Page 1 zNID 24xx Series Configuration Guide For software version 2.5.x August 2012 Document Part Number: 830-03782-01...
Page 2 Further, Zhone Technologies reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation of Zhone Technologies to notify any person of such revision or changes.
Page 3: Table Of Contents
ABLE OF ONTENTS About This Guide ..........................7 Style and notation conventions................7 Typographical conventions..................8 Related documentation.....................8 Acronyms........................9 Technical support.....................11 Important safety instructions ................11 Chapter 1 zNID 24xx Series ....................13 Overview ........................13 Web user interface ....................15 zNID 24xx series components................16 zNID 24xx models and interfaces.................17 GPON models ......................17 Gigabit Ethernet models ..................17 Chapter 2...
Page 4 Table of Contents Reserved GEM ports ..................26 Dual Managed mode using the VEIP..............27 Logging in to the 24xx series zNIDs..............29 Logging in on the Ethernet ports ................29 Logging in with CLI ....................29 System features ......................30 Management access control ..................31 User names and passwords................31 Registration ID ....................32 Default interface......................33 DNS.........................34...
Page 5 Chapter 3 Configuration ......................85 Interfaces ........................86 Interface naming conventions .................86 Ethernet port......................86 Factory default VLAN definition ................87 Configuration pages ....................89 System info ......................90 Static route ......................91 Access control......................92 Lists ........................92 Rules.........................93 Firewall ........................94 Global .......................94 Management access..................95 Port forwarding....................96 Interfaces.......................100 Bridged ......................100 Routed ......................101 Brouted ......................102...
Page 6 Table of Contents Creating Dual Managed connections ..............194 Advanced features ....................197 VLANS .........................197 All ports untagged ..................197 Tagged uplink port untagged LAN ports ............198 Tagged uplink port and tagged LAN ports.............200 S-Tagged ......................200 TLS mode .......................202 NAT and DHCP....................205 DHCP server ......................209 Data services ......................210 Rate limiting ....................210 Priority......................211...
Page 7: About This Guide
BOUT UIDE This guide is intended for use by installation technicians, system administrators, or network administrators. It explains the Web user interface for the zNID 24xx series and how to configure the zNID 24xx series of products. Style and notation conventions This document uses the following conventions to alert users to information that is instructional, warns of potential damage to system equipment or data, and warns of potential injury or death.
Page 8: Typographical Conventions
Installation Instructions for GPON and GE models which describe in shorter procedures the steps for installing the zNID. These instructions are shipped with the zNID, but are also available on the Zhone website. Refer to the release notes for software installation information and for changes in features and functionality of the product (if any).
Page 9: Acronyms
Acronyms Acronyms The following acronyms are related to Zhone products and may appear throughout this manual: Table 1: Acronyms and their descriptions Acronym Description Active E Active Ethernet, also known as Gigabit Ethernet Angled physical contact (for fiber connector) Coax...
Page 10 North American T1 and the European E1. Ultra physical contact (for fiber connector) Wi-Fi Wireless local area network (trademark of Wi-Fi alliance) VoIP Voice over IP zNID Zhone Network Interface Device Zhone Management System zNID 24xx Series Configuration Guide...
Page 11: Technical Support
Technical Support for this product is provided by your Internet Service Provider. Important safety instructions Read and follow all warning notices and instructions marked on the product and included in the Hardware Installation Guide, available at Zhone.com. zNID 24xx Series Configuration Guide...
Page 12 About This Guide zNID 24xx Series Configuration Guide...
Page 13: Chapter 1 Znid 24Xx Series
The 24xx series of zNIDs share a common software architecture with the 42xx and 9xxx series of zNIDs, including the same intuitive Web interface and command line interface. The zNID can also be managed by the Zhone Network Management System (ZMS) which uses SNMP. Software upgrades and configuration backups can be handled automatically by the ZMS using the EZ Touch management feature.
Page 14 24xx Series Zhone's 24xx Active Ethernet ONTs can operate at distances up to 20km. The zNID enclosure is designed to provide outstanding reliability and simple installation. The zNID 24xx series may be managed by • EZ Touch (Zhone’s CPE and zNID management application) •...
Page 15: Web User Interface
Web user interface Web user interface The zNID 24xx data path architecture is VLAN centric. In other words to pass traffic VLANs must be defined. The main page for seeing how the zNID is configured is the Configuration | VLAN | Settings page which shows in the lower table the VLANs which have been created and the ports which are members of each VLAN.
Page 16: Znid 24Xx Series Components
zNID 24xx Series zNID 24xx series components The zNID 24xx series has models which have either GPON or Gigabit Ethernet interfaces on the WAN side and Gigabit Ethernet ports, POTS, Coax and USB. See the list of zNID 24xx models and interfaces on page 17 information on which models support which interfaces.
Page 17: Znid 24Xx Models And Interfaces
24xx models and interfaces zNID 24xx models and interfaces GPON models The zNID 24xx series GPON models have the following interfaces: Model Description zNID-GPON-2402 GPON Uplink, 2 GigE zNID-GPON-2403 GPON Uplink, 2 GigE, RFV zNID-GPON-2424 GPON Uplink, 2 POTS, 4 GigE...
Page 18 zNID 24xx Series zNID 24xx Series Configuration Guide...
Page 19: Chapter 2 Management
ANAGEMENT This chapter describes the zNID 24xx. It includes the following sections: • Management interfaces, page 19 • Management access control, page 31 • System features, page 30 • Status and statistics, page 57 Management interfaces The zNID 24xx products can be fully managed through any of several methods (CLI, Web, SNMP and OMCI).
Page 20: Snmp
SNMP The zNID 24xx products can also be managed through SNMP. The zNID 24xx family is compatible with any industry standard SNMP agent. However, Zhone provides a CPE manager feature that makes managing the ONUs even easier. OMCI ONU Management Control Interface (OMCI) provides policy based configuration and management capabilities for GPON.
Page 21: Omci Vs. Residential Gateway Management
OMCI vs. Residential Gateway management OMCI vs. Residential Gateway management For GPON zNIDs, the zNID 24xx may be configured and managed from both OMCI and from a residential gateway interface (CLI or Web UI). When using both methods of management it is important to understand how each method configures traffic flows.
Page 22: Comparing Rg, Omci And Veip By Service, Traffic Forwarding
Management Comparing RG, OMCI and VEIP by service, traffic forwarding Another way to understand the three GPON interface types is by service and traffic forwarding. With RG interfaces you can configure all service modules on the zNID 24xx. RG VLANs pass through an integrated Etherswitch and are forwarded based on Destination MAC to any interface, including the integrated Router.
Page 23 OMCI vs. Residential Gateway management All services are configured on a per VLAN basis. The RG interfaces can configure data, video, and voice. for all RG VLANs, an integrated Etherswitch is included in the data forwarding path. This enables RG VLANs to support local Bridging and peer-to-peer communications for LAN client devices such as PCs.
Page 24: Omci Configured Onu Flows
Management OMCI configured ONU flows OMCI configured ONU flows have a one to one mapping between the WAN side GEM port (GPON Encryption Method port) and the LAN side UNI (User Network Interface). Other than exception packets which require analysis, such as IGMP joins and leaves or ARPs, the traffic is generally a cut-through between the GEM and the UNI.
Page 25: Omci Unique Features
OMCI vs. Residential Gateway management VLAN is configured on all three GEMs. When configured this way a PC connected on eth 1 will NOT be able to communicate directly with a PC connected to eth 2 or eth 3. All packets are forwarded upstream in a secure manner, and no locally switched port-to-port communication is supported.
Page 26: Statistics In Uni Mode
Management This display is useful for troubleshooting purposes, because you can easily see how voice is configured using the Web GUI, TR-069, or Telnet/CLI interface, even when OMCI actually configured it. Statistics in UNI mode There are not as many packet-level statistics available for ONU flows since they are ISO layer 2 “cut-through”...
Page 27: Dual Managed Mode Using The Veip
OMCI vs. Residential Gateway management Dual Managed mode using the VEIP In Dual Managed mode a “virtual UNI” is the glue between the RG interfaces and OMCI. The virtual UNI is a Virtual Ethernet Interface Point (VEIP) as described in G.984.4 Amendment 2 and G.Impl.984.4). The VEIP allows the features such as Voice and WiFi which cannot be implemented directly by OMCI, to be configured via RG interfaces.
Page 28 Management Figure 6: In Dual Managed mode, the VEIP provides access to the other modules including the wireless interface VLAN ID is used to automatically bind the RG VLAN and the OMCI Filter together. Note: If there are no OMCI Filter Rules provisioned on the VEIP with a matching Original VLAN ID, then the RG VLAN will not have a connection into the network.
Page 29: Logging In To The 24Xx Series Znids
ONU, you will lose connectivity. You would then need to reconfigure your PC to be on the same subnet. • The default login is “admin” and the default password is “zhone” Note: For security reasons the password should be changed from the default password. To change the password see...
Page 30: System Features
Management System features The System pages define and configure access and applications used directly by the zNID, such as DNS and Internet Time. The System pages also provide options for updating and restoring software versions, as well as rebooting the zNID.
Page 31: Management Access Control
The user name “support” is used to access your Zhone Router for maintenance and to run diagnostics. The user name “user” can access the Zhone Router, view a limited subset of configuration settings and statistics, as well as, update the router’s software.
Page 32: Registration Id
Management Registration ID Access on the GPON interface requires a Registration ID. This value must match the value programmed in the OLT. The system administrator should have programmed this value. Changing the value will disable communications with the network. The unit will reset once the Reg ID has been changed and the GPON link will not communicate with the OLT until the same password is entered in the OLT.
Page 33: Default Interface
System features Default interface When the ONU must send an internally generated packet (e.g., from SNMP trap, SNTP, etc.) to an IP address that is not defined in the route table, the selected default interface's IP address will be used as the source address. This device has many internal applications such as SNMP, DHCP, DNS, PING.
Page 34: Dns
Management DNS client Depending on the selection of the DNS Client Source, you will need to select a source for the DNS, or enter DNS information. Selecting Static requires a Primary DNS and/or a Secondary DNS address to be entered. Selecting any other entry from DNS Client Source requires an interface to be selected.
Page 35 System features Figure 12: Static as DNS Client Source Figure 13: PPPoE as DNS Client Source zNID 24xx Series Configuration Guide...
Page 36: Dns Proxy Server
Management DNS Proxy Server When DNS Proxy is selected as the DNS Relay Source on any LAN-side interface, client devices will send all DNS requests to this Router LAN side IP Address. The router checks the Local Host Table for any pre-configured Domain Name lookups, and if a matching entry is found, responds with the corresponding IP Address.
Page 37: Internet Time
System features Internet time The System|Internet Time page is used to configure the time of day on the ONU. The time is retrieved from one of the SNTP servers configured on the page. The Time Zone is used to set the time to local time. Note that the ONU does not automatically compensate for Day Light Saving Time.
Page 38 Management Table 3: Internet time settings UI Label Description Third NTP time Select the third NTP time server to access from the server pull-down list, or select other and configure the IP address. Fourth NTP time Select the fourth NTP time server to access from the server pull-down list, or select other and configure the IP address.
Page 39: System Log
System features System log The zNID 24xx supports the system log feature as defined in RFC 5424. The zNID 24xx supports all 8 message severities: Table 4: System log message severity levels Message severity Description Emergency: system is unusable Alert: action must be taken immediately Critical: critical conditions Error: error conditions Warning: warning conditions...
Page 40 Management A sample output from the Syslog. Table 5: Configure system log UI Label Description • Enable Enables the system log function. • Disable Disables the logging of system messages. Log Level System Log messages have different priorities. All messages of the selected priority and higher will be placed in the system log.
Page 41 System features Table 5: Configure system log UI Label Description Mode Select where the system log should be recorded • Local Buffer Store Syslog events in local RAM memory • Remote Syslog Send Syslog events to a remote Syslog server •...
Page 42: Power Shedding
Management Power shedding In order to extend telephone service during power outages, so emergency contact may be made for as long as possible on battery power, power shedding may be used to shut down all other services of the ONU. While power shedding is active, all data services will be disabled and only the alarm and system status LEDs will be lit.
Page 43: Backup/Restore
System features Backup/Restore The Backup/Restore pages provide the means for backing up the current configuration, restoring earlier configurations, or going back the default settings of the zNID. Backup The Backup/Restore | Backup screen allows you to save a backup configuration. Clicking Backup Settings on the System|Backup/Restore|Backup page will cause the current configuration to be saved on your PC.
Page 44 Management Figure 20: Saving the backup configuration file zNID 24xx Series Configuration Guide...
Page 45: Restore
Restore Restore The Backup/Restore | Restore screen allows you to restore the ONU to a operate with a previously-saved configuration. Click Browse in the Backup/Restore | Restore screen, then select the saved configuration and click open. Figure 21: Restoring from a saved configuration Figure 22: Waiting while the router is being updated zNID 24xx Series Configuration Guide...
Page 46: Restore Default
Management Restore default The Backup/Restore | Restore Default screen allows you to return to the zNID factory default configuration. Click Restore Default Settings, close the browser window and wait for the router to reboot. If the IP address had been changed from the default IP address you will need to follow the log in directions, Logging in to the 24xx series zNIDs on page...
Page 47: Snmp Agent
SNMP agent SNMP agent The System | SNMP Agent page allows you to configure the embedded SNMP agent and trap manager. The SNMP agent can be disabled to prevent access from unknown users. Figure 24: SNMP configuration Table 7: SNMP agent configurable attributes UI Label Description SNMP Agent...
Page 48 Management Table 7: SNMP agent configurable attributes UI Label Description System Location Identifies where this device resides. It could a be a street address or a rack/shelf/slot description. This is a read only field on this page. System Location can be set in System info, page System Contact...
Page 49: Client
ACS URL Web site address of the ACS (e.g. http:// zhone.com:6050). If the URL includes a domain name, a DNS must be reachable to resolve the domain name. ACS User Name User name required to access the ACS.
Page 50 Management Table 8: TR-069 client configurable attributes UI Label Description Connection Request Check the box to enable the authentication of all Authentication Connect Requests received from an ACS. If checked, the TR-069 client will only accept Connect Requests from an ACS that has embedded the correct Connection Request User Name and Password.
Page 51: Certificates
SNMP agent Certificates The zNID 24xx supports local certificates and trusted certificates. • Local certificates • Trusted CA Table 9: Attributes for Certificates Local and Certificates Trusted CA screen UI Label Description Name Certificate identifier. Local certificate “cpecert” and Trusted CA “acscert” names are reserved for use by the TR069 client.
Page 52: Local Certificates
Management Local certificates Local certificates are used by peers to verify your identity when establishing a connection to a server or client over the secure socket layer (SSL). The System|Certificates Local screen allows you to add, view or remove Local certificates for the system. A maximum of four Local certificates can be stored.
Page 53: Trusted Ca
SNMP agent Trusted CA Trusted Certificate Authority (CA) certificates are used to verify peer’s identity when establishing a connection to a server or client over the secure socket layer (SSL). The Certificates|Trusted CA screen allows you to import or view Trusted CA certificates for the system.
Page 54: Software
Management Software The Software screens provide options to restore software from the alternate bank or to use a version of software saved elsewhere. Restore software The ONU stores two sets of software. One set, the Current Software Version or active software, is the software set which is currently running the ONU. The other set is the Alternate Software Version or standby software, and is stored in the ONU's alternate (non-running) bank.
Page 55: Update Software
SNMP agent Update software The ONU may use a saved configuration. Click Browse to view the file system attached to your browser's PC. Then select the configuration file that you would like to use to upgrade the ONU. Clicking Update Software will cause the software on the ONU to be updated with the selected software image.
Page 56: Reboot
Management Reboot Clicking Reboot will cause the unit to re-initialize as if it was power cycled. This will happen immediately after clicking — no extra warning message is provided. Close the browser window and wait to reconnect to the router. Figure 30: Rebooting the zNID Figure 31: Rebooting message zNID 24xx Series Configuration Guide...
Page 57: Status And Statistics
Status and statistics Status and statistics Status and statistics are very useful in troubleshooting network issues. The zNID 24xx provides • Device info on page 58 • Statistics on page 61 • LAN interface status on page 65 • GPON interface status on page 66 •...
Page 58: Device Info
Management Device info Device Info includes information about the device, MIB-2 objects, system up time, model number, serial number, version information and the MAC addresses of the interfaces. Figure 33: The Device Info table Table 10: Device Info page display UI Label Description System Name...
Page 59 Device info Table 10: Device Info page display UI Label Description System Date and Time System Date and Time is drawn from SNTP (Simple Network Time Protocol) servers. Multiple servers are given in case access to the server is lost. Selecting the SNTP server and other settings can be configure in Internet time, page System UpTime...
Page 60 Management Figure 35: MAC addresses are shown for each port Figure 36: Alarms example with no alarms presently showing zNID 24xx Series Configuration Guide...
Page 61: Statistics
Device info Statistics The device maintains counters for the number of bytes and frames that are transmitted as well as received for every Ethernet interface on the ONU, including the Fiber WAN uplink interface (Either GPON or GigE) and the Wireless LAN interface.
Page 62 Management Table 11: LAN side statistics UI Label Description Transmitted Frms The number of egress frames transmitted out the interface, since statistics were last reset. This is the data going to an external device. Transmitted Errs The number of frames that could not be transmitted from the interface due to framing errors, since statistics were last reset.
Page 63 Device info Table 12: GPON: GEM port counters UI Label Description Rx Frames Number of ethernet frames received on this GEM port. Rx Dropped Frames Number of receive ethernet frames dropped due to congestion or because frame is undersized. Tx Bytes Number of bytes transmitted on this GEM port, not including GEM headers.
Page 64 Management Table 14: PLOAM (Physical Layer Operations and Maintenance) message counters UI Label Description CRC Error Messages Messages received in error and discarded. Total Received Total Number of CRC correct downstream PLOAM Messages messages received. Unicast Received Number of CRC correct downstream PLOAM Messages messages with ONU ID matching this ONU's ID.
Page 65: Lan Interface Status
Device info LAN interface status The Status | Interfaces | LAN screen can be used to see if the interface is up (not only the interface is up, but if it has link with a downstream device). Figure 39: Status of LAN interfaces Table 15: LAN interface Ethernet status UI Label Description...
Page 66: Gpon Interface Status
Management GPON interface status The Status | Interfaces | GPON screen can be used to see if the interface is up, the ONU ID, and other information and alarms. Figure 40: Status of GPON interfaces Table 16: GPON link status UI Label Description Current Link State...
Page 67 Device info Table 16: GPON link status UI Label Description Triplexer Temp Temperature of the triplexer device, in degrees C (and F). Voltage Nominal triplexer operating voltage. Figure 41: GPON alarm example, Loss of Signal Table 17: GPON alarms UI Label Description Auto-Power Control Auto-Power Control (APC) is the ability to adjust to...
Page 68: Pppoe Status
Management PPPoE status This table provides interface status for each PPPoE uplink tunnel. This status includes the time that the connection has been up the configured MTU size, and the last error code reported for this interface. Figure 42: PPPoE status Table 18: PPPoE status UI Label Description...
Page 69: Route
Device info Route The Route page shows the essential elements of the zNID’s routing table. Figure 43: Route table Table 19: The route table UI Label Description Destination IP address or range of addresses for the static IP address (or range of addresses) in the routing table. Gateway IP Address of Next Hop Router Subnet Mask...
Page 70: Arp Table
Management ARP table This table displays the IP and MAC address for each device on a VLAN. Figure 44: ARP table Table 20: The ARP table UI Label Description IP Address The IP address of the device discovered on the interface listed in the device column.
Page 71: Bridge Table
Device info Bridge table The bridge table displays the MAC address for each device on a VLAN interface of the internal layer 2 bridge. A total of 4,096 entries are allowed in the bridge table, but only the 2048 most recent entries are displayed. The bridge table can give you an idea of the number of devices that are seen on the network.
Page 72: Dhcp Status
Management DHCP status DHCP status provides a table of DHCP leases given out by the ONU’s internal DHCP Server. Figure 46: DHCP server device information and status This page shows the computers, identified by the hostname and MAC address that have acquired IP addresses by the DHCP server with the time remaining before the lease for the IP address is up.
Page 73: Igmp
Device info IGMP Internet Group Management Protocol (IGMP) is used to create group memberships for multicast streams. Normally IGMP is used for streaming video and other applications such as gaming, to provide more efficient use of the networks resources for these types of applications. Creating video connections on page 190 for configuration information.
Page 74: Omci
Management OMCI The OMCI bridge table displays the GPON Bridges that are mapped to GEM ports with VLAN Filter and translation rules. These are the “Pure ONU” traffic flows that have been configured via OMCI commands from the OLT. This information is useful for debug of OMCI-related configuration issues. Figure 48: OMCI bridge Table 24: OMCI mapping information for bridged interface UI Label...
Page 75 Device info Table 24: OMCI mapping information for bridged interface UI Label Description Filter VLAN The VLAN IDs of downstream traffic that will be allowed to pass through the unit. All packets with VLAN IDs that do not match will be dropped. When configured for “OPEN”...
Page 76 Management The OMCI Path table displays the Managed Entity IDs that have been assigned by the OLT to each of the Physical and Virtual User-to-Network Interfaces (UNIs), along with their Administrative and Operational State. OMCI commands can Admin Down any of these interfaces. When Admined Down, they are unusable for any services.
Page 77 Device info The Interfaces VEIP table displays the configured VLAN that are mapped to an uplink GEM Port. The uplink GEM port is required to be configured via OMCI. This table display the final mapping of the user defined RG VLANs and the OMCI configured GEM ports and VLANs.
Page 78: Wireless
Management Wireless The Status | Wireless pages shows the authenticated wireless stations which are access the wireless access point. Figure 52: Authenticated wireless stations Table 28: Authenticated wireless stations UI Label Description The MAC address of the authenticated wireless station. Associated The wireless station has been associated with the access point.
Page 79: Voice
Device info Voice Two types of voice logs are provided by the zNID. Voice Packet Log(s) and Call Audit log(s). The voice packet logs show signalling packets sent to and received from the VoIP softswitch and can be used to debug registration or connectivity issues.
Page 80 Management Table 29: Table of VoIP lines status and statistics UI Label Description RTP Statistics The statistics provided refer to the previous completed call • Packets Sent – The number of packetized data buffers sent into the network. • Packets Received – The number of packetized data buffer received from the network.
Page 81 Device info Figure 54: Voice Real-Time Packet Protocol statistics Real-Time Packet Protocol (RTP) statistics can be used to determine activity sent into the network or received from the network on the VoIP lines. RTP is used with Real-time Control Protocol (RTCP) which monitors transmission statistics through control packets sent into or received from the network.
Page 82 Management Table 30: RTP statistics UI Label Description RTCP XR Sent The number of extended reporting control packets sent into the network (should be the same as RTCP Sent) RTCP XR Received The number of extended reporting control packets received from the network Jitter Jitter statistics are kept from the previous call Peak Jitter (ms)
Page 83 Device info Figure 55: Voice status logs Figure 56: View packet log zNID 24xx Series Configuration Guide...
Page 84 Management Figure 57: View audit log zNID 24xx Series Configuration Guide...
Page 85: Configuration
ONFIGURATION The following sections describe fundamental information about the zNID 24xx: • Interfaces, page 86 • Factory default VLAN definition, page 87 The Configuration pages section describes the interfaces and all UI elements: • Configuration pages, page 89 The Deployment scenarios section is a task based section which describes how to create data, video and voice connections, as well as set data services such as rate limiting, and other Network Address Translation (NAT) and DHCP services.
Page 86: Interfaces
Configuration Interfaces Interface naming conventions zNID 24xx ONUs will support the following default interface names for the physical interfaces: • eth0 — Fiber WAN interface (either GPON or GigE) • eth1 — GigE port 1 • eth2 — GigE port 2 •...
Page 87: Factory Default Vlan Definition
Factory default VLAN definition Factory default VLAN definition Table 31 shows the VLANs set as the factory defaults Table 31: Factory default VLANs VLAN Type Tagged/Untagged Port IP address Bridged Tagged eth0 (Fiber WAN DHCP enabled – GPON or GigE) Bridged Tagged eth0 (Fiber WAN...
Page 88 Configuration Figure 59: Default VLANs and interfaces as displayed in the Configuration | VLAN | Settings page The VLAN to associate with the POTS interfaces is the Bound Interface Name parameter in the Configuration | Voice | SIP page or the Configuration | Voice | MGCP pages.
Page 89: Configuration
Configuration pages Configuration pages The Configuration Menu has the screens for configuring interfaces. This section describes the following pages of the Web user interface: • System info, page 90 • Static route, page 91 • Access control, page 92 • Firewall, page 94 •...
Page 90: System Info
Configuration System info The Configuration | System Info page provides the mechanism for setting the MIB-2 SNMP objects for System Name, System Location and System Contact. The System Name is also in the screen banner. If you change the System name, to get the System Name to update in the banner click refresh on the browser.
Page 91: Static Route
Configuration pages Static route The Configuration | Static Route page provides the mechanism for adding static routes to the zNID. Figure 62: The Static Route page has a table of static routes To add a route, click Add. Figure 63: Adding a static route Table 33: Adding a static route UI Label Description...
Page 92: Access Control
Configuration Access control Access control lists define whether packets/frames from source IP addresses or source MAC addresses are allowed in on an interface. Note that firewall rules, access control and port forwarding, require the firewall feature to be enabled. Lists There are three options for defining whether packets/frames will be allowed in on an interface —...
Page 93: Rules
Configuration pages Rules The Configuration|Access Control|Rules page defines the access control list rules. Figure 65: Defining the rules for access list Table 34: Adding an access control rule UI Label Description Interface Selects the physical interface to which the configured rule will apply.
Page 94: Firewall
Configuration To define an access control rule Select the interface to which to apply the rule Enter a unique rule name in the Rule Name text box Define the Source IP address, subnet, MAC address or MAC mask for the rule Click Add Rule Firewall...
Page 95: Management Access
Configuration pages Management access The Firewall Management Access table lists all the interfaces for which management traffic can be received. A check under the protocol indicates that this protocol is Allowed on the interface. The firewall global option must be enabled before this screen will take effect. Figure 67: Firewall management port access table Table 35: Management services UI Label...
Page 96: Port Forwarding
Configuration Port forwarding The top table of the Port Forwarding screen reflects the existing port forwarding rules. As Rules are added, the top table displays those changes. The Delete Rule(s) button allows one or more rules to be removed from the ONU.
Page 97 Configuration pages Table 36: Defining port forwarding rules UI Label Description Name User defined name to identify rule. Type • When DMZ is chosen it is the only rule allowed on that interface. A DMZ rule is effectively the same as a Range rule with all ports included.
Page 98 Configuration Defining port forwarding rules Be sure that Firewall is set to Enabled on the Firewall | Global page In the Name text box enter a name for the rule From the Type dropdown select the type of port forwarding rule Enter the appropriate information for the rule (depends on rule type) Click Add Rule Figure 69: DMZ rule...
Page 99 Configuration pages Figure 71: Port forwarding remap rule zNID 24xx Series Configuration Guide...
Page 100: Interfaces
Configuration Interfaces The Zhone zNIDs support a variety of interface types: • Bridged on page 100 • Routed on page 101 • Brouted on page 102 • PPPoE on page 103 • Ethernet on page 104 • GPON on page 106 Rate limiting is also available for the WAN and LAN Ethernet interfaces.
Page 101: Routed
Configuration pages To edit a bridge, enter a check in the bridged interface in the select row at the top of the table, then click Edit Selected Interface. The table displays Bridged Interfaces along with any IP Addresses that have been assigned to them for the purposes of enabling management access or supporting SIP, SIP-PLAR or MGCP clients.
Page 102: Brouted
Configuration Brouted Brouted VLANs have two IP interfaces — one for the Routed uplink interface and a second for the Bridged LAN-side interface. A Brouted VLAN may have multiple LAN ports as members, and all ports will use the same IP subnet. So Brouted means that the LAN side is like a bridge, but has a routed interface for the WAN side.
Page 103: Pppoe
Configuration pages PPPoE The Point-to-Point Protocol over Ethernet (PPPoE) encapsulates PPP frames inside Ethernet frames to create a PPPoE tunnel between hosts connected to the ZNID and other devices out in the cloud. While Ethernet is packet-based (so no direct connection is opened), PPP is a direct connection where one device directly connects to another using the protocol.
Page 104: Ethernet
Configuration Ethernet The Interfaces | Ethernet page provides the mechanism to modify Ethernet parameters for Ethernet interfaces. Figure 76: Ethernet parameters Table 37: Ethernet settings UI Label Description Admin State • Enable - Port is enabled and a link has been established •...
Page 105 Configuration pages Table 37: Ethernet settings UI Label Description LAN Follows WAN When enabled, the LAN port is forced to a physical down state when the WAN uplink has been down for 15 seconds. This mechanism is used to signal to attached devices that they need to initiate a backup connection.
Page 106: Gpon
Configuration GPON The Interfaces | GPON page allows you to enable RF video on models which support RF video. Figure 77: RF video may be enabled or disabled For models which support RF video, RF video may also be disabled to conserve power when RF video is not in use.
Page 107: Rate Limits
Configuration pages Rate Limits Rate limiting can be configured on the WAN uplink, LAN Ethernet interfaces, HPNA coax and HPNA phone ports. Figure 78: Rate shaping and limiting on Ethernet ports Table 38: Rate limiting UI Label Description Limiting Limit enabled or disabled on interface. Inbound Rate limit inbound traffic.
Page 108: Wireless
Configuration Wireless Basic The Wireless | Basic page sets the name for the network (SSID, service set identifier) which identifies the AP to clients. You also can set basic functionality such as setting the maximum number of clients which can be connected to the AP.
Page 109 Configuration pages Table 39: Basic wireless settings. UI Label Description Disable WMM WMM (Wireless Multi Media) provides a subset of the Advertise IEEE 802.11e QoS standard, which adds prioritization to wireless to optimize their performance. When multiple concurrent applications are on the wireless network each application may have different latency and throughput needs.
Page 110: Security
Configuration Security The main items for wireless security are authentication and encryption. Authentication methods which are secure allow the clients (also called stations or STA) you want onto the network, while keeping others off of the network. Encryption is used, both in some of the authentication methods and in the regular transmission of data once the client has successfully completed the authentication process.
Page 111 Configuration pages Figure 81: The wireless security page Table 40: Wireless security basic options UI Label Description Enable WPS With WPA-PSK, WPA2-PSK, Mixed WPA2/WPA-PSK, or Open Network Authentication modes, there is the ability to add clients via push button or by a STA PIN or AP device PIN. WPS, page 123 Select SSID Selects the SSID to associate with the Network Authorization...
Page 112 Configuration Table 40: Wireless security basic options UI Label Description Network • Open Authentication Open access to the network. Anyone can access. See Open, page 114. • Shared WEP encryption strength may be 64 or 128 bit. Up to four different keys can be set, though only one it active at any time.
Page 113 Configuration pages Table 41: Network Authentication parameters (part 1) Open Shared 802.1x WPA-PSK WEP Encryption Encryption Strength Current Network Key Network Key 1 Network Key 2 Network Key 3 Network Key 4 RADIUS Server IP Address RADIUS Port RADIUS Key WPA Group Rekey Interval WPA/WAPI...
Page 114 Configuration Table 42: Network Authentication parameters (part 2) WPA2 WPA2-PSK Mixed WPA2/WPA Mixed WPA2/WPA-PSK WPA/WAPI Passphrase WPA/WAPI Encryption WPA2 Preauthentication Network Re-auth Interval Open With Network Authentication open and no authentication, anyone can access the network. With WEP Encryption disabled, communication is sent in clear text, so this configuration has no security protection.
Page 115 Configuration pages Shared Shared network authentication uses WEP encryption that must be shared between the AP and the STA. The initial request from the STA is in clear text, as is the challenge from the AP. The STA replies to the challenge with the Network Key in an encrypted message.
Page 116 Configuration 802.1x 802.1X network requires mutual authentication between a client station and the router by including a RADIUS-based authentication server. Information about the RADIUS server such as its IP address, port and key must be entered. WEP encryption is enabled by default with default encryption strength and network keys.
Page 117 Configuration pages WPA (WiFi Protected Access) is usually used for the larger Enterprise environment, it uses a RADIUS server and TKIP (Temporal Key Integrity Protocol) encryption (instead of WEP encryption which is disabled). TKIP+AES uses 128-bit dynamic session keys (per user, per session, and per packet keys).
Page 118 Configuration WPA-PSK WPA-PSK (WiFi Protected Access – Pre-Shared Key) is basically WPA for home and small office/home office (SOHO) environments. WPA-PSK uses the same strong TKIP+AES encryption which is used for WPA, per-packet key construction, and key management that WPA provides in the enterprise environment.
Page 119 Configuration pages WPA2 WPA2 (WiFi Protected Access 2) — second generation WPA which uses AES (Advanced Encryption Standard) instead of TKIP as its encryption method. Network re-authorization interval is the time in which another key needs to be dynamically issued. Figure 87: Wireless security with WPA2 network authentication zNID 24xx Series Configuration Guide...
Page 120 Configuration WPA2-PSK WPA2-PSK (WiFi Protected Access 2 – Pre-Shared Key) — suitable for home and SOHO environments, it also uses AES encryption and requires you to enter a password and a re-key interval time. Figure 88: Wireless security with WPA2-PSK network authentication zNID 24xx Series Configuration Guide...
Page 121 Configuration pages Mixed WPA2/WPA Mixed WPA2 / WPA — useful during transitional times for upgrades in the enterprise environment, this mixed authentication method allows “upgraded” and users not yet “upgraded” to access the network via the router. RADIUS server information must be entered for WPA and a as well as a group re-key interval time.
Page 122 Configuration Mixed WPA2/WPA-PSK Mixed WPA2 / WPA-PSK — useful during transitional times for upgrades in the home or SOHO environment, a pre-shared key must be entered along with the group re-key interval time. Both TKIP and AES are also used. Figure 90: Wireless security with Mixed WPA2/WPA-PSK network authentication zNID 24xx Series Configuration Guide...
Page 123 Configuration pages With WiFi Protected Setup (WPS) — available for WPA-PSK, WPA2-PSK, Mixed WPA2/WPA-PSK and Open Network Authentication methods — the wireless zNID 24xx can add clients via three different methods: • push button certification With push button certification you must simultaneously push the WPS button on the rear panel of the wireless zNID 24xx and click the virtual button for push button registration on the client device.
Page 124: Wep Encryption
Configuration WEP Encryption WEP (Wire Equivalent Privacy) is encryption based on an encryption key strength of 64 or 128 bits. Up to 4 different keys can be set and you can come back to select which one to use at anytime. Figure 92: Setting up WEP network keys Table 43: Configuration parameters for WEP Encryption Enabled UI Label...
Page 125: Radius Authentication
Configuration pages RADIUS authentication Remote Access Dial-Up Service (RADIUS) is not only for WiFi applications. The RADIUS server requires identity and credentials (username and password) from the user and is used for enterprise security. Figure 93: RADIUS authentication uses an authentication server Table 44: RADIUS authentication parameters UI Label Description...
Page 126: Mac Filter
Configuration MAC filter To restrict wireless access to an AP by SSID, you can add a MAC Filter which filters for the MAC address. The filter defines whether a client can connect to the AP based on the MAC address of the client. The list of MAC addresses can allow a list of devices to use the AP or the list can be denied use.
Page 127: Wireless Bridge
Configuration pages Wireless bridge The Wireless Bridge page allows you to configure wireless bridge (also known as Wireless Distribution System (WDS)) functionality. WDS allows for the expansion of the wireless network across multiple access points without wired connections. Wireless bridge refers to the connection between the AP and a wireless repeater device which extends the reach of the AP.
Page 128 Configuration Table 45: WDS parameters UI Label Description Bridge Restrict Applies to the wireless bridge: • Enabled Access is restricted to devices whose MAC addresses are entered in the text boxes for Remote Bridge MAC Address • Enabled(Scan) Scans for any wireless bridge devices in range and displays them in the Remote Bridge MAC Address table.
Page 129 Configuration pages Table 46: Wireless Distribution System options UI Label Description Bridge Defines the access for wireless bridge devices Restrict • Enabled Allows only the devices with MAC addresses entered in the Remote Bridges MAC Address text boxes (up to four) •...
Page 130: Advanced
Configuration Advanced The Wireless | Advanced page configure wireless signal settings. Note: Do not change the settings on this page if you are not familiar with WiFi settings. Figure 99: Advanced wireless signal setting parameters Table 47: Advanced wireless settings UI Label Description Band...
Page 131 Configuration pages Table 47: Advanced wireless settings UI Label Description Auto Channel Defines the refresh time in minutes for rescans which Timer(min) finds the best available channel for use on your wireless network. When configured for auto mode, the timer value specifies how often to re-analyze the spectrum to select a low interference channel.
Page 132 Configuration Table 47: Advanced wireless settings UI Label Description 54g™ Rate The rate at which information will be transmitted and received on your wireless network. Multicast Rate Multicast rate is the transmission rate for multicast packets. Since multicast packets are sent once and must be received by all clients, they must be sent at a low enough rate for all clients to receive.
Page 133 Configuration pages Table 47: Advanced wireless settings UI Label Description WMM (WiFi prioritizes traffic from different applications such as Multimedia) voice, audio and video applications under different environments and conditions. WMM No the acknowledgement policy used on the MAC level. Acknowledgement Enabling no-acknowledgement can result in efficient throughput but higher error rates in a noisy Radio...
Page 134: Voice
Configuration Voice The zNIDs support SIP, SIP-PLAR and MGCP protocols. • SIP on page 135 • SIP-PLAR on page 136 • MGCP on page 139 SIP and SIP-PLAR have many of the same parameters as can be seen in Figure 101, SIP configuration, Figure 103, SIP-PLAR configuration and.Table...
Page 135: Sip
Configuration pages The SIP configuration connects via network to a SIP softswitch. Figure 100: SIP scenario Figure 101: SIP configuration Define the changes to the configuration and click Apply/Restart SIP client, The SIP client will be restarted. Existing phone calls will be terminated. zNID 24xx Series Configuration Guide...
Page 136: Sip-Plar
Configuration SIP-PLAR The Zhone SIP-PLAR implementation has a voice gateway which connects to the Class V switch. Figure 102: SIP-PLAR scenario Figure 103: SIP-PLAR configuration Define the changes to the configuration and click Apply/Restart SIP client, The SIP client will be restarted. Existing phone calls will be terminated.
Page 137 Configuration pages Table 48: SIP and SIP-PLAR configuration UI Label Description Locale Selection: Select the country. This field sets the phone to respond as expect in the selected country. Domain Name Mode SIP Mode only Defines whether an IP address or a domain name will be used to identify the SIP domain.
Page 138 Configuration Table 48: SIP and SIP-PLAR configuration UI Label Description DSCP for SIP Priority Value for protocol data. DSCP for RTP Priority Value for voice data. Dtmf Relay setting Method of sending tones. Hook Flash Relay Method of sending Hook transition. setting SIP Transport Send information over UDP or TCP.
Page 139: Mgcp
Configuration pages MGCP The MGCP configuration connects via network to a MGCP softswitch. Figure 104: MGCP scenario Figure 105: MGCP configuration Define the changes to the configuration and click Apply/Restart SIP client, The SIP client will be restarted. Existing phone calls will be terminated. Table 49: MGCP configuration UI Label Description...
Page 140: Lines
Configuration Table 49: MGCP configuration UI Label Description Persistent Notification When enabled, all switchhook events will be forwarded to the switch immediately without regards to what the switch has requested. When disabled, the event that the switch has requested will be forwarded. Lines The Configuration | Voice | Lines page selects which physical POTS interfaces are made active as well as setting signal information for the lines.
Page 141 Configuration pages Figure 107: SIP Line configuration Table 50: Voice line configuration UI Label Description Line The number matches the physical POTS port on the zNID. Admin State When checked the port is Enabled to the switch. User ID Text Field to allow user to identify the port. The recommended ID is phone number.
Page 142 Configuration Table 50: Voice line configuration UI Label Description Silence Suppression Check enables Silence Suppression. Echo Cancellation Check enables Echo Cancellation. Call Waiting Check enables Call Waiting Three-way Calling Check enables Three-way calling Message Waiting When enabled, a SUBSCRIBE message will be sent after Registration to subscribe to message waiting.
Page 143: Vlan
VLAN VLAN The VLAN page both creates and defines VLANs as well as assigns VLANs to available ports. The VLAN screen has two tables — port defaults and VLANs and port membership. For information about VLAN taggings, see VLANS on page 197.
Page 144 Configuration Table 51: Port Defaults UI Label Description Default PVID The VLAN ID that will be inserted for any non tagged frames received on this interface. To remove tags in the upstream direction the port must be an untagged member of the same VLAN. Default 802.1p The default Quality of Service value for the PVID frames...
Page 145 VLAN Edit Port Defaults The VLAN Settings | Edit Port Defaults screen provides the means to define the VLAN ID and set 802.1p priorities for packets from each Ethernet port. This screen also sets which port is to be used as the WAN uplink. The most common scenario is for a PC based subnet on a downstream port.
Page 146 Configuration Figure 110: Example VLANs and interfaces Figure 111: Setting port defaults zNID 24xx Series Configuration Guide...
Page 147 VLAN Table 53: Creating or editing port defaults UI Label Description PVID The VLAN ID that will be inserted for any non tagged frames received on this interface. Note: To strip the tag in the transmit (egress) direction, this port must be configured as an untagged member of the VLAN with a matching VLAN ID.
Page 148 Configuration Add New VLAN To add a new VLAN you define the name, the ID, whether secure forwarding is applied to the VLAN and whether the VLAN is bridged, routed, or for PPPoE. Figure 112: Adding a new VLAN Table 54: Adding a VLAN UI Label Description VLAN Name...
Page 149 VLAN Edit Selected VLAN Once a VLAN is created, you cannot change the name or VLAN ID, interface type and whether secure forwarding is applied to the VLAN. You can define port membership for an existing VLAN. Figure 113: Selecting a VLAN for editing Figure 114: Editing port membership for an existing VLAN zNID 24xx Series Configuration Guide...
Page 150 Configuration Table 55: In the VLAN editing screen, only the port membership for the VLAN may be defined UI Label Description VLAN Name The user defined name for this VLAN. Once the VLAN is created this name cannot be changed. You must delete the VLAN and recreate it with a different name.
Page 151: Modes
VLAN Modes The Transparent LAN Service Settings screen allows the TLS parameters to be set or modified. Figure 115: Transparent LAN service settings Table 56: In the VLAN editing screen, only the port membership for the VLAN may be defined UI Label Description VLAN Service Mode...
Page 152 Configuration Table 56: In the VLAN editing screen, only the port membership for the VLAN may be defined UI Label Description Cross VLAN Routing When Enable is selected routing between VLANs is Mode allowed. • Enable Route table lookups ignore the VLAN ID of the ingress and egress ports.
Page 153: Wan Backup
VLAN WAN backup With the WAN backup feature configured, if the WAN (uplink) has gone down, data for one VLAN can be rerouted to the USB wireless modem. WAN backup requires that at least one VLAN on the uplink has NAT enabled. Figure 116: WAN backup configuration Table 57: WAN backup configuration parameters UI Label...
Page 154 Configuration Table 57: WAN backup configuration parameters UI Label Description WAN Failover Timer The WAN Failover timer is used to determine how long (in seconds) the Fiber uplink interface must be operationally DOWN before a USB Cellular WAN Backup connection will be initiated. The Default value is 0 seconds, which DISABLES this feature.
Page 155 VLAN Table 57: WAN backup configuration parameters UI Label Description WAN Backup The IP Address of the Secondary DNS Server to be Secondary DNS used on the WAN uplink interface of a Cellular Backhaul connection. Acquired dynamically in DHCP mode. Four digit Personal Identification Number (PIN) code used to unlock the SIM card.
Page 156: Deployment Scenarios
Configuration Deployment scenarios The connection type for each VLAN can be configured for Bridged, Routed, Brouted, PPPoE Bridged, or PPPoE Routed. For a discussion of the differences among the connection types please see configuration options, page 157. Creating data connections follows a different procedure than voice connections.
Page 157: Ip Configuration Options
Deployment scenarios IP configuration options The different bridge types which the zNID 24xx supports provides present different options for assigning IP addresses. • Bridged For bridged VLANs, an IP Address can be assigned if the zNID will be a host in a particular IP subnet. –...
Page 158 Configuration • Routed For Routed VLANs, an IP Address will be assigned per physical port that is assigned to the VLAN. The minimum configuration will have the uplink interface and at least one LAN-side interface. When there are multiple LAN ports in the same Routed VLAN, each one must be assigned its own IP subnet.
Page 159 Deployment scenarios • Brouted For Brouted VLANs, there are only two IP interfaces - one for the Routed uplink interface and a second for the Bridged LAN-side interface. A Brouted VLAN may have multiple LAN ports as members, and all ports will use the same IP subnet.
Page 160 Configuration • PPPoE Bridged or Routed PPPoE bridged or routed connections are very similar to bridged or routed connections, only that the uplink interface is a PPPoE client that establishes a PPPoE tunnel to an upstream BRAS – PPPoE/Bridged VLANs are similar to Brouted VLANs, but the uplink interface is a PPPoE client that establishes a PPPoE tunnel to an upstream BRAS.
Page 161 Deployment scenarios Figure 121: For PPPoE routed the LAN side interfaces are all their own subnets. The WAN side is in its own subnet and a PPPoE tunnel is created to an upstream BRAS Creating PPPoE tunnels, page 179 for the procedures for creating PPPoE tunnels.
Page 162: Creating Data Connections
Configuration Creating data connections All connections, including voice and video, are based on the VLAN and all follow a general procedure: Create VLAN This first step is the same for all data connections, except for choosing which connection type. You name the connection and give it a VLAN ID as well as defining the connection type.
Page 163: Creating Bridge Connections
Deployment scenarios Creating bridge connections In Bridged mode, the zNID 24xx operates as a standard learning bridge. The source addresses in received packet headers are examined to locate unknown devices. Until the location of the destination is known, the packets are flooded to all ports that are members of the VLAN.
Page 164 Configuration Select ports and set port defaults From the Configuration - VLAN Settings => Edit Selected VLAN page (which you should be on automatically after completing the previous step) Select the port members. Figure 123: Selecting port members and their tagging Normally the uplink (Fiber WAN (eth0) will be Tagged as in this example.
Page 165 Deployment scenarios Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN. The default PVID is only used to determine how ingress untagged traffic will be tagged. The VLAN table defines the egress action. From the Uplink eth0 should be selected Selecting the Fiber WAN interface adds this VLAN to the uplink.
Page 166: Creating Routed Connections
Configuration Creating routed connections VLANs can be configured as Routed. With this connection type, packets are forwarded based on the destination IP address. Explicit routes can be configured or the system can use the default route, which is the next hop gateway for the VLAN.
Page 167 Deployment scenarios Figure 126: Selecting port members and their tagging Normally the uplink (Fiber WAN (eth0) will be Tagged as in this example. Select T from the Fiber WAN (eth0) dropdown. In this example we are only selected one untagged downstream interface.
Page 168 Configuration Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN. The default PVID is only used to determine how ingress untagged traffic will be tagged. The VLAN table defines the egress action. From the Uplink eth0 should be selected Selecting the Fiber WAN interface adds this VLAN to the uplink.
Page 169 Deployment scenarios Figure 129: Adjusting WAN settings: device addressing and NAT and DNS relay for clients For this example the ZNID will be getting its address from an upstream DHCP server. Other options for device addressing: – To assign a permanent IP to the zNID, select Static from the Address Mode dropdown You will need to get the IP Address from your ISP as well as the Subnet Mask, Default Gateway address and DNS.
Page 170 Configuration Adjust LAN settings From the Interfaces | Routed page enter a check in the select column for eth2.v402, then click Edit Selected Interface Figure 130: Selecting the LAN interface for the VLAN b From the Configuration - Routed Interface => Edit Selected Interface page, select Static from the Address Mode dropdown below IP Configuration zNID 24xx Series Configuration Guide...
Page 171 Deployment scenarios For this example we are defining the IP address for the downstream interface, by selecting Static. Figure 131: Selecting the fiber WAN interface for the VLAN The other options are – DHCP – Unconfigured Configure Wireless (Wireless connections only) Set port membership, authentication and encryption features as well as other wireless options.
Page 172: Creating Brouted Connections
Configuration Creating brouted connections Brouted VLANs enable local peer-to-peer communications between client devices, like bridged VLANs, but has a routed VLAN for the uplink interface. Network Address Translation is typically enabled for Brouted VLANs using private IP addresses locally and a single IP address on the uplink interface. When in the Brouted mode, a DHCP server may be configured to automatically assign local IP addresses (See DHCP server on page...
Page 173 Deployment scenarios Figure 133: Selecting port members and their tagging Normally the uplink (Fiber WAN (eth0) will be Tagged as in this example. Select T from the Fiber WAN (eth0) dropdown. In this example we are only selected one untagged downstream interface.
Page 174 Configuration Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN. The default PVID is only used to determine how ingress untagged traffic will be tagged. The VLAN table defines the egress action. From the Uplink eth0 should be selected Selecting the Fiber WAN interface adds this VLAN to the uplink.
Page 175 Deployment scenarios Figure 136: Adjusting WAN settings: device addressing and NAT and DNS relay for clients For this example the ZNID will be getting its address from an upstream DHCP server. Other options for device addressing: – To assign a permanent IP to the zNID, select Static from the Address Mode dropdown You will need to get the IP Address from your ISP as well as the Subnet Mask, Default Gateway address and DNS.
Page 176 Configuration Adjust LAN settings From the Interfaces | Routed page enter a check in the select column for eth2.v402, then click Edit Selected Interface Figure 137: Selecting the LAN interface for the VLAN b From the Configuration - Routed Interface => Edit Selected Interface page, select Static from the Address Mode dropdown below IP Configuration zNID 24xx Series Configuration Guide...
Page 177 Deployment scenarios For this example we are defining the IP address for the downstream interface, by selecting Static. Figure 138: Selecting the fiber WAN interface for the VLAN The other options are – DHCP – Unconfigured From the DNS Relay Source dropdown leave Default For this example we are selecting Default A DNS (Dynamic Name System) server provides the translation from a public IP address upstream of the zNID to the private IP address...
Page 178 Configuration – Proxy When set to Proxy, all DNS Requests are sent to the zNID's LAN-side IP Address, and the zNID uses its Local Host Table and its System DNS Client to resolve all DNS requests. The zNID's LAN-side IP Address will be provided as the DNS IP Address to the LAN-side clients in the DHCP Offer.
Page 179: Creating Pppoe Tunnels
Deployment scenarios Creating PPPoE tunnels PPPoE is defined for the uplink port of a VLAN. In this mode, the zNID 24xx will establish a PPPoE session with a server on behalf of the client connected to the configured port. Each VLAN can have 1 PPPoE session. The configuration of the PPPoE session requires only a few parameters: •...
Page 180 Configuration On the Configuration|VLAN Settings page, click Add New VLAN b In the VLAN Name text box enter a name for the VLAN In the VLAN Tag ID text box enter a VLAN ID d <Optional> From the Secure Forwarding dropdown select either Enable or Disable Add New VLAN on page 148 for more information...
Page 181 Deployment scenarios Figure 141: Setting the PVID for the interface Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN. The default PVID is only used to determine how ingress untagged traffic will be tagged.
Page 182 Configuration b In the Configuration - Routed Interface --> Edit Selected Interface page from the IP Configuration section Address Mode dropdown PPPoE will be set. Figure 142: For PPPoE you just need to add the username, password and authentication type For PPPoE the device addressing mode is PPPoE by default.
Page 183 Deployment scenarios From the DHCP Server dropdown below Client Addressing select Enable. Figure 143: Defining the subnet for the PPPoE bridged VLAN d In the Subnet Range Start Address text box enter a start address for the subnet (192.168.100.10) In the Stop Address text box enter an ending address for the subnet range (192.168.100.100) In the Lease Duration (sec) text box enter 86400.
Page 184 Configuration PPPoE Routed Create VLAN Figure 144: Creating a PPPoE routed VLAN On the Configuration|VLAN Settings page, click Add New VLAN b In the VLAN Name text box enter a name for the VLAN In the VLAN Tag ID text box enter a VLAN ID d <Optional>...
Page 185 Deployment scenarios Figure 145: Selecting port members and their tagging Normally the uplink (Fiber WAN (eth0) will be Tagged as in this example. Select T from the Fiber WAN (eth0) dropdown. In this example we are only selected one untagged downstream interface.
Page 186 Configuration Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN. The default PVID is only used to determine how ingress untagged traffic will be tagged. The VLAN table defines the egress action. From the Uplink eth0 should be selected Selecting the Fiber WAN interface adds this VLAN to the uplink.
Page 187 Deployment scenarios d Set the PPP username, password and authentication method In the Username, Password, Service Name and Retry Interval text boxes enter the information supplied by your ISP. In the Authentication dropdown select Auto, or the option requested by your ISP. Adjust LAN settings For PPPoE connections the LAN side you define the IP address of the interface and the subnet using DHCP (by default).
Page 188: Creating Wireless Connections
Configuration Creating wireless connections Wireless connections are created just like other connections in that the wireless interface is selected for port membership Creating a new VLAN with wireless connection Create VLAN Follow the steps for the type of connection: bridged, routed, PPPoE bridged or PPPoE routed Select ports and set port defaults Follow the steps for the type of connection: bridged, routed, PPPoE...
Page 189 Deployment scenarios Adding a wireless interface to an existing VLAN In the navigation pane select Configuration | VLAN | Settings On the Configuration - VLAN Settings page, put a check in the checkbox for the VLAN which you wish to add the wireless interface, then click Edit Selected VLAN On the Configuration - VLAN Settings =>...
Page 190: Creating Video Connections
Configuration Creating video connections IGMP snooping may be set on bridged or brouted VLANs. To add IGMP snooping to a bridged VLAN: Create VLAN In the VLAN Name text box enter a name for the VLAN b In the VLAN Tag ID text box enter a VLAN ID <Optional>...
Page 191: Creating Voice Connections
SIP and SIP-PLAR versions are S versions, such as S2.4.112. MGCP versions are M versions, such as M2.4.112. If you do not have the proper version of the software consult your Zhone representative. To load the upload the software onto the zNID, see...
Page 192 Configuration Figure 150: The SIP configuration screen Select Admin State and define..Configure line settings..Click Apply/Restart SIP client SIP-PLAR The SIP version of the software must be loaded on the zNID (includes SIP PLAR Update software, page 55 Create the voice VLAN Select Bridged for the Connection Type.
Page 193 Deployment scenarios Configure SIP-PLAR SIP-PLAR on page 136 for a description of the configuration parameters Select Admin State and define..Configure line settings..Click Apply/Restart SIP client MGCP The MGCP version of the software must be loaded on the zNID Update software, page 55 Create the voice VLAN Select Bridged for the Connection Type.
Page 194: Creating Dual Managed Connections
Configuration Creating Dual Managed connections Dual Managed connections using the virtual UNI (VEIP) between the RG and OMCI are created in the same manner as other connections. The only difference is that in the port selection process, rather than select “T” (for tagged) or “U”...
Page 195 Deployment scenarios b In the VLAN Name text box enter a name for the VLAN In the VLAN Tag ID text box enter a VLAN ID d <Optional> From the Secure Forwarding dropdown select either Enable or Disable Add New VLAN on page 148 for more information From the Connection Type dropdown select Bridged Click Apply/Save...
Page 196 Configuration d In the PVID text box for GE1 - GigE eth1, enter 410 (the same as the ID for the VLAN) Figure 154: Setting the PVID for the interface Note: Make sure that a VLAN is created with a matching VLAN ID and the LAN ports are configured as untagged members of that VLAN.
Page 197: Advanced Features
Advanced features Advanced features VLANS The zNID 24xxs support VLAN-based services. This section describes the types of VLANs that are supported on this device. When configured for normal single-tagged mode, all ports are members of a VLAN. They can be untagged or tagged members.
Page 198: Tagged Uplink Port Untagged Lan Ports
Configuration Tagged uplink port untagged LAN ports The diagram below shows an example of a VLAN tag (C-2) being added to the Ethernet frame received on the LAN port. In this case the VLAN tag remains on the frame as it is sent to the network, on the port that has been designated as the Uplink port.
Page 199 VLANS Figure 157: Configuration of VLAN settings zNID 24xx Series Configuration Guide...
Page 200: Tagged Uplink Port And Tagged Lan Ports
Configuration Tagged uplink port and tagged LAN ports The diagram below shows an example where the traffic is received on the LAN port with a VLAN tag (C-3) already included. In this case the VLAN tag remains on the frame as it is sent to the network on the port that has been designated as the Uplink port.
Page 201 VLANS value is 8100. This family of products allows that field to be specified by the user. Figure 159: S-Tagged on uplink, tagged LAN On the web interface, the S-tag feature is defined on the VLAN mode page as shown below. Once enabled, all VLAN traffic being sent upstream will have the outer S-tag applied to the packet.
Page 202: Tls Mode
Configuration TLS mode Once the ONU has been set for S-tag mode, individual ports can be configured for TLS (Transparent LAN Services) mode, where all the tagged traffic received on a TLS port is tagged with an outer S-Tag and forward upstream.
Page 203 VLANS Creating a TLS bridge Set the VLAN Service Mode to S-Tag Figure 162: Selecting S-Tag Select Configuration | VLAN | Modes b On the Configuration - VLAN Modes page, select S-Tag from the VLAN Service Modes dropdown. Click Apply Create a VLAN, select TLS-Bridged If you have created other VLANs you will note that changing the mode adds an option to the connection type menu...
Page 204 Configuration d <Optional> From the Secure Forwarding dropdown select either Enable or Disable From the Connection Type dropdown select TLS-Bridged Click Apply/Save Select ports and set port defaults From the Configuration - VLAN Settings => Edit Selected VLAN page (which you should be on automatically after completing the previous step) Select the port members.
Page 205: Nat And Dhcp
VLANS d From the VLAN | Settings page click Edit Port Defaults Figure 165: Setting PVID for the ports In the PVID text box for GE1 - GigE eth1, enter 500 (the same as the ID for the VLAN) From the Uplink eth0 should be selected Selecting the Fiber WAN interface adds this VLAN to the uplink.
Page 206 Configuration Define which ports are members of the VLAN Set the PVID Since this example is using untagged ports, it is critical to set the PVID to data VLAN. Otherwise all incoming packets will be dropped. zNID 24xx Series Configuration Guide...
Page 207 VLANS Enable NAT on the uplink port Enable the NAT function, and set the DNS addresses. In this case we are using static addresses. Enable DHCP and specify the range of addresses Note the every port has its own DHCP server. Each port must be configured and must be on a separate subnet.
Page 208 Configuration zNID 24xx Series Configuration Guide...
Page 209: Dhcp Server
VLANS DHCP server Dynamic Host Control Protocol (DHCP) is the means for dynamically assigning IP addresses. Basically, a DHCP server has a pool of IP addresses that can be assigned to DHCP clients. A DHCP client maintains its MAC address, but may have a different IP address each time it connects to the network.
Page 210: Data Services
Configuration Data services Rate limiting Rate limiting is done on a per-physical-port basis, not on a per-VLAN basis. Rate limiting is a mechanism for controlling traffic and can include policing (dropping packets). Use rate limiting to control the rate of traffic sent or received on a physical port.
Page 211: Priority
VLANS Priority The system can be configured to prioritize traffic based on either the layer 2 VLAN CoS bits or the layer 3 ToS bits. The prioritization method is selected on the VLAN Mode page as shown below. Figure 167: VLAN modes The zNID 24xx products support the prioritization of traffic based on either the ToS (Type of Service) values in IP packets or CoS (Class of Service) values in Ethernet VLAN headers as defined by IETF RFC1349 and IEEE...
Page 212 Configuration Table 58: CoS value to priority mapping CoS Value Priority Queue Priority Method High WRR 16/8/4 (weight = 16) Critical Strict priority Critical Strict priority Packets which require the highest throughput or are sensitive to latency (the amount of time between received packets) should be in higher priority queues. Normally video and voice are more sensitive to throughput and latency issues.
Page 213: Special Scenarios
This chapter describes troubleshooting tests for the zNID 24xx. It includes the following sections: Zhone supports the Microsoft Media Room (MMR) application in many deployments for GPON, ADSL and VDSL. Zhone’s IPTV deployment includes support for integrated residential gateway functionality required by MMR to significantly reduce the complexity and cost of deployments.
Page 214 Figure 168: MMR provides live, recorded, and on demand programming for PCs, media servers (like the Xbox) and TV The wire speed NAT Routing capabilities of Zhone’s zNID product family are required to support multiple concurrent High Definition IP TV streams with low latency and no packet loss.
Page 215 Microsoft Media Room support Figure 169: The zNID 24xx includes integrated support for the MicroSoft Media Room 2.0 Application zNID 24xx Series Configuration Guide...
Page 216 Special scenarios zNID Configuration requirements for MMR: • Two NAT BRouted VLANs must be created. All zNID LAN ports must be UNTAGGED members of both VLANs. The zNID Uplink must be TAGGED member of both. DHCP Server is enabled on the Data VLAN. UPnP enabled on DATA VLAN.
Page 217: Any Port, Any Service
Any port, any service Any port, any service Zhone supports the concept that any device connected to the zNID 24xx can access any service, whether that service is high speed Internet (HSIA), IPTV or Video on Demand (VoD) from any Ethernet port. With up to four Gigabit Ethernet ports as well as two POTS port there is enough bandwidth to supply HSIA, IPTV and VoD as well as analog telephone.
Page 218 Special scenarios • Conditional DHCP Addressing is used to assign permanent IP Address to STBs and DVRs based on OUI classification. These devices are assigned IP addresses from a dedicated range within the subnet. • All LAN broadcast traffic is kept LOCAL •...
Page 219: Troubleshooting Tests
ROUBLESHOOTING TESTS This chapter describes troubleshooting tests for the zNID 24xx. It includes the following sections: • Diagnostics, page 219 • Ping, page 221 • Trace route, page 222 • Hardware reset, page 224 Diagnostics The Diagnostics page runs tests on each interface. If a test shows FAIL, click the Hints link to diagnose the issue.
Page 220 Troubleshooting tests zNID 24xx Series Configuration Guide...
Page 221: Ping
Ping Ping The Ping test sends an IP ping to an IP address. The ping can be used to determine if another device can be accessed from the zNID. Figure 173: The Ping test Table 60: Ping test parameters Parameter Description IP Address or Domain The destination address can be entered as a dot notation...
Page 222: Trace Route
Troubleshooting tests Trace route The Trace Route test issues an ICMP echo command to the destination address. The result shows the path (hops) it took to reach the destination address. Figure 174: The Trace Route test Table 61: Trace route parameter Parameter Description IP Address or Domain...
Page 223: Voice
Voice Voice Figure 175: zNID 24xx Series Configuration Guide...
Page 224: Hardware Reset
Troubleshooting tests Hardware reset To reset the zNID 24xx Press a pin into the reset button and hold it down until all LEDs are on together. Release the reset button. zNID 24xx Series Configuration Guide...
Page 225: Index
NDEX ARP table 70 Reboot 56 Restore 45 Restore default 46 Restore from alternate bank 54 Backup 43 Bridge table 71 bridging overview 100 SNMP 20 SNMP Agent 47 statistics 57 Status and statistics 57 System features 30 CLI 19 System log 39 System log message severity level 39 System log message, severity levels 39...
Page 226 Index zNID 24xx Series Configuration Guide...

This manual is also suitable for:

Znid-gpon-2424 Znid-gpon-2403 Znid-gpon-2426 Znid-gpon-2427 Znid-ge-2402 Znid-ge-2424 ... Show all

Zhone zNID-GPON-2402 Configuration Manual

About this Guide

Style and Notation Conventions

Related Documentation

Acronyms

Technical Support

Important Safety Instructions

Chapter 1 Znid 24Xx Series

Overview

Web User Interface

Znid 24Xx Series Components

Znid 24Xx Models and Interfaces

Chapter 2 Management

Management Interfaces

OMCI Vs. Residential Gateway Management

Logging in to the 24Xx Series Znids

System Features

Status and Statistics

Chapter 3 Configuration

Interfaces

Factory Default VLAN Definition

Configuration

Deployment Scenarios

Advanced Features

Chapter 4 Special Scenarios

Microsoft Media Room Support

Any Port, any Service

Chapter 5 Troubleshooting Tests

Diagnostics

Ping

Trace Route

Voice

Hardware Reset

Index

Quick Links

Related Manuals for Zhone zNID-GPON-2402

Summary of Contents for Zhone zNID-GPON-2402

This manual is also suitable for: