1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. VoIP
  5. P-2602HWNLI
  6. Support notes

ZyXEL Communications P-2602HWNLI Support Notes

Hide thumbs Also See for P-2602HWNLI:
Table of Contents

Advertisement

Quick Links

Download this manual
P-2602HWNLI
Support Notes
Version 3.40
March. 2006

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications P-2602HWNLI

Summary of Contents for ZyXEL Communications P-2602HWNLI

  • Page 1 P-2602HWNLI Support Notes Version 3.40 March. 2006...

  • Page 2: Table Of Contents

    ISDN Lifeline Application Notes...............129 Usage of ISDN Lifeline ................129 Lifeline configuration ................130 Relay to ISDN....................131 How to connect Lifeline and DSL connection...........131 VoIP Application Notes..................133 Setup SIP Account ..................133 Peer to Peer call ..................137 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 3 How do I know I am using PPPoE?............160 Why does my provider use PPPoE?............161 Which Internet Applications can I use with the Prestige? ......161 How can I configure the Prestige? .............161 What network interface does the Prestige support?........161 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 4 Can I connect more than one phone on the phone port?......168 Can I receive incoming PSTN/ISDN call through P2602WNLI- 6xA? ..169 Can I make an outgoing PSTN/ISDN call through P2602HWL – 6xC?...169 VoIP FAQ ......................169 What is Voice over IP? ................169 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 5 What is Brute-force attack? ...............176 What is IP Spoofing attack?...............176 What are the default ACL firewall rules in Prestige? ........176 How can I protect against IP spoofing attacks? .........177 Content Filter FAQ ....................178 IPSec FAQ ......................178 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 6 IP type as Phase 1 ID, what should I know?..........186 How can I keep a tunnel alive? ..............187 Single, Range, Subnet, which types of IP address do Prestige 10/10II/10W/50/100 support in VPN/IPSec? ..........187 Can Prestige support IPSec passthrough?..........187 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 7 What is the difference between 40-bit and 64-bit WEP ?.......194 What is a WEP key ? ................194 A WEP key is a user defined string of characters used to encrypt and decrypt data? ....................195 Can the SSID be encrypted? ..............195 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 8 Authentication required? ............196 What is AAA?....................196 What is RADIUS?..................196 What is WPA?....................197 What is WPA-PSK?...................197 Trouble Shooting ..................197 Using Embedded Packet Trace ................197 Debug PPPoE Connection .................212 CLI Command List ..................224 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 9: Application Notes

    2. DHCP server enabled with IP pool starting from 192.168.1.33 3. Default SMT menu password = 1234 • Setting up the PC (Windows OS) 1. Ethernet connection All PCs must have an Ethernet adapter card installed. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 10 When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network. • Setting up the Prestige router All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 11 Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either http://192.168.1.1 2. Login first The default password is the default SMT password, '1234'. 3. Configure Prestige for Internet access by using WIZARD SETUP All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 12 P-2602HWNLI Support Notes The Web screen shown below takes PPPoE as the example. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 13: Setup The Prestige As A Dhcp Relay

    DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602 supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 14 IP Address= N/A IP Policies= Third DNS Server= N/A Edit IP Alias= No IP Address= N/A DHCP Server Address= 192.168.1.2 Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 15: Configure An Internal Server Behind Sua

    'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using WAN IP the Prestige's address which can be obtained from menu 24.1. • For example (Configuring an internal Web server for outside access) : All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 16 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: • Port numbers for some services Service Port Number Telnet SMTP DNS (Domain Name Server) www-http (Web) All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 17: Configure A Pptp Server Behind Sua

    Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 18 PPTP client setup (Win9x) Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 19 WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the remote Win9x client. For example: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 20 IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 21: Using Nat / Multi-Nat

    Internet ISP, thus making them appear as if they had come from the NAT system itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 22 In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 23 SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. • SMT Menus 1. Applying NAT in the SMT Menus All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 24 NAT is disabled when you select this option. When you select this option the SMT will use Address SUA Only Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 25 Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets further information on these menus. Enter 1 to bring up Menu 15.1-Address Mapping Sets All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 26 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 27 Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu. Menu 15.1.1 - Address Mapping Rules Set Name= ? Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 28 15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs displayed in Menu 15.1.1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 29 Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot have an End IP address beginning before the Start IP address. • NAT Server Sets All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 30 ESC at any time to cancel. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 31 1723 Protocol) 1. Internet Access Only In our Internet Access example, we only need one rule where all our ILAs map to one IGA assigned by the ISP. See the following figure. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 32 My Login= cso@zyxel My Password= ******** Idle Timeout (sec)= 0 IP Address Assignment= Dynamic IP Address= N/A Network Address Translation= SUA Only Address Mapping Set= 1 Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 33 NAT as shown below. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 34 8. Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN. Step 1: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 35 Edit Action and then select 1 from Select Rule field. Press [ENTER] to confirm. See the following setup for the four rules in our case. Rule 1 Setup: Select One-to-One type to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1. Menu 15.1.1.1 - - Rule 1 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 36 Press ENTER to Confirm or ESC to Cancel: Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3. Menu 15.1.1.3 - - Rule 3 Type: Many-to-One Local IP: Start= 0.0.0.0 End = 255.255.255.255 Global IP: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 37 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 [IGA1] 2. 192.168.1.11 [IGA2] 3. 0.0.0.0 255.255.255.255 [IGA3] [IGA3] Server All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 38 Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.20 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 4. Support Non NAT Friendly Applications All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 39 End = [Enter IGA3] Press ENTER to Confirm or ESC to Cancel: The three rules configured for using One-to-One mapping type is shown below. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 40 End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.3 - - Rule 3 Type: One-to-One Local IP: Start= 192.168.1.12 End = N/A Global IP: Start= [Enter IGA3] End = N/A All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 41 Many One to One • Server The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) ILA1<--->IGA1 ILA2<--->IGA2 Many-to-Many ILA3<--->IGA1 Overload ILA4<--->IGA2 ILA1<--->IGA1 Many-to-Many No ILA2<--->IGA2 Overload ILA3<--->IGA3 ILA4<--->IGA4 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 42: About Filter & Filter Examples

