P-660H-Tx v2 Series ADSL2+ 4-port Gateway Support Notes Version3.40 Feb.
P-660H-Tx v2 Support Notes FAQ .................................................................................................................4 ZyNOS FAQ.................................................................................................4 1. What is ZyNOS? ...................................................................................4 2. What’s Multilingual Embedded Web Configurator?...............................4 3. How do I access the P-660H-Tx v2 Command Line Interface (CLI)? ...
P-660H-Tx v2 Support Notes 17. What do the ATM QoS Types (CBR, UBR, VBR-nRT, VBR-RT) mean? ................................................................................................................14 18. What is content filter? .......................................................................15 ADSL FAQ .................................................................................................16 1. How does ADSL compare to Cable modems?....................................16 2.
P-660H-Tx v2 Support Notes General Application Notes ...................................................................27 1. Internet Access Using P-660H-Tx v2 under Bridge mode ....27 2. Internet Access Using P-660H-Tx v2 under Routing mode ..29 3. Setup the P-660H-Tx v2 as a DHCP Relay ..........................31 4. SUA Notes............................................................................32 5. Using Full Feature NAT ........................................................41 6.
P-660H-Tx v2 Support Notes FAQ ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all Prestige routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites as they become available. 2.
P-660H-Tx v2 Support Notes a. Use the TELNET client program in your PC to login to your P-660H-Tx v2. b. Enter CI command 'sys stdio 0' to disable Stdio idle timeout c. To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the Prestige. After data transfer is finished, the P-660H-Tx v2 will program the upgraded firmware into FLASH ROM and reboot itself. d. To backup your firmware, use the TFTP client program to get file 'ras' from the Prestige. 6.
P-660H-Tx v2 Support Notes 9. What is SUA? When should I use SUA? SUA (Single User Account) is a unique feature supported by Prestige router which allows multiple people to access Internet concurrently for the cost of a single user account. When Prestige acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool.
P-660H-Tx v2 Support Notes 11. Is it possible to access a server running behind SUA from the outside Internet? How can I do it? Yes, it is possible because P-660H-Tx v2 delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured. (You can configure it in Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding). 12.
P-660H-Tx v2 Support Notes • • Many One-to-One: In Many One-to-One mode, the P-660H-Tx v2 maps each ILA to unique IGA. Server: In Server mode, the P-660H-Tx v2 maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note:if you want to map each server to one unique IGA please use the One-to-One mode. The following table summarizes the five types.
P-660H-Tx v2 Support Notes 16. How can I protect against IP spoofing attacks? The P-660H-Tx v2's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows: For the input data filter: • • Deny packets from the outside that claim to be from the inside Allow everything that is not spoofing us Filter rule setup: • • • • • • Filter type =TCP/IP Filter Rule Active =Yes Source IP Addr =a.b.c.d Source IP Mask =w.x.y.
P-660H-Tx v2 Support Notes Product FAQ 1. How can I manage P-660H-Tx v2? Multilingual Embedded Web GUI for Local and Remote management CLI (Command-line interface) Telnet support (Administrator Password Protected ) for remote configuration change and status monitoring FTP/ TFTP sever, firmware upgrade and configuration backup and restore are supported(Administrator Password Protected) 2.
P-660H-Tx v2 Support Notes 4. How do I know the P-660H-Tx v2's WAN IP address assigned by the ISP? You can view "My WAN IP : x.x.x.x" shown in Web Configurator ‘Status->Device Information ->WAN Information’ to check this IP address. 5. What is the micro filter or splitter used for? Generally, the voice band uses the lower frequency ranging from 0 to 4KHz, while ADSL data transmission uses the higher frequency.
P-660H-Tx v2 Support Notes 9. What is DDNS? The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname, allowing your computer to be more easily accessed from various locations on the Internet. To use the service, you must first apply an account from several free Web servers such as http://www.dyndns.org/. Without DDNS, we always tell the users to use the WAN IP of the P-660H-Tx v2 to reach our internal server. It is inconvenient for the users if this IP is dynamic.
