ZyXEL Communications P-660R-Tx v2 Series Скачать руководство пользователя страница 8 | Manualshive

Страница: 8 / 76

background image

P-660R-Tx v2 Series Support Notes

14. What are Device filters and Protocol filters?

In ZyNOS, the filters have been separated into two groups. One group is
called 'device filter group', and the other is called 'protocol filter
group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters
belong to the 'protocol filter group'. You can configure the filter rule in

CLI

.

Note: In ZyNOS, you can not mix different filter groups in the same filter set.

15. How can I protect against IP spoofing attacks?

The Prestige's filter sets provide a means to protect against IP spoofing
attacks. The basic scheme is as follows:

For the input data filter:

•

Deny packets from the outside that claim to be from the inside

•

Allow everything that is not spoofing us

Filter rule setup:

•

Filter type =TCP/IP Filter Rule

•

Active

=Yes

•

Source IP Addr =a.b.c.d

•

Source IP Mask =w.x.y.z

•

Action Matched =Drop

•

Action Not Matched =Forward

Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask:

For the output data filters:

•

Deny bounceback packet

•

Allow packets that originate from us

Filter rule setup:

•

Filter Type =TCP/IP Filter Rule

•

Active

=Yes

•

Destination IP Addr =a.b.c.d

•

Destination IP Mask =w.x.y.z

•

Action Matched =Drop

•

Action No Matched =Forward

8

All contents copyright © 2006 ZyXEL Communications Corporation.

«
...
6
7
8
9
10
...
»

Содержание P-660R-Tx v2 Series

Страница 1: ...P 660R Tx v2 Series ADSL2 Router Support Notes Version3 40 Jan 2006...

Страница 2: ...8 15 How can I protect against IP spoofing attacks 8 General FAQ 10 1 How can I manage P 660R Tx v2 10 2 What is the default password to loging web configurator 10 3 How do I know the P 660R Tx v2 s W...

Страница 3: ...as a DHCP Relay 21 4 SUA Notes 22 Configure an Internal Server Behind SUA 26 Configure a PPTP server behind SUA 27 5 Using Multi NAT 31 Configure NAT 32 NAT Server Sets 37 6 Using the Dynamic DNS DDN...

Страница 4: ...are Please do not power off the router right after the FTP or TFTP uploading is finished the router will upload the firmware to its flash at this moment 4 How do I upgrade backup the ZyNOS firmware by...

Страница 5: ...estored and the Prestige restarts 8 What is SUA When should I use SUA SUA Single User Account is a unique feature supported by Prestige router which allows multiple people to access Internet concurren...

Страница 6: ...ng up to a SUA server table Therefore to make a local server accessible to the outside users the port number and the inside IP address of the server must be configured inWeb Configurator Advanced Setu...

Страница 7: ...llows us to specify multiple servers of different types behind the NAT for outside access Note if you want to map each server to one unique IGA please use the One to One mode The following table summa...

Страница 8: ...o protect against IP spoofing attacks The basic scheme is as follows For the input data filter Deny packets from the outside that claim to be from the inside Allow everything that is not spoofing us F...

Страница 9: ...P 660R Tx v2 Series Support Notes Where a b c d is an IP address on your local network and w x y z is your netmask 9 All contents copyright 2006 ZyXEL Communications Corporation...

Страница 10: ...the voice band uses the lower frequency ranging from 0 to 4KHz while ADSL data transmission uses the higher frequency The micro filter acts as a low pass filter for your telephone set to ensure that...

Страница 11: ...ress to a static hostname allowing your computer to be more easily accessed from various locations on the Internet To use the service you must first apply an account from several free Web servers such...

Страница 12: ...must understand the ESP packet with protocol number 50 replace the source IP address of the IPSec gateway to the router s WAN IP address However SUA should not change the source port of the UDP packe...

Страница 13: ...the line is dedicated to single VC if there is only one VC on the line However as the other VC asking the bandwidth the MBS defines the maximum number of cells transmitted via this VC with Peak Cell...

Страница 14: ...he older cable networks are not capable of offering a return channel consequently such networks will need significant upgrading before they can offer high bandwidth services 2 What is the expected thr...

Страница 15: ...rs Therefore the VC based multiplexing is more efficient 7 How do I know the details of my ADSL line statistics You can use the following CI commands to check the ADSL line statistics TCI wan adsl per...

