXEL Communications Corp board 0 line 0 channel 0 call 18 C01 Incoming Call OK Feb 14 17 07 18 192 168 1 1 ZyXEL Communications Corp board 0 line 0 channel 0 call 18 C02 Call Terminated 2 Packet triggered log Format sdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Packet trigger Protocol xx Data xxxxxxxxxx ...

Page 82: ...on port Example Jul 19 14 44 09 192 168 1 1 ZyXEL Communications Corp IP Src 202 132 154 1 Dst 192 168 1 33 UDP spo 0035 dpo 05d4 S03 R01mF Jul 19 14 44 13 192 168 1 1 ZyXEL Communications Corp IP Src 192 168 1 33 Dst 202 132 154 1 ICMP S03 R01mF 4 PPP Log Format sdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto Closing ppp Proto Shutdown Prot...

Page 83: ...is not required For example the network manager can divide the local network into three networks and connect them to the Internet using P 660 s single user account See the figure below The P 660 supports three virtual LAN interfaces via its single physical Ethernet interface The first network can be configured in menu 3 2 as usual The second and third networks that we call IP Alias 1 and IP Alias ...

Page 84: ...ng the P 660 s first LAN IP address Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 6 Primary DNS Server 168 95 1 1 Secondary DNS Server 168 95 192 1 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies Edit IP Alias Yes Press ENTE...

Page 85: ...l filters IP Alias 2 Yes IP Address 192 168 3 1 IP Subnet Mask 255 255 255 0 RIP Direction None Version RIP 1 Incoming protocol filters Outgoing protocol filters Enter here to CONFIRM or ESC to CANCEL Key Settings IP Alias 1 Toggle to Yes and enter the second LAN IP address for the P 660 This will create the second route in the enif0 0 interface IP Alias 2 Toggle to Yes and enter the third LAN IP ...

Page 86: ... among multiple paths Benefits Source Based Routing Network administrators can use policy based routing to direct traffic from different users through different connections Quality of Service QoS Organizations can differentiate traffic by setting the precedence or TOS Type of Service values in the IP header at the periphery of the network to enable the backbone to prioritize traffic Cost Savings I...

Page 87: ...ped together A use defines the policies before applying them to an interface or a remote node in the same fashion as the filters There are 12 policy sets with 6 policies in each set Setup the IP Policy Routing 1 Create a routing policy set in menu 25 Menu 25 IP Routing Policy Setup Policy Policy Set Name Set Name 1 _______________ 7 _______________ 2 _______________ 8 _______________ 3 ___________...

Page 88: ...DP 80 80 P 6 GW 192 168 1 254 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________...

Page 89: ...nu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 0 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies 1 Edit IP Alias No Press ENTER to Confirm or ESC to Cancel Menu 11 3 Remo...

Page 90: ... configure each schedule in Menu 26 Schedule Setup The remote node configured with the schedule set could be Forced On Forced Down Enable Dial On Demand or Disable Dial On Demand on specified date and time SMT Menu for Call Scheduling 1 Edit the Schedule sets in menu 26 Copyright c 1994 2005 ZyXEL Communications Corp Prestige 660 Main Menu Getting Started Advanced Management 1 General Setup 21 Fil...

Page 91: ... 5 _______________ 11 _______________ 6 _______________ 12 _______________ Enter Schedule Set Number to Configure 1 Edit Name ZyXEL Press ENTER to Confirm or ESC to Cancel 3 The Menu 26 1 Schedule Set Setup is as follows Menu 26 1 Schedule Set Setup Active Yes Start Date yyyy mm dd 2002 01 01 How Often Once Once Date yyyy mm dd 2002 01 01 Weekdays Sunday N A Monday N A Tuesday N A Wednesday N A Th...

Page 92: ...l On Demand The remote node denies any demand dial during the period For the existing connected nodes it will be dropped after idle timeout and no triggered up Start Time Duration Start Time and Duration of this schedule Apply the schedule to the Remote node Multiple scheduling rules can program in a Remote node and they have priority For example if we program the sets as 1 2 3 4 in remote node th...

Page 93: ...ss 202 132 154 1 Current Time 00 11 38 New Time hh mm ss 00 11 36 Current Date 2000 01 01 New Date yyyy mm dd 2000 01 01 Time Zone GMT 0800 Daylight Saving No Start Date mm dd 01 00 End Date mm dd 01 00 Press ENTER to Confirm or ESC to Cancel 13 Using IP Multicast What is IP Multicast Traditionally IP packets are transmitted in two ways unicast or broadcast Multicast is a third way to deliver IP p...

Page 94: ...he multicast setting can be turned on or off on Ethernet and remote nodes IP Multicast Setup Enable IGMP in P 660 s LAN in menu 3 2 Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 0 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0...

Page 95: ...ration feature can hunt the encapsulation and VPI VCI value and system will automatically configure itself if the hunting result is successfully This feature has two constraints 1 It supports the ISP provides one kind of service PPPoE PPPoA etc only otherwise the hunting will get confusing and failed 2 VC auto hunting only supports dynamic WAN IP address If the router is set a static WAN IP addres...

Page 96: ...node input the remote node index 1 8 vpi vpi value vci vci value service it s a hex value bit0 PPPoE VC 1 bit1 PPPoE LLC 2 bit2 PPPoA VC 4 bit3 PPPoA LLC 8 bit4 Enet VC 16 bit5 Enet LLC 32 For examples If you need service PPPoE LLC and Enet LLC then the service bits will be 2 32 34 decimal 22 hex you must input 22 If you want to enable all service for VC hunting the service bits will be 1 2 4 8 16...

Page 97: ...low suggest to use 3f which include all PPP possiblities Command Description wan atm vchunt Add remoteNodeIndex vpi vci service bit hex Add a entry to hunting pool remote node input the remote node index 1 8 vpi vpi value vci vci value service it s a hex value bit0 PPPoE VC 1 bit1 PPPoE LLC 2 bit2 PPPoA VC 4 bit3 PPPoA LLC 8 96 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 98: ... hunt pattern again result Check the result of VC auto hunting Using Zero configuration 1 After configure the auto haunting preconfigured table You just need a PC connected to the device LAN Ethernet port with the DSL sync up 2 Open your web browser to access a Web site It should prompt and request for your username password of your ISP account if your ISP provide PPPoE or PPPoA service 3 After ke...

Page 99: ...660 Series Support Notes Basically the zero configuration only work on the VC that was preconigured in the auto haunting preconfigured table 98 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 100: ...th protocol sourceIP port destIP port There are two ways to dump the trace Online Trace display the trace real time on screen Offline Trace capture the trace first and display later The details for capturing the trace in SMT menu 24 8 are as follows Online Trace Trace LAN packet Trace WAN packet 1 Trace LAN packet Disable to capture the WAN packet by entering sys trcp channel mpoa00 none Enable to...

Page 101: ...T0 R 0060 TCP 192 168 1 2 1108 192 31 7 130 80 10 11883 650 ENET0 R 0062 TCP 192 168 1 2 1109 192 31 7 130 80 P 660 sys trcd parse 0000 LAN Frame ENET0 RECV Size 62 62 Time 12089 790 sec Frame Type TCP 192 168 1 2 1116 192 31 7 130 80 Ethernet Header Destination MAC Addr 00A0C5921311 Source MAC Addr 0080C84CEA63 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x0...

Page 102: ...eader Destination MAC Addr 0080C84CEA63 Source MAC Addr 00A0C5921311 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Idetification 0x57F3 22515 Flags 0x02 Fragment Offset 0x00 Time to Live 0xED 237 Protocol 0x06 TCP Header Checksum 0xAC8C 44172 Source IP 0xC01F0782 192 31 7 130 Destination IP 0xC0A80102 192 168 1 2 TCP Header Source ...

Page 103: ...0C84CEA63 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x0028 40 Idetification 0x350B 13579 Flags 0x02 Fragment Offset 0x00 Time to Live 0x80 128 Protocol 0x06 TCP Header Checksum 0x3C79 15481 Source IP 0xC0A80102 192 168 1 2 Destination IP 0xC01F0782 192 31 7 130 TCP Header Source Port 0x045C 1116 Destination Port 0x0050 80 Sequence Number...

