Page 1 P-660 series Support Notes (For P-660R/H/HW-T1/T3/T7) Version1.0 Sep. 2005...
Page 2: Table Of Contents
14. What do the parameters (PCR, SCR, MBS) mean?........15 15.Why do we perform traffic shaping in the P-660 ?.........15 ADSL FAQ ......................16 1. How does ADSL compare to Cable modems? ..........16 2. What is the expected throughput?..............16 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 3 1. Internet Access Using P-660 under Bridge mode..........25 Set up your workstation ...............25 Setup your P-660 under bridge mode ..........26 2. Internet Access Using P-660 under Router mode..........28 Set up your workstation ...............28 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 4 Configure Wireless Access Point to Infrastructure mode using Web configurator..................118 Configuration Wireless Station to Infrastructure mode .....119 3. MAC Filter.....................121 MAC Filter Overview ................121 ZyXEL MAC Filter Implementation ..........121 Configure the WLAN MAC Filter.............121 4. Setup WEP (Wired Equivalent Privacy)............123 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 5 7. Bridge Related Command................186 8. WLAN Related Commands ................187 9. Radius Related Command................188 10. 8021x Related Command................188 11. Configuration Related Command ..............188 12. Firewall Related Command .................194 13. SMT Related command ................195 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 7: How Do I Upgrade/Backup The Zynos Firmware By Using Tftp Client Program Via Lan
Prestige. 9. What should I do if I forget the system password? In case you forget the system password, you can erase the current configuration and restore factory defaults in three way. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 8: How To Use The Reset Button
They are reusable, but only one set is allowed for each remote node. The P-660 supports 8 sets since there are 8 remote node. The default SUA (Read Only) Set in menu 15.1.255 is a convenient, pre-configured, read only, Many-to-One mapping set, All contents copyright © 2005 ZyXEL Communications Corporation.
Page 9: Is It Possible To Access A Server Running Behind Sua From The Outside Internet? If Possible, How
In Many-to-One mode, the P-660 maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA only option in today's routers). All contents copyright © 2005 ZyXEL Communications Corporation.
Page 10: How Many Network Users Can The Sua/Nat Support
The Prestige does not limit the number of the users but the number of the sessions. The P-660 supports 1024/2048 sessions that you can use the 'ip nat iface wanif0 st' command in menu 24.8 to view the current active sessions. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 11: What Are Device Filters And Protocol Filters
• Allow packets that originate from us Filter rule setup: • Filter Type =TCP/IP Filter Rule • Active =Yes • Destination IP Addr =a.b.c.d • Destination IP Mask =w.x.y.z • Action Matched =Drop • Action No Matched =Forward All contents copyright © 2005 ZyXEL Communications Corporation.
Page 13: General Faq
The ISP will generally give one Internet account and limit only one computer to access the Internet. For most Internet users having multiple computers want to share an Internet account for Internet access, they have to add another Internet sharing device, like a router. In All contents copyright © 2005 ZyXEL Communications Corporation.
Page 14: How Do I Know I Am Using Pppoe
IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the P-660 sends this IP to the DDNS server for its updates. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 15: What Is Ddns Wildcard? Does The P-660 Support Ddns Wildcard
VCs in the P-660 but only one VC activated at one time, the P-660 allocates all the Bandwidth to the VC and the VC gets full bandwidth. If another VCs are avtivated later, the bandwidth is yield to other VCs after ward. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 16: What Do The Parameters (Pcr, Scr, Mbs) Mean
Traffic shaping defines a set of actions taken by the P-660 to avoid congestion; traffic shaping takes measures to adapt to unpredictable fluctuations in traffic flows and other problems among virtual connections. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 17: Adsl Faq
5. How does the P-660 work on a noisy ADSL? Depending on the line quality, the P-660 uses "Fall Back" and "Fall Forward" to automatically adjust the date rate. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 18: Does The Vc-Based Multiplexing Perform Better Than The Llc-Based Multiplexing
(2) If it is Alcatel, the firmware version should be above 3.1. 9.What are the signaling pins of the ADSL connector? The signaling pins on the P-660's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 19: Firewall Faq (For P-660 H/Hw Only)
Stateful Inspection Firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also 'inspect' the session data to assure the integrity of the connection and to All contents copyright © 2005 ZyXEL Communications Corporation.
Page 20: What Kind Of Firewall Is The P-660
Teardrop. 2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND Attacks. 3. Brute-force attacks that flood a network with useless data such as Smurf attack. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 21: What Is Ping Of Death Attack
If there are numerous hosts, this will create a large amount of ICMP echo request packet, the resulting ICMP traffic will not only clog up the 'intermediary' network, but will also congest the network of the spoofed source IP All contents copyright © 2005 ZyXEL Communications Corporation.
Page 22: What Is Ip Spoofing Attack
Yes, you can use a web browser to configure the P-660. 4. Why can't I configure my router using Telnet over WAN? There are five reasons that Telnet from WAN is blocked. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 23: Why Can't I Upload The Firmware And Configuration File Using Ftp Over Wan
The log for Default Permit (LAN to WAN, WAN to LAN) is generated automatically. To generate the log for custom rules, the Log option in Web Configurator must be set to Not Match, Match, or Both. The Reason column for the All contents copyright © 2005 ZyXEL Communications Corporation.