    With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The following diagram illustrates the logic flow when executing a filter rule. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 43 The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the protocol category; they act on the IP and IPX packets. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 44 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 45 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 46 Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name= Edit Advance Options= No Incoming: Telco Option: Rem Login= cso@zyxel.net Allocated Budget(min)= 0 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 47 Please check the system log (Menu 24.3.1) before putting your device into use. In order to avoid operational problems later, the Prestige will disable its routing/bridging functions if there is an inconsistency among its filter rules. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 48 1. Create a filter set in Menu 21 Menu 21 - Filter Set Configuration Filter Filter Set # Comments Set # Comments ------ ----------------- ------ ----------------- Web Request _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 49 Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: 3.Rule 2 for (b).DNS request, TCP(06)/Port number 53 Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 50 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= No All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 51 1. Create a filter set in Menu 21, e.g., set 1 Menu 21 - Filter Set Configuration Filter Filter Set # Comments Set # Comments ------ ----------------- ------ ----------------- Block a client _______________ _______________ _______________ _______________ _______________ All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 52 Source IP addr....Enter the client IP in this field IP Mask......here the IP mask is used to mask the bits of the IP address given in the 'Source IP Addr=' field, for one workstation it is 255.255.255.255. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 53 0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66 0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 0040: 77 61 62 63 64 65 66 67 68 69 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 54 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63]. 1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 55 Set to '6' since the source MAC address starts at 7th octets we need to skip the first octets of the destination MAC address. • Length (in bytes) Set to '6' since MAC address has 6 octets. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 56 Menu 3.1. Please note that the 'Generic Filter' can only be applied to the 'Device Filter' but not the 'Protocol Filter' that is used for configuring the TCPIP and IPX filters. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 57 Rule 4-Destination port number 138 with protocol number 17 (UDP) Rule 5-Destination port number 139 with protocol number 6 (TCP) Rule 6-Destination port number 139 with protocol number 17 (UDP) Filter Set 2: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 58 Rule 1-Destination port number 137 with protocol number 6 (TCP) Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= IP Protocol= IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 59 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 60 Rule 4-Destination port number 138 with protocol number 17 (UDP) Menu 21.1.4 - TCP/IP Filter Rule Filter #: 1,4 Filter Type= TCP/IP Filter Rule Active= IP Protocol= IP Source Route= No Destination: IP Addr= 0.0.0.0 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 61 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 62 After the first filter set is finished, you will get the complete rules summary as below. Menu 21.2 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 63 IP Mask= 0.0.0.0 Port #= Port # Comp= Equal TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 64 M m n - - ---- ---------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D N 2 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 65: Using The Dynamic Dns (Ddns)

    So, there must be an email entry in the Prestige menu 1. The DDNS servers the Prestige supports currently is WWW.DYNDNS.ORG where you apply the DNS from and update the WAN IP to. • Setup the DDNS All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 66 Press ENTER to Confirm or ESC to Cancel: Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= DDNSType= DynamicDNS Host 1= [the local server's host name] Host 2= [the local server's host name] All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 67: Network Management Using Snmp

    (SNMP) is an applications-layer protocol used to exchange the management information between network devices (e.g., routers). By using SNMP, network administrators can more easily manage network performance, find and solve network problems. The SNMP is a member of the All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 68 The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands: 6. Reads Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices. 7. Writes All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 69 The managed devices to asynchronously report certain events to NMSs use trap. 2. SNMPv1 Operations SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below. • Allows the NMS to retrieve an object variable from the agent. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 70 Associates requests with responses. • Error status Indicates an error and an error type. • Error index Associates the error with a particular object variable. • Variable-bindings Associates particular object with their value. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 71 In some cases (download new files, CI command "sys reboot", ...), reboot is done intentionally. And traps with the message "System reboot by user !" will be sent. (ii) For fatal error : All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 72 The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 73: Using Syslog

    Prestige will not send trap any NMS manager. Using syslog 4. Prestige Setup Menu 24.3.2 - System Maintenance - UNIX Syslog and Accounting UNIX Syslog: Active= Syslog IP Address= 192.168.1.33 Log Facility= Local 1 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 74 C01 Incoming Call xxxxBps xxxxx (L2TP,xxxxx means Remote Call ID) C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID) L02 Tunnel Connected(L2TP) C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call ID) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 75 Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call OK Feb 14 17:07:18 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated • Packet triggered log Format: sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );...
  • Page 76 P-2602HWNLI Support Notes Dst: Destination Address prot: Protocol (TCP,UDP,ICMP) spo: Source port dpo: Destination port Example: Jul 19 14:44:09 192.168.1.1 ZyXEL Communications Corp.: IP[Src=202.132.154.1 Dst=192.168.1.33 UDP spo=0035 dpo=05d4]}S03>R01mF Jul 19 14:44:13 192.168.1.1 ZyXEL Communications Corp.: IP[Src=192.168.1.33 Dst=202.132.154.1 ICMP]}S03>R01mF • PPP Log Format: sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );...

  • Page 77: Using Ip Alias

    Therefore, three routes are created in the Prestige as shown below when the three networks are configured. If the Prestige's DHCP is also enabled, the IP pool for the clients can be any of the three networks. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ip ro st...
  • Page 78 If the Prestige's DHCP server is enabled, the IP pool for the clients can be any of the DHCP Setup three networks. Enter the first LAN IP address for the Prestige. This will create the first route in the TCP/IP Setup enif0 interface. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 79: Using Call Scheduling

    Toggle to 'Yes' and enter the third LAN IP address for the Prestige. This will create the IP Alias 2 third route in the enif0:1 interface. Using Call Scheduling 1. What is Call Scheduling ? All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 80 "Forced On", "Forced Down", "Enable Dial-On-Demand", or "Disable Dial-On-Demand" on specified date and time. • SMT Menu for Call Scheduling 1. Edit the Schedule sets in menu 26: Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P-2602HWNLI-67A Main Menu Getting Started Advanced Management 1. General Setup 21.
  • Page 81 Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 12 : 00 Duration(hh:mm)= 16 : 00 Action= Enable Dial-on-demand Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 82 Route= IP Active= Yes Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= cso@zyxel Schedules= 1,2,3,4 My Password= ******** Nailed-Up Connection= No All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 83 New Time (hh:mm:ss): 00 : 11 : 36 Current Date: 2004 - 01 - 01 New Date (yyyy-mm-dd): 2004 - 01 - 01 Time Zone= GMT+0800 Daylight Saving= No Start Date (mm-dd): 01 - 00 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 84: Using Ip Multicast

    IP Address= 192.168.1.1 Size of Client IP Pool= 32 IP Subnet Mask= 255.255.255.0 First DNS Server= From ISP RIP Direction= None IP Address= N/A Version= N/A Second DNS Server= From ISP Multicast= IGMP-v2 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 85: Using Prestige Traffic Redirect

    IP Policies= Enter here to CONFIRM or ESC to CANCEL: Key Settings: Multicast IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. Using Prestige traffic redirect • What is Traffic Redirect ? All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 86 Menu 2 - Wan Backup Setup Menu 2 - Wan Backup Setup Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.0 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 87 Traffic Redirect Active Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 88: Using Universal Plug N Play (Upnp)

    Internet gateway and delete the mappings when the connections are complete. The key components in UPnP are devices, services, and control points. • Devices: Network devices, such as networking gateways, TV, refrigerators, printers...etc, which provides services. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 89 • Control: Devices can be manipulated by control points through Control message. • Eventing: Devices can send event message to notify control points if there is any update on services provided. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 90 1. Enable UPnP function in ZyXEL device Go to Advanced->UPnP, check two boxes, Active UPnP feature and Allow users to make configuration changes through UPnP. The first check box enables UPnP function in this device. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 91 MSN application can assign dynamic port mapping to the router. So that network administrator don't need to setup SUA port mapping in the router. 2. After getting IP address, you can go to open MSN application on PC and sign in MSN server. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 92 P-2602HWNLI Support Notes 3. Start a Video conversation with one online user. 4. On the opposite side, your partner selects Accept to accept your conversation request. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 93 P-2602HWNLI Support Notes 5. Finally, your video conversation is achieved. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 94: Wireless Application Notes

    Infrastructure mode, sometimes referred to as Access Point mode, is an operating mode of an 802.11b/Wi-Fi client unit. In infrastructure mode, the client unit can associate with an 802.11b/Wi-Fi Access Point and communicate with other clients in infrastructure mode through that access point. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 95 ESSID= ZyXEL Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Edit MAC Address Filter= No All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 96 1. From the web configurator main menu, click Network->wireless LAN to display –Wireless LAN. 3. Configure the desired configuation on Prestige wireless VoIP IAD and check the Active wireless LAN check box. 4. When finish click on apply button to take effect. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 97 3. Select Infrastructure from the operation mode pull down menu, fill in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect. 4. Click on Site Survey tab, and press search all the available AP will be listed. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 98 P-2602HWNLI Support Notes 5. Double click on the AP you want to associated with. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 99: Wireless Mac Address Filtering

    The MAC Filter related settings in ZyXEL APs are configured in menu 3.5.1, WLAN MAC Address Filter Configuration. Before you configure the MAC filter, you need to know the MAC address of the client first. If All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 100 MAC addresses configured in this list will be allowed to Filter Action associate with AP. If Deny Association is selected in this field, hosts with MAC addresses configured in this list will be blocked. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 101 4. Select the Filter Action to allow or deny association from hosts in the list. 5. Enter the MAC Addresses which you may want to apply the filter to allow or block associations from. 6. Click Apply to make your setting work. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 102: Wep Configuration (Wired Equivalent Privacy)

    The reson for this misnomer is that the WEP key ( 40/104 bits ) is concatenated with the initialisation vector ( 24 bits ) resulting in a 64/128 bit total key size. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 103 64-bit WEP key (secret key) with 5 characters 64-bit WEP key (secret key) with 10 hexadecimal digits 128-bit WEP key (secret key) with 13 characters 128-bit WEP key (secret key) with 26 hexadecimal digits All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 104 • Setting up the Access Point from SMT Menu 3.5 P-2602HWNLI can hold up to 4 WEP Keys. You have to specify one of the 4 keys as default Key which be used to encrypt wireless data transmission. For example, 3.5- Wireless LAN Setup...
  • Page 105 At the same time, when the station transmits data to access point which encrypt data by Key 2. The access point will decrypt the data by its Key 2. • Setting up the Access Point with Web configurator All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 106 1. Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. The utility will pop up on your windows screen. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 107 Select encryption type correspond with access point. Set up 4 Keys which correspond with the WEP Keys of access point. And select on WEP key as default key to encrypt wireless data transmission. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 108 P-2602HWNLI Support Notes All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 109: Configuring 802.1X

    Ethernet), in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases the authentication process fails. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 110 The station must be running 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system, Meeting House AEGIS 802.1x client and Odyssey 802.1x client. 3. Authentication Server : All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 111 When 802.1x is enabled, the authenticator controls the port authorization state by using the following control parameters. The following three authentication control parameter are applied in Wireless AP. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 112 EAP over LANs, or EAPOL. Ethernet type of EAPOL is 88-8E , two octets in length. EAPOL encapsulations are described for IEEE 802 compliant environment, such as 802.3 Ethernet, 802.11 Wireless LAN and Token Ring/FDDI. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 113 When the supplicant does not need Wireless access any more, it sends EAPOL-Logoff packet to terminate its 802.1x session, the port state will become unauthorized. The following figure shows the EAPOL exchange ping-pong chart. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 114 The EAPOL packet contains the following fields: protocol version, packet type, packet body length and packet body. Most of the fields are obvious. The packet type can have four different values, and these values are described below: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 115 ZyXEL AP. By default, the 802.1x function is disabled (Authentication Control= Force Authorized) to allow all wireless client. You can use SMT or Web Configuration to configure it. Enter SMT Menu 23.4 to setup the 802.1x authentication control. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 116 Press ENTER to Confirm or ESC to Cancel: If you use WEB Configuration, 1. From the Web Configurator main menu, Click Network -> Wireless LAN -> and select 802.1x 2. Click Apply to make your setting work. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 117 RADIUS server. Follow the steps to add user accounts on your ZyXEL AP. 1. From the SMT main menu, enter 14 to display Menu 14 Dial-in User Setup Menu 14 - Dial-in User Setup 1. ZyXEL 9. ________ 17. ________ 25. ________ All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 118 1. From the Web Configurator main menu, Network -> Wireless LA N -> Local User Database 2. Select one of the profile and check Active check box 3. Input the User Name and Password then click Apply to save the profile. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 119 EAP frame, which is then encapsulated for Ethernet and sent to the supplicant. When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 120 1. From the SMT main menu, enter Menu 23.2 to setup System Security - RADIUS Server to setup the RADIUS authentication server. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= Server Address= 192.168.1.100 Port #= 1812 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 121 RADIUS servers. You can refer to RADIUS authentication configuration. If you use WEB Configurator, from the Web Configurator main menu, Click Network -> Wireless Lan to setup the RADIUS authentication and accounting server configuration. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 122: Site Survey

    2. Visually inspect the facility, walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf, metal desk, etc on the diagram. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 123 4. It's always a good idea to start with putting the access point at the corner of the room and walk away from the access point in a systematic manner. Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 124 7. You may need more than one access point is the RF coverage area have not cover all the wireless service area you needed. 8. Repeat step 1~6 of survey on site as necessary, upon completion you will have an diagram and information of site survey. As illustrated below. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 125: Pstn Lifeline Application Notes

    PSTN dial out is 0000 and can be change to value you wish to) and dial this prefix to switch over to PSTN line than dial the PSTN number as normal. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 126: Lifeline Configuration

    0000, than the device will switch over to PSTN line. At this moment you will hear dial tone from PSTN again. At this state you can dial out to PSTN as you would on a regular PSTN system. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 127: Relay To Pstn

    If your ADSL line type is Splitter type you ISP will provide you with splitter otherwise it should be splitterless. For correct info you may check with your service provider as for which type of line you have. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 128 2. Connect the RJ11 to the splitter phone jack or a telephone wall jack 3. Connect the DSL cable to the splitter modem jack or ADSL line 4. Connect the splitter jack where it labels Line to ADSL line from the ISP. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 129: Isdn Lifeline Application Notes

    ISDN dial out is 0000 and can be change to value you wish to) and dial this prefix to switch over to ISDN line than dial the ISDN number as normal. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 130: Lifeline Configuration

    0000, than the device will switch over to PSTN line. At this moment you will hear dial tone from ISDN again. At this state you can dial out to ISDN as you would on a regular ISDN system. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 131: Relay To Isdn

    If your ADSL line type is Splitter type you ISP will provide you with splitter otherwise it should be splitterless. For correct info you may check with your service provider as for which type of line you have. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 132 2. Connect the RJ45 to the splitter phone jack or a telephone wall jack 3. Connect the DSL cable to the splitter modem jack or ADSL line 4. Connect the splitter jack where it labels Line to ADSL line from the ISP. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 133: Voip Application Notes

    VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 134 Prestige (LAN IP address). The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 135 Enter the SIP server’s listening port for SIP in this field. Leave this field set to SIP Server the default if your VoIP service provider did not give you a local port number Port for SIP. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 136 Prestige’s advanced VoIP settings like SIP server settings, the RTP port range and the coding type. Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 137: Peer To Peer Call

    (2) Make you can call by callee's SIP number You need to configure the self SIP number and put callee's IP address at SIP server, SIP proxy, Domain server all in the VOIP screen. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 138 P-2602HWNLI Support Notes Setup--- Configuring SIP / VoIP related settings in device A All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 139 1. Setup WEB GUI VoIP, enter device A’s number in the SIP number column. 2. Fill in device B’s IP into SIP server address, Register server address… as example. 3. Setup speed dial, put device B’s information into the column. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 140 P-2602HWNLI Support Notes Setup--- Configuring SIP / VoIP related settings in device B All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 141: Phone Port Settings

    After completing the setting, you can dial #01 from the phone under device A, then the phone under device B will ring. Phone Port Settings P-2602HWNLI offers two type of FXS port (POTS x 2, ISDN x 1). Thus, user can decide to use either analog phone or ISDN phone. Analog Phone Configuration Outgoing Call Use - Here user can define which SIP account(s) to use for outgoing call from analog phone.
  • Page 142 Here user can define which type(s) of incoming call will apply to this analog phone; for example, if user tick SIP1 then once somebody calls the SIP one number this analog phone will ring. P-2602HWNLI allows you to configure the volume and echo cancellation setting for each individual phone port.
  • Page 143 Prestige to wait after the last input on the telephone’s keypad before dialing (making) a call. Click Apply to save your changes back to the Prestige. Apply Reset Click Reset to begin configuring this screen afresh. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 144: Advanced Voice Settings Configuration

    Advanced Settings to display the following screen. Advanced voice settings configuration allows user to modify SIP server related settings, RTP port range, preferred compression type (codec), DTMF type and Message Waiting Indication (MWI) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 145 Use this field to set the longest time that the Prestige will allow a SIP Expires session to remain idle (without traffic) before dropping it When two SIP devices negotiate a SIP session, they must negotiate a Min-SE All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 146 SIP SUBSCRIBE message from Expiration the Prestige. The SIP server stops providing the message waiting service if Time it has not received another SIP SUBSCRIBE message from the Prestige before this time period expires. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 147: Phone Book Speed Dial

    Phone book Speed dial Prestige allows you to configure up to 10 SIP numbers in the phone book for speed dial. To configure phone book for speed dial, please follow the below steps: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 148 Speed Dial Phone Book section of the screen. Speed Dial This section of the screen displays the currently saved speed dial entries. Phone Book You can configure up to 10 entries and use them to make calls. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 149: Voice - Qos Setup

    Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications. Click VoIP -> SIP -> QoS to display the following screen. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 150: Call Forwarding Setup

    Prestige to block or redirect calls. You can configure a different call forwarding table for each SIP account or use the same call forwarding table for both. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 151 No Answer Forward to Number Enable this feature to have the Prestige forward incoming calls to the number that you configure whenever you do not answer the call after a specific time period. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 152 Prestige performs the default action configured in the Forward to Number Setup section. Select this check box to turn on an call forwarding entry. Activate Incoming Call You can set the Prestige to take a particular action on incoming calls from a All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 153: Voice – Common Settings

    Select Accept to have the Prestige allow calls from the number specified in the Incoming Call Number field. Voice – Common Settings Click VoIP -> Phone -> Common to display the following screen. Use this screen to configure Immediate Dial All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 154 (call hold, call waiting, call transfer and three-way conference calls). Select Call Service the mode that your voice service provider supports. Mode Select Europe Type to use the supplementary phone services in European All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 155: Zynos Faq

    PC must be in the same IP segment of Prestige and Prestige must be reachable to the configuration station. (By default the Prestige LAN IP is 192.168.1.1) All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 156: Change It

    Fail to due so may result in update fail and require RMA. b. To backup your firmware, use the FTP client program to get file 'ras' from the Prestige. How do I upload or backup ROMFILE via web configurator? All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 157: Why Can't I Make Telnet To Prestige From Wan

    Telnet service is enabled but your host IP is not the secured host entered in Menu 24.11. In this case, the error message 'Client IP is not allowed!' will appear on the Telnet screen. c. The default filter rule 3 (Telnet_FTP_WAN) is applied in the Input Protocol field in menu 11.5. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 158: What Should I Do If I Forget The System Password

    Basically, NAT is a process of translating one address to another. A NAT implementation can be as simple as substituting an IP address with another. This allows a network to rectify the illegal address problem mentioned above without going through each and every host. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 159: How Many Network Users Can The Sua/Nat Support

    1 ADSL WAN port. It is the most simple and affordable solution for multiple and instant broadband Internet access router. Virtually all-popular applications over Internet, such as Web, E-Mail, FTP, Telnet, Gopher, are supported. Prestige is designed for SOHO, branch offices, workgroups, and educational users. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 160: Will The Prestige Work With My Internet Connection

    Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the Prestige if the ISP uses PPPoE. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 161: Why Does My Provider Use Pppoe

    IP from ISP, instead, can be recognized or pinged by another real IP. The Prestige Internet Access Sharing Router works like an intelligent router that route between the virtual IP and the real IP. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 162: How Does E-Mail Work Through The Prestige

    5 second, the unit will be reset. When the reset button is pressed the devices all parameter will be reset back to factory default include, password, and IP address. The default IP address is 192.168.1.1, Password 1234. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 163: What Network Interface Does The New Prestige Series Support

    Most independent Internet Service Providers today connect to the Internet using a single 1.5 Mbps "T1" telephone line. All of their subscribers share that 1.5 Mbps pipeline. Cable head-ends connecting to the Internet backbone using a T1 limit their subscribers to an absolute maximum of 1.5 Mbps. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 164: What Is Multi-Nat

    IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 165: What Ip/Port Mapping Does Multi-Nat Support

    NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) Many-to-Many ILA1<--->IGA1 All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 166: What Is The Difference Between Sua And Multi-Nat

    Without DDNS, we always tell the users to use the WAN IP of the 312 to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 167: When Do I Need Ddns Service

    However, SUA should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 168: How Do I Setup My Prestige For Routing Ipsec Packets Over Sua

    Can I connect more than one phone on the phone port? Yes, P2602WNLI-6XA supports REN (Ringer Equivalence Number), it can determine the number of devices that is connected to the phone line. P2602WNLI-6XA can support up to three devices per telephone port. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 169: Can I Receive Incoming Pstn/Isdn Call Through P2602Wnli- 6Xa

    IP is an already exist standard and many type of service already runs on IP, by using IP as a platform integrate service is now possible and low cost where traditional circuit may take long time to achieve. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 170: What Is The Relationship Between Codec And Voip

    Voice quality is most commonly rated through a voice quality metric called the Mean Opinion Score (MOS) which is recommendation by ITU-T. The MOS is a 5 point scale where 5 represent excellent voice quality and 1 represent bad voice quality. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 171: What Is Codec

    1. A high-speed Internet connection. This can be a cable modem, or a high-speed network services such as ISDN, DSL or a T-1 link. The need of the bandwidth required will depend on the amount of telephone traffic will be in your network. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 172: Unable To Register With The Sip Server

    If you can register to server but can only make out going call but can not receive incoming calls or the incoming call signal establishment can be made but voice only goes one way very likely there is NAT/firewall router before it, please see NAT/firewall related question above for tips to troubleshoot. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 173: If All The About Have Been Tried, But Register Still Fail What Should I Do

    Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses. This adds a level of security since the clients on the private LAN are invisible to the Internet. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 174: What Are The Basic Types Of Firewalls

    4. The Prestige's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet. 5. The Prestige's firewall provides email service to notify you for routine reports and when alerts occur. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 175: Nat Built-In

    SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response, While the targeted system waits for the ACK that follows the All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 176: What Is Land Attack

    There are two default ACLs pre-configured in the Prestige, one allows all connections from LAN to WAN and the other blocks all connections from WAN to LAN except of the DHCP packets. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 177: How Can I Protect Against Ip Spoofing Attacks

    Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: For the output data filters: • Deny bounceback packet • Allow packets that originate from us Filter rule setup: • Filter Type =TCP/IP Filter Rule All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 178: Content Filter Faq

    A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 179: What Are Most Common Vpn Protocols

    PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. The All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 180: What Is L2Tp

    IP payload including user data. There is no restriction that the IPSec hosts and the security gateway must be separate machines. Both IPSec protocols, AH and ESP, can operate in either transport mode and tunnel mode. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 181: What Is Pre-Shared Key

    IP address dynamically assigned from ISP, so Prestige needs additional information to make the decision. Such additional information is what we call phase 1 ID. In the IKE payload, there are local and peer ID field to achieve this. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 182: What Are Local Id And Peer Id

    IPSec VPN is available for Prestige since ZyNOS V3.50. It is free upgrade, no registration is needed. By upgrading the firmware and also configurations (romfile) to ZyNOS V3.50, the IPSec VPN capability All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 183: How Do I Configure Prestige Vpn

    I am planning my Prestige-to-Prestige VPN configuration. What do I need to know? First of all, both Prestige must have VPN capabilities. Please check the firmware version, V3.50 or later has the VPN capability. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 184: Does Prestige Support Dynamic Secure Gateway Ip

    Cisco 1720 Router, IOS 12.2(2)XH, IP/ADSL/FW/IDS PLUS IPSEC 3DES • NetScreen 5, ScreenOS 2.6.0r6 • SonicWALL SOHO 2 • WatchGuard Firebox II • ZyXEL Prestige 100 • Avaya VPN • Netopia VPN • III VPN All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 185: What Vpn Software That Has Been Tested With Prestige Successfully

    If Prestige stays in menu 24.1, 24.8 and 27.3 a certain of memory is allocated to generate the required statistics. So, we do not suggest to stay in menu 24.1, 27.3 and 24.8 when VPN is in use. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 186: Where Can I Configure Phase 1 Id In Prestige

    If I have NAT router between two VPN gateways, and I would like to use IP type as Phase 1 ID, what should I know? We presume your environment may look like this, All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 187: How Can I Keep A Tunnel Alive

    PCs or even a network of PCs to utilize the VPN/IPSec service. Can Prestige support IPSec passthrough? Yes, Prestige can support IPSec passthrough. Prestige series don't only support IPSec/VPN gateway, it can also be a NAT router supporting IPSec passthrough. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 188: Ipsec Gateway Simultaneously

    What are the advantages of Wireless LANs ? a. Mobility: Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 189: What Are The Disadvantages Of Wireless Lans

    What is an Access Point ? The AP (access point also known as a base station) is the wireless server that with an antenna and a wired All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 190: What Is 802.11B

    What is 802.11g ? 802.11g is an extension to 802.11b. 802.11g increases 802.11b's data rates to 54 Mbps and still utilise the the 2.4 GHz ISM. Modulation is based upon OFDM (orthogonal frequency division multiplexing) All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 191: Is It Possible To Use Products From A Variety Of Vendors

    Bluetooth device may have on an 802.11 network, if any, aren't far-reaching. Can radio signals pass through walls ? Transmitting through a wall is possible depending upon the material used in its construction. In general, All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 192: What Are Potential Factors That May Causes Interference Among Wlan Products

    Infrastructure mode implies connectivity to a wired communications infrastructure. If such connectivity is required the Access Points must be used to connected to the wired LAN backbone. Wireless clients have their configurations set for "infrastructure mode" in order to utilise access points relaying. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 193: How Many Access Points Are Required In A Given Area

    The ISM band is populated by Industrial, Scientific and Medical devices that are all low power devices, but can interfere with each other. What is Server Set ID (SSID) ? All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 194: What Is An Essid

    Vector " (not under user control) (40+24=64). Some vendors refer to this level of WEP as 40 bit, others as 64 bit. What is a WEP key ? A WEP key is a user defined string of characters used to encrypt and decrypt data. All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 195: A Wep Key Is A User Defined String Of Characters Used To Encrypt And Decrypt Data

    Open System: The default authentication service that simply announces the desire to associate with another station or access point. A station can authenticate with any other station or access point using open system All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 196: What Is 802.1X

    (via login name and password or MAC address) and accounting for their network usage. What is RADIUS? RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is a standard that has been All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 197: What Is Wpa-Psk

    Prestige. It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule. The format of the display is as following: Packet: 11880.160 ENET0-R[0062] TCP 192.168.1.2:1108->192.31.7.130:80 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 198 Prestige> sys trcd brief 11880.160 ENET0-R[0062] TCP 192.168.1.2:1108->192.31.7.130:80 11883.100 ENET0-R[0062] TCP 192.168.1.2:1108->192.31.7.130:80 11883.330 ENET0-T[0058] TCP 192.31.7.130:80->192.168.1.2:1108 11883.340 ENET0-R[0060] TCP 192.168.1.2:1108->192.31.7.130:80 11883.340 ENET0-R[0339] TCP 192.168.1.2:1108->192.31.7.130:80 11883.610 ENET0-T[0054] TCP 192.31.7.130:80->192.168.1.2:1108 11883.620 ENET0-T[0102] TCP 192.31.7.130:80->192.168.1.2:1108 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 199 = 0xC01F0782 (192.31.7.130) TCP Header: Source Port = 0x045C (1116) Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A7 (12391847) Ack Number = 0x00000000 (0) Header Length = 28 Flags = 0x02 (..S.) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 200 = 0x02 Fragment Offset = 0x00 Time to Live = 0xED (237) Protocol = 0x06 (TCP) Header Checksum = 0xAC8C (44172) Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.2) TCP Header: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 201 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x0028 (40) Idetification = 0x350B (13579) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x80 (128) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 202 & sys trcl sw on 1.4 Display the brief trace online by entering: sys trcd brief 1.5 Display the detailed trace online by entering: sys trcd parse Example: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 203 = 0x048B (1163) Idetification = 0xB139 (45369) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xEE (238) Protocol = 0x06 (TCP) Header Checksum = 0xA9AB (43435) Source IP = 0xC01F0782 (192.31.7.130) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 204 LAN Frame: ENET1-XMIT Size: 54/ 54 Time: 12387.490 sec Frame Type: TCP 202.132.155.97:10270->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5012345 Source MAC Addr = 00A0C5921312 Network Type = 0x0800 (TCP/IP) IP Header: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 205 0020: 07 82 28 1E 00 50 00 C1-8F 63 D3 E9 5D E9 50 10 ..(..P...c..].P. 0030: 1D D5 7A 12 00 00 ..z... ---<0002>---------------------------------------------------------------- LAN Frame: ENET1-XMIT Size: 54/ 54 Time: 12387.490 sec Frame Type: TCP 202.132.155.97:10270->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5012345 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 206 0010: 00 28 7B 0C 40 00 7F 06-53 3C CA 84 9B 61 C0 1F .({.@...S<...a.. 0020: 07 82 28 1E 00 50 00 C1-8F 63 D3 E9 5D E9 50 11 ..(..P...c..].P. 0030: 1D D5 7A 11 00 00 ..z... Prestige> All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 207 Prestige> sys trcl sw off Prestige> sys trcp brief 10855.790 ENET0-T[0141] TCP 192.31.7.130:80->192.168.1.2:1102 10855.800 ENET0-R[0060] TCP 192.168.1.2:1102->192.31.7.130:80 10855.810 ENET0-R[0062] TCP 192.168.1.2:1103->192.31.7.130:80 10855.840 ENET0-R[0062] TCP 192.168.1.2:1104->192.31.7.130:80 10856.020 ENET0-T[0054] TCP 192.31.7.130:80->192.168.1.2:1102 10856.030 ENET0-T[0058] TCP 192.31.7.130:80->192.168.1.2:1103 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 208 = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.2) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x044F (1103) Sequence Number = 0xD91B1826 (3642431526) Ack Number = 0x00AA405F (11157599) Header Length = 24 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 209 Prestige> sys trcl sw on Prestige> sys trcp sw on Prestige> sys trcl sw off Prestige> sys trcp sw off Prestige> sys trcp brief 12864.800 ENET1-T[0411] TCP 202.132.155.97:10278->204.217.0.2:80 12864.890 ENET1-R[0247] TCP 204.217.0.2:80->202.132.155.97:10282 12864.900 ENET1-T[0416] TCP 202.132.155.97:10282->204.217.0.2:80 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 210 Source Port = 0x0050 (80) Destination Port = 0x2826 (10278) Sequence Number = 0x4D713D8A (1299266954) Ack Number = 0x00C8C015 (13156373) Header Length = 20 Flags = 0x18 (.AP...) Window Size = 0x2238 (8760) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 211 = 0x00 (0) Total Length = 0x018D (397) Idetification = 0xF20C (61964) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x7F (127) Protocol = 0x06 (TCP) Header Checksum = 0xD59C (54684) All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 212: Debug Pppoe Connection

    0040: 72 65 73 2F 6D 61 67 61-7A 69 6E 65 5F 6C 6F 67 res/magazine_log 0050: 6F 2F 62 65 73 74 6F 66-74 69 6D 65 73 2E 67 69 o/bestoftimes.gi Prestige> Debug PPPoE Connection Debug PPPoE Connection All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 213 1 ras> dev dial 1 Start dialing for node <GPMI>... poeNetCmdExe: chann poe0 event x420 poeChannDial: start session, peer<GPMI> bdcastInit: pch poe0 poePut1SrvcName: '' len 0 host-uniq 31303030 len 4 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 214 PADO recv'd, chann enet1 procPADO: for poe chann poe0 Chann poe0 sending request poePut1SrvcName: '' len 0 host-uniq 31303030 len 4 putPoeHdr: ver 1 type 1 code x19 sess-id 0 len 12(x000C) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 215 ZyNOS Version: V3.40(RE.0) | 01/27/2005 15:00:00 Enter Debug Mode atgo (Compressed) Version: RAS P2602R, start: bfc58030 Length: 3DB3EC, Checksum: 9AA9 Compressed Length: 12AC58, Checksum: DC06 Copyright (c) 1994 - 2004 ZyXEL Communications Corp. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 216 2. Offline Trace--capture the trace first and display later The details for capturing the trace in SMT menu 24.8 are as follows. Online Trace 1. Trace LAN packet 2. Trace WAN packet All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 217 ---<0000>---------------------------------------------------------------- LAN Frame: ENET0-RECV Size: 62/ 62 Time: 12089.790 sec Frame Type: TCP 192.168.1.2:1116->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5921311 Source MAC Addr = 0080C84CEA63 Network Type = 0x0800 (TCP/IP) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 218 0020: 07 82 04 5C 00 50 00 BD-15 A7 00 00 00 00 70 02 ...\.P..p. 0030: 20 00 BE C3 00 00 02 04-05 B4 01 01 04 02 ..... ---<0001>---------------------------------------------------------------- LAN Frame: ENET0-XMIT Size: 58/ 58 Time: 12090.020 sec All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 219 = 0x00BD15A8 (12391848) Header Length = 24 Flags = 0x12 (.A..S.) Window Size = 0xFAF0 (2602HWL40) Checksum = 0xF877 (63607) Urgent Ptr = 0x0000 (0) Options 0000: 02 04 05 B4 RAW DATA: All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 220 Source Port = 0x045C (1116) Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A8 (12391848) Ack Number = 0x4AD1B580 (1255257472) Header Length = 20 Flags = 0x10 (.A..) Window Size = 0x2238 (8760) All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 221 12367.680 MPOA00-R[0070] UDP 202.132.155.95:520->202.132.155.255:520 12370.980 MPOA00-T[0062] TCP 202.132.155.97:10261->192.31.7.130:80 ras> sys trcd parse ---<0000>---------------------------------------------------------------- LAN Frame: MPOA00-RECV Size:1181/ 96 Time: 12387.260 sec Frame Type: TCP 192.31.7.130:80->202.132.155.97:10270 Ethernet Header: Destination MAC Addr = 00A0C5921312 All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 222 0010: A7 98 8F 3F A9 09 E4 0F-26 14 9C 58 3E 95 3E E7 ...?..&..X>.>. 0020: FC 2A 4C 2F FB BE 2F FE-EF D0 .*L/../... RAW DATA: 0000: 00 A0 C5 92 13 12 00 A0-C5 01 23 45 08 00 45 00 ..#E..E. All contents copyright (c) 2006 ZyXEL Communications Corporation.
  • Page 223 1.5 Disable the trace log by entering: sys trcl sw off sys trcp brief 1.6 Display the trace briefly by entering: sys trcp parse <from_index> <to_index> 1.7 Display specific packets by using: All contents copyright (c) 2006 ZyXEL Communications Corporation.

  • Page 224: Cli Command List

    The latest CI command list is available in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www.zyxel.com/support/download.php to download firmware package (*.zip), you should unzip the package to get the release note in PDF format. All contents copyright (c) 2006 ZyXEL Communications Corporation.

Table of Contents