manualshive.com logo in svg

ZyXEL Communications Prestige 2802HW(L)-IX, Support Notes, Page: 135 / 187

Share
Download
ZyXEL Communications Prestige 2802HW(L)-IX Support Notes Download Page 135

 

 

Prestige 2802HW(L)-Ix Support Notes 

 
 

 

All contents copyright (c) 2007 ZyXEL Communications Corporation.   

135

What is the relation of codec and VoIP?   

As VoIP is a general term send voice information in digital form in discrete packets over digital network and 

this digital network is public network, thus there maybe other packet such data packet uses network at the same 

time.    The  codec  choose  is  related  to  how  much  bandwidth  voice  packet  will  consume.    In  bandwidthwise 

aspect the smaller amount of bandwidth used the better.    But in voice aspect the higher quality the better.   

What codec does Prestige support? 

Prestige supports the following commonly used codec. 

 

G.729 voice codec   

 

G.711u-law voice codec 

 

G.711a-law voice codec 

Note: G.711 u-law or G.711 a-law is country specific, thus ZyXEL device is shipped preconfigured to use u-law 

or  a-law  according  to  specific  country.    If  for  special  reason  this  setting  needed  to  be  changed.    It  can  be 

modify through device CI command through telnet.    For the command please refer to the CI command list in 

the firmware release note. 

Which codec should I choose? 

As which codec choose is depending on what codec is supported on both end of the VoIP host.    Generally a 

codec with low bandwidth consumption and high voice quality is a good codec .   

What do I need in order to use SIP? 

The minimum required to use VoIP is as follow.     

1.  A  high-speed  Internet  connection.  This  can  be  a  cable  modem,  or  a  high-speed  network  services  such  as 

ISDN, DSL or a T-1 link. The need of the bandwidth required will depend on the amount of telephone traffic 

will be in your network. 

2. A PC with VoIP software installed or a hardware VoIP box such as ATA or device like Prestige 2802 VoIP 

station router. 

3. An account with a VoIP provider such as an ITSP. The account can be configured to recognize your calls 

automatically, or you can require the users to enter their unique account numbers issued. 

Summary of Contents for Prestige 2802HW(L)-IX

Page 1: ...Prestige 2802HW L Ix Support Notes Version 3 40 Jun 2007...

Page 2: ...53 Using Prestige traffic redirect 55 Using Universal Plug n Play UPnP 58 Wireless Application Notes 64 Infrastructure mode 64 Wireless MAC address filtering 68 WEP configuration Wired Equivalent Priv...

Page 3: ...tween NAT and SUA 122 How many network users can the SUA NAT support 123 What are Device filters and Protocol filters 123 Why can t I configure device filters or protocol filters 123 Product FAQ 123 W...

Page 4: ...he Prestige support 131 What is DDNS wildcard 131 Does the Prestige support DDNS wildcard 131 Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige 131 How do I setup my Pr...

Page 5: ...re problem with my Prestige what should I do 137 Firewall FAQ 137 What is a network firewall 137 What makes Prestige firewall secure 137 What are the basic types of firewalls 137 What kind of firewall...

Page 6: ...amic secure gateway IP 148 What VPN gateway that has been tested with Prestige successfully 148 What VPN software that has been tested with Prestige successfully 148 Will ZyXEL support Secure Remote M...

Page 7: ...ct Sequence Spread Spectrum Technology DSSS 156 What is Frequency hopping Spread Spectrum Technology FHSS 157 Do I need the same kind of antenna on both sides of a link 157 Why the 2 4 Ghz Frequency r...

Page 8: ...ll contents copyright c 2007 ZyXEL Communications Corporation 8 What is AAA 160 What is RADIUS 160 What is WPA 160 What is WPA PSK 161 Trouble Shooting 161 Using Embedded Packet Trace 161 Debug PPPoE...

Page 9: ...nts needs to be checked before accessing the Internet Before you begin Setting up the Windows Setting up the Prestige router Troubleshooting Before you begin The Prestige is shipped with the following...

Page 10: ...P IP from the Network Protocols and click OK 3 TCP IP Configuration Follow these steps to configure Windows TCP IP In the Control Panel Network window click the TCP IP entry to select it and click Pro...

Page 11: ...ure it Before configuring the router using Browser please be sure there is no Telnet or Console login 1 Retrieve Prestige Web Please enter the LAN IP address of the Prestige router in the URL location...

Page 12: ...Prestige 2802HW L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 12 The Web screen shown below takes PPPoE as the example...

Page 13: ...for Dynamic Host Configuration Protocol In addition to the DHCP server feature the P2802 supports the DHCP relay function When it is configured as DHCP server it assigns the IP addresses to the LAN c...

Page 14: ...s All contents copyright c 2007 ZyXEL Communications Corporation 14 Setup the Prestige as a DHCP Client 1 Toggle the DHCP to Relay in Network LAN DHCP Setup and enter the IP address of the DHCP server...

Page 15: ...be a DHCP client whose IP address potentially changes each time it is powered on In addition to the servers for specific services SUA supports a default server A service request that does not have a...

Page 16: ...80 Configure a PPTP server Behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol IP packets and forwarded...

Page 17: ...folder The VPN Adapter type does not appear elsewhere in the system Since PPTP encapsulates its data stream in the PPP protocol the VPN requires a second dial up adapter This second dial up adapter fo...

Page 18: ...ser Enable RAS port Select the network protocols from RAS such as IPX TCP IP NetBEUI Set the Internet gateway to Prestige o PPTP client setup Win9x Add one VPN connection from Dial Up Networking by en...

Page 19: ...eway of the Win9x client after the dial up connection has been established Before making a VPN connection from the Win9x client to the NT server you need to know the exact Internet IP address that the...

Page 20: ...d or dynamically assigned by the ISP In addition you can designate servers e g a web server and a telnet server on your local network and make them accessible to the outside world If you do not define...

Page 21: ...t to the Internet ISP thus making them appear as if they had come from the NAT system itself e g the Prestige router The Prestige keeps track of the original addresses and port numbers so incoming rep...

Page 22: ...ing Direction One to One ILA1 IGA1 Both Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Outgoing Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Outgoing Many to Many No Overload Allocate by Con...

Page 23: ...Applying NAT in the WEB GUI You apply NAT via WEB GUI Network NAT General as displayed next The next figure that you could apply NAT for Internet access Full Feature The following table describes the...

Page 24: ...802HWL has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Set You can see nine NAT Address Mapping sets in WEB GUI Network NAT Address Mapping You can only configure from Set 1 to...

Page 25: ...255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA N A Type Th...

Page 26: ...0 0 as the Global Start IP 0 0 0 0 Global IP End This is the ending global IP address IGA This field is N A for One to One Many to One and Server types 200 1 1 64 Note For all Local and Global IPs th...

Page 27: ...wing procedures show how to configure a server behind NAT Step 1 Enter Network NAT Address Mapping in the WEB GUI to go to Address Mapping Setup Step 2 Enter Edit Details of Server Mapping Set to go t...

Page 28: ...table Please refer RFC 1700 for further information about port numbers Service Port Number FTP 20 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 PPTP Point to Point Tunneling Protocol...

Page 29: ...nts copyright c 2007 ZyXEL Communications Corporation 29 From WEB GUI Network NAT General shown above simply choose the SUA Only option in the NAT Setup This is the Many to One mapping discussed earli...

Page 30: ...e do exactly as above use the convenient pre configured SUA Only set and also go to Menu Network NAT Port Forwarding to specify the Internet Server behind the NAT as shown in the NAT as shown below 3...

Page 31: ...e to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 6 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to IGA2 7 Rule 3 Many to One type to map the other clients to IGA3 8 Ru...

Page 32: ...configuring this new set Enter a Set Name choose the Edit Action and then select 1 from Select Rule field Press ENTER to confirm See the following setup for the four rules in our case Rule 1 Setup Sel...

Page 33: ...ll contents copyright c 2007 ZyXEL Communications Corporation 33 Rule 3 Setup Select Many to One type to map the other clients to IGA3 Rule 4 Setup Select Server type to map our web server and mail se...

Page 34: ...ation should look as follows Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 IGA1 1 1 2 192 168 1 11 IGA2 1 1 3 0 0 0 0 255 255 255 255 IGA3 M 1 4 IGA3 Server 5 6 7 8...

Page 35: ...applications such as some mIRC servers do not allow users to login using the same IP address In this case it is better to use Many to Many No Overload or One to One NAT mapping types thus each user l...

Page 36: ...Prestige 2802HW L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 36 The three rules configured for using One to One mapping type is shown below...

Page 37: ...Prestige 2802HW L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 37 Prestige supports multiple type of NAT mapping rules...

Page 38: ...o Many overload Many One to One Server The following table summarizes these types NAT Type IP Mapping One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2...

Page 39: ...e When the ISP assigns the Prestige a new IP the Prestige must inform the DDNS server the change of this IP so that the server can update its IP to DNS entry Once the IP to DNS table in the DDNS serve...

Page 40: ...ce that you are registered for from your Dynamic DNS service provider Host Name Enter the hostname you subscribe from the above DDNS server You can specify up to two host names in the field separated...

Page 41: ...rk performance find and solve network problems The SNMP is a member of the TCP IP protocol suite it uses the UDP to exchange messages between a management Client and an Agent residing in a network nod...