P-660H-Tx v2 Support Notes and source port for the host. To pass IPSec packets, SUA must understand the ESP packet with protocol number 50, replace the source IP address of the IPSec gateway to the router's WAN IP address. However, SUA should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. 13.
P-660H-Tx v2 Support Notes 15. Why do we perform traffic shaping in the P-660H-Tx v2? The P-660H-Tx v2 must manage traffic fairly and provide bandwidth allocation for different sorts of applications, such as voice, video, and data. All applications have their own natural bit rate. Large data transactions have a fluctuating natural bit rate. The P-660H-Tx v2 is able to support variable traffic among different virtual connections.
P-660H-Tx v2 Support Notes Variable bit rate(VBR): An ATM bandwidth-allocation service that allows users to specify a throughput capacity (i.e., a peak rate) and a sustained rate but data is not sent evenly. You can select VBR for bursty traffic and bandwidth sharing with other applications. It contains two subclasses: Variable bit rate nonreal time (VBR-nRT): Variable bit rate real time (VBR-RT): 18.
P-660H-Tx v2 Support Notes ADSL FAQ 1. How does ADSL compare to Cable modems? ADSL provides a dedicated service over a single telephone line; cable modems offer a dedicated service over a shared media. While cable modems have greater downstream bandwidth capabilities (up to 30 Mbps), that bandwidth is shared among all users on a line, and will therefore vary, perhaps dramatically, as more users in a neighborhood get online at the same time.
P-660H-Tx v2 Support Notes 4. How do I know the ADSL line is up? You can see the DSL LED Green on the P-660H-Tx v2's front panel is on when the ADSL physical layer is up. 5. How does the P-660H-Tx v2 work on a noisy ADSL? Depending on the line quality, the P-660H-Tx v2 uses "Fall Back" and "Fall Forward" to automatically adjust the date rate. 6.
P-660H-Tx v2 Support Notes 8. What are the signaling pins of the ADSL connector? The signaling pins on the P-660H-Tx v2's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable. 9. What is triple play? More and more Telco/ISPs are providing three kinds of services (VoIP, Video and Internet) over one existing ADSL connection. • • • • The different services (such as video, VoIP and Internet access) require different Qulity of Service. The high priority is Voice (VoIP) data.
P-660H-Tx v2 Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. The firewall can be thought of two mechanisms: One to block the traffic, and the other to permit traffic. 2.
P-660H-Tx v2 Support Notes address and protocol. They also 'inspect' the session data to assure the integrity of the connection and to adapt to dynamic protocols. The flexible nature of Stateful Inspection firewalls generally provides the best speed and transparency, however, they may lack the granular application level access control or caching that some proxies support. 4. What kind of firewall is the P-660H-Tx v2? 1. The P-660H-Tx v2's firewall inspects packets contents and IP headers.
P-660H-Tx v2 Support Notes 1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop. 2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND Attacks. 3. Brute-force attacks that flood a network with useless data such as Smurf attack. 4. IP Spoofing 7. What is Ping of Death attack? Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of data allowed by the IP specification.
P-660H-Tx v2 Support Notes 11 What is Brute-force attack? A Brute-force attack, such as 'Smurf' attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker flood a destination IP address of each packet as the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network.
P-660H-Tx v2 Support Notes 1. Change the default Administrator password since it is required when setting up the firewall. 2. Limit who can access to your P-660H-Tx v2’s Web Configurator or CLI. You can enter the IP address of the secured LAN host in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> [Service] ->Secured Client IP to allow special access to your P-660H-Tx v2: The default value in this field is 0.0.0.
P-660H-Tx v2 Support Notes (3) WWW/Telnet service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Advanced -> Remote MGNT: (4)A filter set which blocks WWW/Telnet from WAN is applied to WAN node. You can check by command: wan node index [index #] wan node display 4. Why can't I upload the firmware and configuration file using FTP over WAN? (1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule.
P-660H-Tx v2 Support Notes (2) You have disabled FTP service in Web Configurator, Advanced setup, Advanced -> Remote MGNT. (3) FTP service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Advanced -> Remote MGNT. (4) A filter set which blocks FTP from WAN is applied to WAN node. You can check by command: wan node index [index #] wan node display Log and Alert 1.
P-660H-Tx v2 Support Notes • Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings, check Access Control and Attacks options depending on your real situation. • CI command: sys logs category [access | attack] (2) Enable log function in firewall default policy or in firewall rules. After the above two steps, you can view firewall logs via • Web Configurator: Advanced setup, Maintenance -> Logs ->View Log.
P-660H-Tx v2 Support Notes Application Notes General Application Notes 1. Internet Access Using P-660H-Tx v2 under Bridge mode • • Setup your workstation Setup your P-660H-Tx v2 under bridge mode If the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use P-660H-Tx v2 which works as an ADSL bridge modem to connect to the ISP.
P-660H-Tx v2 Support Notes Setup your P-660H-Tx v2 under bridge mode The following procedure shows you how to configure your P-660H-Tx v2 as bridge mode. We will use Web Configurator to guide you through the related menu. (1) Configure P-660H-Tx v2 as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network -> WAN -> Internet Connection. 28 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes Key Settings: Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. Multiplexing Select the correct Multiplexing type that your ISP supports. For example, LLC. VPI & VCI number Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel Identifier) given to you by your ISP. (2) Turn off DHCP Server and configure a LAN IP for the P-660H-Tx v2 in Web Configurator, Advanced Setup, Network -> LAN.
P-660H-Tx v2 Support Notes Connect the LAN ports of all computers to the LAN Interface of P-660H-Tx v2 using Ethernet cable. (2) TCP/IP configuration Since the P-660H-Tx v2 is set to DHCP server as default, so you need only to configure the workstations as the DHCP clients in the networking settings. In this case, the IP address of the computer is assigned by the P-660H-Tx v2. The P-660H-Tx v2 can also provide the DNS to the clients via DHCP if it is available.
P-660H-Tx v2 Support Notes Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. Multiplexing Select the correct Multiplexing type that your ISP supports. For example, LLC. VPI & VCI number Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel Identifier) given to you by your ISP. IP Address Assignment Set to Dynamic if the ISP provides the IP for the P-660H-Tx v2 dynamically.
P-660H-Tx v2 Support Notes 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) Introduction Generally, SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. However, some applications such as Cu-SeeMe, and ICQ will need to connect to the local user behind the P-660H-Tx v2. In such case, a SUA server must be configured to forward the incoming packets to the true destination behind SUA.
P-660H-Tx v2 Support Notes mIRC None for Chat. For DCC, please set Default/Client IP . Windows PPTP None 1723/client IP ICQ 99a None for Chat. For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting. Default/client IP ICQ 2000b None for Chat None for Chat ICQ Phone 2000b None 6701/client IP None 7648/client IP 7648/client IP & 24032/client IP Default/client IP White Pine 4.
P-660H-Tx v2 Support Notes Network Time Protocol (NTP) None 123 /server IP Win2k Terminal Server None 3389/server IP Remote Anything None 3996 - 4000/client IP None 5500/client IP 5800/client IP 5900/client IP Virtual Network Computing (VNC) AIM (AOL Instant Messenger) None for Chat and IM None for Chat and IM e-Donkey None 4661 - 4662/client IP POLYCOM Video Conferencing None Default/client IP iVISTA 4.
P-660H-Tx v2 Support Notes Configure an Internal Server behind SUA Introduction If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number.
P-660H-Tx v2 Support Notes Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-660H-Tx v2's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information. For example: Configuring an internal Web server for outside access (suppose the Server IP Address is 192.168.1.
P-660H-Tx v2 Support Notes Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Configure a PPTP server behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.
P-660H-Tx v2 Support Notes Window98 PPTP Client / Internet / NT RAS Server Protocol Stack PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter.
P-660H-Tx v2 Support Notes Example The following example shows how to dial to an ISP via the P-660H-Tx v2 and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-660H-Tx v2.
P-660H-Tx v2 Support Notes Select service name as ‘PPTP’, fill in the Server IP Address, then press button ‘Add’. When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achievable, you can place a VPN call from the remote Win9x client. For example: C:\ping 203.66.113.
P-660H-Tx v2 Support Notes 5. Using Full Feature NAT When P-660H-Tx v2 is in Routing mode, you can select NAT Option as Full Feature in Network -> General ->NAT Setup Key Settings: Field Options Description Full Feature When you select this option you can select Address Mapping Set Number 1~8 in the pull-down menu on the right. When you select this option, this remote node will use default SUA Address Mapping Set.
P-660H-Tx v2 Support Notes The P-660H-Tx v2 has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT. You can edit 10 rules for each Address Mapping Set. You can edit the rules for Address Mapping Sets #1 in Web Configurator. The other Address Mapping Sets #2~8 can only be configured in CLI (Command Line Interface).
P-660H-Tx v2 Support Notes IP. Global End This is the ending global IP address (IGA). IP N/A Type Many-to-One and Server This is the NAT mapping types. Here we’ll guide you to configure Address Mapping Sets from Web Configurator and CLI. (Since in Web Configurator we can only edit the rules for Address Mapping Sets #1.
P-660H-Tx v2 Support Notes The following table describes the fields in this screen. Field Description Type 1. One-to-One 2. Many-to-One 3. Many-to-Many You can select one of the five mapping types from the Overload pull-down menu 4. Many-to-Many No Overload 5. Server Start This is the starting local IP address (ILA) Option/Example 0.0.0.0 This is the ending local IP address (ILA). If the rule is Local for all local IPs, then put the Start IP as 0.0.0.0 and the IP End 255.255.255.255 End IP as 255.
P-660H-Tx v2 Support Notes Setp 3: Set NAT address mapping rule for the Address Mapping Set you just configured (Set 2 in this example) by command ‘ip nat addrmap rule [rule#] [insert | edit] [type] [local start IP] [local end IP] [global start IP] [global end IP] [server set #]’. Suppose we set a Many-to-One rule for set 2 by command ‘ip nat addrmap rule 1 edit 1 192.168.1.10 192.168.1.20 172.1.1.1 172.1.1.1’ Setp 4: Save the configuration by command ‘ip nat addrmap save’.
P-660H-Tx v2 Support Notes server sets ip nat server save ip nat server clear [set#] ip nat server edit [rule#] active Save the NAT server set buffer into flash Clear the server set [set#], must use “save” command to let it save into flash Activate the rule [rule#], rule number is 1 to 24, the number 25-36 is for UPNP application ip nat server edit [rule#] svrport to port> ip nat server edit [rule#] remotehost Configure the IP add
P-660H-Tx v2 Support Notes Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail service, while another provides only Web service. The following procedures show how to configure a server behind NAT. Step 1: Login Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding. Step 2: Select the service name from the pull-down menu, and fill in the server Address on ‘Server IP Address’, then click button ‘Add’ to save it.
P-660H-Tx v2 Support Notes could select Full Feature NAT and select an Address Mapping Set with a Many-to-One Rule. See the following figure. (2) Internet Access with an Internal Server In this case, we do exactly as the figure (use the convenient pre-configured SUA Only set) and also go to Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding to specify the Internet Server behind the NAT as 48 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs from the ISP. We have two very busy internal FTP servers and also an internal general server for the web and mail. In this case, we want to assign the 3 IGAs by the following way using 4 NAT rules. • • • • Rule 1 (One-to-One type) to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1 (200.0.0.1).
P-660H-Tx v2 Support Notes Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-660H-Tx v2’s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT -> Address Mapping to begin configuring Address Mapping Set #1. We can see there are 10 blank rule table that could be configured. See the following setup for the four rules in our case.
P-660H-Tx v2 Support Notes Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3 (200.0.0.3). Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu Network -> NAT -> Address Mapping should look as follows now: 51 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes Step 3: Now we configure all other incoming traffic to go to our web server and mail server from Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding: (4) Support Non NAT Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address.
P-660H-Tx v2 Support Notes One rule configured for using Many-to-Many No Overload mapping type is shown below. We can also do this by configure threeOne-to-One mapping type rules. 6. Using the Dynamic DNS (DDNS) • What is DDNS? The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an IP associated with dynamic IPs.
P-660H-Tx v2 Support Notes When the ISP assigns the P-660H-Tx v2 a new IP, the P-660H-Tx v2 must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable. The DDNS servers the P-660H-Tx v2 supports currently is WWW.DYNDNS.ORG where you apply the DNS from and update the WAN IP to. • Setup the DDNS 1.
P-660H-Tx v2 Support Notes For example, zyxel.com.tw. User Name Enter the user name that the DDNS server gives to you. Password Enter the password that the DDNS server gives to you. Enter the hostname for the wildcard function that the Enable Wildcard WWW.DYNDNS.ORG supports. Note that Wildcard option is available only when the provider is http://www.dyndns.org/. 7. Network Management Using SNMP • ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-660H-Tx v2 routers.
P-660H-Tx v2 Support Notes When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager. 6. whyReboot (defined in ZYXEL-MIB) : When the system is going to restart (warmstart), the trap will be sent with the reason of restart before rebooting. (1) For intentional reboot : In some cases (download new files, CI command "sys reboot", ...), reboot is done intentionally. And traps with the message "System reboot by user !" will be sent.
P-660H-Tx v2 Support Notes The SNMP related settings in P-660H-Tx v2 are configured in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> SNMP The following steps describe a simple setup procedure for configuring all SNMP settings. Key Settings: Option Descriptions Enter the correct Get Community. This Get Community must match the Get 'Get-' and 'GetNext' community requested from the NMS. The default is Community 'public'. Enter the correct Set Community.
P-660H-Tx v2 Support Notes 'public'. Enter the IP address of the NMS that you wish to send the traps to. If Trap 0.0.0.0 is entered, the P-660H-Tx v2HW-DX will not send trap any Destination NMS manager. Note: You may need to edit a firewall rule to permit SNMP Packets. 8. Using syslog You can configure it in Web Configurator, Advanced Setup, Maintenance -> Logs -> Log Settings -> Syslog logging. Key Settings: Active: Select it to active UNIX Syslog.
P-660H-Tx v2 Support Notes The P-660H-Tx v2 supports three virtual LAN interfaces via its single physical Ethernet interface. The first network can be configured in Web Configurator, Advanced Setup, Network -> LAN -> DHCP Setup. The second and third networks that we call 'IP Alias 1' and 'IP Alias 2' can be configured in Network -> LAN -> IP Alias. There are three internal virtual LAN interfaces for the P-660H-Tx v2 to route the packets from/to the three networks correctly.
P-660H-Tx v2 Support Notes You can edit filter rule to accept or deny LAN packets from/to the IP alias 1/2 go through the P-660H-Tx v2 by command in CLI: lan index [index number] Usage: index number =1 main LAN 2 IP Alias#1 3 IP Alias#2 lan filter [set#] Usage: set#= the corresponding filter set number you’ve configured lan save • IP Alias Setup (1) Edit the first network in Web Configurator, Advanced Setup, Network -> LAN -> IP/DHCP Setup by configuring the P-660H-Tx
P-660H-Tx v2 Support Notes traffic among multiple paths. For example, if a network has both the Internet and remote node connections, we can route the Web packets to the Internet using one policy and route the FTP packets to the remote LAN using another policy. See the figure below. Use IPPR to distribute traffic among multiple paths • Benefits Source-Based Routing - Network administrators can use policy-based routing to direct traffic from different users through different connections.
P-660H-Tx v2 Support Notes The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A use defines the policies before applying them to an interface or a remote node, in the same fashion as the filters.
P-660H-Tx v2 Support Notes (Set the protocol ID as 6(TCP) for the rule) ip policyrouting set criteria serviceType 0 (Set the criteria type of service as don’t care for this rule) ip policyrouting set criteria precedence 8 (Set the precedence as don’t care for this rule) ip policyrouting set criteria packetlength 0 (Set the packet length as 0 for the rule) ip policyrouting set criteria srcip 192.168.1.2 192.168.1.20 (Set the source IP address for the rule: Start=192.168.1.2, end=192.168.1.
P-660H-Tx v2 Support Notes 11. Using Call Scheduling • What is Call Scheduling? Call scheduling enables the mechanism for the P-660H-Tx v2 to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler ina video recorder which records the program according to the specified time. Users can apply at most 4 schedule sets in Remote Node.
P-660H-Tx v2 Support Notes wan callsch oncedate 2005 12 27 (Set the schedule used just once, it works on 2005-12-27) wan callsch starttime 12 00 (Set the schedule start time as 12:00) wan callsch duration 16 00 (Set schedule duration time as 16 hours) wan callsch action 2 (Set action as dial-on-demand) wan callsch save (Save the current call schedule set) Key Settings: Start Date Start date of this schedule rule. It can be unmatched with weekday setting.
P-660H-Tx v2 Support Notes • Time Service in P-660H-Tx v2 There is no RTC (Real-Time Clock) chip so the P-660H-Tx v2 should launch a mechanism to get current time and date from external server in boot time. Time service is implemented by the Daytime protocol(RFC-867), Time protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then, the P-660H-Tx v2 will get the date, time, and time-zone information from this server.
P-660H-Tx v2 Support Notes needs to be forwarded. At start up, the P-660H-Tx v2 queries all directly connected networks to gather group membership. After that, the P-660H-Tx v2 updates the information by periodic queries. The P-660H-Tx v2 implementation of IGMP is also compatible with version 1. The multicast setting can be turned on or off on Ethernet and remote nodes. • IP Multicast Setup (1) Enable IGMP in P-660H-Tx v2's LAN in Web Configurator, Advanced Setup, Network -> LAN -> IP -> Advanced Setup.
P-660H-Tx v2 Support Notes Fairness-Based is chosen, then the bandwidth is allocated by ratio. Which means if A class needs 300 kbps, B class needs 600 kbps, then the ratio of A and B's actual bandwidth is 1:2. So if we get 450 kbps in total, then A would get 150 kbps, B would get 300 kbps. We select Priority-Based in this example. Key Settings: Check the box to enable BWM on the interface.
P-660H-Tx v2 Support Notes Step 3: You can modify the rule by clicking the button ‘Edit’ on the rule: Key Settings: RuleName Give this rule a name, for example, 'WWW' BW Budget Configure the bandwidth you would like to allocate to this rule Priority Use All Managed Bandwidth Enter a number between 0 and 7 to set the priority of this class. The higher the number, the higher the priority. The default setting is 3.
P-660H-Tx v2 Support Notes Destination Enter the destination subnet mask. Subnet Mask Destination Enter the destination port number of the traffic. Port Source IP Address Source Subnet Mask Enter the IP address of source that meats this class. Note that for traffic from 'LAN to WAN', since BWM is before NAT, you should use the IP address before NAT processing. Enter the destination subnet mask. Source Port Enter the source port number of the traffic.
P-660H-Tx v2 Support Notes services of the line will be. After that, system will save back the correct VPI, VCI and also services (encapsulation) type into profile of WAN interface. • Configure the VC auto-hunting preconfigured table.
P-660H-Tx v2 Support Notes (3) Delete items from the auto-haunting preconfigured table by useing command: wan atm vchunt remove • Using Zero configuration. You can enable/disable Zero Configuration in Network -> WAN -> Advanced Setup: (1) After configure the auto-haunting preconfigured table. You just need a PC connected to the device LAN Ethernet port with the DSL sync up. (2) Open your web browser to access a Web site.
P-660H-Tx v2 Support Notes (4) Basically the zero configuration only work on the VC that was preconigured in the auto-haunting preconfigured table. 15.
P-660H-Tx v2 Support Notes The packet filter function on P-660H-Tx v2 is the same as before, just that you could only configure the filter set and apply them by command in CLI. It’s very complex for common users to do it. So here’s the recommendation: (1) Usually if you want to block special packets, you could edit a firewall rule in Web Configurator.
P-660H-Tx v2 Support Notes • Apply to LAN Interface: lan index [index#] Usage: index#=1 main LAN 2 IP Alias#1 3 IP Alias#2 lan filter Usage: You can apply at most four filter sets to LAN Interface. lan save (3) If you are very advanced user, you could edit filter set by the following command: sys filter set [set#] [rule#] Usage: Set up a filter set index to edit a set.
P-660H-Tx v2 Support Notes mask] the rule sys filter set destport [port#] [compare type = none|equal|notequal|less|greater] sys filter set srcip [address] [subnet mask] Set the destination port and compare type (compare type could be 0(none)|1(equal)|2(not equal)|3(less)|4(greater) ) Set the source IP address and subnet mask sys filter set srcport [port#] [compare Set the source port and compare type (compare type = none|equal|not type could be 0(none)|1(equal)|2(not equal|less|greater] equal)|3(le
P-660H-Tx v2 Support Notes Support Tool 1. LAN/WAN Packet Trace The Prestige packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of Prestige. It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule.
P-660H-Tx v2 Support Notes (2) Trace WAN packet • Disable the capture of the LAN packet by entering: sys trcp channel enet0 none • Enable to capture the WAN packet by entering: sys trcp channel mpoa00 bothway • • • Enable the trace log by entering: sys trcp sw on & sys trcl sw on Display the brief trace online by entering: sys trcd brief Display the detailed trace online by entering: sys trcd parse Example: 78 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes • • Offline Trace Disable the capture of the WAN packet by entering: sys trcp channel mpoa00 none • Enable the capture of the LAN packet by entering: sys trcp channel enet0 bothway • • • • • Enable the trace log by entering: sys trcp sw on & sys trcl sw on Wait for packet passing through the Prestige over LAN Disable the trace log by entering: sys trcp sw off & sys trcl sw off Display the trace briefly by entering: sys trcp brief Display specific packets by using: sys trcp p
P-660H-Tx v2 Support Notes • Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-660H-Tx v2) Step 2: Click the ‘properties’ to configure parameters to telnet to the P-660H-Tx v2. 80 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you’ve captured. 81 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes 2.
P-660H-Tx v2 Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of the ZyNOS firmware that is available in your hard disk. The remote file is the file name that will be saved in Prestige. Check the port number 69 and 512-Octet blocks for TFTP. Check 'Binary' mode for file transfering.
P-660H-Tx v2 Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of your configuration file that is available in your hard disk. The remote file is the file name that will be saved in Prestige. Check the port number 69 and 512-Octet blocks for TFTP. Check 'Binary' mode for file transfering.
P-660H-Tx v2 Support Notes [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-ras] ras <- upload firmware 3. Using FTP to Upload the Firmware and Configuration Files In addition to upload the firmware and configuration file via the console port and TFTP client, you can also upload the firmware and configuration files to the Prestige using FTP. To use this feature, your workstation must have a FTP client software. See the example shown below.
P-660H-Tx v2 Support Notes 'Binary'. Step 2: Press 'OK' to ignore the 'Username' prompt. Step 3: To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file. To upload the configuration file, we transfer the local 'rom-0' to overwrite the remote 'rom-0' file. 86 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes Step 4: The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. 87 All contents copyright © 2006 ZyXEL Communications Corporation.
P-660H-Tx v2 Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: Shows the following commands and all major (sub)commands 1. ? 2. exit Exit Subcommand To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware release.