P-660HN Series Support Notes P-660HN-T1A 802.11n 1x1 Wireless ADSL2+ 4-port Gateway Support Notes Version3.40 Apr. 2010 1 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes FAQ ..................................................................................................................... 6 System FAQ ................................................................................................... 6 1. What’s Multilingual Embedded Web Configurator? ......................... 6 2. How do I access the P-660HN-T1A Command Line Interface (CLI)? ......................................................................................................
P-660HN Series Support Notes 1. How does ADSL compare to Cable modems? ................................ 17 2. What is the expected throughput? ................................................... 17 3. What is the microfilter used for? ...................................................... 17 4. How do I know the ADSL line is up? ................................................ 17 5. How does the P-660HN-T1A work on a noisy ADSL? .................... 17 6.
P-660HN Series Support Notes 4. Where can you find 802.11 wireless networks? ............... 29 5. What is an Access Point? ................................................... 29 6. Is it possible to use wireless products from a variety of vendors? .................................................................................... 29 7. What is Wi-Fi? ....................................................................... 29 8. What types of devices use the 2.4GHz Band? ................. 29 9.
P-660HN Series Support Notes 4. SUA Notes .............................................................................. 43 5. Using Full Feature NAT .......................................................... 52 6. Using the Dynamic DNS (DDNS)........................................... 64 7. QoS(802.1Q) .......................................................................... 66 8. Network Management Using SNMP ...................................... 67 9. Using syslog .....................................
P-660HN Series Support Notes FAQ System FAQ 1. What’s Multilingual Embedded Web Configurator? Multilinggual Embedded Web Configurator means that it can display with 3 kinds of languanges: English, French, and German, Italian. By factory default it displays with English, and you can change it in Web GUI. 2. How do I access the P-660HN-T1A Command Line Interface (CLI)? The Command Line Interface is for the Administrator use only, and it could be accessed via telnet session.
P-660HN Series Support Notes 5. How do I restore P-660HN-T1A configurations by using TFTP client program via LAN? a. Use the TELNET client program in your PC to login to your P-660HN-T1A. b. Enter CI command 'sys stdio 0' disable Stdio idle timeout c. To backup the P-660HN-T1A configurations, use TFTP client program to get file 'rom-0' from the P-660HN-T1A. d. To restore the P-660HN-T1A configurations, use the TFTP client program to put your configuration in file rom-0 in the P-660HN-T1A. 6.
P-660HN Series Support Notes packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it. 9. What is the difference between SUA and Full Feature NAT? There will be three options for you: None SUA Only Full Feature SUA (Single User Account) is a NAT set with 2 rules: Many-to-One and Server.
P-660HN Series Support Notes With SUA, 'visible' servers had to be mapped to different ports, since the servers share only one global IP. But when you select Full Feature, you can make multiple local servers (mapping the same port or not) on the LAN accessible from outside with multiple global IP addresses. Support Non-NAT Friendly Applications Some servers providing Internet applications such as some MIRC servers do not allow users to login using the same IP address.
P-660HN Series Support Notes ILA1<--->IGA1 ILA2<--->IGA2 Many-to-Many ILA3<--->IGA1 Overload ILA4<--->IGA2 ... Many One-to-One Server ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA3 ILA4<--->IGA4 ... Server 1 IP<--->IGA1 Server 2 IP<--->IGA1 13. How many network users can the SUA/NAT support? The Prestige does not limit the number of the users but the number of the sessions. The P-660HN-T1A supports 4k sessions that you can use the 'ip nat session' command in CLI to see.
P-660HN Series Support Notes Action Not Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: For the output data filters: Deny bounce back packet Allow packets that originate from us Filter rule setup: Filter Type =TCP/IP Filter Rule Active =Yes Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z Action Matched =Drop Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.
P-660HN Series Support Notes Product FAQ 1. How can I manage P-660HN-T1A? Multilingual Embedded Web GUI for Local and Remote management CLI (Command-line interface) Telnet support (Administrator Password Protected ) for remote configuration change and status monitoring FTP/ TFTP sever, firmware upgrade and configuration backup and restore are supported(Administrator Password Protected) 2.
P-660HN Series Support Notes 5. What is the micro filter or splitter used for? Generally, the voice band uses the lower frequency ranging from 0 to 4KHz, while ADSL data transmission uses the higher frequency. The micro filter acts as a low-pass filter for your telephone set to ensure that ADSL transmissions do not interfere with your voice transmissions. For the details about how to connect the micro filter please refer to the user's manual. 6.
P-660HN Series Support Notes locations on the Internet. To use the service, you must first apply an account from several free Web servers such as http://www.dyndns.org/. Without DDNS, we always tell the users to use the WAN IP of the P-660HN-T1A to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the P-660HN-T1A, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server.
P-660HN Series Support Notes 13. Why do we perform traffic shaping in the P-660HN-T1A? The P-660HN-T1A must manage traffic fairly and provide bandwidth allocation for different sorts of applications, such as voice, video, and data. All applications have their own natural bit rate. Large data transactions have a fluctuating natural bit rate. The P-660HN-T1A is able to support variable traffic among different virtual connections.
P-660HN Series Support Notes Variable bit rate(VBR): An ATM bandwidth-allocation service that allows users to specify a throughput capacity (i.e., a peak rate) and a sustained rate but data is not sent evenly. You can select VBR for bursty traffic and bandwidth sharing with other applications. It contains two subclasses: Variable bit rate nonreal time (VBR-nRT): Variable bit rate real time (VBR-RT): 16.
P-660HN Series Support Notes ADSL FAQ 1. How does ADSL compare to Cable modems? ADSL provides a dedicated service over a single telephone line; cable modems offer a dedicated service over a shared media. While cable modems have greater downstream bandwidth capabilities (up to 24 Mbps), that bandwidth is shared among all users on a line, and will therefore vary, perhaps dramatically, as more users in a neighborhood get online at the same time.
P-660HN Series Support Notes 6. Does the VC-based multiplexing perform better than the LLC-based multiplexing? Though the LLC-based multiplexing can carry multiple protocols over a single VC, it requires extra header information to identify the protocol being carried on the virtual circuit (VC). The VC-based multiplexing needs a separate VC for carrying each protocol but it does not need the extra headers. Therefore, the VC-based multiplexing is more efficient. 7.
P-660HN Series Support Notes The different services (such as video, VoIP and Internet access) require different Qulity of Service. The high priority is Voice (VoIP) data. The Medium priority is Video (IPTV) data. The low priority is internet access such as ftp etc … Triple Play is a port-based policy to forward packets from different LAN port to different PVCs, thus you can configure each PVC separately to assign different QoS to different application.
P-660HN Series Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. The firewall can be thought of two mechanisms: One to block the traffic, and the other to permit traffic. 2.
P-660HN Series Support Notes Stateful Inspection Firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also 'inspect' the session data to assure the integrity of the connection and to adapt to dynamic protocols.
P-660HN Series Support Notes There are four types of DoS attacks: 1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop. 2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND Attacks. 3. Brute-force attacks that flood a network with useless data such as Smurf attack. 4. IP Spoofing 7.
P-660HN Series Support Notes 11 What is Brute-force attack? A Brute-force attack, such as 'Smurf' attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data. A Smurf hacker flood a destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network.
P-660HN Series Support Notes 1. Change the default Administrator password since it is required when setting up the firewall. 2. Limit who can access to your P-660HN-T1A‟s Web Configurator or CLI. You can enter the IP address of the secured LAN host in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> [Service] ->Secured Client IP to allow special access to your P-660HN-T1A: The default value in this field is 0.0.0.
P-660HN Series Support Notes (2)You have disabled WWW/Telnet service in Web Configurator, Advanced setup, Advanced -> Remote MGNT: (3) WWW/Telnet service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Advanced -> Remote MGNT: (4)A filter set which blocks WWW/Telnet from WAN is applied to WAN node. You can check by command: wan node index [index #] wan node display 4.
P-660HN Series Support Notes (2) You have disabled FTP service in Web Configurator, Advanced setup, Advanced -> Remote MGNT. (3) FTP service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Advanced -> Remote MGNT. (4) A filter set which blocks FTP from W AN is applied to WAN node. You can check by command: wan node index [index #] wan node display Log and Alert 1.
P-660HN Series Support Notes Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings, check Access Control and Attacks options depending on your real situation. CI command: sys logs category [access | attack] (2) Enable log function in firewall default policy or in firewall rules. After the above two steps, you can view firewall logs via Web Configurator: Advanced setup, Maintenance -> Logs ->View Log.