Page 42: ...he current Internet standard MIB MIB II is defined in RFC 1213 and contains 171 objects These objects are grouped by protocol including TCP IP UDP SNMP and other categories including system and interf...

Page 43: ...ariable from a table or list within an agent In SNMPv1 when a NMS wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Al...

Page 44: ...h a particular object variable Variable bindings Associates particular object with their value 3 ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some Prestige routers It is implemen...

Page 45: ...port number The port number is its interface index under the interface group authenticationFailure defined in RFC 1215 When receiving any SNMP get or set requirement with wrong community this trap is...

Page 46: ...EL Communications Corporation 46 4 Configure the Prestige for SNMP The SNMP related settings in Prestige are configured in WEB GUI menu Advanced Remote MGMT SNMP SNMP Configuration The following steps...

Page 47: ...icate with the ZyXEL device using this service Select All to allow any computer to access ZyXEL device using this service Choose Selected to just allow the computer with the IP address that you specif...

Page 48: ...t send trap any NMS manager Using syslog 4 Prestige Setup Configuration 1 Click Active to enable Syslog logging 2 Syslog IP Address enter the IP address of the UNIX server that you wish to send the sy...

Page 49: ...board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board channel channel ID within the WAN call the call reference number which starts from 1 and increments by 1...

Page 50: ...4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 Filter log This message is available when the Log is enabled in the filter rule setting The message consists o...

Page 51: ...g Jul 19 11 43 51 192 168 1 1 ZyXEL Communications Corp ppp CCP Opening Jul 19 11 43 55 192 168 1 1 ZyXEL Communications Corp ppp BACP Opening Jul 19 11 44 00 192 168 1 1 ZyXEL Communications Corp ppp...

Page 52: ...outes are created in the Prestige as shown below when the three networks are configured If the Prestige s DHCP is also enabled the IP pool for the clients can be any of the three networks Copyright c...

Page 53: ...ight mouse button to copy and or pate IP address IP Subnet Mask Your ZyXEL device will automatically calculate the subnet mask based on the IP address the you assign Unless you are implementing subnet...

Page 54: ...6 IP hosts use IGMP to report their multicast group membership to any immediate neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded At start up t...

Page 55: ...t forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through it s normal gateway Thus make your backup gateway as an auxiliary backup of your WAN connection Once Pre...

Page 56: ...ts copyright c 2007 ZyXEL Communications Corporation 56 Traffic Redirect on LAN port Traffic Redirect Setup Configure parameters that determine when Prestige will forward WAN traffic to the backup gat...

Page 57: ...ress of a reliable nearby computer for example your ISP s DNS server address If you select ICMP in the Backup Type field you must configure at least one IP address here When using a WAN backup connect...

Page 58: ...ige use traffic redirect if the normal WAN connection goes down If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among...

Page 59: ...UPnP applications assign the dynamic port mappings to Internet gateway and delete the mappings when the connections are complete The key components in UPnP are devices services and control points Devi...

Page 60: ...message Eventing Devices can send event message to notify control points if there is any update on services provided Presentation Each device can provide their own control interface by URL link So th...

Page 61: ...anced UPnP check two boxes Active UPnP feature and Allow users to make configuration changes through UPnP The first check box enables UPnP function in this device The second check box allow users appl...

Page 62: ...Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 62 2 After getting IP address you can go to open MSN application on PC and sign in MSN server 3 Start a Video conversation...

Page 63: ...L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 63 4 On the opposite side your partner select Accept to accept your conversation request 5 Finally your video conversa...

Page 64: ...astructure mode What is Infrastructure mode Infrastructure mode sometimes referred to as Access Point mode is an operating mode of an 802 11b Wi Fi client unit In infrastructure mode the client unit c...

Page 65: ...ications Corporation 65 Configuration Wireless Access Point to Infrastructure mode using Web configurator To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps be...

Page 66: ...ctive wireless LAN check box 4 When finish click on apply button to take effect Configuration Wireless Station to Infrastructure mode To configure Infrastructure mode on your ZyAIR B 100 B 200 B 300 w...

Page 67: ...unications Corporation 67 3 Select Infrastructure from the operation mode pull down menu fill in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect 4 Cl...

Page 68: ...You now successfully associate with the selected AP with Infrastructure Mode Wireless MAC address filtering MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations f...

Page 69: ...WLAN MAC Address Filter Configuration Before you configure the MAC filter you need to know the MAC address of the client first If not knowing what your MAC address is please enter a command ipconfig a...

Page 70: ...ed in this list If Allow Association is selected in this field hosts with MAC addresses configured in this list will be allowed to associate with AP If Deny Association is selected in this field hosts...

Page 71: ...to ensure that packages are not modified during the transition The standard does not discuss how the shared key is established In practice most installations use a single key that is shared between al...

Page 72: ...o 4 WEP keys simultaneously You need to specify one of the 4 keys as default Key for data encryption To set up the Access Point you will need to set the one of the following parameters o 64 bit WEP ke...

Page 73: ...Setting up the Access Point with Web configurator Key settings Hexadecimal digits have to preceded by 0x WEP Key type Example 64 bit WEP with 5 characters Key1 2e3f4 Key2 5y7js Key3 24fg7 Key4 98jui...

Page 74: ...of station has to equal to the Key 3 of access point Though access point use Key 3 as default key but the station can use the other Key as its default key to encrypt wireless data transmission Access...

Page 75: ...een Note If the utility icon doesn t exist in your task bar click Start Programs IEEE802 11b WLAN Card IEEE802 11b WLAN Card 2 Select the Encryption tab Select encryption type correspond with access p...

Page 76: ...Prestige 2802HW L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 76...

Page 77: ...Key4 456789ABCD Configuring 802 1x IEEE 802 1x Introduction IEEE 802 1x port based authentication is desired to prevent unauthorized devices clients from gaining access to the network As LANs extend t...

Page 78: ...ator controls the physical access to the network based on the authentication status of the client The authenticator acts as an intermediary proxy between the client and the authentication server i e R...

Page 79: ...Control The port state determines whether or not the supplicant Wireless Client is granted access to the network behind Wireless AP There are two authentication port state on the AP authorized state...

Page 80: ...sts the identity of the client and begins relaying authentication messages between supplicant and the authentication server Each supplicant attempting to access the network is uniquely identified by t...

Page 81: ...nds an EAP request identity frame to the 802 1x client to request its identity typically the authenticator sends an initial identity request frame followed by one or more requests for authentication i...

Page 82: ...7 ZyXEL Communications Corporation 82 The EAPOL packet contains the following fields protocol version packet type packet body length and packet body Most of the fields are obvious The packet type can...

Page 83: ...en it wants to terminate its 802 1x session EAPOL Key This is used for TLS authentication method The Wireless AP uses this packet to send the calculated WEP key to the supplicant after TLS negotiation...

Page 84: ...has an internal authentication server for authenticating the wireless 802 1x client users It builds total 32 users database and allows up to 32 authorized users to login to the Wireless AP simultaneou...

Page 85: ...N Local User Database 2 Select one of the profile and check Active check box 3 Input the User Name and Password then click Apply to save the profile Key settings Option Descriptions User Name Enter a...

Page 86: ...entication server the Ethernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentic...

Page 87: ...All contents copyright c 2007 ZyXEL Communications Corporation 87 2 Configure in WEB GUI Configurator From the Web Configurator main menu Click Network Wireless Lan to setup the RADIUS authentication...

Page 88: ...S authentication configuration Key settings for authentication server Option Descriptions Server Address Enter the IP address of the external RADIUS authentication server Port The default port of RADI...

Page 89: ...ect the facility walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf metal desk etc on the diagra...

Page 90: ...n 90 4 It s always a good idea to start with putting the access point at the corner of the room and walk away from the access point in a systematic manner Record down the changes at point where transf...

Page 91: ...the access point installation spot if wireless service is required from corner of the room 6 Repeat step 1 5 and now you should be able to mark an RF coverage area as illustrated in above picutre 7 Yo...

Page 92: ...For more information please refer to roaming at PSTN Lifeline Application Notes Usage of PSTN Lifeline By using the PSTN lifeline function you can make and receive regular PSTN phone calls in coexist...

Page 93: ...ou how to configure lifeline under P2802HWL D1A WEB GUI Lifeline configuration To configure lifeline in P2802HWL click on VoIP PSTN Line General to display the following screen You can specify a prefi...

Page 94: ...local emergency services such as Police Dept Fire Dept Emergency Medical services phone number in this field Thus in any cases these unit can be reach in case of emergency by dialing their number wit...

Page 95: ...jack or ADSL line 4 Connect the splitter jack where it label Line to ADSL line from the ISP Figure 2 Splitterless type 1 The P2802HWL includes a DSL cable and a RJ 11 cable Connect the DSL cable to t...

Page 96: ...ndles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged dur...

Page 97: ...ion category fill in the User Name and authentication password your ITSP provided to you Step 6 If you wish to send caller ID check the check box in the Caller ID category if you do not wish to send o...

Page 98: ...is field If you were not given a register server port then enter the port from the SIP Server Port field again here SIP Service Domain A SIP service domain is the domain name that comes after the symb...

Page 99: ...and 220 130 46 198 3 SIP number for device A and B is 197 and 198 Preparation and Steps 1 Install the device properly in user s networking topology 2 Setup device s WAN connection 3 Configuring SIP Vo...

Page 100: ...yXEL Communications Corporation 100 2 Make you can call by callee s SIP number You need to configure the self SIP number and put callee s IP address at SIP server SIP proxy Domain server all in the VO...

Page 101: ...Corporation 101 1 Setup WEB GUI VoIP enter device A s number in the SIP number column 2 Fill in device B s IP into SIP server address Register server address as example 3 Setup speed dial put device B...

Page 102: ...Prestige 2802HW L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 102...

Page 103: ...in device A s IP into SIP server address Register server address as example 3 Setup speed dial put device A s information into the column After completing the setting you can dial 01 from the phone u...

Page 104: ...s 1234 Step 3 On the left column click on VoIP Phone Analog Phone Advanced Setup to bring you to voice function menu Step 4 Change the phone port parameter as you desired and click Apply when you are...

Page 105: ...the Prestige waits this long after you stop pressing the buttons before initiating the call Select how many seconds you want the Prestige to wait after the last input on the telephone s keypad before...

Page 106: ...ration 106 Each field s detail description of the page is listed below Label Description SIP Account This read only field displays the number of the SIP account that you are configuring The changes th...

Page 107: ...time that the Prestige will allow a SIP session to remain idle without traffic before dropping it Min SE When two SIP devices negotiate a SIP session they must negotiate a common expiration time for...

Page 108: ...ssaging system that supports this feature Expiration Time Use this field to set how long the SIP server should continue providing the message waiting service after receiving a SIP SUBSCRIBE message fr...

Page 109: ...ck on login The default is 1234 Step 3 On the left column click on VoIP Phone Book Speed Dial to bring you to Speed Dial page to enter speed dial configuration page Step 4 Select the entry number you...

Page 110: ...speed dial entry displays in the Speed Dial Phone Book section of the screen Speed Dial Phone Book This section of the screen displays the currently saved speed dial entries You can configure up to 1...

Page 111: ...ntiated Services field to replace the TOS Type of Service field in IP header The DS field contains a 2 bit unused field and a 6 bit DSCP filed which can define up to 64 service levels The following fi...

Page 112: ...0 Class 2 AF21 AF22 AF23 2 010010 010100 010110 Class 3 AF31 AF32 AF33 3 011010 011100 011110 Class 4 AF41 AF42 AF43 4 100010 100100 100110 Expedited Forwarding EF 5 101110 The values in decimal are g...

Page 113: ...10 26 AF32 011100 28 AF33 011110 30 CS4 100000 32 AF41 100010 34 AF42 100100 36 AF43 100110 38 CS5 101000 40 EF 101110 46 CS6 110000 48 CS7 111000 56 Quality of Service QoS refers to both a network s...

Page 114: ...ervice priority tags with this priority to RTP traffic that it transmits Voice VLAN ID Enable VLAN tagging if the Prestige needs to be a member of a VLAN group in order to communicate with the SIP ser...

Page 115: ...screenshot shows how users can use this screen to configure the Prestige to block or redirect calls You can configure a different call forwarding table for each SIP account or use the same call forwar...

Page 116: ...tings that define the default action to take on incoming calls that do not match any of the Advanced Setup call forwarding entries Unconditional Forward to Number Enable this feature to have the Prest...

Page 117: ...this call forwarding entry Select Unconditional to have the Prestige immediately forward any calls from the number specified in the Incoming Call Number field to the number in the Forward to Number f...

Page 118: ...e Region to display the following screen Use this screen to configure VoIP Common Settings Label Description Region Settings Use the drop down list box to select the country where your Prestige is loc...

Page 119: ...plementary phone service details To take full advantage of the supplementary phone services available though the Prestige s phone ports you may need to subscribe to the services from your voice servic...

Page 120: ...under SYSTEM and press the Password tab At the password screen type in the old password and the new password and retype to confirm than press Apply button to save the change How do I upload the ZyNOS...

Page 121: ...tab and press browse button point to the directory where the romfile you want to upload is stored e Press Upload button The procedure for backup ROMFILE via the web configurator is as follow a Log on...

Page 122: ...eives a packet from a local client destined for the outside Internet it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with anoth...

Page 123: ...ssions What are Device filters and Protocol filters In ZyNOS the filters have been separated into two groups One group is called device filter group and the other is called protocol filter group Gener...

Page 124: ...PPPoA you need the user account to enter in the Prestige What is PPPoE PPPoE stands for Point to Point Protocol over Ethernet that is an IETF draft standard specifying how a computer interacts with a...

Page 125: ...work interface does the Prestige support The Prestige supports 10 100M Ethernet to connect to the LAN computer or hub switch and 10 100M ADSL interface to the ISP What can we do with Prestige Browse t...

Page 126: ...assigned the proper access right Is it possible to access a server running behind SUA from the outside Internet If possible how Yes it is possible because Prestige delivers the packet to the local se...

Page 127: ...e network then how big a pipe there is at the head end to the rest of the Internet Different models of PCs and Macs are able to handle IP traffic at varying speeds Very few can handle it at 30 Mbps Et...

Page 128: ...web server and a telnet server on your local network and make them accessible to the outside world If you do not define any servers NAT offers the additional benefit of firewall protection In such ca...

Page 129: ...e ILA to one IGA This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyNOS routers supported the SUA only option in today s routers 3 Many to M...

Page 130: ...enu 15 1 is a convenient pre configured read only Many to One mapping set sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions What is BOOTP DHCP BOO...

Page 131: ...ou apply the DNS from and update the WAN IP to What is DDNS wildcard Some DDNS servers support the wildcard feature which allows the hostname yourhost dyndns org to be aliased to the same IP address a...

Page 132: ...ephone adapter It allows you to send voice signals over the Internet or VoIP of IP via SIP protocol which is an internationally recongnized standard for VoIP Technology The main difference between P28...

Page 133: ...oice analog signal to digital than transmit it and on the receiver end it will also need an analog to digital converter to covert the digital signal back to analog to the person being called can heard...

Page 134: ...nteroperate with one another In interoperability between the two the industry is making slow but sure progress Interoperability must first happen between vendor implementations of the same protocol SI...

Page 135: ...specific country If for special reason this setting needed to be changed It can be modify through device CI command through telnet For the command please refer to the CI command list in the firmware...

Page 136: ...ted problem If you have an NAT router before it we suggest to use a VoIP ATA VoIP Analog Telephone Adapter such as Prestige ATA series If the problem is a firewall before it Please check with the fire...

Page 137: ...ntrol policy between two networks It may also be defined as a mechanism used to protect a trusted network from an untrusted network The firewall can be thought of two mechanisms One to block the traff...

Page 138: ...e Prestige 1 The Prestige s firewall inspects packets contents and IP headers It is applicable to all protocols that understands data in the packet is intended for other layers from network layer up t...

Page 139: ...ystem Systems may crash hang or reboot What is Teardrop attack Teardrop attack exploits weakness in the reassemble of the IP packet fragments As data is transmitted through a network IP packets are of...

Page 140: ...sulting ICMP traffic will not only clog up the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic consu...

Page 141: ...that claim to be from the inside Allow everything that is not spoofing us Filter rule setup Filter type TCP IP Filter Rule Active Yes Source IP Addr a b c d Source IP Mask w x y z Action Matched Drop...

Page 142: ...keywords are supported IPSec FAQ What is VPN A VPN gives users a secure link to access corporate network over the Internet or other public or private networks without the expense of lease lines A sec...

Page 143: ...for VPNs They are Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Internet Protocol Security IPSec What is PPTP PPTP is a tunneling protocol defined by the PPTP forum that a...

Page 144: ...upper layer protocols of an IP payload Transport mode is mainly for an IP host to protect the data generated locally while tunnel mode is for security gateway to provide IPSec service for other machin...

Page 145: ...ecure than manual key because IKE negotiation can generate new keys and SPIs randomly for the VPN connection What is Phase 1 ID for In IKE phase 1 negotiation IP address of remote peer is treated as a...

Page 146: ...amic IP address you may need to configure ID for the one with dynamic IP address And in this case Aggressive mode is recommended to be applied in phase 1 negotiation Is my Prestige ready for IPSec VPN...

Page 147: ...cryption can be used with or without authentication integrity Similarly one could use authentication integrity with or without confidentiality I am planning my Prestige to Prestige VPN configuration W...

Page 148: ...ed side in order to update its dynamic IP to the fixed side However if both gateways use dynamic IP addresses it is no way to establish VPN connection at all What VPN gateway that has been tested with...

Page 149: ...nd NAT allowed to use IPSec NAT Condition Supported IPSec Protocol VPN Gateway embedded NAT AH tunnel mode ESP tunnel mode VPN client gateway behind NAT ESP tunnel mode NAT in Transport mode None The...

Page 150: ...otes All contents copyright c 2007 ZyXEL Communications Corporation 150 If I have NAT router between two VPN gateways and I would like to use IP type as Phase 1 ID what should I know We presume your e...

Page 151: ...cycle packet triggering is still necessary to make the tunnel up Single Range Subnet which types of IP address do Prestige 10 10II 10W 50 100 support in VPN IPSec The mentioned Prestige series support...

Page 152: ...Typical bit rates are 11Mbps and 54Mbps although in practice data throughput is half of this Wireless LANs can be formed simply by equipping PC s with wireless NICs If connectivity to a wired LAN is r...

Page 153: ...is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables Where can you find wireless 802 11 networks Airports hotels and ev...

Page 154: ...possible by combining channels Due to higher frequency range is less than lower frequency systems i e 802 11b and 802 11g and can increase the cost of the overall solution because a greater number of...

Page 155: ...11b and Bluetooth devices occupy the same2 4 to 2 483 GHz unlicensed frequency range the same band But a Bluetooth device would not interfere with other 802 11 devices much more than another 802 11 d...

Page 156: ...d on usage Specialized applications are characteristically designed around short burst messaging What is Ad Hoc mode A wireless network consists of a number of stations without access points Without u...

Page 157: ...signed for 2 4GHz or 5GHz operation WLAN NICs often include an internal antenna which may provide sufficient reception Why the 2 4 Ghz Frequency range This frequency range has been set aside by the FC...

Page 158: ...ncryption key lengths Note WEP has shown to have fundamental flaws in its key generation processing What is the difference between 40 bit and 64 bit WEP 40 bit WEP 64 bit WEP are the same encryption l...

Page 159: ...mate traffic Many of the sniffer tools for Ethernet are based on capturing the first part of the connection session where the data would typically include the username and password An intruder can mas...

Page 160: ...ort The authentication process begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The switch requests the identity of the client and begins rel...

Page 161: ...restige packet trace records and analyzes packets running on LAN and WAN interfaces It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or W...

Page 162: ...s trcp sw on Prestige sys trcl sw on Prestige sys trcd brief 0 11880 160 ENET0 R 0062 TCP 192 168 1 2 1108 192 31 7 130 80 1 11883 100 ENET0 R 0062 TCP 192 168 1 2 1108 192 31 7 130 80 2 11883 330 ENE...

Page 163: ...Service 0x00 0 Total Length 0x0030 48 Idetification 0x330B 13067 Flags 0x02 Fragment Offset 0x00 Time to Live 0x80 128 Protocol 0x06 TCP Header Checksum 0x3E71 15985 Source IP 0xC0A80102 192 168 1 2...

Page 164: ...130 80 192 168 1 2 1116 Ethernet Header Destination MAC Addr 0080C84CEA63 Source MAC Addr 00A0C5921311 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total L...

Page 165: ...0 F8 77 00 00 02 04 05 B4 w 0002 LAN Frame ENET0 RECV Size 60 60 Time 12090 210 sec Frame Type TCP 192 168 1 2 1116 192 31 7 130 80 Ethernet Header Destination MAC Addr 00A0C5921311 Source MAC Addr 00...

Page 166: ...0 10 P J P 0030 22 38 E8 ED 00 00 20 20 20 20 20 20 8 2 Trace WAN packet 1 1 Disable to capture the LAN packet by entering sys trcp channel enet0 none 1 2 Enable to capture the WAN packet by entering...

Page 167: ...02 132 155 255 520 Prestige sys trcd parse 0000 LAN Frame ENET1 RECV Size 1181 96 Time 12387 260 sec Frame Type TCP 192 31 7 130 80 202 132 155 97 10270 Ethernet Header Destination MAC Addr 00A0C59213...

Page 168: ...E 0010 04 8B B1 39 40 00 EE 06 A9 AB C0 1F 07 82 CA 84 9 0020 9B 61 00 50 28 1E D3 E9 59 85 00 C1 8F 63 50 19 a P Y cP 0030 FA F0 37 35 00 00 DF 33 AF 62 58 37 52 3D 79 99 75 3 bX7R y 0040 A5 3C 2B 59...

Page 169: ...ader Length 20 Flags 0x10 A Window Size 0x1DD5 7637 Checksum 0x7A12 31250 Urgent Ptr 0x0000 0 RAW DATA 0000 00 A0 C5 01 23 45 00 A0 C5 92 13 12 08 00 45 00 E E 0010 00 28 7A 0C 40 00 7F 06 54 3C CA 84...

Page 170: ...2 192 31 7 130 TCP Header Source Port 0x281E 10270 Destination Port 0x0050 80 Sequence Number 0x00C18F63 12685155 Ack Number 0xD3E95DE9 3555286505 Header Length 20 Flags 0x11 A F Window Size 0x1DD5 76...

Page 171: ...ndex to_index Exmaple Prestige sys trcp channel enet1 none Prestige sys trcp channel enet0 bothway Prestige sys trcp sw on Prestige sys trcl sw on Prestige sys trcp sw off Prestige sys trcl sw off Pre...

Page 172: ...0x7F02 32514 Flags 0x02 Fragment Offset 0x00 Time to Live 0xED 237 Protocol 0x06 TCP Header Checksum 0x857D 34173 Source IP 0xC01F0782 192 31 7 130 Destination IP 0xC0A80102 192 168 1 2 TCP Header Sou...

Page 173: ...ys trcp brief 1 7 Display specific packets by using sys trcp parse from_index to_index Example Prestige sys trcp channel enet0 none Prestige sys trcp channel enet1 bothway Prestige sys trcl sw on Pres...

Page 174: ...ce IP 0xCCD90002 204 217 0 2 Destination IP 0xCA849B61 202 132 155 97 TCP Header Source Port 0x0050 80 Destination Port 0x2826 10278 Sequence Number 0x4D713D8A 1299266954 Ack Number 0x00C8C015 1315637...

Page 175: ...XMIT Size 411 96 Time 12865 130 sec Frame Type TCP 202 132 155 97 10278 204 217 0 2 80 Ethernet Header Destination MAC Addr 00A0C5591284 Source MAC Addr 00A0C5921312 Network Type 0x0800 TCP IP IP Head...

Page 176: ...C8 C0 15 4D 71 3E 47 50 18 P Mq GP 0030 1E 87 43 74 00 00 47 45 54 20 2F 70 69 63 74 75 Ct GET pictu 0040 72 65 73 2F 6D 61 67 61 7A 69 6E 65 5F 6C 6F 67 res magazine_log 0050 6F 2F 62 65 73 74 6F 66...

Page 177: ...turn off packet trace sys log disp i capture system error log sys trcp parse parse the trace in detail Example A trace with system crashes ras sys trcp sw on ras sys errctl 3 ras poe debug 1 ras dev...

Page 178: ...4 PADO recv d chann enet1 procPADO for poe chann poe0 Chann poe0 sending request poePut1SrvcName len 0 host uniq 31303030 len 4 putPoeHdr ver 1 type 1 code x19 sess id 0 len 12 x000C Undefined Address...

Page 179: ...ed 2b b f j n e5bdc0a0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0b0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0c0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2...

Page 180: ...8 192 31 7 130 80 index timer second channel receive transmit length protocol sourceIP port destIP port There are two ways to dump the trace 1 Online Trace display the trace real time on screen 2 Offl...

Page 181: ...8 6 11883 620 ENET0 T 0102 TCP 192 31 7 130 80 192 168 1 2 1108 7 11883 630 ENET0 T 0054 TCP 192 31 7 130 80 192 168 1 2 1108 8 11883 630 ENET0 R 0060 TCP 192 168 1 2 1108 192 31 7 130 80 9 11883 2802...

Page 182: ...t Ptr 0x0000 0 Options 0000 02 04 05 B4 01 01 04 02 RAW DATA 0000 00 A0 C5 92 13 11 00 80 C8 4C EA 63 08 00 45 00 L c E 0010 00 30 33 0B 40 00 80 06 3E 71 C0 A8 01 02 C0 1F 03 q 0020 07 82 04 5C 00 50...

Page 183: ...0x4AD1B57F 1255257471 Ack Number 0x00BD15A8 12391848 Header Length 24 Flags 0x12 A S Window Size 0xFAF0 2802HWL40 Checksum 0xF877 63607 Urgent Ptr 0x0000 0 Options 0000 02 04 05 B4 RAW DATA 0000 00 80...

Page 184: ...481 Source IP 0xC0A80102 192 168 1 2 Destination IP 0xC01F0782 192 31 7 130 TCP Header Source Port 0x045C 1116 Destination Port 0x0050 80 Sequence Number 0x00BD15A8 12391848 Ack Number 0x4AD1B580 1255...

Page 185: ...he detailed trace online by entering sys trcd parse Example ras sys trcp channel enet0 none ras sys trcp channel mpoa00 bothway ras sys trcp sw on ras sys trcl sw on ras sys trcd brief 0 12367 680 MPO...

Page 186: ...F Window Size 0xFAF0 2802HWL40 Checksum 0x3735 14133 Urgent Ptr 0x0000 0 TCP Data Length 1127 Captured 42 0000 DF 33 AF 62 58 37 52 3D 79 99 A5 3C 2B 59 E2 78 3 bX7R y Y x 0010 A7 98 8F 3F A9 09 E4 0...

Page 187: ...rcp parse from_index to_index 2 Trace WAN packet 1 1 Disable the capture of the LAN packet by entering sys trcp channel enet0 none 1 2 Enable the capture of the WAN packet by entering sys trcp channel...

Reviews:

No comments