Page 104: ...d trace online by entering sys trcd parse Example P 660 sys trcp channel enet0 none P 660 sys trcp channel mpoa00 bothway P 660 sys trcp sw on P 660 sys trcl sw on P 660 sys trcd brief 0 12367 680 MPOA00 R 0070 UDP 202 132 155 95 520 202 132 155 255 520 1 12370 980 MPOA00 T 0062 TCP 202 132 155 97 10261 192 31 7 130 80 P 660 sys trcd parse 0000 LAN Frame MPOA00 RECV Size 1181 96 Time 12387 260 sec...

Page 105: ... 0010 04 8B B1 39 40 00 EE 06 A9 AB C0 1F 07 82 CA 84 9 0020 9B 61 00 50 28 1E D3 E9 59 85 00 C1 8F 63 50 19 a P Y cP 0030 FA F0 37 35 00 00 DF 33 AF 62 58 37 52 3D 79 99 75 3 bX7R y 0040 A5 3C 2B 59 E2 78 A7 98 8F 3F A9 09 E4 0F 26 14 Y x 0050 9C 58 3E 95 3E E7 FC 2A 4C 2F FB BE 2F FE EF D0 X L Offline Trace Disable the capture of the WAN packet by entering sys trcp channel mpoa00 none Enable the...

Page 106: ...enu 24 8 and stay in Menu 24 8 Run the TFTP client software Enter the IP address of the Prestige To upload the firmware please save the remote file as ras to Prestige After the transfer is complete the Prestige will program the upgraded firmware into FLASH ROM and reboot itself An example The 192 168 1 1 is the IP address of the Prestige The local file is the source file of the ZyNOS firmware that...

Page 107: ...ile as rom 0 in the Prestige An example The 192 168 1 1 is the IP address of the Prestige The local file is the source file of your configuration file that is available in your hard disk The remote file is the file name that will be saved in Prestige Check the port number 69 and 512 Octet blocks for TFTP Check Binary mode for file transfering Using TFTP command on Windows NT Before you begin 1 TEL...

Page 108: ...Example cppwu faelinux cppwu telnet 192 168 1 1 Trying 192 168 1 1 Connected to 192 168 1 1 Escape character is Password Copyright c 1994 2005 ZyXEL Communications Corp Prestige 660 Main Menu Getting Started Advanced Management 1 General Setup 21 Filter Set Configuration 3 Ethernet Setup 22 SNMP Configuration 4 Internet Access Setup 23 System Password 24 System Maintenance Advanced Applications 11...

Page 109: ...ions cppwu faelinux cppwu tftp I 192 168 1 1 get ras local ras download firmware cppwu faelinux cppwu tftp I 192 168 1 1 put local ras ras upload firmware 3 Using FTP to Upload the Firmware and Configuration Files In addition to upload the firmware and configuration file via the console port and TFTP client you can also upload the firmware and configuration files to the Prestige using FTP To use t...

Page 110: ...I OK ftp put prestige bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 924512 bytes sent in 4 83Seconds 191 41Kbytes sec ftp Here the prestige bin is the local file and ras is the remote file that will be saved in the Prestige The Prestige reboots automatically after the uploading is finished Using FTP client software Step 1 Rename the local firmware ...

Page 111: ...re Set the transfer type to Auto Detect or Binary 2 Press OK to ignore the Username prompt 3 To upload the firmware file we transfer the local ras file to overwrite the remote ras file To upload the configuration file we transfer the local rom 0 to overwrite the 110 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 112: ...Support Notes remote rom 0 file 4 The Prestige reboots automatically after the uploading is finished Please do not power off the router at this moment 111 All contents copyright 2005 ZyXEL Communications Corporation ...

Page 113: ...e 1 Shows the following commands and all major sub commands 2 exit Returns to SMT To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware release Please goto ZyXEL public WEB site http www zyxel com support download_index php to download firmware package zip you should unzip the package to get the release note in PDF format 112 All contents...

Search results

Summary of Contents for P-660R-T1

Reviews:

Related manuals for P-660R-T1

Brands by name

Popular brands

ZyXEL Communications P-660R-T1, Support Notes

Search results

Summary of Contents for P-660R-T1

Reviews:

Related manuals for P-660R-T1

Brands by name

Popular brands