P-660HN Series Support Notes Wireless FAQ General FAQ 1. What is a Wireless LAN? Wireless LANs provide all the functionality of wired LANs, without the need for physical connections (wires). Data is modulated onto a radio frequency carrier and transmitted through the ether. Typical bit-rates are 11Mbps and 54Mbps, although in practice data throughput is half of this. Wireless LANs can be formed simply by equipping PC's with wireless NICs.
P-660HN Series Support Notes The speed of Wireless LAN is still relatively slower than wired LAN. The setup cost of Wireless LAN is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables. 4. Where can you find 802.11 wireless networks? Airports, hotels, and even coffee shops like Starbucks are deploying 802.11 networks, so people can wirelessly surf the Internet with their laptops. 5.
P-660HN Series Support Notes 802.11b), cordless phones, wireless medical telemetry equipment and Bluetooth™ short-range wireless applications, which include connecting printers to computers and connecting modems or hands-free kits to mobile phones. 9. Does the 802.11 interfere with Bluetooth device? Any time devices are operated in the same frequency band, there is the potential for interference. Both the 802.11b/g and Bluetooth devices occupy the same2.4-to-2.
P-660HN Series Support Notes 12. What's the difference between a WLAN and a WWAN? WLANs are generally privately owned, wireless systems that are deployed in a corporation, warehouse, hospital, or educational campus setting. Data rates are high and there are no per-packet charges for data transmission. WWANs are generally publicly shared data networks designed to provide coverage in metropolitan areas and along traffic corridors. WWANs are owned by a service provider or carrier.
P-660HN Series Support Notes Advanced FAQ 1. What is Ad Hoc mode? A wireless network consists of a number of stations without using an access point or any connection to a wired network. 2. What is Infrastructure mode? Infrastructure mode implies connectivity to a wired communications infrastructure. If such connectivity is required the Access Points must be used to connect to the wired LAN backbone.
P-660HN Series Support Notes single "logical channel". To an unsynchronised receiver an FHSS transmission appears to be short-duration impulse noise. 802.11 may use FHSS or DSSS. 6. Do I need the same kind of antenna on both sides of a link? No. Provided the antenna is optimally designed for 2.4GHz or 5GHz operation. WLAN NICs often include an internal antenna which may provide sufficient reception. 7. Why the 2.
P-660HN Series Support Notes Wired Equivalent Privacy. WEP is a security mechanism defined within the 802.11 standard and designed to make the security of the wireless medium equal to that of a cable (wire). WEP data encryption was designed to prevent access to the network by "intruders" and to prevent the capture of wireless LAN traffic through eavesdropping.
P-660HN Series Support Notes packets.The SSID is in the beacon and probe management messages and SSID goes over the air in clear text. This makes obtaining the SSID easy by sniffing 802.11n wireless traffic. 8. By turning off the broadcast of SSID, can someone still sniff the SSID? Many APs by default have broadcasting the SSID turned on. Sniffers typically will find the SSID in the broadcast beacon packets.
P-660HN Series Support Notes Application Notes General Application Notes 1. Internet Access Using P-660HN-T1A under Bridge mode Setup your workstation Setup your P-660HN-T1A under bridge mode If the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use P-660HN-T1A which works as an ADSL bridge modem to connect to the ISP.
P-660HN Series Support Notes Setup your P-660HN-T1A under bridge mode The following procedure shows you how to configure your P-660HN-T1A as bridge mode. We will use Web Configurator to guide you through the related menu. 1. Retrieve Prestige Web Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either use http://192.168.1.
P-660HN Series Support Notes 2. Login first The default username and password is the default SMT password '1234'. (1) Configure P-660HN-T1A as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network -> WAN -> Internet Connection. Key Settings: Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. 38 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Multiplexing Select the correct Multiplexing type that your ISP supports. For example, LLC. VPI & VCI Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel number Identifier) given to you by your ISP. (2) Turn off DHCP Server and configure a LAN IP for the P-660HN-T1A in Web Configurator, Advanced Setup, Network -> LAN. We use 192.168.1.
P-660HN Series Support Notes Set up your P-660HN-T1A under routing mode The following procedure shows you how to configure your P-660HN-T1A as Routing mode for routing traffic. We will use Web Configurator to guide you through the related menu. (1) Configure P-660HN-T1A as routing mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network -> WAN -> 40 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Internet Connection. Key Settings: Option Encapsulation Multiplexing Description Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. Select the correct Multiplexing type that your ISP supports. For example, LLC. VPI & VCI Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel number Identifier) given to you by your ISP. IP Address Assignment Set to Dynamic if the ISP provides the IP for the P-660HN-T1A dynamically.
P-660HN Series Support Notes (2) Configure a LAN IP for the P-660HN-T1A and the DHCP settings in Web Configurator, Advanced Setup, Network -> LAN. 3. Setup the P-660HN-T1A as a DHCP Relay What is DHCP Relay? DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P-660HN-T1A supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the LAN clients.
P-660HN Series Support Notes Ip dhcp enif0 relay server [Server IP Address] 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) Introduction Generally, SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. However, some applications such as Cu-SeeMe, and ICQ will need to connect to the local user behind the P-660HN-T1A.
P-660HN Series Support Notes SMTP None 25/client IP mIRC None for Chat. For DCC, please set Default/Client IP . Windows PPTP None 1723/client IP ICQ 99a None for Chat. For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting. Default/client IP ICQ 2000b None for Chat None for Chat ICQ Phone 2000b None 6701/client IP Cornell 1.1 Cu-SeeMe None 7648/client IP White Pine 3.1.
P-660HN Series Support Notes Net2Phone None 6701/client IP Network Time Protocol (NTP) None 123 /server IP Win2k Terminal Server None 3389/server IP Remote Anything None 3996 - 4000/client IP None 5500/client IP 5800/client IP 5900/client IP Virtual Network Computing (VNC) AIM (AOL Instant Messenger) None for Chat and IM None for Chat and IM e-Donkey None 4661 - 4662/client IP POLYCOM Video Conferencing None Default/client IP None 80/server IP iVISTA 4.
P-660HN Series Support Notes Configure an Internal Server behind SUA Introduction If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number.
P-660HN Series Support Notes To make a server visible to the outside world, specify the port number of the service and the inside address of the server in Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-660HN-T1A's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information. For example: Configuring an internal Web server for outside access (suppose the Server IP Address is 192.168.1.
P-660HN Series Support Notes Service Port Number FTP 21 Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Configure a PPTP server behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
P-660HN Series Support Notes Window98 PPTP Client / Internet / NT RAS Server Protocol Stack PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter.
P-660HN Series Support Notes Example The following example shows how to dial to an ISP via the P-660HN-T1A and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-660HN-T1A.
P-660HN Series Support Notes Select service name as „PPTP‟, fill in the Server IP Address, then press button „Add‟. When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achievable, you can place a VPN call from the remote Win9x client. For example: C:\ping 203.66.113.
P-660HN Series Support Notes 5. Using Full Feature NAT When P-660HN-T1A is in Routing mode, you can select NAT Option as Full Feature in Network -> NAT -> General: Key Settings: Field Options Description Full Feature When you select this option you can select Address Mapping Set Number 1~8 in the pull-down menu on the right. SUA Only When you select this option, this remote node will use default SUA Address Mapping Set.
P-660HN Series Support Notes The P-660HN-T1A has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT. You can edit 10 rules for each Address Mapping Set. You can edit the rules for Address Mapping Sets #1 in Web Configurator. The other Address Mapping Sets #2~8 can only be configured in CLI (Command Line Interface).
P-660HN Series Support Notes IP. Global End This is the ending global IP address (IGA). IP N/A Type Many-to-One and Server This is the NAT mapping types. Here we‟ll guide you to configure Address Mapping Sets from Web Configurator and CLI. (Since in Web Configurator we can only edit the rules for Address Mapping Sets #1.
P-660HN Series Support Notes The following table describes the fields in this screen. Field Description Option/Example 1. One-to-One 2. Many-to-One 3. Many-to-Many You can select one of the five mapping types from the Overload pull-down menu 4. Many-to-Many No Overload 5. Server Type Start This is the starting local IP address (ILA) Local IP 0.0.0.0 This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End 255.255.255.255 End IP as 255.
P-660HN Series Support Notes Setp 3: Set NAT address mapping rule for the Address Mapping Set you just configured (Set 2 in this example) by command „ip nat addrmap rule [rule#] [insert | edit] [type] [local start IP] [local end IP] [global start IP] [global end IP] [server set #]‟. Suppose we set a Many-to-One rule for set 2 by command „ip nat addrmap rule 1 edit 1 192.168.1.10 192.168.1.20 172.1.1.1 172.1.1.1‟ Setp 4: Save the configuration by command „ip nat addrmap save‟.
P-660HN Series Support Notes server sets ip nat server save ip nat server clear [set#] ip nat server edit [rule#] active Save the NAT server set buffer into flash Clear the server set [set#], must use “save” command to let it save into flash Activate the rule [rule#], rule number is 1 to 24, the number 25-36 is for UPNP application ip nat server edit [rule#] svrport to port> ip nat server edit [rule#] remotehost Configure the IP a
P-660HN Series Support Notes Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail service, while another provides only Web service. The following procedures show how to configure a server behind NAT. Step 1: Login Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding. Step 2: Select the service name from the pull-down menu, and fill in the server Address on „Server IP Address‟, then click button „Add‟ to save it.
P-660HN Series Support Notes could select Full Feature NAT and select an Address Mapping Set with a Many-to-One Rule. See the following figure. (2) Internet Access with an Internal Server In this case, we do exactly as the figure (use the convenient pre-configured SUA Only set) and also go to Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding to specify the Internet Server behind the NAT as 59 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs from the ISP. We have two very busy internal FTP servers and also an internal general server for the web and mail. In this case, we want to assign the 3 IGAs by the following way using 4 NAT rules. Rule 1 (One-to-One type) to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1 (200.0.0.1).
P-660HN Series Support Notes Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-660HN-T1A‟s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT -> Address Mapping to begin configuring Address Mapping Set #1. We can see there are 10 blank rule table that could be configured. See the following setup for the four rules in our case.
P-660HN Series Support Notes Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3 (200.0.0.3). Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu Network -> NAT -> Address Mapping should look as follows now: 62 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 3: Now we configure all other incoming traffic to go to our web server and mail server from Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding: (4) Support Non NAT Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address.
P-660HN Series Support Notes One rule configured for using Many-to-Many No Overload mapping type is shown below. We can also do this by configure threeOne-to-One mapping type rules. 6. Using the Dynamic DNS (DDNS) What is DDNS? The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an IP associated with dynamic IPs.
P-660HN Series Support Notes IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable. The DDNS servers the P-660HN-T1A supports currently is WWW.DYNDNS.ORG where you apply the DNS from and update the WAN IP to. Setup the DDNS 1. Before configuring the DDNS settings in the P-660HN-T1A, you must register an account from the DDNS server such as WWW.DYNDNS.ORG first.
P-660HN Series Support Notes 7. QoS(802.1Q) The QoS General Screen Click Advanced > QoS to open the screen as shown next.Use this screen to enable or disable QoS, and select to have the ZyXEL Device automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
P-660HN Series Support Notes 8. Network Management Using SNMP ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-660HN-T1A routers. It is implemented based on the SNMPv1, so it will be able to communicate with SNMPv1 NMSs. Further, users can also add ZyXEL's private MIB in the NMS to monitor and control additional system variables. The ZyXEL's private MIB tree is shown in figure 3.
P-660HN Series Support Notes If any link of IDSL or WAN is up, the trap will be sent with the port number . The port number is its interface index under the interface group. 5. authenticationFailure (defined in RFC-1215) : When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager. 6. whyReboot (defined in ZYXEL-MIB) : When the system is going to restart (warmstart), the trap will be sent with the reason of restart before rebooting.
P-660HN Series Support Notes Downloading ZyXEL's private MIB Configure the P-660HN-T1A for SNMP The SNMP related settings in P-660HN-T1A are configured in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> SNMP The following steps describe a simple setup procedure for configuring all SNMP settings. Note: You may need to edit a firewall rule to permit SNMP Packets. 9. Using syslog 69 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes You can configure it in Web Configurator, Advanced Setup, Maintenance -> Logs -> System Log. 10. Using IP Alias What is IP Alias ? In a typical environment, a LAN router is required to connect two local networks. The P-660HN-T1A can connect three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal router is not required.
P-660HN Series Support Notes networks that we call 'IP Alias 1' and 'IP Alias 2' can be configured in Network -> LAN -> IP Alias. There are three internal virtual LAN interfaces for the P-660HN-T1A to route the packets from/to the three networks correctly. They are enif0 for the major network, enif0:0 for the IP alias 1 and enif0:1 for the IP alias 2. Therefore, three routes are created in the P-660HN-T1A as shown below when the three networks are configured.
P-660HN Series Support Notes Key Settings: DHCP Setup If the P-660HN-T1A's DHCP server is enabled, the IP pool for the clients can be any of the three networks. TCP/IP Setup Enter the first LAN IP address for the P-660HN-T1A. This will create the first route in the enif0 interface. (2) Edit the second and third networks in Network -> LAN -> IP Alias by configuring the P-660HN-T1A's second and third LAN IP addresses.
P-660HN Series Support Notes Use IPPR to distribute traffic among multiple paths Benefits Source-Based Routing - Network administrators can use policy-based routing to direct traffic from different users through different connections. Quality of Service (QoS)- Organizations can differentiate traffic by setting the precedence or TOS (Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.
P-660HN Series Support Notes interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set. Setup the IP Policy Routing Setp 1: Set the index of IP routing policy set rule by command „ip policyrouting set index [set#] [rule#]‟. Suppose set#=1, rule#=1 in this example.
P-660HN Series Support Notes ip policyrouting set criteria packetlength 0 (Set the packet length as 0 for the rule) ip policyrouting set criteria srcip 192.168.1.2 192.168.1.20 (Set the source IP address for the rule: Start=192.168.1.2, end=192.168.1.20) ip policyrouting set criteria srcport 0 (Set the source port for the rule: Start=0) ip policyrouting set criteria destip 0.0.0.0 (Set the destination port for the rule: Start=0.0.0.
P-660HN Series Support Notes just like the scheduler ina video recorder which records the program according to the specified time. Users can apply at most 4 schedule sets in Remote Node. The remote node configured with the schedule set could be "Forced On", "Forced Down", "Enable Dial-On-Demand", or "Disable Dial-On-Demand" on specified date and time.
P-660HN Series Support Notes (Set schedule duration time as 16 hours) wan callsch action 2 (Set action as dial-on-demand) wan callsch save (Save the current call schedule set) Key Settings: Start date of this schedule rule. It can be unmatched with weekday setting. For example, if Start Date is 2000/10/02(Monday), but Monday Start Date setting in weekday can be No. The node will always keep up during the setting period. It is equivalent Forced On to diable the idel timeout.
P-660HN Series Support Notes protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then, the P-660HN-T1A will get the date, time, and time-zone information from this server. You can configure it in Web Configurator, Advanced Setup, Maintenance -> System -> Time Setting. 13. Using IP Multicast What is IP Multicast ? Traditionally, IP packets are transmitted in two ways - unicast or broadcast.
P-660HN Series Support Notes P-660HN-T1A supports IGMP v1 ,v2 and IGMP v3 without source filtering. IP Multicast Setup (1) Enable IGMP in P-660HN-T1A's LAN in Web Configurator, Advanced Setup, Network -> LAN -> IP -> Advanced Setup. (2) Enable IGMP in P-660HN-T1A's remote node in Web Configurator, Advanced Setup, Network -> WAN ->Internet Connection -> Advanced Setup. Key Settings: Multicast IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. IGMP-v3 for IGMP version 3 14.
P-660HN Series Support Notes services the ISP may provide. Because ADSL is based on a ATM network, so system have to pre-configured a VPI/VCI hunting pool before Auto-Configure function begins to work. The Zero-Configuration feature can hunt the encapsulation and VPI/VCI value, and system will automatically configure itself if the hunting result is successfully. This feature has two constraints: 1. It supports the ISP provides one kind of service (PPPoE/PPPoA, etc.
P-660HN Series Support Notes For example: (1) If you need service PPPoE/LLC and Enet/LLC then the service bits will be 2+32 = 34 (decimal) = 22 (hex), you must input 22 (2) If you want to enable all service for VC hunting, the service bits will be 1+2+4+8+16+32=63(decimal)= 3f (hex), you must input 3f Need to perform save after this by command „wan atm vchunt save‟ (3) Delete items from the auto-haunting preconfigured table by useing command: wan atm vchunt remove 15.
P-660HN Series Support Notes The packet filter function on P-660HN-T1A is the same as before, just that you could only configure the filter set and apply them by command in CLI. It‟s very complex for common users to do it. So here‟s the recommendation: (1) Usually if you want to block special packets, you could edit a firewall rule in Web Configurator.
P-660HN Series Support Notes Apply to LAN Interface: lan index [index#] Usage: index#=1 main LAN 2 IP Alias#1 3 IP Alias#2 lan filter Usage: You can apply at most four filter sets to LAN Interface. lan save (3) If you are very advanced user, you could edit filter set by the following command: sys filter set [set#] [rule#] Usage: Set up a filter set index to edit a set.
P-660HN Series Support Notes mask] the rule sys filter set destport [port#] [compare type = none|equal|notequal|less|greater] sys filter set srcip [address] [subnet mask] Set the destination port and compare type (compare type could be 0(none)|1(equal)|2(not equal)|3(less)|4(greater) ) Set the source IP address and subnet mask sys filter set srcport [port#] [compare Set the source port and compare type (compare type = none|equal|not type could be 0(none)|1(equal)|2(not equal|less|greater] equal)|3(
P-660HN Series Support Notes 85 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Wireless Application Notes 1. Configure a Wireless Client to Ad hoc mode Ad hoc Introduction What is Ad Hoc mode? Ad hoc mode is a wireless network consists of a number of stations without access points.
P-660HN Series Support Notes Step 3: Select Ad hoc from the operation mode pull down menu, fill you an SSID and select a channel you want to use than press OK to apply. Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. 87 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 5: From general tab select TCP/IP and click property 88 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 6: Fill in your network IP address and subnet mask and click OK to finish. Configuration for Wireless Station B To configure Ad hoc mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following step. Step1: Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. Step 2: Select configuration tab. 89 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 3: Select Ad hoc from the operation mode pull down menu, fill you an SSID and select a channel you want to use than press OK to apply. Step 4: Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. 90 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 5: From general tab select TCP/IP and click property 91 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 6: Fill in your network IP address and subnet mask and click OK to finish. Step 7: Station A now are able to connect to Station B. 2. MAC Filter MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs. ZyXEL's APs provide the capability for checking MAC address of the station before allowing it to connect to the network.
P-660HN Series Support Notes ZyXEL MAC Filter Implementation ZyXEL's MAC Filter Implementation allows users to define a list to allow or block association from STAs. The filter set allows users to input 12 entries in the list. If Allow Association is selected, all other STAs which are not on the list will be denied. Otherwise, if Deny Association is selected, all other STAs which are not on the list will be allowed for association. Users can choose either way to configure their filter rule.
P-660HN Series Support Notes hosts with MAC addresses configured in this list will be blocked. MAC Address This field specifies those MAC Addresses that you want to add in the list. 3. Setup WEP (Wired Equivalent Privacy) Introduction The 802.11 standard describes the communication that occurs in wireless LANs.
P-660HN Series Support Notes Step 2: Set up WEP Key in the Web Configurator. You need to set the one of the following parameters: o o o o o o 64-bit WEP key (secret key) with 5 characters 64-bit WEP key (secret key) with 10 hexadecimal digits 128-bit WEP key (secret key) with 13 characters 128-bit WEP key (secret key) with 26 hexadecimal digits 256-bit WEP key (secret key) with 29 characters 256-bit WEP key (secret key) with 58 hexadecimal digits There are two ways you can configure the WEP Key.
P-660HN Series Support Notes (2) You can also put in an arbitrary sequence of characters in the „Passphrase‟ and then press button „Generate‟ to let the P-660HN-T1A generate WEP Key for you: Setting up the Station Step 1: Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. The utility will pop up on your windows screen: 96 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> …… to start the utility. Step 2: Select the 'Configuration' tab. Select „Set Security‟ to configure encryption type and parameters correspond with access point. 97 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Note: You should select Key 1 as default Transmit Key, since the P-660HN-T1A is supposed to use Key 1 by default. Key settings The WEP Encryption type of station has to equal to the access point. Check 'ASCII' field for characters WEP key or uncheck 'ASCII' field for Hexadecimal digits WEP key. Hexadecimal digits don't need to preceded by '0x'. For example: 64-bits with characters WEP key : Key1= 2e3f4 64-bits with hexadecimal digits WEP key : Key1= 123456789A 4.
P-660HN Series Support Notes Site survey can help us overcome these problem and even provide us a map of RF coverage of the facility. Preparation Below are the steps to complete a simple site survey with simple tools. 1. First you will need to obtain a facility diagram, such as blueprints. This is for you to mark and take record on. 2.
P-660HN Series Support Notes Step 4: It's always a good idea to start with putting the access point at the corner of the room and walk away from the access point in a systematic manner. Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone. 100 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 5: When you reach the farthest point of connection mark the spot. Now you move the access point to this new spot as have already determine the farthest point of the access point installation spot if wireless service is required from corner of the room. Step 6: Repeat step 1~5 and now you should be able to mark an RF coverage area as illustrated in above picutre.
P-660HN Series Support Notes Note: If there are more than one access point is needed be sure to make the adjacent access point service area over lap one another. So the wireless station is able to roam. For more information please refer to roaming at 5. Configure 802.1x and WPA What is the WPA Functionality? Configuration for Access Point Configuration for your PC What is WPA Functionality? Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft.
P-660HN Series Support Notes the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extend initialization vector (IV) with sequencing rules and a re-keying mechanism. If you do not have an external RADIUS, server, you should use WPA-PSK (WPA Pre-Share Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client.
P-660HN Series Support Notes Configuration for your PC Step 1: Double click on your wireless utility icon in your windows task bar, the utility will pop up on your windows screen. Step 2: Select the configuration tab, type in the SSID (Service Set Identifier), select the operating Mode as Infrastructure, and select proper channel. Step 3: Click Set Security to configure the security parameters: 104 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 4: Click OK for finish, and begin to Site survey. Connect to the AP as you have configured. 105 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 5: Click Link Info tab, if the PC associated and authenticated with AP successfully, we will see the following information. 6. The WPS/WLAN Button You can use the WPS WLAN ON/OFF button to turn the wireless LAN off or on. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. 1. Turn the Wireless LAN Off or On (1) Make sure the POWER LED is on (not blinking).
P-660HN Series Support Notes Support Tool 1. LAN/WAN Packet Trace The Prestige packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of Prestige. It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule.
P-660HN Series Support Notes (2) Trace WAN packet Disable the capture of the LAN packet by entering: sys trcp channel enet0 none Enable to capture the WAN packet by entering: sys trcp channel mpoa00 bothway Enable the trace log by entering: sys trcp sw on & sys trcl sw on Display the brief trace online by entering: sys trcd brief Display the detailed trace online by entering: sys trcd parse Example: 108 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Offline Trace Disable the capture of the WAN packet by entering: sys trcp channel mpoa00 none Enable the capture of the LAN packet by entering: sys trcp channel enet0 bothway Enable the trace log by entering: sys trcp sw on & sys trcl sw on Wait for packet passing through the Prestige over LAN Disable the trace log by entering: sys trcp sw off & sys trcl sw off Display the trace briefly by entering: sys trcp brief Display specific packets by using: sys trcp
P-660HN Series Support Notes Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-660HN-T1A) Step 2: Click the „properties‟ to configure parameters to telnet to the P-660HN-T1A. 110 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you‟ve captured. 111 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes 2.
P-660HN Series Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of the firmware that is available in your hard disk. The remote file is the file name that will be saved in Prestige. Check the port number 69 and 512-Octet blocks for TFTP. Check 'Binary' mode for file transfering.
P-660HN Series Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of your configuration file that is available in your hard disk. The remote file is the file name that will be saved in Prestige. Check the port number 69 and 512-Octet blocks for TFTP. Check 'Binary' mode for file transfering.
P-660HN Series Support Notes [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-ras] ras <- upload firmware 3. Using FTP to Upload the Firmware and Configuration Files In addition to upload the firmware and configuration file via the console port and TFTP client, you can also upload the firmware and configuration files to the Prestige using FTP. To use this feature, your workstation must have a FTP client software. See the example shown below.
P-660HN Series Support Notes 'Binary'. Step 2: Press 'OK' to ignore the 'Username' prompt. Step 3: To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file. To upload the configuration file, we transfer the local 'rom-0' to overwrite the remote 'rom-0' file. 116 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes Step 4: The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. 117 All contents copyright © 2010 ZyXEL Communications Corporation.
P-660HN Series Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: 1. ? Shows the following commands and all major (sub)commands 2. exit Exit Subcommand To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware release.