Страница 16: ...Internet See the figure below for this setup Set up your workstation 1 Ethernet connection To connect your computer to the P 660R Tx v2 s LAN port the computer must have an Ethernet adapter card insta...

Страница 17: ...up your P 660R Tx v2 under bridge mode The following procedure shows you how to configure your P 660R Tx v2 as an ADSL Modem for bridging traffic We will use Web Configurator to guide you through the...

Страница 18: ...IP for the P 660R Tx v2 and turn off DHCP Server in Advanced Setup LAN LAN Setup We use 192 168 1 1 in this case 3 Configure for Internet setup parameters in Advanced Setup WAN WAN Setup 18 All conte...

Страница 19: ...cify a VPI Virtual Path Identifier and a VCI Virtual Channel Identifier given to you by your ISP 2 Internet Access Using P 660R Tx v2 under Router mode For most Internet users having multiple computer...

Страница 20: ...the computer is assigned by the P 660R Tx v2 The P 660R Tx v2 can also provide the DNS to the clients via DHCP if it is available For this setup in Windows we check the option Obtain an IP address au...

Страница 21: ...a single IP account for sharing with local computers IP Address Assignment Set to Dynamic if the ISP provides the IP for the P 660R Tx v2 dynamically Otherwise set to Static and enter the IP in the f...

Страница 22: ...660R Tx v2 to DHCP Relay in Web Configurator Advanced Setup LAN LAN Setup and enter the IP address of the DHCP server in the Remote DHCP Server field 4 SUA Notes Tested SUA NAT Applications e g Cu Se...

Страница 23: ...eed to configure Web Configurator Advanced Setup NAT Edit Details to make the outgoing connection work After the required settings are completed the internal server or client applications can be acces...

Страница 24: ...lient IP Default client IP Microsoft NetMeeting 2 1 3 01P 3 P None 1720 client IP 1503 client IP Cisco IP TV 2 0 0 None RealPlayer G2 None VDOLive None Quake1 06P 4 P None Default client IP QuakeII2 3...

Страница 25: ...llowed in this case Moreover when a Quake server is configured behind SUA P 660R Tx v2 will not be able to provide information of that server on the internet P 5 P Quake II has the same limitations as...

Страница 26: ...wered on In addition to the servers for specific services SUA supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If...

Страница 27: ...ccess Suppose the Server IP Address is 192 168 1 10 Port numbers for some services Service Port Number FTP 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 Configure a PPTP server behind...

Страница 28: ...P NetBEUI and IPX can be run correctly Windows NT Domain Login level security is preserved even across the Internet U Window98 PPTP Client Internet NT RAS Server Protocol StackU PPTP appears as new mo...

Страница 29: ...stablish a tunnel to a private network There will be three items that you need to set up for PPTP application these are PPTP server WinNT PPTP client Win9x and the P 660R Tx v2 1 PPTP server setup Win...

Страница 30: ...e reached across the Internet If the Internet connection between two LANs is achievable you can place a VPN call from the remote Win9x client For example C ping 203 66 113 2 When a dial up connection...

Страница 31: ...IP address for reaching the VPN server In the following example the IP address 140 113 1 225 is dynamically assigned by ISP You must enter this IP address in the VPN Server dialog box for reaching th...

Страница 32: ...ts with two rules Many to One and server mapping Select Full Feature when you require other mapping types Configure NAT Address Mapping Sets and NAT Server Sets The P 660R Tx v2 has 8 remote nodes and...

Страница 33: ...p Network NAT Port Forwarding The following table explains the fields in this above screen Field Description Option Example set This is sequence number for Address Mapping Sets 255 for SUA Internal St...

Страница 34: ...twork NAT Full Feature Edit Details Address Mapping Rules This menu is for Address Mapping Set 1 you can edit 10 Address Mapping Rules for Set 1 You can edit or remove a rule by clicking the Rule in t...

Страница 35: ...put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to One type 255 255 255 255 Start This is the starting global IP address IGA If you have a dynamic IP enter 0 0...

Страница 36: ...in Web Configurator when you select Full Feature NAT See the intire process as follows Set 5 You can lookup the successfully configured Address Mapping Sets by command ip nat addrmap disp Key Settings...

Страница 37: ...time Leave it to be default value if you don t want this command ip nat server edit rule rulename string Configure the name of the rule Leave it to be default value if you don t want this command ip n...