Page 24: What Does The Log Show To Us
CI command: sys logs category [access | attack] 2. Enable log function in firewall default policy or in firewall rules. After the above two steps, you can view firewall logs via 1. Web Configurator: Advanced/Logs All contents copyright © 2005 ZyXEL Communications Corporation.
Page 25: When Does The P-660 Generate The Firewall Alert
A log entry is just added to the log inside the P-660 and e-mailed together with all other log entries at the scheduled time as configured. An alert is e-mailed immediately after an attacked is detected. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 26: General Application Notes
Otherwise, please enter the static IP addresses for all that the ISP gives to you in the network TCP/IP settings. For Windows, we check the option 'Obtain an IP address automatically' in its TCP/IP setup, please see the example shown below. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 27: Setup Your P-660 Under Bridge Mode
Edit Dynamic DNS= No Route IP= No Bridge= 2. Configure a LAN IP for the P-660 and turn off DHCP Server in Menu 3.2-TCP/IP Ethernet Setup. We use 192.168.1.1 in this case. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 28 Select the correct Encapsulation type that your ISP supports. For example, RFC Encapsulation 1483. Multiplexing Select the correct Multiplexing type that your ISP supports. For example, LLC. Router/ Bridge Disable routing mode and enable bridge mode, Bridge = Yes. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 29: Internet Access Using P-660 Under Router Mode
Internet access, they have to install an Internet sharing device, like a router. In this case, we use the P-660 which works as a general Router plus an ADSL Modem. See the figure below for this setup. Set up your workstation 1. Ethernet connection All contents copyright © 2005 ZyXEL Communications Corporation.
Page 30: Set Up Your P-660
You can use console or Telnet for finishing these co nfigurations. 1. Configure P-660 as router mode in Menu 1 General Setup. Menu 1– General Setup System Name= P-660 Location= All contents copyright © 2005 ZyXEL Communications Corporation.
Page 31 ISP's Name= CHT Encapsulation= PPPoE Multiplexing= LLC-based VPI #= VCI #= ATM QoS Type= CBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= cso@hinet.net All contents copyright © 2005 ZyXEL Communications Corporation.
Page 32: Setup The P-660 As A Dhcp Relay
DHCP server, it assigns the IP addresses to th e LAN clients. When it is configured as DHCP relay, it is responsible for forwarding the requests and responses negotiating between the DHCP clients and the server. See figure 1. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 33: Sua Notes
IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) All contents copyright © 2005 ZyXEL Communications Corporation.
Page 34 21/client IP TELNET None /client IP nd remove Telnet ter in WAN port) POP3 None 110/client IP SMTP None 25/client IP None for Chat. mIRC For DCC, pleas e set Defaul t/Client IP All contents copyright © 2005 ZyXEL Communications Corporation.
Page 35 ,Video and Voic (none UPnP) Voice Net2Phone None 6701/client IP Network Time Protocol (NTP) None 123 /server IP Win2k Terminal Server None 3389/server IP Remote Anything None 3996 - 4000/client IP All contents copyright © 2005 ZyXEL Communications Corporation.
Page 36 P-660's WAN IP address which can be obtained from menu 24.1. Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.34 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 37: Configure An Internal Server Behind Sua
Configu ration To make a server visible to the outsid orld, specify the port number of the service and the inside address of the server in 'Menu 15.2.1', Multiple Server Configuration. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 38: Configure A Pptp Server Behind Sua
0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Port numbers for some services Service Port Number Telnet SMTP DNS (Domain Name Server) www-http (Web) Configure a PPTP server behind SUA Introduction All contents copyright © 2005 ZyXEL Communications Corporation.
Page 39 PPP support for the analog or ISDN modem. The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs t o b upgraded by the Dial-Up Networking 1.2 upgrade. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 40 & password and the IP address of the P-660's Internet IP addres s for logging to NT RAS server. • Set the Internet gateway to the router that is connecting to ISP 3. P-660 router setup All contents copyright © 2005 ZyXEL Communications Corporation.
Page 41 Inter net IP address that the ISP assigns to P-660 router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet All contents copyright © 2005 ZyXEL Communications Corporation.
Page 42: Using Multi-Nat
IP addresses to a global IP address. It is only one subset of the NAT. The P-660 with ZyNOS V3.4 0 support s the most of th e features of the NAT based on RFC 1631, and All contents copyright © 2005 ZyXEL Communications Corporation.
Page 43: Nat Mapping Types
), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA only option in today's routers). Many to Many Overload In M any-to-Many Overload mode, the P-660 maps the multiple ILA to shared IGA. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 44: Sua Versus Nat
IP addresses to local IP addresses of clients or servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP serve rs) are allowed on the LAN for outside access. In previous ZyNOS versions (that supported SUA 'visible' All contents copyright © 2005 ZyXEL Communications Corporation.
Page 45: Smt Menus
The following figure shows how you apply NAT to the remote node in menu 11.3. Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic All contents copyright © 2005 ZyXEL Communications Corporation.
