Lifeline configuration ................................ 128 Relay to ISDN ..................................129 How to connect Lifeline and DSL connection ........................129 IP A ................................131 PPLICATION OTES Setup SIP Account ................................131 Peer to Peer call ................................135 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 3
How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN? ..........180 How do I upload or backup ROMFILE via web configurator? ................... 181 How do I backup/restore configurations by using FTP client program via LAN? .............. 181 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 4
What is the difference between SUA and Multi-NAT? ...................... 190 What is BOOTP/DHCP? ..............................190 What is DDNS? ................................. 190 When do I need DDNS service? ............................191 What DDNS servers does the Prestige support? ....................... 191 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 5
What is a network firewall? ............................. 197 What makes Prestige firewall secure? ..........................197 What are the basic types of firewalls? ..........................197 What kind of firewall is the Prestige? ..........................198 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 6
Does Prestige support dynamic secure gateway IP? ......................208 What VPN gateway that has been tested with Prestige successfully? ................208 What VPN software that has been tested with Prestige successfully? ................208 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 7
Do I need the same kind of antenna on both sides of a link ? ..................217 Why the 2.4 Ghz Frequency range ? ..........................217 What is Server Set ID (SSID) ? ............................217 What is an ESSID ? ................................217 All contents copyright (c) 2007 ZyXEL Communications Corporation.
A typical Internet access application of the Prestige is shown below. For a small office, there are some components needs to be checked before accessing the Internet. Before you begin Setting up the Windows Setting up the Prestige router All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 9
You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install: In the Control Panel/Network window, click button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 10
Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either http://192.168.1.1 2. Login first All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 11
The default User Name and password are the default SMT password, 'admin'. 3. Configure Prestige for Internet access by using WIZARD SETUP The Web screen shown below takes PPPoE as the example. All contents copyright (c) 2007 ZyXEL Communications Corporation.
DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses negotiating between the DHCP clients and the server. See figure 1. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 13
Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= 192.168.1.2 TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= None Version= N/A Multicast= None IP Policies= Edit IP Alias= No All contents copyright (c) 2007 ZyXEL Communications Corporation.
To make a server visible to the outside world, specify the port number of the service and the inside address of the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using WAN IP the Prestige's address which can be obtained from menu 24.1. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 15
0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Port numbers for some services Service Port Number Telnet SMTP DNS (Domain Name Server) www-http (Web) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 17
PPTP client setup (Win9x) Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 18
WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the remote Win9x client. For example: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 19
IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Internet ISP, thus making them appear as if they had come from the NAT system itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 21
In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 22
SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. SMT Menus 1. Applying NAT in the SMT Menus All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 23
NAT is disabled when you select this option. None When you select this option the SMT will use Address SUA Only Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 24
Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets further information on these menus. Enter 1 to bring up Menu 15.1-Address Mapping Sets All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 25
Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 26
Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu. Menu 15.1.1 - Address Mapping Rules Set Name= ? Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 27
15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs displayed in Menu 15.1.1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 28
Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot have an End IP address beginning before the Start IP address. NAT Server Sets All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 29
ESC at any time to cancel. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 30
1723 Protocol) 1. Internet Access Only In our Internet Access example, we only need one rule where all our ILAs map to one IGA assigned by the ISP. See the following figure. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 31
My Login= cso@zyxel My Password= ******** Idle Timeout (sec)= 0 IP Address Assignment= Dynamic IP Address= N/A Network Address Translation= SUA Only Address Mapping Set= 1 Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 32
NAT as shown below. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 33
8. Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 34
Rule 1 Setup: Select One-to-One type to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One Local IP: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 35
Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3. Menu 15.1.1.3 - - Rule 3 Type: Many-to-One Local IP: Start= 0.0.0.0 End = 255.255.255.255 Global IP: Start= [Enter IGA3] End = N/A All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 36
Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 [IGA1] 2. 192.168.1.11 [IGA2] 3. 0.0.0.0 255.255.255.255 [IGA3] [IGA3] Server All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 37
Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.20 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 4. Support Non NAT Friendly Applications All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 38
End = [Enter IGA3] Press ENTER to Confirm or ESC to Cancel: The three rules configured for using One-to-One mapping type is shown below. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 39
End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.3 - - Rule 3 Type: One-to-One Local IP: Start= 192.168.1.12 End = N/A Global IP: Start= [Enter IGA3] End = N/A All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 40
Many One to One Server The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) ILA1<--->IGA1 ILA2<--->IGA2 Many-to-Many ILA3<--->IGA1 Overload ILA4<--->IGA2 ILA1<--->IGA1 Many-to-Many No ILA2<--->IGA2 Overload ILA3<--->IGA3 ILA4<--->IGA4 All contents copyright (c) 2007 ZyXEL Communications Corporation.
With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The following diagram illustrates the logic flow when executing a filter rule. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 42
The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the protocol category; they act on the IP and IPX packets. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 43
'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 44
IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 45
Menu 11.1 - Remote Node Profile Rem Node Name= LAN Route= IP Active= Yes Bridge= No Encapsulation= PPP Edit PPP Options= No Incoming: Rem IP Addr= ? Rem Login= test Edit IP/IPX/Bridge= No Rem Password= ******** All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 46
In order to avoid operational problems later, the Prestige will disable its routing/bridging functions if there is an inconsistency among its filter rules. filter for blocking the web service Configuration Before configuring a filter, you need to know the following information: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 47
------ ----------------- Web Request _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ Enter Filter Set Number to Configure= 1 Edit Comments= Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 48
Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 53 Port # Comp= Equal All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 49
Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: 5. After the three rules are completed, you will see the rule summary in Menu 21. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 50
------ ----------------- Block a client _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 51
Action Not Matched..Set to 'Forward' to allow the packets from other clients 3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup. A filter for blocking a specific MAC address All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 52
0040: 77 61 62 63 64 65 66 67 68 69 The detailed format of the Ethernet Version II: + Ethernet Version II - Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45 (Destination MAC) - Ethernet II Protocol Type: IP All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 53
0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 0040: 77 61 62 63 64 65 66 67 68 69 2. We are now ready to configure the 'Generic Filter Rule' as below. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 54
[00 80 c8 4c ea 63] that the Prestige should use to compare with the masked packet. If the result from the masked packet matches the 'Value', then the packet is considered matched. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 55
'Protocol Filter' that is used for configuring the TCPIP and IPX filters. Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters= device filters= 1 Output Filter Sets: protocol filters= device filters= All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 56
Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first. Menu 21 - Filter Set Configuration Filter Filter All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 57
IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 58
Press ENTER to Confirm or ESC to Cancel: Rule 3-Destination port number 138 with protocol number 6 (TCP) Menu 21.1.3 - TCP/IP Filter Rule Filter #: 1,3 Filter Type= TCP/IP Filter Rule Active= Yes All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 59
Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 138 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A More= No Log= None All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 60
Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: Rule 6-Destination port number 139 with protocol number 17 (UDP) Menu 21.1.6 - TCP/IP Filter Rule Filter #: 1,6 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 61
N D N 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 5 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N 6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 62
Press ENTER to Confirm or ESC to Cancel: Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Menu 21.2.2 - TCP/IP Filter Rule Filter #: 2,2 Filter Type= TCP/IP Filter Rule Active= Yes All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 63
N D F 1. Apply the filter set 'NetBIOS_LAN' in the 'Input protocol filters=' in the Menu 3 for blocking the packets from LAN Menu 3.1 - General Ethernet Setup Input Filter Sets: All contents copyright (c) 2007 ZyXEL Communications Corporation.
IP to the DDNS server. Toggle 'Configure Dynamic DNS' option to 'Yes' and press ENTER for configuring the settings of the DDNS in menu 1.1. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 65
Toggle to 'Yes'. Enter the hostname you subscribe from the above DDNS server. For example, Host zyxel.com.tw. EMAIL Enter the email address you give to the DDNS server. User Enter the user name that All contents copyright (c) 2007 ZyXEL Communications Corporation.
(MIB). The MIB is made up of several parts, including the Standard MIB, specified as part of SNMP, and Enterprise Specific MIB, which are defined by different manufacturer for hardware specific management. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 67
NMSs use these operations to determine which variables a managed device supports and to sequentially gather information from variable tables (such as IP routing table) in managed devices. 9. Traps The managed devices to asynchronously report certain events to NMSs use trap. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 68
The SNMPv1 messages contains two part. The first part contains a version and a community name. The second part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 69
Some traps are sent to the SNMP manager when anyone of the following events happens: coldStart (defined in RFC-1215) : If the machine coldstarts, the trap will be sent after booting. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 70
"System reboot by user !" will be sent. (ii) For fatal error : System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 71
The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 192.168.1.33 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige will not send trap any NMS manager. Using syslog 4. Prestige Setup Menu 24.3.2 - System Maintenance - UNIX Syslog and Accounting UNIX Syslog: Active= Yes Syslog IP Address= 192.168.1.33 Log Facility= Local 1 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Therefore, three routes are created in the Prestige as shown below when the three networks are configured. If the Prestige's DHCP is also enabled, the IP pool for the clients can be any of the three networks. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ip ro st...
Page 77
If the Prestige's DHCP server is enabled, the IP pool for the clients can be any of the DHCP Setup three networks. Enter the first LAN IP address for the Prestige. This will create the first route in the TCP/IP Setup enif0 interface. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Toggle to 'Yes' and enter the third LAN IP address for the Prestige. This will create the IP Alias 2 third route in the enif0:1 interface. Using Call Scheduling 1. What is Call Scheduling ? All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 79
2. Select a Schedule Set number and give it a name: Menu 26 - Schedule Setup Schedule Schedule Set # Name Set # Name ------ ----------------- ------ ----------------- 1 ZyXEL 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 80
Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 12 : 00 Duration(hh:mm)= 16 : 00 Action= Enable Dial-on-demand Press ENTER to Confirm or ESC to Cancel: Key Settings: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 81
Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= cso@zyxel Schedules= 1,2,3,4 My Password= ******** Nailed-Up Connection= No Retype to Confirm= ******** Authen= CHAP/PAP All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 82
Current Date: 2004 - 01 - 01 New Date (yyyy-mm-dd): 2004 - 01 - 01 Time Zone= GMT+0800 Daylight Saving= No Start Date (mm-dd): 01 - 00 End Date (mm-dd): 01 - 00 All contents copyright (c) 2007 ZyXEL Communications Corporation.
DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 84
Private= No RIP Direction= None Version= RIP-2B Multicast= IGMP-v2 IP Policies= Enter here to CONFIRM or ESC to CANCEL: Key Settings: IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. Multicast All contents copyright (c) 2007 ZyXEL Communications Corporation.
Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using SMT Menu 2 WAN Backup Setup. Menu 2 - Wan Backup Setup Menu 2 - Wan Backup Setup All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 86
"down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested. Traffic All contents copyright (c) 2007 ZyXEL Communications Corporation.
UPnP also supports NAT Traversal which can automatically solve many NAT unfriendly problems. By UPnP, applications assign the dynamic port mappings to Internet gateway and delete the mappings when the connections are complete. The key components in UPnP are devices, services, and control points. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 88
Description: Control points can get more detailed service information from devices' description in XML format. The description may include product name, model name, serial number, vendor ID, and embedded services...etc. Control: Devices can be manipulated by control points through Control message. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 89
Note that since PC1 must support UPnP, we presume that it's OS is Microsoft WinME or WinXP. Device: Prestige Router Service: NAT function provided by Prestige Router Control Point: PC1 1. Enable UPnP function in ZyXEL device All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 90
MSN application can assign dynamic port mapping to the router. So that network administrator don't need to setup SUA port mapping in the router. 2. After getting IP address, you can go to open MSN application on PC and sign in MSN server. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 91
Prestige 2602HWNLI-D7A Support Notes 3. Start a Video conversation with one online user. 4. On the opposite side, your partner selects Accept to accept your conversation request. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 92
Prestige 2602HWNLI-D7A Support Notes 5. Finally, your video conversation is achieved. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Infrastructure mode, sometimes referred to as Access Point mode, is an operating mode of an 802.11b/Wi-Fi client unit. In infrastructure mode, the client unit can associate with an 802.11b/Wi-Fi Access Point and communicate with other clients in infrastructure mode through that access point. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 95
1. From the web configurator main menu, click Network->wireless LAN to display –Wireless LAN. 3. Configure the desired configuation on Prestige wireless VoIP IAD and check the Active wireless LAN check box. 4. When finish click on apply button to take effect. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 96
3. Select Infrastructure from the operation mode pull down menu, fill in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect. 4. Click on Site Survey tab, and press search all the available AP will be listed. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 97
Prestige 2602HWNLI-D7A Support Notes 5. Double click on the AP you want to associated with. All contents copyright (c) 2007 ZyXEL Communications Corporation.
The MAC Filter related settings in ZyXEL APs are configured in menu 3.5.1, WLAN MAC Address Filter Configuration. Before you configure the MAC filter, you need to know the MAC address of the client first. If All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 99
MAC addresses configured in this list will be allowed to Filter Action associate with AP. If Deny Association is selected in this field, hosts with MAC addresses configured in this list will be blocked. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 100
4. Select the Filter Action to allow or deny association from hosts in the list. 5. Enter the MAC Addresses which you may want to apply the filter to allow or block associations from. 6. Click Apply to make your setting work. All contents copyright (c) 2007 ZyXEL Communications Corporation.
The reson for this misnomer is that the WEP key ( 40/104 bits ) is concatenated with the initialisation vector ( 24 bits ) resulting in a 64/128 bit total key size. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 102
64-bit WEP key (secret key) with 5 characters 64-bit WEP key (secret key) with 10 hexadecimal digits 128-bit WEP key (secret key) with 13 characters 128-bit WEP key (secret key) with 26 hexadecimal digits All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 103
Hexadecimal digits have to preceded by '0x', WEP Key type Example Key1= 2e3f4 Key2= 5y7js 64-bit WEP with 5 characters Key3= 24fg7 Key4= 98jui 64-bit WEP with 10 hexadecimal digits Key1= 0x123456789A ('0-9', 'A-F') Key2= 0x23456789AB All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 104
At the same time, when the station transmits data to access point which encrypt data by Key 2. The access point will decrypt the data by its Key 2. Setting up the Access Point with Web configurator All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 105
1. Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. The utility will pop up on your windows screen. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 106
Select encryption type corresponds with access point. Set up 4 Keys which correspond with the WEP Keys of access point. And select on WEP key as default key to encrypt wireless data transmission. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 107
Prestige 2602HWNLI-D7A Support Notes All contents copyright (c) 2007 ZyXEL Communications Corporation.
Ethernet), in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases the authentication process fails. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 109
The station must be running 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system, Meeting House AEGIS 802.1x client and Odyssey 802.1x client. 3. Authentication Server : All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 110
When 802.1x is enabled, the authenticator controls the port authorization state by using the following control parameters. The following three authentication control parameter are applied in Wireless AP. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 111
EAP over LANs, or EAPOL. Ethernet type of EAPOL is 88-8E , two octets in length. EAPOL encapsulations are described for IEEE 802 compliant environment, such as 802.3 Ethernet, 802.11 Wireless LAN and Token Ring/FDDI. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 112
When the supplicant does not need Wireless access any more, it sends EAPOL-Logoff packet to terminate its 802.1x session, the port state will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 113
The EAPOL packet contains the following fields: protocol version, packet type, packet body length and packet body. Most of the fields are obvious. The packet type can have four different values, and these values are described below: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 114
ZyXEL AP. By default, the 802.1x function is disabled (Authentication Control= Force Authorized) to allow all wireless client. You can use SMT or Web Configuration to configure it. Enter SMT Menu 23.4 to setup the 802.1x authentication control. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 115
Press ENTER to Confirm or ESC to Cancel: If you use WEB Configuration, 1. From the Web Configurator main menu, Click Network -> Wireless LAN -> and select 802.1x 2. Click Apply to make your setting work. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 116
RADIUS server. Follow the steps to add user accounts on your ZyXEL AP. 1. From the SMT main menu, enter 14 to display Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. ZyXEL 9. ________ 17. ________ 25. ________ All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 117
1. From the Web Configurator main menu, Network -> Wireless LA N -> Local User Database 2. Select one of the profile and check Active check box 3. Input the User Name and Password then click Apply to save the profile. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 118
EAP frame, which is then encapsulated for Ethernet and sent to the supplicant. When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 119
1. From the SMT main menu, enter Menu 23.2 to setup System Security - RADIUS Server to setup the RADIUS authentication server. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= Server Address= 192.168.1.100 Port #= 1812 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 120
RADIUS servers. You can refer to RADIUS authentication configuration. If you use WEB Configurator, from the Web Configurator main menu, Click Network -> Wireless Lan to setup the RADIUS authentication and accounting server configuration. All contents copyright (c) 2007 ZyXEL Communications Corporation.
2. Visually inspect the facility, walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf, metal desk, etc on the diagram. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 122
4. It's always a good idea to start with putting the access point at the corner of the room and walk away from the access point in a systematic manner. Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 123
7. You may need more than one access point is the RF coverage area have not cover all the wireless service area you needed. 8. Repeat step 1~6 of survey on site as necessary, upon completion you will have an diagram and information of site survey. As illustrated below. All contents copyright (c) 2007 ZyXEL Communications Corporation.
PSTN dial out is 0000 and can be change to value you wish to) and dial this prefix to switch over to PSTN line than dial the PSTN number as normal. All contents copyright (c) 2007 ZyXEL Communications Corporation.
0000, than the device will switch over to PSTN line. At this moment you will hear dial tone from PSTN again. At this state you can dial out to PSTN as you would on a regular PSTN system. All contents copyright (c) 2007 ZyXEL Communications Corporation.
If your ADSL line type is Splitter type you ISP will provide you with splitter otherwise it should be splitterless. For correct info you may check with your service provider as for which type of line you have. Firgure 1 Splitter type All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 127
Connect the RJ-11 to one of the output jack on the Y connector Connect the DSL cable to the other output jacket on the Y connector Connect the Y connector input port with a phone cable to the wall Jack or line from ISP. All contents copyright (c) 2007 ZyXEL Communications Corporation.
If your ADSL line type is Splitter type you ISP will provide you with splitter otherwise it should be splitterless. For correct info you may check with your service provider as for which type of line you have. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 130
2. Connect the RJ45 to the splitter phone jack or a telephone wall jack 3. Connect the DSL cable to the splitter modem jack or ADSL line 4. Connect the splitter jack where it labels Line to ADSL line from the ISP. All contents copyright (c) 2007 ZyXEL Communications Corporation.
VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 132
Prestige (LAN IP address). The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 133
Enter the SIP server’s listening port for SIP in this field. Leave this field set to SIP Server Port the default if your VoIP service provider did not give you a local port number for SIP. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 134
Prestige’s advanced VoIP settings like SIP server settings, the RTP port Setup range and the coding type. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. All contents copyright (c) 2007 ZyXEL Communications Corporation.
You need to configure the self SIP number and put callee's IP address at SIP server, SIP proxy, Domain server all in the VOIP screen. Setup--- Configuring SIP / VoIP related settings in device A All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 136
Prestige 2602HWNLI-D7A Support Notes All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 137
2. Fill in device B’s IP into SIP server address, Register server address… as example. 3. Setup speed dial, put device B’s information into the column. Setup--- Configuring SIP / VoIP related settings in device B All contents copyright (c) 2007 ZyXEL Communications Corporation.
After completing the setting, you can dial #01 from the phone under device A, then the phone under device B will ring. Phone port settings Prestige allows you to configure the volume and echo cancellation setting for each individual phone port. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 139
Listening Use this field to set the loudness that the Prestige uses for the speech signal Volume that it receives from the peer device and sends to your phone. -1 is the All contents copyright (c) 2007 ZyXEL Communications Corporation.
Advanced Settings to display the following screen. Advanced voice settings configuration allows user to modify SIP server related settings, RTP port range, preferred compression type (codec), DTMF type and Message Waiting Indication (MWI) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 141
This read-only field displays the number of the SIP account that you are configuring. The changes that you save in this page affect the Prestige’s settings with the SIP account displayed here.. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 142
The Dual Tone Multi-Frequency (DTMF) mode sets how the Prestige handles the tones that your telephone makes when you push its buttons. It DTMF Mode is recommended that you use the same mode that your VoIP service provider uses. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Apply Click Apply to save your changes back to the Prestige. Phone book Speed dial Prestige allows you to configure up to 10 SIP numbers in the phone book for speed dial. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 144
IP or URL remote peer. Step 6. Click on Add button when you are finish to add the entry to the phone book. Each field's detail description of the page is listed below. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 145
Click this button to change the speed dial entry. The speed dial entry Edit displays in the Add New Entry section of the screen where you can edit it. Clear Click this button to remove all of the entries from the speed dial phonebook. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Use these fields to specify phone numbers to which the Prestige will always Immediate send calls through the regular phone service without the need of dialing a Dial prefix number. These numbers must be for phones on the PSTN (not VoIP All contents copyright (c) 2007 ZyXEL Communications Corporation.
Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications. Click VoIP -> SIP -> QoS to display the following screen. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige to block or redirect calls. You can configure a different call forwarding table for each SIP account or use the same call forwarding table for both. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 149
Enable this feature to have the Prestige forward incoming calls to the number that you configure whenever you do not answer the call after a specific time period. Each field's detail description of the page is listed below. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 150
You can set the Prestige to take a particular action on incoming calls from a Incoming Call number that you specify here. Number Forward to You can set the Prestige to forward incoming calls to a number that you All contents copyright (c) 2007 ZyXEL Communications Corporation.
If you have another call, press the flash key to switch back and forth between caller A and B by putting either one on hold. Call Waiting setup This allows you to place a call on hold while you answer another incoming call on the same telephone number. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 152
In this scenario, there are 3 kinds of action available: Below call flow graphs could help you better understand the call waiting working mechanism. Scenario 1: If A presses flash key + 0, A will reject C. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 153
Scenario 2: If A presses flash key + 1, A will disconnect B and answer C. Scenario 3: If A presses flash key + 2, A will put B on hold and answer C. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Step 4. Hang up the phone to drop the connection. Step 5. If you want to separate the activated three-way conference into two individual connections (one is on-line, the other is on hold), press the flash key and press “2”. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Three kinds of call transfer service available: Blind Transfer Consult On - Hold Transfer Attendant Transfer Application scenario 1: Blind Transfer A dial to B B off hook A and B conversation All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 156
A and B conversation If user A wants to communicate with user C for a while, then drop the connection to let user B and user C keep communication, user A could choose Consult Transfer. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 157
If user A wants to communicate with user C for a while, then drop the connection to let user B and user C keep communication, user A may also choose Attendant Transfer. All contents copyright (c) 2007 ZyXEL Communications Corporation.
When you have two phones attached to the P2602HWNLIx phone ports, you just dial "####" on one of the two phones, another phone will ring. Call Fallback Call Fallback allows customer to set your P-2602HWNLI-D1A to automatically relay outgoing phone calls to All contents copyright (c) 2007 ZyXEL Communications Corporation.
This example show you how to configure the Call Park and Call Pickup Phone Configuration: Press *97# + park number to park the call Press #97# + park number to pick-up the call All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 160
Call Pickup Call Flow To pick up the call please only need to input #97# and the park number: In below graph, user B press #97# + park number (5000) to pick up the call. All contents copyright (c) 2007 ZyXEL Communications Corporation.
1. A missed a call from B. 2. A made a successful call with B. In both scenarios, user A only needs to pick up the phone and presses “*66#”, B will ring automatically. All contents copyright (c) 2007 ZyXEL Communications Corporation.
2. Ring Selection by Incoming Line: If the phone number is not in the group, phone ring tone will be based on where it comes from. (SIP/PSTN/Internal). You may configure Distinctive Ring easily on web GUI: VoIP > Phone Book > Distinctive Ring Each filed is described in the following table: All contents copyright (c) 2007 ZyXEL Communications Corporation.
This feature allows you to set your phone not to ring when someone calls you. You can set each phone independently using its keypad, or configure global setting for all phones using the command line. How to configure DND on phone keypad? *95# Enable Do Not Disturb All contents copyright (c) 2007 ZyXEL Communications Corporation.
In this graph, Device A has enabled Music on Hold function. Thus when A and B are on a call, and if A holds the call, B will hear the music tone. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 166
Enable Message Waiting Indication (MWI) enables your phone to give you a message–waiting (beeping) dial tone when you have a voice message(s). Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842. MWI Call flow: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Application scenario: User only needs to choose corresponding country code to implement all these changes when moving from one country to another. Country Code configuration in Web GUI: VoIP>Phone>Region. Choose the Region Settings: All contents copyright (c) 2007 ZyXEL Communications Corporation.
Note: VoIP Trunking requires the following additional configuration in the VoIP > SIP > SIP Setting > Advanced Setup screen: Voice Compression field needs to be set to G.729 and DTMF Mode field needs to be set to SIP INFO. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Device B is P2602HWNLI-D1A, SIP 1 number: 33333. Phone 1 number: 33333, it is an analog phone, which connects to P2602HWNLI-D1A phone 1 port. Phone 3 number: 103, it is a PTSN phone. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 170
Step 1: Choose “Activate Trunking”in P2602HWNLI-D1A web GUI: VoIP > Trunking > General, then click “Apply” button. Step 2: In P2602HWNLI-D1A web GUI: VoIP > Trunking > Peer Call > Incoming Authentication, set username 103 and password 1234 for item 1, then click “Apply” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 171
Step 2: In P2602HWNLI-D1A web GUI: VoIP > Trunking > Peer Call, Set Outgoing Authentication account 1, name Test, username 103 and password 1234, peer IP 172.25.24.131, peer port 5060, then click “Apply” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 172
Step 3: In P2602HWNLI-D1A web GUI: VoIP > Phone Book > Speed Dial, Choose #01, input number 103, name 103, choose Non-Proxy in Type and input IP 172.25.24.131, then click “Add” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Step 2: Set Auto Attendant Timeout 10 sec, Dialing Interval 3 sec on P2602HWNLI-D1A web GUI: VoIP > Trunking > General. Step 3: Choose Active Auto Attendant Authentication and set password 123456 on P2602HWNLI-D1A web GUI: VoIP > Trunking > General, then click “Apply” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
User Y uses PSTN phone (103) to make a call to the ZyXEL Device A FXO (101). Device A connects B over IP network. Application Scenario: Device A is P2602HWNLI-D1A, WAN IP: 172.25.24.131, SIP 2 number: 22222, Life line phone number 101. Device B is P2602HWNLI-D1A, SIP1 number: 33333. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 175
Trunking > General. Step 3: Choose Active Auto Attendant Authentication and set password 123456 on P2602HWNLI-D1A web GUI: VoIP > Trunking > General, then click “Apply” button. On Device B: No special configuration needed. All contents copyright (c) 2007 ZyXEL Communications Corporation.
“alter tone”, then dials A site PSTN number 103, user Y PSTN phone (103) will ring. Configuration details On Device A: Step 1: Choose “Activate Trunking”on P2602HWNLI-D1A web GUI: VoIP > Trunking > General. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 177
GUI: VoIP > Trunking > General, then click “Apply” button. Step 4: On P2602HWNLI-D1A web GUI: VoIP > Trunking > Peer Call > Incoming Authentication, Input username 1234 and password 1234 then click “Apply” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 178
On P2602HWNLI-D1A web GUI: VoIP > Trunking > Peer Call > Outgoing Authentication, Set Outgoing Authentication account 1, name “Test”, username 1234 and password 1234, peer IP 172.25.24.131, peer port 5060, then click “Apply” button. All contents copyright (c) 2007 ZyXEL Communications Corporation.
It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites and public Web download site as they become available. All contents copyright (c) 2007 ZyXEL Communications Corporation.
To upgrade firmware, use FTP client program to put firmware in file 'ras' in the Prestige. After data transfer is finished, the Prestige will program the upgraded firmware into FLASH ROM and reboot All contents copyright (c) 2007 ZyXEL Communications Corporation.
To restore the configurations, use the FTP client program to put your configuration in file ROM-0 in the Prestige. Why can't I make Telnet to Prestige from WAN? There are three possible reasons that Telnet from WAN is blocked. All contents copyright (c) 2007 ZyXEL Communications Corporation.
The primary motivation for RFC 1631 is that there is not enough IP address to go around. In addition, many corporations simply did not bother to obtain legal (globally unique) IP addresses for their networks and now finding themselves unable to connect to the Internet. All contents copyright (c) 2007 ZyXEL Communications Corporation.
ADSL. The IAD is equipped with 1 auto-MDI/MDIX 10/100Mbps Ethernet LAN port, 1 ADSL WAN port. It is the most simple and affordable solution for multiple and instant broadband Internet access router. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the Prestige if the ISP uses PPPoE. All contents copyright (c) 2007 ZyXEL Communications Corporation.
IP from ISP, instead, can be recognized or pinged by another real IP. The Prestige Internet Access Sharing Router works like an intelligent router that route between the virtual IP and the real IP. All contents copyright (c) 2007 ZyXEL Communications Corporation.
5 second, the unit will be reset. When the reset button is pressed the devices all parameter will be reset back to factory default include, password, and IP address. The default IP address is 192.168.1.1, Password 1234. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Most independent Internet Service Providers today connect to the Internet using a single 1.5 Mbps "T1" telephone line. All of their subscribers share that 1.5 Mbps pipeline. Cable head-ends connecting to the Internet backbone using a T1 limit their subscribers to an absolute maximum of 1.5 Mbps. All contents copyright (c) 2007 ZyXEL Communications Corporation.
IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. All contents copyright (c) 2007 ZyXEL Communications Corporation.
NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) Many-to-Many ILA1<--->IGA1 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Without DDNS, we always tell the users to use the WAN IP of the 312 to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name All contents copyright (c) 2007 ZyXEL Communications Corporation.
However, SUA should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. All contents copyright (c) 2007 ZyXEL Communications Corporation.
P2602HWNLI – D7A can support up to three devices per telephone port. Can I receive incoming PSTN call through P2602HWNLI- D7A? Yes, P2602HWNLI has a line port for connecting a PSTN line. Thus enable you to receive incoming PSTN calls. All contents copyright (c) 2007 ZyXEL Communications Corporation.
In order to transfer voice (analog signal) over IP it first need to be digitized. Codec is a technic to digitize analog signal to digital and vice versa. There are various speech codec available and can be used with VoIP each with it's advantage and disadvantage. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Codec is a algorithm which converts analog signal into digital signal and vice versa. There are three main type of waveform codec, source codec, and hybrid codec. Each consume different amount of bandwidth and provide different voice quality level. All contents copyright (c) 2007 ZyXEL Communications Corporation.
3. An account with a VoIP provider such as an ITSP. The account can be configured to recognize your calls automatically, or you can require the users to enter their unique account numbers issued. All contents copyright (c) 2007 ZyXEL Communications Corporation.
In such case, please contact your local vendor for support. If they can't help out the problem they will escalate your problem to ZyXEL tech center. To report a problem please prepared below info. All contents copyright (c) 2007 ZyXEL Communications Corporation.
This adds a level of security since the clients on the private LAN are invisible to the Internet. What are the basic types of firewalls? Conceptually, there are three types of firewalls: 1. Packet Filtering Firewall 2. Application-level Firewall 3. Stateful Inspection Firewall All contents copyright (c) 2007 ZyXEL Communications Corporation.
Although packet filter and NAT restrict access to particular computers and networks, however, for the other companies this security may be insufficient, because packets filters typically cannot maintain session state. Thus, for greater security, a firewall is considered. All contents copyright (c) 2007 ZyXEL Communications Corporation.
SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is set a relatively long intervals) terminates the TCP three-way handshake. Once the queue is full , the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. All contents copyright (c) 2007 ZyXEL Communications Corporation.
There are two default ACLs pre-configured in the Prestige, one allows all connections from LAN to WAN and the other blocks all connections from WAN to LAN except of the DHCP packets. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z Action Matched =Drop Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask. All contents copyright (c) 2007 ZyXEL Communications Corporation.
There are some reasons to use a VPN. The most common reasons are because of security and cost. Security 1). Authentication With authentication, VPN receiver can verify the source of packets and guarantee the data integrity. 2). Encryption All contents copyright (c) 2007 ZyXEL Communications Corporation.
IP standard (IPv.4) and also the upcoming one (IPv.6). In addition, IPSec can protect any protocol that runs on top of IP, for instance TCP, UDP, and ICMP. The IPSec All contents copyright (c) 2007 ZyXEL Communications Corporation.
There are two phases in every IKE negotiation- phase 1 (Authentication) and phase 2 (Key Exchange). Phase 1 establishes an IKE SA and phase 2 uses that SA to negotiate SAs for IPSec. All contents copyright (c) 2007 ZyXEL Communications Corporation.
IP/FQDN(DNS)/Ueser FQDN(E-mail). The content of Phase 1 ID depends on the Phase 1 ID type. The following is an example for how to configure phase 1 ID. ID type Content ------------------------------------ IP 202.132.154.1 DNS www.zyxel.com All contents copyright (c) 2007 ZyXEL Communications Corporation.
You can configure Prestige for VPN using SMT or Web configurator. Prestige 1 supports Web only. How many VPN connections does Prestige support? Prestige 1 supports 1 VPN connection. Prestige 10 supports 10 VPN connections. Prestige 50 supports 50 tunnels. Prestige 100 supports 100 tunnels. All contents copyright (c) 2007 ZyXEL Communications Corporation.
4. Secure Gateway IP Address -- This must be a public, routable IP address, private IP is not allowed. That means it can not be in the 10.x.x.x subnet, the 192.168.x.x subnet, nor in the range All contents copyright (c) 2007 ZyXEL Communications Corporation.
SecGo IPSec for Windows F-Secure IPSec for Windows KAME IPSec for UNIX Nortel IPSec for UNIX Intel VPN, v. 6.90 FreeS/WAN for Linux SSH Remote ISAKMP Testing Page, (http://isakmp-test.ssh.fi/cgi-bin/nph-isakmp-test) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Where can I configure Phase 1 ID in Prestige? Phase 1 ID can be configured in VPN setup menu as following. Note that you can make such configuration in either web configurator or SMT menu. All contents copyright (c) 2007 ZyXEL Communications Corporation.
If I have NAT router between two VPN gateways, and I would like to use IP type as Phase 1 ID, what should I know? We presume your environment may look like this, All contents copyright (c) 2007 ZyXEL Communications Corporation.
To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure gateway's IP address in default server. To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to WAN to LAN, and create a firewall rule the forwards IKE(UDP:500). All contents copyright (c) 2007 ZyXEL Communications Corporation.
Installation Flexibility: Wireless technology allows the network to go where wire cannot go. d. Reduced Cost-of-Ownership: While the initial investment required for wireless LAN hardware can be higher than the cost of wired All contents copyright (c) 2007 ZyXEL Communications Corporation.
The IEEE 802.11 is a wireless LAN industry standard, and the objective of IEEE 802.11 is to make sure that different manufactures' wireless LAN devices can communicate to each other.802.11 provides 1 or 2 Mbps transmission in the 2.4 GHz ISM band using either FHSS or DSSS. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Yes. As long as the products comply to the same IEEE 802.11 standard. The Wi-Fi logo is used to define 802.11b compatible products. Wi-Fi5 is a compatibility standard for 802.11a products running in the 5GHz band. All contents copyright (c) 2007 ZyXEL Communications Corporation.
What are potential factors that may causes interference among WLAN products ? Factors of interference: 1. Obstacles: walls, ceilings, furniture… etc. 2. Building Materials: metal door, aluminum studs. 3. Electrical devices: microwaves, monitors, electric motors. All contents copyright (c) 2007 ZyXEL Communications Corporation.
If an area is large with dispersed pockets of populations then extension points can be used for extend coverage. What is Direct-Sequence Spread Spectrum Technology – (DSSS) ? DSSS spreads its signal continuously over a wide frequency band. DSSS maps the information bearing All contents copyright (c) 2007 ZyXEL Communications Corporation.
ESSID stands for Extended Service Set Identifier and identifies the wireless LAN. The ESSID of the mobile device must match the ESSID of the AP to communicate with the AP. The ESSID is a 32-character maximum string and is case-sensitive. All contents copyright (c) 2007 ZyXEL Communications Corporation.
WEP, the encryption standard for 802.11, only encrypts the data packets not the 802.11 management packets and the SSID is in the beacon and probe management messages. The SSID is not encrypted if All contents copyright (c) 2007 ZyXEL Communications Corporation.
What is 802.1x ? IEEE 802.1x Port-Based Network Access Control is an IEEE (Institute of Electrical and Electronics Engineers) standard, which specifies a standard mechanism for authenticating, at the link layer (Layer 2), All contents copyright (c) 2007 ZyXEL Communications Corporation.
What is WPA ? WPA (Wi-Fi Protected Access) is a subset of the IEEE 802.11i security sepcification draft. difference between WPA and WEP are user authentication and improve data encryption. All contents copyright (c) 2007 ZyXEL Communications Corporation.
There are two ways to dump the trace: 1. Online Trace--display the trace real time on screen 2. Offline Trace--capture the trace first and display later The details for capturing the trace in SMT menu 24.8 are as follows. All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 227
0000: DF 33 AF 62 58 37 52 3D-79 99 A5 3C 2B 59 E2 78 .3.bX7R=y..<+Y.x 0010: A7 98 8F 3F A9 09 E4 0F-26 14 9C 58 3E 95 3E E7 ...?..&..X>.>. 0020: FC 2A 4C 2F FB BE 2F FE-EF D0 .*L/../... All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 228
= 0xC01F0782 (192.31.7.130) TCP Header: Source Port = 0x281E (10270) Destination Port = 0x0050 (80) Sequence Number = 0x00C18F63 (12685155) Ack Number = 0xD3E95DE9 (3555286505) Header Length = 20 Flags = 0x10 (.A..) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 229
Source IP = 0xCA849B61 (202.132.155.97) Destination IP = 0xC01F0782 (192.31.7.130) TCP Header: Source Port = 0x281E (10270) Destination Port = 0x0050 (80) Sequence Number = 0x00C18F63 (12685155) Ack Number = 0xD3E95DE9 (3555286505) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 230
1.7 Display specific packets by using: sys trcp parse <from_index> <to_index> Exmaple: Prestige> sys trcp channel enet1 none Prestige> sys trcp channel enet0 bothway Prestige> sys trcp sw on All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 231
Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xED (237) Protocol = 0x06 (TCP) Header Checksum = 0x857D (34173) Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.2) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 232
<from_index> <to_index> Example: Prestige> sys trcp channel enet0 none Prestige> sys trcp channel enet1 bothway Prestige> sys trcl sw on Prestige> sys trcp sw on Prestige> sys trcl sw off All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 233
Source IP = 0xCCD90002 (204.217.0.2) Destination IP = 0xCA849B61 (202.132.155.97) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x2826 (10278) Sequence Number = 0x4D713D8A (1299266954) Ack Number = 0x00C8C015 (13156373) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 234
Type of Service = 0x00 (0) Total Length = 0x018D (397) Idetification = 0xF20C (61964) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x7F (127) Protocol = 0x06 (TCP) All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 239
2. Offline Trace--capture the trace first and display later The details for capturing the trace in SMT menu 24.8 are as follows. Online Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 240
LAN Frame: ENET0-RECV Size: 62/ 62 Time: 12089.790 sec Frame Type: TCP 192.168.1.2:1116->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5921311 Source MAC Addr = 0080C84CEA63 Network Type = 0x0800 (TCP/IP) IP Header: IP Version All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 244
= 00A0C5012345 Network Type = 0x0800 (TCP/IP) IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x048B (1163) Idetification = 0xB139 (45369) Flags = 0x02 All contents copyright (c) 2007 ZyXEL Communications Corporation.
Page 245
0040: A5 3C 2B 59 E2 78 A7 98-8F 3F A9 09 E4 0F 26 14 .<+Y.x...?..&. 0050: 9C 58 3E 95 3E E7 FC 2A-4C 2F FB BE 2F FE EF D0 .X>.>..*L/../... Offline Trace 1. Trace LAN packet 2. Trace WAN packet All contents copyright (c) 2007 ZyXEL Communications Corporation.
The latest CI command list is available in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www.zyxel.com/support/download.php to download firmware package (*.zip), you should unzip the package to get the release note in PDF format. All contents copyright (c) 2007 ZyXEL Communications Corporation.