Страница 38: ...another provides only Web service The following procedures show how to configure a server behind NAT Step 1 Login Web Configurator Advanced Setup NAT Edit Details Port Forwarding Step 2 Fill in the se...

Страница 39: ...ternet Access with an Internal Server Using Multiple Global IP addresses for clients and servers Support Non NAT Friendly Applications 1 Internet Access Only In our Internet Access example we only nee...

Страница 40: ...he figure use the convenient pre configured SUA Only set and also go to Web Configurator Network NAT SUA Only Edit Details Edit SUA NAT Server Set to specify the Internet Server behind the NAT as belo...

Страница 41: ...0 to IGA1 200 0 0 1 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to IGA2 200 0 0 2 Rule 3 Many to One type to map the other clients to IGA3 200 0 0 3 Rule 4 Server type to map...

Страница 42: ...e 10 blank rule table that could be configured See the following setup for the four rules in our case Rule 1 Setup Select One to One type to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 200 0 0...

Страница 43: ...3 Setup Select Many to One type to map the other clients to IGA3 200 0 0 3 Rule 4 Setup Select Server type to map our web server and mail server with ILA3 192 168 1 20 to IGA3 43 All contents copyrigh...

Страница 44: ...other incoming traffic to go to our web server and mail server from Web Configurator Advanced Setup NAT Full Feature Rule 4 Server Mapping Set Edit Details 4 Support Non NAT Friendly Applications 44...

Страница 45: ...erver using a unique global IP address The following figure illustrates this One rule configured for using Many to Many No Overload mapping type is shown below We can also do this by configure threeOn...

Страница 46: ...0R Tx v2 must inform the DDNS server the change of this IP so that the server can update its IP to DNS entry Once the IP to DNS table in the DDNS server is updated the DNS name for your web server i e...

Страница 47: ...MPv1 so it will be able to communicate with SNMPv1 NMSs Further users can also add ZyXEL s private MIB in the NMS to monitor and control additional system variables The ZyXEL s private MIB tree is sho...

Страница 48: ...he manager 6 whyReboot defined in ZYXEL MIB When the system is going to restart warmstart the trap will be sent with the reason of restart before rebooting 1 For intentional reboot In some cases downl...

Страница 49: ...iguring all SNMP settings 1 Configure the trusted host via command sys snmp trusthost IP Address 2 Configure the Get community and Set community via command sys snmp get community sys snmp set communi...

Страница 50: ...red the P 660R Tx v2 will respond to all NMS managers Trap Community Enter the community name in each sent trap to the NMS This Trap Community must match what the NMS is expecting The default is publi...

Страница 51: ...at we call IP Alias 1 and IP Alias 2 can be configured CLI Command Line Interface There are three internal virtual LAN interfaces for the P 660R Tx v2 to route the packets from to the three networks c...

Страница 52: ...Alias interface to ber Alias 1 go through the P 660R Tx v2 by command in CLI lan index index number Usage index number 1 m 2 IP Alias 1 3 IP Alias 2 lan filter incoming outgoing t Usage set the corres...

Страница 53: ...tup the Alias Interface IP Address vis command lan ipaddr IP Addr Mask 4 Check the current configuration via command lan display 5 Save the configuration via command lan save 53 All contents copyright...

Страница 54: ...oute entry for Alias Interface has been added to route table We can check via command ip route status We can also see the iface information via command ip ifconfig 9 Using IP Policy Routing What is IP...

Страница 55: ...See the figure below Use IPPR to distribute traffic among multiple paths Benefits Source Based Routing Network administrators can use policy based routing to direct traffic from different users throu...

Страница 56: ...interface or a remote node in the same fashion as the filters There are 12 policy sets with 6 policies in each set Setup the IP Policy Routing Setp 1 Set the index of IP routing policy set rule by com...

Страница 57: ...end 80 ip policyrouting set action actmatched Set the action for the rule Matched ip policyrouting set action gatewaytype 0 Set gateway type for the rule Gateway Address ip policyrouting set action g...

Страница 58: ...mote Node The remote node configured with the schedule set could be Forced On Forced Down Enable Dial On Demand or Disable Dial On Demand on specified date and time How to configure a Call Scheduling...

Страница 59: ...nday but Monday setting in weekday can be No Forced On The node will always keep up during the setting period It is equivalent to diable the idel timeout Forced Down The node will always keep doen dur...

Страница 60: ...the P 660R Tx v2 should launch a mechanism to get current time and date from external server in boot time Time service is implemented by the Daytime protocol RFC 867 Time protocol RFC 868 and NTP prot...

Страница 61: ...membership to any immediate neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded At start up the P 660R Tx v2 queries all directly connected netw...

Страница 62: ...e the hunting will get confusing and failed 2 VC auto hunting only supports dynamic WAN IP address If the router is set a static WAN IP address VC auto hunting function will be disabled The entry of h...

Страница 63: ...ice bits will be 2 32 34 decimal 22 hex you must input 22 If you want to enable all service for VC hunting the service bits will be 1 2 4 8 16 32 63 decimal 3f hex you must input 3f Need to perform sa...

Страница 64: ...nnection If it is successful it will than close the browser and you can open a new browser to surf the Internet If the connection test fail it will go back to the page ask for user name and password T...

Страница 65: ...rceIP port destIP port There are two ways to dump the trace Online Trace display the trace real time on screen Offline Trace capture the trace first and display later The details for capturing the tra...

Страница 66: ...Enable to capture the WAN packet by entering sys trcp channel mpoa00 bothway Enable the trace log by entering sys trcp sw on sys trcl sw on Display the brief trace online by entering sys trcd brief Di...

Страница 67: ...nnel enet0 bothway Enable the trace log by entering sys trcp sw on sys trcl sw on Wait for packet passing through the Prestige over LAN Disable the trace log by entering sys trcp sw off sys trcl sw of...

Страница 68: ...r Terminal Step 1 Initiate a hyper terminal connection from your PC suppose you connected to the LAN port of P 660R Tx v2 Step 2 Click the properties to configure parameters to telnet to the P 660R Tx...

Страница 69: ...P 660R Tx v2 Series Support Notes Step 3 So that after you invoke the relevant commands you could save the logs you ve captured 69 All contents copyright 2006 ZyXEL Communications Corporation...

Страница 70: ...rst before running the TFTP software Step 2 Type the CI command sys stdio 0 to disable console idle timeout in Command Line Interface CLI Step 3 Run the TFTP client software Step 4 Enter the IP addres...

Страница 71: ...sing TFTP to upload download SMT configurations via LAN Step 1 TELNET to your Prestige first before running the TFTP software Step 2 Type the command sys stdio 0 to disable console idle timeout in Com...

Страница 72: ...igurations via LAN c tftp i PrestigeIP put localfile rom 0 Step 5 Download P 660R Tx v2 configurations via LAN c tftp i PrestigeIP get rom 0 localfile Using TFTP command on UNIX Before you begin 1 TEL...

Страница 73: ...name for the firmware is ras and the configuration file is rom 0 Step 1 Use FTP client from your workstation to connect to the Prestige by entering the IP address of the Prestige Step2 Press Enter key...

Страница 74: ...ername prompt Step 3 To upload the firmware file we transfer the local ras file to overwrite the remote ras file To upload the configuration file we transfer the local rom 0 to overwrite the remote ro...

Страница 75: ...2 Series Support Notes Step 4 The Prestige reboots automatically after the uploading is finished Please do not power off the router at this moment 75 All contents copyright 2006 ZyXEL Communications C...

Страница 76: ...face 1 Shows the following commands and all major sub commands 2 exit Returns to SMT To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware r...

Отзывы:

Нет отзывов

Похожие инструкции для P-660R-Tx v2 Series

Бренд: Makita Страницы: 2

Express5800/E120d-M

Бренд: NEC Страницы: 2

Бренд: Idis Страницы: 123

Бренд: Idis Страницы: 29

Бренд: Idis Страницы: 28

DirectIP DR-1304P

Бренд: Idis Страницы: 82

Бренд: iDirect Страницы: 130

Бренд: Draytek Страницы: 8

Бренд: Oracle Страницы: 24

Бренд: Radicom Страницы: 27

InvenSense RoboKit1

Бренд: TDK Страницы: 13

Бренд: IBM Страницы: 130

IE-SW-VL09T-6TX-3SC

Бренд: Weidmuller Страницы: 14

HiGain Line Unit HLU-388

Бренд: PairGain Страницы: 7

Бренд: Sharedband Страницы: 3

3224 Diamond Edge

Бренд: Patton electronics Страницы: 2

Бренд: NETGEAR Страницы: 2

Бренд: Billion Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды