ZyXEL Communications P-660HN-F1Z Скачать руководство пользователя страница 1

Страница: 1 / 122

P-660HW-Tx v2 Series

802.11g Wireless ADSL2+ 4-port Gateway

Support Notes

Version3.40

Mar. 2006

Содержание P-660HN-F1Z

Страница 1: ...P 660HW Tx v2 Series 802 11g Wireless ADSL2 4 port Gateway Support Notes Version3 40 Mar 2006...

Страница 2: ...t are Device filters and Protocol filters 10 16 How can I protect against IP spoofing attacks 11 Product FAQ 12 1 How can I manage P 660HW Tx v2 12 2 What is the default password for Web Configurator...

Страница 3: ...u need a firewall when your router has packet filtering and NAT built in 22 6 What is Denials of Service DoS attack 22 7 What is Ping of Death attack 23 8 What is Teardrop attack 23 9 What is SYN Floo...

Страница 4: ...rence between a WLAN and a WWAN 32 18 Can I manually swap the wireless module without damage any hardware 32 19 Does P 660HW Tx v2 support WEP 32 20 What wireless standard does P 660HW Tx v2 support 3...

Страница 5: ...ing SNMP 65 8 Using syslog 68 9 Using IP Alias 68 10 Using IP Policy Routing 70 11 Using Call Scheduling 74 12 Using IP Multicast 76 13 Using Bandwidth Management 77 14 Using Zero Configuration 80 15...

Страница 6: ...P 660HW Tx v2 Series Support Notes 3 Using FTP to Upload the Firmware and Configuration Files 118 CI Command Reference 121 5 All contents copyright 2006 ZyXEL Communications Corporation...

Страница 7: ...default 4 How do I update the firmware and configuration file You can do this if you access the P 660HW Tx v2 as Administrator You can upload the firmware and configuration file to Prestige from Web...

Страница 8: ...use the TFTP client program to put your configuration in file rom 0 in the P 660HW Tx v2 7 What should I do if I forget the system password In case you forget the system password you can erase the cu...

Страница 9: ...P addresses and port numbers of the local systems currently using it 10 What is the difference between SUA and Full Feature NAT When you edit a remote node in Web Configurator Advanced Setup Network R...

Страница 10: ...C servers do not allow users to login using the same IP address Thus users on the same network can not login to the same server simultaneously In this case it is better to use Many to Many No Overload...

Страница 11: ...Server Server 1 IP IGA1 Server 2 IP IGA1 14 How many network users can the SUA NAT support The Prestige does not limit the number of the users but the number of the NAT sessions The P 660HW Tx v2 sup...

Страница 12: ...Active Yes Source IP Addr a b c d Source IP Mask w x y z Action Matched Drop Action Not Matched Forward Where a b c d is an IP address on your local network and w x y z is your netmask For the output...

Страница 13: ...e password after you logging in the Web Configurator Please record your new password whenever you change it The system will lock you out if you have forgotten your password 3 What s the difference bet...

Страница 14: ...have to add another Internet sharing device like a router In this case we use the router mode which works as a general Router plus an ADSL Modem 7 How do I know I am using PPPoE PPPoE requires a user...

Страница 15: ...address to a static hostname Whenever the ISP assigns you a new IP the P 660HW Tx v2 sends this IP to the DDNS server for its updates 11 What is DDNS wildcard Does the P 660HW Tx v2 support DDNS wildc...

Страница 16: ...the requested service behind SUA and the outside users access the server using the P 660HW Tx v2 s WAN IP address So we have to configure the internal IPsec client as a default server unspecified serv...

Страница 17: ...he maximum number of cells transmitted via this VC with Peak Cell rate before yielding to other VCs The P 660HW Tx v2 holds the parameters for shaping the traffic among its virtual channels If you do...

Страница 18: ...web sites that contain key words that you specify in the URL You can set a schedule for when the P 660HW Tx v2 performs content filtering You can also specify trusted IP Addresses on LAN for which the...

Страница 19: ...many years Additionally many of the older cable networks are not capable of offering a return channel consequently such networks will need significant upgrading before they can offer high bandwidth s...