Page 46 SUA in previous ZyNOS versions. Note that there is also a Server type whose IGA is 0.0.0.0 in this set. Table: Applying NAT in Menu 4 and Menu 11.3 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 47 NAT Server Sets for further information on these menus. Enter 1 to bring up Menu 15.1-Address Mapping Sets Menu 15.1 - Address Mapping Sets 255. SUA (Read Only) Enter Set Number to Edit: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 48 This is the NAT mapping types. Many-to-One and Server Please note that the fields in this m enu are read-only. However, the settings of the server set 1 can be modifi ed in menu 15.2.1. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 49 Note: Save Set in the Action field means to save the whole set. You must do this if you make any changes to the set-including deleting a rule. No changes to the set take All contents copyright © 2005 ZyXEL Communications Corporation.
Page 50 Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot have an End IP address begi nning before the Start IP address. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 51: Nat Server Sets
ESC at any time to cancel. Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 192.168.1.36 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 52 Support Non NAT Friendly Applications 1. Internet Access Only In our Internet Access example, we only need one rule where all our ILAs m ap to one IGA assigned by the ISP. See the following figure. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 53 From Menu 4 shown above simply choose the SUA Only option from the NAT field. his is the Many-to-One mapping discussed earlier. The SUA read only option from e NAT field in menu 4 and 11.3 is specifically pre-configured to handle this case. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 54 Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 55 In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Address Mapping Sets. Therefore we must choose the Full F eature option from the NAT eld in menu 4 or menu 11.3, and assign IGA3 to P-660 WAN IP Address. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 56 (192.168.1.10) to IGA1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 57 [Enter IGA3] End = N/A Press ENTER to Confirm or ESC to Cancel: Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 58 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 [IGA1] 2. 192.168.1.11 [IGA2] 3. 0.0.0.0 255.255.255.255 [IGA3] [IGA3] Server Press ESC or RETURN to Exit: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 59 IP address. In is case it is better to use Many-to-Many No Overload or One-to-O ne NAT mapping types, thus each user login to the server using a unique global IP address. The following figure illustrates this. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 60 Menu 15.1.1.1 - - Rule 1 Type: One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.2 - - Rule 2 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 61: About Filter & Filter Examples
With each filter set having up to six rules, you can have a maximum of 2 4 rules active for a single port. The following diagram illustrates the logic f low when executing a filter rule. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 62 • WAN protocol call and output filter sets. • If SUA is enabled, SU A converts the source IP address from 192.168.1.33 to 203.205.115.6 and po rt number from 1023 to 4034. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 64 Menu 11.5 and Menu 13.1, have been added, as well a s some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown below. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 65 .1, 11.5, or entering a device filter set to the protocol filters field. Even though SM T will prevent the inconsistency from being entered in ZyNOS, it is unable to res olve the intermixing problems existing in the All contents copyright © 2005 ZyXEL Communications Corporation.
Page 66: Filter Examples
• Rule 2- block the DNS packet, TCP (06) protoco l with port number 53 • Rule 3- block the DNS packet, UDP (17) protoco l with port number 53 3. Apply the filter set in menu 4 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 67 TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: 3.Rule 2 for (b).DNS request, TCP(06)/Port number 53 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 68 Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 69 ------ ----------------- Block a client _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 70 A filter for blocking a specific MAC address This co nfiguration example shows you how to use a Generic Filter to block a specific MAC a ddress of the LAN. Before you Begin All contents copyright © 2005 ZyXEL Communications Corporation.
Page 71 - Version (MSB 4 bits): 4 - Header length (LSB 4 bits): 5 - Serv ice type: Precd=Routine, Delay= Normal, Thrput=Normal, Reli=Normal - Tota l len gth: 60 (Octets) - Fragment ID: 60172 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 72 2. We are now ready to configure the 'Generic Filter Rule' as below. u 21.1.1 - Generic Filte r Rule Filter #: 1,1 Filter Type= Generic Filter Rule Active= Yes Offset= 6 Length= 6 Mask= ffffffffffff Value= 0080c84cea63 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 73 'Check Next Rule' to start configuring the next new rule. However, please note that the 'Filter Type' must be also 'Generic Filter Rule' but not others. Because the Generic and TCPIP (IPX) filter rules must be in different filter sets. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 74 Users can rem ove the filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS ser vices. The details of the filter settings are described as follows. Configuration All contents copyright © 2005 ZyXEL Communications Corporation.
Page 75 _______________ _______________ Enter Filter Set Number to Configure= 1 Edit Comments= Press ENTER to Confirm or ESC to Cancel: Configure the first filter set 'NetBIOS_WAN' by selecting the Filter Set number 1. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 76 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A More= No Log= None Action Matched= Drop All contents copyright © 2005 ZyXEL Communications Corporation.
Page 77 Press ENTER to Confirm or ESC to Cancel: • Rule 4-Destination port number 138 with protocol number 17 (UDP) Menu 21.1.4 - TCP/IP Filter Rule Filter #: 1,4 Filter Type= TCP/IP Filter Rule All contents copyright © 2005 ZyXEL Communications Corporation.
Page 78 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 79 N D F Apply the first filter set 'NetBIOS_WAN' to the 'Output Protocol Filter' in the ote node setup. figure the second filter set 'NetBIOS_LAN' by selecting the Filter Set numbe r 2. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 80 .0.0 IP Mask= 0.0.0.0 Port #= 53 ort # Comp= Equa Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal TCP Estab= N/A More= No Log= None All contents copyright © 2005 ZyXEL Communications Corporation.
Page 81: Using The Dynamic Dns (Ddns)
The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retri eved. This solves the problems if your DNS server uses an IP associated with dynamic IPs. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 82 DDNS in menu 1.1. Menu 1 - Genera l Setup System Name= P-660 Location= Contac t Person's Name= Domain Name= Edit Dyn amic DNS= Yes Route IP= Yes Bridge= No All contents copyright © 2005 ZyXEL Communications Corporation.
Page 83: Network Management Using Snmp
The SNMP is a member of the TCP/IP prot ocol suite, it uses the UDP to exchange messages between a management Client and an Agent, residing in a network node. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 84 NMSs read variables that are maintained by the devices. Writes Write is used to control the managed devices, NMSs write variables that are stored in the managed devices. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 85 GetNex Allow the NMS to retrieve the next object variable from a table or list within an agen t. In SNMPv1, when a NMS wants to retrieve all elements of a table All contents copyright © 2005 ZyXEL Communications Corporation.
Page 86 SNMPv1, so it will be able to communicate with SNMPv1 NMSs. Further, users can also add ZyXEL's private MIB in the NMS to monitor and control additional system variables. The ZyXEL's private MIB tree is shown in figure 3. For All contents copyright © 2005 ZyXEL Communications Corporation.
Page 87 "System reboot by user !" will be sent. (ii) For fatal error : System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 88 The SNMP related settings in P-660 are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 89: Using Syslog
P-660 Setup • UNIX Setup • ZyXEL Syslog Message Format P-660 Setup Menu 24.3.2 - System Maintenance - UNIX S yslog a nd Accounting UNIX Syslog: Active= Yes Syslog IP Address= 192.168.1.33 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 90: Unix Setup
No. Filters with the individual Filter log filter Log field set to Yes are logged when this field is set to Yes. PPP log PPP events are logged when this field is set to Yes. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 91 L02 Call Terminated C02 Call Terminated Example: Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call OK Feb 14 17:07:18 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated 2.
Page 92 Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP /IPXCP Example: Jul 19 11:43:25 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Starting Jul 19 11:43:29 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Starting Jul 19 11:43:34 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Starting Jul 19 11:43:38 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Starting...
Page 93: Using Ip Alias
P-660 series Support Notes Jul 19 11:43:43 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Opening Jul 19 11:43:51 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Opening Jul 19 11:43:55 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Opening Jul 19 11:44:00 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Closing Jul 19 11:44:05 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Closing...
Page 94 IP pool for the clients can be any of the Setup three networks. TCP/IP Enter the first LAN IP address for the P-660. Th is will create the first route in the Setup enif0 interface. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 95: Using Ip Policy Routing
LAN IP address for the P-660. This will create IP Alias 2 the third ro ute in the enif0:1 interface. 11. Using IP Policy Ro uting • What is IP Policy Routing (IPPR)? All contents copyright © 2005 ZyXEL Communications Corporation.
Page 96 The action is taken only whe n all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP,etc), destination address and All contents copyright © 2005 ZyXEL Communications Corporation.
Page 97 Press ENTER to Confirm or ESC to Cancel: 2. Edit a rule or more for this set in m enu 25.1.1. See an example below. Menu 25.1.1 - IP Routing Policy Policy Set Name= First Active= All contents copyright © 2005 ZyXEL Communications Corporation.
Page 98 2 N ___________ ____________________________________ ___________________________ __________________________________________________________________________ 3 N ___ ________________________________________ _______________________________ ____ ______________________________________ ________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________ Enter Policy Rule Number (1-6) to Configure: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 99 Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: Rem IP Addr: Ethernet Addr Timeout(min)= N/A Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 NAT = None Address Mapping Set= N/A All contents copyright © 2005 ZyXEL Communications Corporation.
Page 100: Using Call Scheduling
Dial-On-Demand", or "Disable Dial-On-Demand" on specified date and time. • SMT Menu for Call Scheduling . Edit the Schedule sets in menu 26: Copyright (c) 1994 - 2005 ZyXEL Communications Corp. Prestige 660 Main Menu Getting Started Advanced Management 1. General Setup 21.
Page 101 Once Once: Date(yyyy-mm-dd)= 2002 - 01 - 01 Weekdays: Sunday= N/A Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 12 : 00 Duration(hh:mm)= 16 : 00 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 102 Incoming: Telco Option: em Login= N/A Allocated Budget(min)= 0 Rem Password= N/A Period(hr)= 0 Outgoing: Schedule Sets= 1, 2, 3, 4 My Login= cso@hinet.net Nailed-Up Connection= No My Password= ******* Session Options: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 103: Using Ip Multicast
224.0.0.0 to 239.255.255.255. Among them, 224.0.0.1 is assigned to the perm anent IP hosts group, and 224.0.0.2 is assigned to the multicast routers group. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 104 Enable IGMP in P-660's remote node in menu 11.3: Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: Rem IP Addr: Ethernet Addr Timeout(min)= N/A Rem Subnet Mask= 0.0.0.0 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 105: Using Bandwidth Management
FTP. A ditionally, chances are that you would like to grant higher bandw idth for some body special who is using specific IP address in your network. All of these are reasons why we need bandwidth m anagement. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 106 Choose the principle to allocate bandwidth on thi s interface. Priority-Bas Scheduler allocates bandwidth via priority. Fairness-Based allocates bandw idth by ratio. Maxim ze this box if you would like t o give residuary bandwidth from Interface to th All contents copyright © 2005 ZyXEL Communications Corporation.
Page 107 Borrowing value.(Please note that you should also disable Maximize Bandwidth Usage on the interface to meat the condition.) Enable Bandwidth Check this to specify the traffic types via IP addresses/Port numbers. Filter All contents copyright © 2005 ZyXEL Communications Corporation.
Page 108: Using Zero-Configuration
Whenever system send out all the probing patterns with specific VPI/VCI, system will wait for 5~10 seconds and get the response from ISP, the response patterns w ill decide which kinds of ADSL services of the line will be. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 109 2+32 = 34 (decimal) = 22 (hex), you must input 22 If you want to enable all service for VC hunting, the service bits will be 1+2+4+8+16+32=63(decimal)= 3f (hex), you must input 3f Need to perform save after this co mmand. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 110 <remote node> : input the bit(hex)> remote node index 1-8 <vpi> : vpi value <vci> : vci value <service>: it’s a hex value, bit0:PPPoE/VC (1), bit1:PPPoE/LLC (2) , bit2:PPPoA/VC (4), bit3:PPPoA/LLC (8), All contents copyright © 2005 ZyXEL Communications Corporation.
Page 111 Internet. If the connection test fail, it will go back to the page ask for user name and password. The user name or password are incorrect. You need to keyin again to retry. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 112 P-660 series Support Notes Basically the zero configuration only work on the VC that was pre conigured in the auto-haunting preconfigured table. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 113: Wireless Application Notes (For P-660Hw Only)
To configure Ad hoc mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following step. 1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 114 4. Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 115 P-660 series Support Notes 5. From general tab select TCP/IP and click property 6. Fill in your network IP address and subnet mask and click OK to finish. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 116: Configuration For Wireless Station B
4. Since there is no DHCP server to give the host IP you must first designate a static IP f or your station. From Windows Start select Control Panel >Network Connec tion>Wireless Network Connection. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 117 5. From general tab select TCP/IP and click property 6. Fill in your network IP address and subnet mask and click OK to finish. 7. Station A now are able to connect to Station B. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 118: Configuring Infrastructure Mode
1. From the SMT main menu, enter 3 to display Menu 3 ? LAN Setup. 2. Enter 5 to display Menu 3.5 ? Wireless LAN Setup. Menu 3.5 - Wireless LAN Setup All contents copyright © 2005 ZyXEL Communications Corporation.
Page 119: Configure Wireless Access Point To Infrastructure Mode Using Web Configurator
To configure Infrastructure mode of your P660HW-T1 wireless AP please follow the steps below. 1. From the e w b configurator main menu, click advanced->Wireless Lanto display ?W ireless LAN. 2. Configure the desired configuration on P660HW-T1. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 120: Configuration Wireless Station To Infrastructure Mode
AP than press Apply Change to take effect. 4. Click on Site Survey tab, and press search all the available AP will be listed. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 121 6. After the client have associated with the selected AP. The linked AP's channel, current linkup rate, SSID, link quality, and signal strength will show on the Link Info page. You now successfully associate with the selected AP with Infrastructure Mode. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 122: Mac Filter
ZyXEL APs are configured in menu 3.5.1, WLAN MAC Address Filter Configuration. Before you configure the MAC filt er, you need to know the MAC address of the client first. If not knowing what your MAC ad dress is, All contents copyright © 2005 ZyXEL Communications Corporation.
Page 123 AP. If Deny Association is selected in this field, hosts with MAC addresses configured in this list will be blocked. MAC Address This field specifies those MAC Addresses that you want to add in the list. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 124: Setup Wep (Wired Equivalent Privacy)
5. Enter the MAC Addresses which you may want to apply the filter to allow or block ass ociations from. 6. Click Apply to make your setting work. 4. Setup WEP (Wired Equivalent Privacy) • Introduction • Setting up the Access Point • Setting up the Station All contents copyright © 2005 ZyXEL Communications Corporation.
Page 125: Introduction
Many times you will see them referenced as 40-bits and 104-bits instead. The reason for this misnomer is that the WEP key (40/104 bits ) is concatenated with the initialisation vector ( 24 bits ) resulting in a 64/128 bits total key size. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 126 TKIP uses IV and base key to hash a new key for every packet The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 127: Setting Up The Access Point
Setting up the Access Point from SMT Menu 3.5 P660HW-T1 hold up to 4 WEP Keys. You have to specify one of the 4 keys as default Key which be used to encrypt wireless data transmission. For example, All contents copyright © 2005 ZyXEL Communications Corporation.
Page 128 13 characters Key3= 24fg70okx3fr7 Key4= 98jui2wss35u4 128-bit WEP with Key1= 0x112233445566778899AABBCDEF 26 hexadecimal Key2= 0x2233445566778899AABBCCDDEE digit Key3= 0x3344556677889900AABBCCDDFF ('0-9', 'A-F') Key4= 0x44556677889900AABBCCDDEEFF Key1= 2e3f4w345ytre1mg56f45jh45cg34 256-bit WEP with Key2= 5y7jse8r4i038lk78124l5k9876b1 29 characters Key3= 24fg70okx3fr7kjhg6vf12lazt1nt All contents copyright © 2005 ZyXEL Communications Corporation.
Page 129 At the same time, when the station transmits data to access point which encrypt da by Key 2. The access point will decrypt the data by its Key 2. Setting up the Access Point with Web configurator All contents copyright © 2005 ZyXEL Communications Corporation.
Page 130: Setting Up The Station
1. Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. The utility will pop up on your windows screen. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 131 Set up 4 Keys which correspond with the WEP Keys of access point. And select on WEP key as default key to encrypt wireless data transmission. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 133: Site Survey
Below are the steps to complete a simple site survey with simple tools. . First you will need to obtain a facility diagram, such as blueprints. This is for you to mark and take record on. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 134: Survey On Site
Record down the changes at point where transfer rate drop and the link quality and signal strength formation on the diagram as you go alone. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 135 8. Repeat step 1~6 of survey on site as necessary, upon completion you will have an diagram and information of site survey. As illustrated below. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 136: Using Vpn Over Wireless Lan
Wireless LAN station and AP are encrypted, and thus get you free from eavesdropping in Wireless LAN environment. But for authentication purpose, please use 802.1x which is also provided in Prestige wireless solutions. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 137: Setup Sentinel
1. Setup Sentinel 1. From Tool Tray of Windows system, right click on your SSH/Sentinel icon, and then choose Run Policy Editor. 2. Choose Key Management. Select My Keys, then press Add... button. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 138 3. Select Create a preshared key, and press Next. 4. Give this preshared key a name, ZyWALL. And then enter the preshared key "12345678" in both Shared secret and Confirm shared secret fields. Finally press Finish. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 139 P-660 series Support Notes 5. Press Apply in Main menu to save the above settings for latter use. 6. Switch to Security Policy tab. Choose VPN connections, and then press Add... All contents copyright © 2005 ZyXEL Communications Corporation.
Page 140 7. Add VPN Connection window will pop out. Press IP button besides Gateway Name box. Enter Prestige' s LAN IP address in Gateway IP address. 8. Press ... button besides Remote network. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 141 10. Choose ZyWALL as Authentication Key. Then click OK to save. In SSH Sentinel Policy Editor, you will g et a new VPN connection, 192.168.1.1 (ZyWALL), choose this item, and then press Pr operties... button. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 142 IP address" and "Extended authentication". Tune IKE proposal to Encryption algor ithm as DES, Integrity function as MD5, IKE mode as main mode, IKE group as MODP 768 (group 1), and IPSec proposal to All contents copyright © 2005 ZyXEL Communications Corporation.
Page 143 P-660 series Support Notes Encryption algorithm as DES, Int egrity funciton as HMAC-MD5, PFS group as none. Press Apply to save all of the s ettings. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 144 Mega Bytes as SA lifetime. You have to Zero your Mega By tes setting in SA life time. Switch to Security Policy, the configuration page is in <Your VPN connection>/Properties.../Advanced Tab/Settings... All contents copyright © 2005 ZyXEL Communications Corporation.
Page 145: Setup Prestige Vpn
Prestige by the following CI comm and in Menu 24.8, a. please type "sys edit autoexec.net" b. press "i", then type "ipsec route lan on" c. press "x", to save the configuration. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 147: Configure 802.1X And Wpa
WPA improves data encryption by usi ng Temporal Key Integrity Protocol (TKIP), Message Integrity Check and IEEE 802. . Temporal Key Integrity Protocol uses 128-bits keys that are dynamically generate d and distributed by the authentication All contents copyright © 2005 ZyXEL Communications Corporation.
Page 148: Configuration For Access Point
1. To change your P662's authentication settings, click the wirel ess Wireless link under Advanced. 2. Select 802.1x/WPA tab. 3. choose Authentication Require d from the Wireless Port Control. 4. Select th e WAP-PSK in the Key Management Protocol field. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 149: Configuration For Your Pc
1. Double click on your wireless utility icon(here is the Centrion on Windows XP) in your windows task bar the utility will pop up on your windows screen. 2. Select the wireless card that you want to configure. 3. Select on from the Switch Radio. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 151 9. S lect T KIP from the Data Encryption field. 10. Type the Pre Share Key (8-63 character) in the Pass phrase fie 11. lic C k Finish to exit the Profile Wizard screen. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 152 P-660 series Support Notes r you finis hed t he pro file settings, choose the profile you configured. Then, click Connect ton t o assoc iate with the Access Point. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 153 P-660 series Support Notes 13. Click the General option, we will see the following information, that means the PC ssocia ted and thenticated with AP successfully. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 154: Support Tool
• Display the detailed trace online by entering: sys trcd parse am e: P-660 > sy s trcp chan nel mpoa 00 none P-660> sys trcp channel enet0 bothway All contents copyright © 2005 ZyXEL Communications Corporation.
Page 155 = 0xC01F0782 (192.31.7.130) ader: urce Port = 0x0 45C (1116) Destination Port = 0x0050 (80) quen ce Number = 0x00 BD15A7 (123 91847) Ack Number x0000 0000 (0) ader Leng = 28 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 156 = 0x 045C (1116) quen ce Number 0x4A B57F (1255257471) Ack Number = 0x00BD15A8 (12391848) ader Leng = 24 Flags = 0x12 (.A..S.) Window Size = 0xFAF0 (66040) Checksum = 0xF877 (636 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 157 = 0x4AD1B580 (1255257472) ader Le ngth = 20 Flags = 0x10 (.A..) Window Size = 0x2238 (8760) Checksum = 0xE8E (59 629) Urgent Ptr = 0x0000 (0) ta: (Length =6, Ca ptured= All contents copyright © 2005 ZyXEL Communications Corporation.
Page 158 = 20 Type of Service = 0x0 0 (0) Total Length = 0x0 48B (11 Idetification = 0xB139 (45369) Flag = 0x02 Fragment Offset = 0x00 Time to Live = 0xEE (238) All contents copyright © 2005 ZyXEL Communications Corporation.
Page 159: Offline Trace
& sys trcl sw • Displ ay the trace briefly by entering: s trcp brief • Display speci packets by u sing: sys trcp parse < from_index > <to_index> All contents copyright © 2005 ZyXEL Communications Corporation.
Page 160: Firmware/Configurations Uploading And Downloading Using Tftp
NO firmware that is available in your hard disk. The remote file is the file name be saved i restige. Chec k the port number 69 and 5 -Octet blocks for heck 'Binary' mode for file transfering. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 161: Using Tftp Command On Windows Nt
ELNET to ur Prestige f irst before using TF TP comm 2. Type the CI command 'sys stdio 0' to disable console id le timeout in Menu 24.8 and stay in Menu 24.8 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 162: Using Tftp Command On Unix
23. Sy stem Passw 24. Sy stem Maintena Advanced Applications 1. R emote Node Setup 12. Static Routing Setup 5. S UA Server S etup Exit Enter Menu S election Num ber: All contents copyright © 2005 ZyXEL Communications Corporation.
Page 163: Using Ftp To Upload The Firmware And Configuration Files
• Using FTP command in terminal • Using FTP client software Us g F TP comm and in terminal Ste 1 Use FTP client from your w orkstation to connect to Prestige by entering All contents copyright © 2005 ZyXEL Communications Corporation.
Page 164: Using Ftp Client Software
SMT p assword as the FTP login password. Th e default is '1234'. Step ress 'OK' key to ig nore the usernam e, becau se the Prestige does not check the username. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 165 3. To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file. To upload the configuration f e, we transfer the local 'ro m-0' to overwrite the All contents copyright © 2005 ZyXEL Communications Corporation.
Page 166 P-660 series Support Notes e 'r om-0' file 4. T estige reboots automa tically after th e uploading is f inished. Please do not power off the router at this m All contents copyright © 2005 ZyXEL Communications Corporation.
Page 167: Ci Command Reference
GUI status menu countrycode [ ountrycode] t country code year m onth date] set/display date omai nname display domain nam edit <filename> edit a text file All contents copyright © 2005 ZyXEL Communications Corporation.
Page 168 ISD firmware ty hostna [hostnam display system host name iface disp display iface list [all|used|free] display interru service routi interrupt display interrup All contents copyright © 2005 ZyXEL Communications Corporation.
Page 169 [0-23] hour time to send th logs schedule minute [0-59] minute ti me to send the logs sche dule polic mail schedule policy :full/1:hourly /2:daily/3:weekly/4:n e] All contents copyright © 2005 ZyXEL Communications Corporation.
Page 170 <address> memrl <address> read long word at <address> memutil usage display memory allocate and heap status mqueue <address> <len> display memory queues mcell mid [f|u] display memory cells by given ID All contents copyright © 2005 ZyXEL Communications Corporation.
Page 171 [hour [min [sec]]] display/set system time timer disp display timer cell trace [on|off] set/display timer information online start [tmValue] start a timer stop <ID> stop a timer trcdisp monitor packets All contents copyright © 2005 ZyXEL Communications Corporation.
Page 172 <port> set tracepacket udp port parse [[start_idx], end_idx] parse packet content brief display packet content briefly version display RAS code and driver version view <filename> view a text file wdog All contents copyright © 2005 ZyXEL Communications Corporation.
Page 173 <ch-name> show channel connection related counter socket display system socket information filter clear clear filter statistic counter disp display filter statistic counters [on|off] set filter status switch <set> display filter rule All contents copyright © 2005 ZyXEL Communications Corporation.
Page 174: Exit Related Commands
<ch_name> <num> send driver iface ioctl <ch_name> Useless in this stage. <ch_name> <mac_addr> Set LAN Mac address <ch_name> display LAN hardware related registers rxmod <ch_name> <mode> set LAN receive mode. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 175: Ip Related Commands
Set loopback address. alias iface alias <iface> aliasdis <0|1> disable alias status <iface> display ip arp status <hostid> ether <ether addr> add arp information resolve <hostid> resolve ip-addr drop <hostid> [hardware] drop arp All contents copyright © 2005 ZyXEL Communications Corporation.
Page 176 <num> <mac> <ip> update static dhcp mac table query address <ipaddr> [timeout] resolve ip-addr to name debug <num> enable dns debug value name <hostname> [timeout] resolve name to ip-addr status display dns query status All contents copyright © 2005 ZyXEL Communications Corporation.
Page 177 Specify the value of TOS flag. [-n] [Repeat value] The number of times to send ECHO_REQ packet. [-w] [Timeout value] Specify the value of Timeout in seconds. [-o] [IP address/IFace] To specify one IP address All contents copyright © 2005 ZyXEL Communications Corporation.
Page 178 [on|off] RIP Poisoned Reverse status display rip statistic counters trace enable debug rip trace mode <iface> in [mode] set rip in mode <iface> out [mode] set rip out mode All contents copyright © 2005 ZyXEL Communications Corporation.
Page 179 [on|off] turn on/off igmp stop query flag iface <iface> grouptm <timeout> set igmp group timeout <iface> interval <interval> set igmp query interval <iface> join <group> join a group on iface All contents copyright © 2005 ZyXEL Communications Corporation.
Page 180 <rule set> display new nat lookup rule loopback [on|off] turn on/off nat loopback flag reset <iface> reset nat table of an iface server disp display nat server table All contents copyright © 2005 ZyXEL Communications Corporation.
Page 181: Wan Related Commands
ADSL defect bitmap status dyinggasp Send ADSL dyinggasp fwav Test the ADSL F/W available ping fwdl Download modem code, but must reset first linedata near Show ADSL near end noise margin All contents copyright © 2005 ZyXEL Communications Corporation.
Page 182 3db greater than before, and rate is worse than before, then system will do ?1 shutdown RA3? default is 3db noisemargin [dB] if noise margin is greater than All contents copyright © 2005 ZyXEL Communications Corporation.
Page 183 Set the CTRLE register (0xc8), the value is from 0xfa to 0x06 maxoutputpwr [value] Set the CTRLE register (0xc9), the value is from 0xfa to 0x06 errorsecond sendes Send current error second information immediately All contents copyright © 2005 ZyXEL Communications Corporation.
Page 184: Ppp Related Command
[on|off] show bod debug flag disp show bod state clear clear bod state [on|off] set/display dial-in ccp switch acfc [on|off] set address/control field compression flag [on|off] set protocol field compression flag All contents copyright © 2005 ZyXEL Communications Corporation.
Page 185 [0|1] set/display link split rotate [0|1] set/display link rotate sequence set/display mp start sequence configure ipcp compress [on|off] enable/disable All contents copyright © 2005 ZyXEL Communications Corporation.
Page 186 [flag] value clear clear the fsm log data disp display the fsm log data filter [mask] set the fsm log filter [protocol] value Tdata filter [protocol1] set the fsm filter data All contents copyright © 2005 ZyXEL Communications Corporation.
Page 187: Bridge Related Command
Disp display bridge route packet counter Clear clear bridge route packet counter disp display bridge source table All contents copyright © 2005 ZyXEL Communications Corporation.
Page 188: Wlan Related Commands
3:16dbm, 4:15dbm, 5:14dbm] reset Reset WLAN 1130cmd Internal usage. restart_stat Show WLAN restart statistics chg_dot11mode Set WLAN state to mix mode, B only or G only show_rxDesc Show number of Rx host descriptors All contents copyright © 2005 ZyXEL Communications Corporation.
Page 189: Radius Related Command
Save the current firewall settings displa firewal Displays all the firewall settings Display current <set#> entries of a set configuration; including timeout values, name, default-permit, and number of rules in All contents copyright © 2005 ZyXEL Communications Corporation.
Page 191 The threshold to w <0~255> stop deleting the half-opened session tcp-max-incomplet The threshold to e <0~255> start executing the block field name <desired Edit the name for a All contents copyright © 2005 ZyXEL Communications Corporation.
Page 192 Edit whether a packet is dropped or allowed when it matches this rule active <yes|no> Edit whether a rule is enabled or not protocol <0~255> Edit the protocol number for a rule. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 193 <ip Select and edit a address> destination address of a packet which complies to this rule destaddr-subnet <ip Select and edit a All contents copyright © 2005 ZyXEL Communications Corporation.
Page 195: Firewall Related Command
12. Firewall Related Command Command Description firewall disp Display specific ACL set # rule #, or all ACLs. active <yes|no> Active firewall or deactivate firewall disp Display firewall log type and count. All contents copyright © 2005 ZyXEL Communications Corporation.
Page 196: Smt Related Command
Set wan ip address <index> Menu 2 wan backup tolerance [number] Set keepalive fail tolerance Menu 2 wan backup recovery [interval(sec)] Set recovery interval Menu 2 wan backup timeout [number] Set ICMP timeout Menu 2 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 197 Menu 3.2 Set DHCP start address and pool size [num] lan dhcp server gateway [IP address] Set DHCP gateway Menu 3.2 lan dhcp server netmask [subnet Menu 3.2 Set DHCP subnet mask mask] All contents copyright © 2005 ZyXEL Communications Corporation.
Page 198 [num] Set the wan PCR value Menu 11.6 wan node scr [num] Set the wan SCR value Menu 11.6 wan node mbs [num] Set the wan MBS value Menu 11.6 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 199 [map#] [set name] Example: > ip nat addrmap map 1 myset ip nat addrmap rule [rule#] [insert | Set NAT address mapping rule. If Menu 15.1 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 200 [rule#] forwardip Configure the LAN IP address to be Menu 15.2 <IP address> forwarded ip nat server edit [rule#] protocol Configure the protocol to be used TCP , Menu 15.2 All contents copyright © 2005 ZyXEL Communications Corporation.
Page 201 Menu 21, it? for sys filter set length [#] Set the length for generic rule generic filter Menu 21, it? for sys filter set mask [#] Set the mask for generic rule generic filter All contents copyright © 2005 ZyXEL Communications Corporation.
Page 202 Display server settings, [1] means sys server disp [1] display buffer Save the embedded server (remote sys server save management) parameters Load system parameters into working Menu 3.5 for wlan load buffer Wireless LAN All contents copyright © 2005 ZyXEL Communications Corporation.
Page 203 LAN wlan macfilter set [set# 1-12] [mac Menu 3.5.1 for Set the mac address of filter address] wireless LAN wlan clear Clear Working Buffer wlan save Save wireless MAC filter parameters All contents copyright © 2005 ZyXEL Communications Corporation.

This manual is also suitable for:

P-660r-t7 P-660h-t7 P-660hw-t1 P-660hw-t3 P-660r-t3 P-660hw-t7 ... Show all

ZyXEL Communications P-660R-T1 Support Notes

Index

Zynos FAQ

General FAQ

Adsl Faq

Firewall FAQ (for P-660 H/HW Only)

General Application Notes

Wireless Application Notes (for P-660HW Only)

Support Tool

CI Command Reference

Quick Links

Related Manuals for ZyXEL Communications P-660R-T1

Summary of Contents for ZyXEL Communications P-660R-T1

This manual is also suitable for:

Table of Contents