Страница 20: ...ore the VC based multiplexing is more efficient 7 How do I know the details of my ADSL line statistics You can use the following CI commands to check the ADSL line statistics CI wan adsl perfdata CI w...

Страница 21: ...require different Qulity of Service The high priority is Voice VoIP data The Medium priority is Video IPTV data The low priority is internet access such as ftp etc Triple Play is a port based policy...

Страница 22: ...ple public addresses This adds a level of security since the clients on the private LAN are invisible to the Internet 3 What are the basic types of firewalls Conceptually there are three types of fire...

Страница 23: ...tbound request can be blocked 3 The P 660HW Tx v2 s firewall uses session filtering i e smart rules that enhance the filtering process and control the network session rather than control individual pa...

Страница 24: ...creates a series of IP fragments with overlapping offset fields When these fragments are reassembled at the destination some systems will crash hang or reboot 9 What is SYN Flood attack SYN attack flo...

Страница 25: ...the effect of the DoS attack IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the...

Страница 26: ...Why can t I configure my P 660HW Tx v2 using Web Configurator Telnet over WAN There are four reasons that WWW Telnet from WAN is blocked 1 When the firewall is turned on all connections from WAN to LA...

Страница 27: ...ode You can check by command wan node index index wan node display 4 Why can t I upload the firmware and configuration file using FTP over WAN 1 When the firewall is turned on all connections from WAN...

Страница 28: ...g for Default Firewall Policy LAN to WAN WAN to LAN WAN to WAN is generated automatically with factory default setting but you can change it in Web Configurator 2 What does the log show to us The log...

Страница 29: ...mail server or Unix Syslog server in Web configuration Advanced Setup Maintenance Logs Log Settings 4 When does the P 660HW Tx v2 generate the firewall alert The P 660HW Tx v2 generates the alert when...

Страница 30: ...ireless technology allows the network to go where wire cannot go Reduced Cost of Ownership While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hard...

Страница 31: ...ard allowing data rates up to 11Mbps in the 2 4GHz ISM band Also known as 802 11 High Rate and Wi Fi 802 11b only uses DSSS the maximum speed of 11Mbps has fallbacks to 5 5 2 and 1Mbps 8 How fast is 8...

Страница 32: ...io communication applications use the 2 4 GHz band This includes WLAN systems not necessarily of the type IEEE 802 11b cordless phones wireless medical telemetry equipment and Bluetooth short range wi...

Страница 33: ...use hospital or educational campus setting Data rates are high and there are no per packet charges for data transmission WWANs are generally publicly shared data networks designed to provide coverage...

Страница 34: ...with dispersed pockets of populations then extension points can be used for extend coverage 4 What is Direct Sequence Spread Spectrum Technology DSSS DSSS spreads its signal continuously over a wide...

Страница 35: ...of view acts as a simple single shared password between base stations and clients 9 What is an ESSID ESSID stands for Extended Service Set Identifier and identifies the wireless LAN The ESSID of the m...

Страница 36: ...Message Integrity Check MIC named Michael an extend initialization vector IV with sequencing rules and a re keying mechanism If you do not have an external RADIUS server you should use WPA PSK WPA Pre...

Страница 37: ...going through a security process and review 10 What is Wireless Sniffer An attacker can sniff and capture legitimate traffic Many of the sniffer tools for Ethernet are based on capturing the first par...

Страница 38: ...t connection To connect your computer to the P 660HW Tx v2 s LAN port the computer must have an Ethernet adapter card installed For connecting a single computer to the P 660HW Tx v2 we use a Ethernet...

Страница 39: ...how to configure your P 660HW Tx v2 as bridge mode We will use Web Configurator to guide you through the related menu 1 Configure P 660HW Tx v2 as bridge mode and configure Internet setup parameters...

Страница 40: ...IP for the P 660HW Tx v2 in Web Configurator Advanced Setup Network LAN We use 192 168 1 1 as the LAN IP for P 660HW Tx v2 in this case Step 1 Disactive DHCP Server and apply it Step 2 Assign an IP t...

Страница 41: ...he IP address of the computer is assigned by the P 660HW Tx v2 The P 660HW Tx v2 can also provide the DNS to the clients via DHCP if it is available For this setup in Windows we check the option Obtai...

Страница 42: ...c if the ISP provides the IP for the P 660HW Tx v2 dynamically Otherwise set to Static and enter the IP in the IP Address field 2 Configure a LAN IP for the P 660HW Tx v2 and the DHCP settings in Web...

Страница 43: ...P 660HW Tx v2 In such case a SUA server must be configured to forward the incoming packets to the true destination behind SUA After the required server are configured in Web Configurator Advanced Setu...

Страница 44: ...eeMe None 7648 client IP White Pine 3 1 2 Cu SeeMe2 7648 client IP 24032 client IP Default client IP White Pine 4 0 Cu SeeMe 7648 client IP 24032 client IP Default client IP Microsoft NetMeeting 2 1 3...

Страница 45: ...nd receive data therefore only one local Cu SeeMe is allowed within the same LAN 3 In SUA mode only one local NetMeeting user is allowed because the outsiders can not distinguish between local users u...

Страница 46: ...e g Web ftp or mail server accessible for outside users even though SUA makes your LAN appear as a single machine to the outside world A service is identified by the port number Also since you need t...

Страница 47: ...the local server using the P 660HW Tx v2 s WAN IP address which can be obtained from Web Configurator Status WAN Information For example Configuring an internal Web server for outside access suppose t...

Страница 48: ...ated within Internet Protocol IP packets and forwarded over any IP network including the Internet itself In order to run the Windows 9x PPTP client you must be able to establish an IP connection with...

Страница 49: ...installation phase of the Upgrade in addition to the first dial up adapter that provides PPP support for the analog or ISDN modem The PPTP is supported in Windows NT and Windows 98 already For Windows...

Страница 50: ...EUI Set the Internet gateway to P 660HW Tx v2 2 PPTP client setup Win9x Add one VPN connection from Dial Up Networking by entering the correct username password and the IP address of the P 660HW Tx v2...

Страница 51: ...efore making a VPN connection from the Win9x client to the NT server you need to know the exact Internet IP address that the ISP assigns to P 660HW Tx v2 router in SUA mode and enter this IP address i...

Страница 52: ...e pull down menu on the right None NAT is disabled when you select this option Network Address Translation SUA Only When you select this option this remote node will use default SUA Address Mapping Se...

Страница 53: ...apply it When you select SUA Only the P 660HW Tx v2 will use a default SUA Address Mapping set for it It has two rules Many to One and Server You can see it in CLI by command ip nat lookup 255 Please...

Страница 54: ...2 8 can only be configured in CLI Now let s begin with Web Configurator Firstly let s come to Web Configurator Advanced Setup Network NAT Address Mapping This menu is for Address Mapping Set 1 you ca...

Страница 55: ...This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global IP End This is the ending global IP address IGA This field is N A for One to One...

Страница 56: ...lect NAT address mapping set and set mapping set name but set name is optional Example ip nat addrmap map 2 Test ip nat addrmap rule rule insert edit type local start IP local end IP global start IP g...

Страница 57: ...Leave it to be default value if you don t want this command ip nat server edit rule forwardip IP address Configure the LAN IP address to be forwarded ip nat server edit rule protocol TCP UDP ALL Confi...

Страница 58: ...tton Add to save it Step 3 You could click the button Edit on the rule to modify the Service name Server IP Address Start End Port The most often used port numbers are shown in the following table Ple...

Страница 59: ...ure NAT and select an Address Mapping Set with a Many to One Rule See the following figure 2 Internet Access with an Internal Server In this case we do exactly as the figure use the convenient pre con...

Страница 60: ...by the following way using 4 NAT rules Rule 1 One to One type to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 200 0 0 1 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to...

Страница 61: ...Advanced Setup Network NAT Address Mapping to begin configuring Address Mapping Set 1 We can see there are 10 blank rule table that could be configured See the following setup for the four rules in ou...

Страница 62: ...e to map the other clients to IGA3 200 0 0 3 Rule 4 Setup Select Server type to map our web server and mail server with ILA3 192 168 1 20 to IGA3 Menu Network NAT Address Mapping should look as follow...

Страница 63: ...Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address In this case it is better to use Many to Many No Ove...

Страница 64: ...etrieved This solves the problems if your DNS server uses an IP associated with dynamic IPs Without DDNS we always tell the users to use the WAN IP of the P 660HW Tx v2 to access the internal server I...

Страница 65: ...o Setup the DDNS 1 Before configuring the DDNS settings in the P 660HW Tx v2 you must register an account from the DDNS server such as WWW DYNDNS ORG first After the registration you have a hostname f...

Страница 66: ...ee is shown in figure 3 For SNMPv1 operation ZyXEL permits one community string so that the router can belong to only one community and allows trap messages to be sent to only one NMS manager Some tra...

Страница 67: ...of restart before rebooting 1 For intentional reboot In some cases download new files CI command sys reboot reboot is done intentionally And traps with the message System reboot by user will be sent...

Страница 68: ...uested from the NMS The default is public Set Community Enter the correct Set Community This Set Community must match the Set community requested from the NMS The default is public Trusted Host Enter...

Страница 69: ...t you wish to send the syslog Log Facility Select from the 7 different local options The log facility lets you log the message in different server files Refer to your UNIX manual 9 Using IP Alias What...

Страница 70: ...twork LAN IP Alias There are three internal virtual LAN interfaces for the P 660HW Tx v2 to route the packets from to the three networks correctly They are enif0 for the major network enif0 0 for the...

Страница 71: ...e second and third networks in Network LAN IP Alias by configuring the P 660HW Tx v2 s second and third LAN IP addresses Key Settings IP Alias 1 Active it and enter the second LAN IP address for the P...

Страница 72: ...ne to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on high bandwidth high cost path while using low path for batch traffic Load Sharing Network administr...

Страница 73: ...xample Step 2 Suppose we d like to edit the rule like this Policy Set Name Test Active Yes Criteria IP Protocol 6 Type of Service Don t Care Packet length 0 Precedence Don t Care Len Comp N A Source a...

Страница 74: ...et action gatewaytype 0 Set gateway type for the rule Gateway Address ip policyrouting set action gatewayaddr 192 168 1 254 Set the gateway address for the rule 192 168 1 254 ip policyrouting set crit...

Страница 75: ...I Suppose we want to edit a call schedule set like this Call Schedule Set 1 Set name Test Active Yes Start Date yyyy mm dd 2005 12 27 How Often Once Once Date yyyy mm dd 2005 12 27 Start Time hh mm 12...

Страница 76: ...d remote node will be dropped Enable Dial On Demand The remote node accepts Dial on demand during this period Disable Dial On Demand The remote node denies any demand dial during the period For the ex...

Страница 77: ...onally IP packets are transmitted in two ways unicast or broadcast Multicast is a third way to deliver IP packets to a group of hosts Host groups are identified by class D IP addresses i e those with...

Страница 78: ...er Protocol Some other traffic may not require high bandwidth but they require stable supply of bandwidth such as VoIP traffic The VoIP quality would not be good if all of the outgoing bandwidth is oc...

Страница 79: ...ee s root Scheduler Choose the principle to allocate bandwidth on this interface Priority Based allocates bandwidth via priority Fairness Based allocates bandwidth by ratio Maximize Bandwidth Usage Ch...

Страница 80: ...ll Managed Bandwidth Check this box if you would like to let this class to borrow bandwidth from it s parents when the required bandwidth is higher than the configured amount Do not check this if you...

Страница 81: ...out some probing patterns system will analyze the packets returned from ISP and decide which services the ISP may provide Because ADSL is based on a ATM network so system have to pre configured a VPI...

Страница 82: ...x vpi vci service bit hex wan atm vchunt save Note remote node input the remote node index 1 8 vpi vpi value vci vci value service it s a hex value bit0 PPPoE VC 1 bit1 PPPoE LLC 2 bit2 PPPoA VC 4 bit...

Страница 83: ...to the device LAN Ethernet port with the DSL sync up 2 Open your web browser to access a Web site It should prompt and request for your username password of your ISP account if your ISP provide PPPoE...

Страница 84: ...base save The traffic from Ethernet port 1 must be forwarded to PVC1 vice versa The traffic from Ethernet port 2 must be forwarded to PVC2 vice versa The traffic from Ethernet Port3 must be forwarded...

Страница 85: ...ck them by command sys filter set index set rule Usage set 1 12 rule 1 6 Commonly the preconfigured filter sets are as follows set 2 rule 1 6 set 3 rule 1 set 4 rule 1 sys filter set display For examp...

Страница 86: ...sys filter set You could configure a filter rule on demand the newest command is available on release note sys filter set save Usage Don t forget to save the rule everytime you ve configured it Refere...

Страница 87: ...t log type 0 3 none match notmatch both Set the log type it could be 0 3 none match not match both sys filter set actmatch type 0 2 checknext forward drop Set the action for match sys filter set actno...

Страница 88: ...ecting 2 host together via a NIC card for direct connection when configured in Ad hoc mode without an access point being present Ad hoc operation is ideal for small networks of no more than 2 4 comput...

Страница 89: ...elect a channel you want to use than press OK to apply Step 4 Since there is no DHCP server to give the host IP you must first designate a static IP for your station From Windows Start select Control...

Страница 90: ...o finish Configuration for Wireless Station B To configure Ad hoc mode on your ZyAIR B 100 B 200 B 300 wireless NIC card please follow the following step Step1 Double click on the utility icon in your...

Страница 91: ...elect a channel you want to use than press OK to apply Step 4 Since there is no DHCP server to give the host IP you must first designate a static IP for your station From Windows Start select Control...

Страница 92: ...ion B 2 Configuring Infrastructure mode Infrastructure Introduction For Infrastructure WLANs multiple Access Points APs like the WLAN to the wired network and allow users to efficiently share network...

Страница 93: ...re mode of your P 660HW Tx v2 wireless AP please follow the steps below Step 1 Login Web Configurator Advanced Setup Network Wireless LAN General Configure the basic parameters for Wireless LAN Step 2...

Страница 94: ...frastructure mode on your ZyAIR G 200 Wireless Network Adapter please follow the following steps Step 1 Double click on the utility icon in your windows task bar the utility will pop up on your window...

Страница 95: ...in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect Step 4 Click on Site Survey tab and press search all the available AP will be listed Step 5 Double...

Страница 96: ...AC Filter MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs ZyXEL s APs provide the capability for checking MAC address of the station b...

Страница 97: ...u configure the MAC filter you need to know the MAC address of the client first If not knowing what your MAC address is please enter a command ipconfig all after DOS prompt to get the MAC physical add...

Страница 98: ...mobile station e g a laptop with a wireless Ethernet card and an access point i e a base station The secret key is used to encrypt packets before they are transmitted and an integrity check is used to...

Страница 99: ...th 10 hexadecimal digits o 128 bit WEP key secret key with 13 characters o 128 bit WEP key secret key with 26 hexadecimal digits o 256 bit WEP key secret key with 29 characters o 256 bit WEP key secre...

Страница 100: ...phrase and then press button Generate to let the P 660HW Tx v2 generate WEP Key for you Setting up the Station Step 1 Double click on the utility icon in your windows task bar or right click the utili...

Страница 101: ...If the utility icon doesn t exist in your task bar click Start Programs to start the utility Step 2 Select the Configuration tab Select Set Security to configure encryption type and parameters corresp...

Страница 102: ...the P 660HW Tx v2 is supposed to use Key 1 by default Key settings The WEP Encryption type of station has to equal to the access point Check ASCII field for characters WEP key or uncheck ASCII field f...

Страница 103: ...eps to complete a simple site survey with simple tools 1 First you will need to obtain a facility diagram such as blueprints This is for you to mark and take record on 2 Visually inspect the facility...

Страница 104: ...ssociated rate link quality signal strength and etc information as shown in utility below Step 4 It s always a good idea to start with putting the access point at the corner of the room and walk away...

Страница 105: ...m corner of the room Step 6 Repeat step 1 5 and now you should be able to mark an RF coverage area as illustrated in above picutre Step 7 You may need more than one access point is the RF coverage are...

Страница 106: ...of the IEEE 802 11i security specification draft Key differences between WAP and WEP are user authentication and improved data encryption WAP applies IEEE 802 1x Extensible Authentication Protocol EA...

Страница 107: ...a client will be granted access to a WLAN Here comes WPA PSK Application example for your reference Configuration for Access point The IEEE 802 1x standard outlines enhanced security methods for both...

Страница 108: ...n your wireless utility icon in your windows task bar the utility will pop up on your windows screen Step 2 Select the configuration tab type in the SSID Service Set Identifier select the operating Mo...

Страница 109: ...Notes Step 3 Click Set Security to configure the security parameters Step 4 Click OK for finish and begin to Site survey Connect to the AP as you have configured 108 All contents copyright 2006 ZyXEL...

Страница 110: ...2 Series Support Notes Step 5 Click Link Info tab if the PC associated and authenticated with AP successfully we will see the following information 109 All contents copyright 2006 ZyXEL Communications...

Страница 111: ...eIP port destIP port There are two ways to dump the trace Online Trace display the trace real time on screen Offline Trace capture the trace first and display later The details for capturing the trace...

Страница 112: ...Enable to capture the WAN packet by entering sys trcp channel mpoa00 bothway Enable the trace log by entering sys trcp sw on sys trcl sw on Display the brief trace online by entering sys trcd brief Di...

Страница 113: ...nnel enet0 bothway Enable the trace log by entering sys trcp sw on sys trcl sw on Wait for packet passing through the Prestige over LAN Disable the trace log by entering sys trcp sw off sys trcl sw of...

Страница 114: ...Terminal Step 1 Initiate a hyper terminal connection from your PC suppose you connected to the LAN port of P 660HW Tx v2 Step 2 Click the properties to configure parameters to telnet to the P 660HW T...

Страница 115: ...P 660HW Tx v2 Series Support Notes Step 3 So that after you invoke the relevant commands you could save the logs you ve captured 114 All contents copyright 2006 ZyXEL Communications Corporation...

Страница 116: ...rst before running the TFTP software Step 2 Type the CI command sys stdio 0 to disable console idle timeout in Command Line Interface CLI Step 3 Run the TFTP client software Step 4 Enter the IP addres...

Страница 117: ...ing TFTP to upload download SMT configurations via LAN Step 1 TELNET to your Prestige first before running the TFTP software Step 2 Type the command sys stdio 0 to disable console idle timeout in Comm...

Страница 118: ...nfigurations via LAN c tftp i PrestigeIP put localfile rom 0 Step 5 Download P 660HW Tx v2 configurations via LAN c tftp i PrestigeIP get rom 0 localfile Using TFTP command on UNIX Before you begin 1...

Страница 119: ...name for the firmware is ras and the configuration file is rom 0 Step 1 Use FTP client from your workstation to connect to the Prestige by entering the IP address of the Prestige Step2 Press Enter key...

Страница 120: ...ername prompt Step 3 To upload the firmware file we transfer the local ras file to overwrite the remote ras file To upload the configuration file we transfer the local rom 0 to overwrite the remote ro...

Страница 121: ...2 Series Support Notes Step 4 The Prestige reboots automatically after the uploading is finished Please do not power off the router at this moment 120 All contents copyright 2006 ZyXEL Communications...

Страница 122: ...face 1 Shows the following commands and all major sub commands 2 exit Exit Subcommand To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware...

Результаты поиска

Содержание P-660HN-F1Z

Отзывы:

Похожие инструкции для P-660HN-F1Z

Бренды по названию

Популярные бренды

ZyXEL Communications P-660HN-F1Z, Поддержка заметок

Результаты поиска

Содержание P-660HN-F1Z

Отзывы:

Похожие инструкции для P-660HN-F1Z

Бренды по названию

Популярные бренды