P-660 Series Support Notes P-660 Series Support Notes (For P-660R/H/HW-6x/Tx and P-660H-Dx) Version 3.40 Dec. 2005 1 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes ZYNOS FAQ.......................................................................................................................................6 1. What is ZyNOS?..........................................................................................................................6 2. How do I access the Prestige SMT menu? ..................................................................................6 3.
P-660 Series Support Notes 7. How do I know the details of my ADSL line statistics?.............................................................17 8.What are the possible reasons when the ADSL link is down?....................................................18 9.What are the signaling pins of the ADSL connector? ................................................................18 FIREWALL FAQ (FOR P-660 H/HW ONLY) ....................................................................................19 General..
P-660 Series Support Notes What is Multi-NAT? ................................................................................................................................. 41 NAT Mapping Types................................................................................................................................. 42 SUA Versus NAT ...................................................................................................................................... 43 SMT Menus ....................
P-660 Series Support Notes Preparation ............................................................................................................................................ 133 Survey on Site......................................................................................................................................... 134 6. Using VPN over Wireless LAN ...............................................................................................136 1. Setup Sentinel........................
P-660 Series Support Notes ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all Prestige routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites as they become available. 2.
P-660 Series Support Notes a. b. c. d. Enter debug mode when powering on the Prestige using a terminal emulator Enter 'ATUR' to start the uploading Use X-modem protocol to transfer the ZyNOS code Enter 'ATGO' to restart the Prestige 6. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN? The Prestige allows you to transfer the firmware to Prestige by using TFTP program via LAN. The procedure for uploading ZyNOS via TFTP is as follows. a.
P-660 Series Support Notes a. Use the Web Configurator. b. Use the RESET button on the rear panel of P-660 to reset the router. After the router is reset, the LAN IP address and the SMT password will be reset to '192.168.1.1' and '1234'. So now you can reach the router through console port or telnet again. c. Upload the default ROMFILE via console port to reset the SMT to factory default. After uploading ROMFILE, the default system password is '1234'. 10. How to use the Reset button? a.
P-660 Series Support Notes 13. Is it possible to access a server running behind SUA from the outside Internet? If possible, how? Yes, it is possible because P-660 delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured in Menu 15.2.1 - NAT Server Setup. 14.
P-660 Series Support Notes 4. Many One-to-One In Many One-to-One mode, the P-660 maps each ILA to unique IGA. 5. Server In Server mode, the P-660 maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the Oneto-One mode. The following table summarizes these types.
P-660 Series Support Notes In ZyNOS, you can not mix different filter groups in the same filter set. 19. How can I protect against IP spoofing attacks? The Prestige's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows: For the input data filter: • • Deny packets from the outside that claim to be from the inside Allow everything that is not spoofing us Filter rule setup: • • • • • • Filter type =TCP/IP Filter Rule Active =Yes Source IP Addr =a.b.c.
P-660 Series Support Notes General FAQ 1. How can I manage P-660? Menu driven user interface for easy network management Local and remote console management Web configurator Telnet remote management 12 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes TFTP (Trivial File Transfer Protocol) and FTP firmware upgrade and configuration backup and restore 2. What is the default user name and password to loging web configurator? The default user name is 'admin' and password is '1234'. You can change the password when login to web configurator in the Advanced Setup->Password menu. Please record your new password whenever you change it. The system will lock you out if you have forgotten your password. 3.
P-660 Series Support Notes sheet given by the ISP. Please choose PPPoE as the encapsulation type in the P-660 if the ISP uses PPPoE. 7. Why does my provider use PPPoE? PPPoE emulates a familiar Dial-Up connection. It allows your ISP to provide services using their existing network configuration over the broadband connections. Besides, PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management. 8.
P-660 Series Support Notes 11. Can the P-660's SUA handle IPSec packets sent by the IPSec gateway? Yes, the P-660's SUA can handle IPSec ESP Tunneling mode. We know when packets go through SUA, SUA will change the source IP address and source port for the host. To pass IPSec packets, SUA must understand the ESP packet with protocol number 50, replace the source IP address of the IPSec gateway to the router's WAN IP address.
P-660 Series Support Notes The P-660 holds the parameters for shaping the traffic among its virtual channels. If you do not need traffic shaping, please set SCR = 0, MBS = 0 and PCR as the maximum value according to the line rate (for example, 2.3 Mbps line rate will result PCR as 5424 cell/sec.) 15.Why do we perform traffic shaping in the P-660 ? The P-660 must manage traffic fairly and provide bandwidth allocation for different sorts of applications, such as voice, video, and data.
P-660 Series Support Notes it will not catch up with telephone lines for many years. Additionally, many of the older cable networks are not capable of offering a return channel; consequently, such networks will need significant upgrading before they can offer high bandwidth services. 2. What is the expected throughput? In our test, we can get about 1.6Mbps data rate on 15Kft using the 26AWG loop. The shorter the loop, the better the throughput. Besides, please do not stay in menu 24.
P-660 Series Support Notes CI> wan adsl linedata far CI> wan adsl linedata near 8.What are the possible reasons when the ADSL link is down? The physical ADSL line may not be up if: (1) The DSLAM is not Alcatel. (2) If it is Alcatel, the firmware version should be above 3.1. 9.What are the signaling pins of the ADSL connector? The signaling pins on the P-660's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable. 18 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Firewall FAQ (For P-660 H/HW Only) General 1. What is a network firewall? A firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. The firewall can be thought of two mechanisms. One to block the traffic, and the other to permit traffic. 2.
P-660 Series Support Notes generally provides the best speed and transparency, however, they may lack the granular application level access control or caching that some proxies support. 4. What kind of firewall is the P-660? 1. The P-660's firewall inspects packets contents and IP headers. It is applicable to all protocols, that understands data in the packet is intended for other layers, from network layer up to the application layer. 2. The P-660's firewall performs stateful inspection.
P-660 Series Support Notes 7. What is Ping of Death attack? Ping of Death uses a 'PING' utility to create an IP packet that exceeds the maximum 65535 bytes of data allowed by the IP specification. The oversize packet is then sent to an unsuspecting system. Systems may crash, hang, or reboot. 8. What is Teardrop attack? Teardrop attack exploits weakness in the reassemble of the IP packet fragments. As data is transmitted through a network, IP packets are often broken up into smaller chunks.
P-660 Series Support Notes 12. What is IP Spoofing attack? Many DoS attacks also use IP Spoofing as part of their attack. IP Spoofing may be used to break into systems, to hide the hacker's identity, or to magnify the effect of the DoS attack. IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the trusted network.
P-660 Series Support Notes the firewall off (Menu 21.2) or create a firewall rule to allow Telnet connection from WAN. The WAN-to-LAN ACL summary will look like as shown below. Source IP= Telnet host Destination IP= router' WAN IP Service= TCP/23 Action=Forward 2. You have disabled Telnet service in Menu 24.11. 3. Telnet service is enabled but your host IP is not the secured host entered in Menu 24.11. In this case, the error message 'Client IP is not allowed!' is appeared on the Telnet screen. 4.
P-660 Series Support Notes 00> means the LAN-to-WAN default ACL set, <2, 00> means the WAN-to-LAN default ACL set. 2. What does the log show to us? The log supports up to 128 entries. There are 2 rows and 5 columns for each entry. Please see the example shown below. # Time Packet Information Reason Action 127|Mar 15 0 |From:192.168.1.34 To:202.132.155.93 |default permit |forward | 03:03:54|ICMP type:00008 code:00000 |<1,00> | Where stands for . X=1,2 ; Y=00~10.
P-660 Series Support Notes You can also view Centralized logs via mail or syslog, please configure mail server or Unix Syslog server in Advanced/Logs/Log Settings. 4. When does the P-660 generate the firewall alert? The P-660 generates the alert when an attack is detected by the firewall and sends it via Email. So, to send the alert you must configure the mail server and Email address using Web Configurator. You can also specify how frequently you want to receive the alert via Web Configurator. 5.
P-660 Series Support Notes 1. Internet Access Using P-660 under Bridge mode • • Setup your workstation Setup your P-660 under bridge mode If the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use P-660 which works as an ADSL bridge modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet.
P-660 Series Support Notes Setup your P-660 under bridge mode The following procedure shows you how to configure your P-660 as an ADSL Modem for bridging traffic. We will use SMT menu to guide you through the related menu. You can use console or Telnet for finishing these configurations. 1. Configure P-660 as bridge mode in Menu 1 General Setup. Menu 1 – General setup System name=P-660 Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= No Bridge= Yes 2.
P-660 Series Support Notes Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= None Version= N/A Multicast= None IP Policies= Edit IP Alias= No 3. Configure for Internet setup in Menu 11-Remote Node Profile. Menu 11.
P-660 Series Support Notes Menu 11.6 - Remote Node ATM Layer Options VPI #= 0 VCI #= 33 ATM QoS Type= CBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 Key Settings: Option Description VPI & VCI number Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel Identifier) given to you by your ISP. 2.
P-660 Series Support Notes address of the computer is assigned by the P-660. The P-660 can also provide the DNS to the clients via DHCP if it is available. For this setup in Windows, we check the option 'Obtain an IP address automatically' in its TCP/IP setup. Please see the example shown below. Set up your P-660 The following procedure shows you how to configure your P-660 as Router mode for routing traffic. We will use SMT menu to guide you through the related menu.
P-660 Series Support Notes Menu 3.2 TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 6 Primary DNS Server= 168.95.1.1 Secondary DNS Server= 168.95.192.1 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= Edit IP Alias= No 3. Configure for Internet setup in Menu 4-Internet Access Setup.
P-660 Series Support Notes Assignment IP Address Otherwise, set to Static and enter the IP in the following IP Address field. This field can not be configured if the ISP provides the IP for the P-660 dynamically. Otherwise, enter the IP that the ISP gives to you. 3. Setup the P-660 as a DHCP Relay What is DHCP Relay? DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P-660 supports the DHCP relay function.
P-660 Series Support Notes IP Policies= Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: 4. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) Introduction Generally, SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. However, some applications such as CuSeeMe, and ICQ will need to connect to the local user behind the P-660. In such case, a SUA server must be entered in menu 15.2.
P-660 Series Support Notes POP3 SMTP mIRC Windows PPTP ICQ 99a ICQ 2000b ICQ Phone 2000b Cornell 1.1 Cu-SeeMe White Pine 3.1.2 Cu-SeeMe2 White Pine 4.0 Cu-SeeMe Microsoft NetMeeting 2.1 & 3.013 Cisco IP/TV 2.0.0 RealPlayer G2 VDOLive None None None for Chat. For DCC, please set Default/Client IP None None for Chat. For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting.
P-660 Series Support Notes Win2k Terminal Server Remote Anything None None Virtual Network Computing (VNC) None 3389/server IP 3996 - 4000/client IP 5500/client IP 5800/client IP 5900/client IP None for Chat and IM 4661 - 4662/client IP AIM (AOL Instant Messenger) None for Chat and IM e-Donkey None POLYCOM Video None Default/client IP Conferencing iVISTA 4.
P-660 Series Support Notes 3. 4. 5. 6. 7. 8. 9. 10. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Configure an Internal Server Behind SUA Introduction If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number.
P-660 Series Support Notes Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 80 80 192.168.1.10 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.
P-660 Series Support Notes In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.0 Remote Access Server. Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure, optimized multiple-protocol network connection over dial-up telephone lines.
P-660 Series Support Notes number of the PPTP has to be entered in the SMT Menu 15 for P-660 to forward to the appropriate private IP address of Windows NT server. Example The following example shows how to dial to an ISP via the P-660 and then establish a tunnel to a private network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT), PPTP client (Win9x) and the P-660. 1.
P-660 Series Support Notes • Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown below. Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 1723 1723 192.168.1.10 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.
P-660 Series Support Notes 5. Using Multi-NAT What is Multi-NAT? NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local IP addresses.
P-660 Series Support Notes networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then forwards each packet to the Internet ISP, thus making them appear as if they had come from the NAT system itself (e.g., the P-660 router). The P-660 keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. NAT Mapping Types NAT supports five types of IP/port mapping.
P-660 Series Support Notes The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1---->IGA1 ILA2---->IGA1 ... ILA1---->IGA1 ILA2---->IGA2 ILA3---->IGA1 ILA4---->IGA2 ... ILA1---->IGA1 ILA2---->IGA3 ILA3---->IGA2 ILA4---->IGA4 ...
P-660 Series Support Notes 4-Internet Access Setup. Menu 4 - Internet Access Setup ISP's Name= CHT Encapsulation= PPPoE Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= CBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= cso@hinet.net My Password= ******** Idle Timeout (sec)= 0 IP Address Assignment= Static IP Address= 200.1.2.
P-660 Series Support Notes Field Options Description Full Feature When you select this option the SMT will use Address Mapping Set 1 (Menu 15.1-see later for further discussion). None NAT is disabled when you select this option. SUA Only When you select this option the SMT will use Address Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One Overload mapping. Select Full Feature when you require other mapping types.
P-660 Series Support Notes 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (Read Only) Enter Set Number to Edit: Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL routers. The fields in this menu cannot be changed. Entering 255 brings up this screen. Menu 15.1.255 - Address Mapping Rules Set Name= SUA (Read Only) Idx Local Start IP Local End IP Global Start IP Global End IP --- --------------- --------------- --------------- --------------- -----1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1 2.
P-660 Series Support Notes Global End This is the ending global IP address (IGA). IP Type This is the NAT mapping types. N/A Many-to-One and Server Please note that the fields in this menu are read-only. However, the settings of the server set 1 can be modified in menu 15.2.1. Now let's look at Option 1 in Menu 15.1. Enter 1 to bring up this menu. Menu 15.1.
P-660 Series Support Notes Note: Save Set in the Action field means to save the whole set. You must do this if you make any changes to the set-including deleting a rule. No changes to the set take place until this action is taken. Be careful when ordering your rules as each rule is executed in turn beginning from the first rule. Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.
P-660 Series Support Notes network appears as a single machine to the outside world. A server is identified by the port number, e.g., Web service is on port 80 and FTP on port 21. As an example (see the following figure), if you have a Web server at 192.168.1.36 and a FTP server at 192.168.1.33, then you need to specify for port 80 (Web) the server at IP address 192.168.1.36 and for port 21 (FTP) another at IP address 192.168.1.33. Please note that a server can support more than one service, e.g.
P-660 Series Support Notes Press ENTER to Confirm or ESC to Cancel: The most often used port numbers are shown in the following table. Please refer RFC 1700 for further information about port numbers.
P-660 Series Support Notes Menu 4 - Internet Access Setup ISP's Name= CHT Encapsulation= PPPoE Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= CBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= cso@hinet.
P-660 Series Support Notes Menu 15.2.1 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 21 21 192.168.1.33 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 3.
P-660 Series Support Notes • • Rule 3 (Many-to-One type) to map the other clients to IGA3. Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN. Step 1: In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Address Mapping Sets. Therefore we must choose the Full Feature option from the NAT field in menu 4 or menu 11.
P-660 Series Support Notes Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: Rule 2 Setup: Selecting One-to-One type to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2. Menu 15.1.1.2 - - Rule 2 Type: One-to-One Local IP: Start= 192.168.1.11 End = N/A Global IP: Start= [Enter IGA2] End = N/A Press ENTER to Confirm or ESC to Cancel: Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3. Menu 15.1.1.
P-660 Series Support Notes Menu 15.1.1.4 - - Rule 4 Type: Server Local IP: Start= N/A End = N/A Global IP: Start=[Enter IGA3] End = N/A Press ENTER to Confirm or ESC to Cancel: When we have configured all four rules Menu 15.1.1 should look as follows. Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1. 192.168.1.10 [IGA1] 1-1 2. 192.168.1.11 [IGA2] 1-1 3. 0.0.
P-660 Series Support Notes Menu 15.2.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 80 80 192.168.1.20 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 4.
P-660 Series Support Notes Start= 192.168.1.10 End = 192.168.1.12 Global IP: Start= [Enter IGA1] End = [Enter IGA3] Press ENTER to Confirm or ESC to Cancel: The three rules configured for using One-to-One mapping type is shown below. Menu 15.1.1.1 - - Rule 1 Type: One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.2 - - Rule 2 Type: One-to-One Local IP: Start= 192.168.1.
P-660 Series Support Notes How does ZyXEL filter work? Filter Structure The P-660 allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The following diagram illustrates the logic flow when executing a filter rule.
P-660 Series Support Notes But at the same time, the Generic filter rules must be applied at the point when the P660 is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet from LAN to WAN is: • • • • LAN device and protocol input filter sets. WAN protocol call and output filter sets. If SUA is enabled, SUA converts the source IP address from 192.168.1.
P-660 Series Support Notes Menu 21.1.1: Menu 21.1.1 - Generic Filter Rule Filter #: 1,1 Filter Type= Generic Filter Rule Active= Yes Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Menu 21.1.2: Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None Source: IP Addr= 0.0.0.
P-660 Series Support Notes device filters= Output Filter Sets: protocol filters= device filters= Menu 11.1: Menu 11.1 - Remote Node Profile Rem Node Name= LAN Route= IP Active= Yes Bridge= No Encapsulation= PPP Edit PPP Options= No Incoming: Rem IP Addr= ? Rem Login= test Edit IP/IPX/Bridge= No Rem Password= ******** Outgoing: Session Options: My Login= testt Edit Filter Sets= Yes My Password= ***** Authen= CHAP/PAP Press ENTER to Confirm or ESC to Cancel: Menu 11.5: Menu 11.
P-660 Series Support Notes 2. 3. 4. A filter for blocking a specific client A filter for blocking a specific MAC address A filter for blocking the NetBIOS packets A filter for blocking the web service Configuration Before configuring a filter, you need to know the following information: 1. The outbound packet type (protocol & port number) 2. The source IP address Generally, the outbound packets for Web service could be as following: a. HTTP packet, TCP (06) protocol with port number 80 b.
P-660 Series Support Notes Edit Comments= Press ENTER to Confirm or ESC to Cancel: 2. Rule 1 for (a). http packet, TCP(06)/Port number 80 Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 80 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
P-660 Series Support Notes Menu 21.1.2 - TCP/IP Filter Rule Filter#=1,3 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 53 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: 5. After the three rules are completed, you will see the rule summary in Menu 21.
P-660 Series Support Notes 4 5 6 _______________ _______________ _______________ 10 11 12 _______________ _______________ _______________ Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: 2. One rule for blocking all packets from this client Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
P-660 Series Support Notes A filter for blocking a specific MAC address This configuration example shows you how to use a Generic Filter to block a specific MAC address of the LAN. Before you Begin Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be provided by the NICs. If there is the LAN packet passing through the P-660 you can identify the uninteresting MAC address from the P-660's LAN packet trace.
P-660 Series Support Notes - Time to live: 32 seconds/hops - IP protocol type: ICMP (0x01) - Checksum: 0xE3EA - IP address 202.132.155.93 (Source IP address) ----> 202.132.155.99(Destination IP address) - No option + Internet Control Message Protocol - Type: 8 - Echo Request - Code: 0 - Checksum: 0x455C - Identifier: 768 - Sequence Number: 1280 - Optional Data: (32 bytes) Configurations From the above first trace, we know a client is trying to ping request the P-660 router.
P-660 Series Support Notes • Active Turn 'Active' to 'Yes' • Offset (in bytes) Set to '6' since the source MAC address starts at 7th octets we need to skip the first octets of the destination MAC address. Length (in bytes) Set to '6' since MAC address has 6 octets. Mask (in hexadecimal) Specify the value that the P-660 will logically qualify (logical AND) the data in the packet. Since the Length is set to 6 octets the Mask for it should be 12 hexadecimal numbers.
P-660 Series Support Notes Action Not Matched= Forward You can now apply it to the 'General Ethernet Setup' in Menu 3.1. Please note that the 'Generic Filter' can only be applied to the 'Device Filter' but not the 'Protocol Filter' that is used for configuring the TCPIP and IPX filters. Menu 3.
P-660 Series Support Notes Filter Set 2: Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP) Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.
P-660 Series Support Notes • Rule 2-Destination port number 137 with protocol number 17 (UDP) Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
P-660 Series Support Notes • Rule 4-Destination port number 138 with protocol number 17 (UDP) Menu 21.1.4 - TCP/IP Filter Rule Filter #: 1,4 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 138 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
P-660 Series Support Notes Menu 21.1.6 - TCP/IP Filter Rule Filter #: 1,6 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 139 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
P-660 Series Support Notes Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: 1. Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Menu 21.2.2 - TCP/IP Filter Rule Filter #: 2,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.
P-660 Series Support Notes 3. Apply the filter set 'NetBIOS_LAN' in the 'Input protocol filters=' in the Menu 3 for blocking the packets from LAN Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters= 2 device filters= Output Filter Sets: protocol filters= device filters= 7. Using the Dynamic DNS (DDNS) • What is DDNS? The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retrieved.
P-660 Series Support Notes 1. Before configuring the DDNS settings in the P-660, you must register an account from the DDNS server such as WWW.DYNDNS.ORG first. After the registration, you have a hostname for your internal server and a password using to update the IP to the DDNS server. 2. Toggle 'Configure Dynamic DNS' option to 'Yes' and press ENTER for configuring the settings of the DDNS in menu 1.1.
P-660 Series Support Notes Password Enter the password that the DDNS server gives to you. Enable Wildcard Enter the hostname for the wildcard function that the WWW.DYNDNS.ORG supports. Note that Wildcard option is available only when the provider is http://www.dyndns.org/. 8. Network Management Using SNMP • SNMP Overview The Simple Network Management Protocol (SNMP) is an applications-layer protocol used to exchange the management information between network devices (e.g., routers).
P-660 Series Support Notes The current Internet-standard MIB, MIB-II, is defined in RFC 1213 and contains 171 objects. These objects are grouped by protocol (including TCP, IP, UDP, SNMP, and other categories, including 'system' and 'interface.' The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands: Reads Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices.
P-660 Series Support Notes • SNMPv1 Operations SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below. • • • • Get Allows the NMS to retrieve an object variable from the agent. GetNext Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a of GetNext operations.
P-660 Series Support Notes The SNMP PDU contains the following fields: • • • • • • PDU type Specifies the type of PDU. Request ID Associates requests with responses. Error status Indicates an error and an error type. Error index Associates the error with a particular object variable. Variable-bindings Associates particular object with their value. ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some P-660 routers.
P-660 Series Support Notes If the machine warmstarts, the trap will be sent after booting. 2. linkDown (defined in RFC-1215) : If any link of IDSL or WAN is down, the trap will be sent with the port number . The port number is its interface index under the interface group. 3. linkUp (defined in RFC-1215) : If any link of IDSL or WAN is up, the trap will be sent with the port number . The port number is its interface index under the interface group. 4.
P-660 Series Support Notes • Downloading ZyXEL's private MIB • Configure the P-660 for SNMP The SNMP related settings in P-660 are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public 82 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Trusted Host= 192.168.1.33 Trap: Community= public Destination= 192.168.1.33 Press ENTER to Confirm or ESC to Cancel: Key Settings: Option Get Community Set Community Descriptions Enter the correct Get Community. This Get Community must match the 'Get-' and 'GetNext' community requested from the NMS. The default is 'public'. Enter the correct Set Community. This Set Community must match the 'Setcommunity requested from the NMS. The default is 'public'.
P-660 Series Support Notes Configuration: 1. Active, use the space bar to turn on the syslog option. 2. Syslog IP Address, enter the IP address of the UNIX server that you wish to send the syslog. 3. Log Facility, use the space bar to toggle between the 7 different local options. 4. Types, use the space bar to toggle the logs we are going to record. UNIX Setup 1. Make sure that your syslog starts with -r argument.
P-660 Series Support Notes str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.) C01 Incoming Call xxxxBps xxxxx (L2TP,xxxxx means Remote Call ID) C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID) L02 Tunnel Connected(L2TP) C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call ID) C02 CLID call refused L02 Call Terminated C02 Call Terminated Example: Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.
P-660 Series Support Notes match (m) drop (D). Src: Source Address Dst: Destination Address prot: Protocol (TCP,UDP,ICMP) spo: Source port dpo: Destination port Example: Jul 19 14:44:09 192.168.1.1 ZyXEL Communications Corp.: IP[Src=202.132.154.1 Dst=192.168.1.33 UDP spo=0035 dpo=05d4]}S03>R01mF Jul 19 14:44:13 192.168.1.1 ZyXEL Communications Corp.: IP[Src=192.168.1.33 Dst=202.132.154.1 ICMP]}S03>R01mF 4.
P-660 Series Support Notes The P-660 supports three virtual LAN interfaces via its single physical Ethernet interface. The first network can be configured in menu 3.2 as usual. The second and third networks that we call 'IP Alias 1' and 'IP Alias 2' can be configured in menu 3.2.1-IP Alias Setup. There are three internal virtual LAN interfaces for the P-660 to route the packets from/to the three networks correctly.
P-660 Series Support Notes Primary DNS Server= 168.95.1.1 Secondary DNS Server= 168.95.192.1 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-1 Multicast= None IP Policies= Edit IP Alias= Yes Press ENTER to Confirm or ESC to Cancel: Key Settings: DHCP Setup If the P-660's DHCP server is enabled, the IP pool for the clients can be any of the three networks. TCP/IP Setup Enter the first LAN IP address for the P-660.
P-660 Series Support Notes Key Settings: IP Alias 1 IP Alias 2 Toggle to 'Yes' and enter the second LAN IP address for the P-660. This will create the second route in the enif0:0 interface. Toggle to 'Yes' and enter the third LAN IP address for the P-660. This will create the third route in the enif0:1 interface. 11. Using IP Policy Routing • What is IP Policy Routing (IPPR)? Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
P-660 Series Support Notes Cost Savings- IPPR allows organizations to distribute interactive traffic on highbandwidth, high-cost path while using low-path for batch traffic. Load Sharing- Network administrators can use IPPR to distribute traffic among multiple paths. • How does the IPPR work? A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met.
P-660 Series Support Notes 2. Edit a rule or more for this set in menu 25.1.1. See an example below. Menu 25.1.1 - IP Routing Policy Policy Set Name= First Active= Yes Criteria: IP Protocol = 6 Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A Source: addr start= 192.168.1.2 end= 192.168.1.20 port start= 0 end= N/A Destination: addr start= 0.0.0.0 end= N/A port start= 80 end= 80 Action= Matched Gateway addr = 192.168.1.
P-660 Series Support Notes 4. There are two interfaces to apply the policy set, they are the LAN interface (menu 3.2) and WAN interface (menu 11.3). It depends where the gateway specified in the policy rule is located. If the gateway you specified is located on the local LAN you apply the policy set in menu 3.2 (LAN interface). If the gateway you specified is located on the remote WAN site you apply the policy set in menu 11.3 (WAN interface). Menu 3.
P-660 Series Support Notes 12. Using Call Scheduling • What is Call Scheduling ? Call scheduling enables the mechanism for the P-660 to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler ina video recorder which records the program according to the specified time. Users can apply at most 4 schedule sets in Menu 11 (Remote Node Setup), and configure each schedule in Menu 26(Schedule Setup).
P-660 Series Support Notes Enter Schedule Set Number to Configure= 1 Edit Name= ZyXEL Press ENTER to Confirm or ESC to Cancel: 3. The Menu 26.1 Schedule Set Setup is as follows: Menu 26.
P-660 Series Support Notes Menu 11.1 - Remote Node Profile • Rem Node Name= CHT Active= Yes Route= IP Bridge= No Encapsulation= PPPoE Multiplexing= LLC-based Service Name= N/A Incoming: Rem Login= N/A Rem Password= N/A Outgoing: My Login= cso@hinet.
P-660 Series Support Notes class D IP addresses, i.e., those with "1110" as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to 239.255.255.255. Among them, 224.0.0.1 is assigned to the permanent IP hosts group, and 224.0.0.2 is assigned to the multicast routers group. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC2236).
P-660 Series Support Notes Address Mapping Set= N/A Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= IGMP-v2 IP Policies= Enter here to CONFIRM or ESC to CANCEL: Key Settings: Multicast IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. 14. Using Bandwidth Management • Why Bandwidth Management (BWM)? Nowadays, we have many different traffic types for Internet applications.
P-660 Series Support Notes or TCP/UDP port number. Then specify the volume of bandwidth you want to allocate to the filtered traffic. • Using BWM Go to ADVANCED->BW MGMT->Summary, activate bandwidth management on the interface you would like to manage. We enable the BWM function on WAN1 interface in this example. Enter the total speed for this interface that you want to allocate using bandwidth management. This appears as the bandwidth budget of the interface’s root class.
P-660 Series Support Notes Key Settings: Class Name Give this class a name, for example, 'App' Bandwidth Configure the speed you would like to allocate to this class Budget Priority Bandwidth Borrowing Enable Bandwidth Filter Destination IP Address Destination Subnet Mask Destination Port Source IP Address Enter a number between 0 and 7 to set the priority of this class. The higher the number, the higher the priority. The default setting is 3.
P-660 Series Support Notes Protocol ID Enter the protocol number for the traffic. 1 for ICMP, 6 for TCP or 17 for UDP After configuration BWM, you can check current bandwidth of the configured traffic in ADVANCED->BWM MGMT->Monitor. The values in the column of Current usage (kbps) would display the actually number. 15. Using Zero-Configuration • Zero-Configuration and VC auto-hunting Zero-Configure feature can help customer to reduce the burden of setting efforts.
P-660 Series Support Notes 2.
P-660 Series Support Notes wan atm vchunt remove 5. The usage command argument is listed below suggest to use 3f which include all PPP possiblities.
P-660 Series Support Notes hunting • Using Zero configuration. 1. After configure the auto-haunting preconfigured table. You just need a PC connected to the device LAN Ethernet port with the DSL sync up. 2. Open your web browser to access a Web site. It should prompt and request for your username password of your ISP account, if your ISP provide PPPoE or PPPoA service. 3. After key-in the correct info, it will than test the connection.
P-660 Series Support Notes 16. Triple Play Application (For P660H & P660HW) 1. What is Triple play? 2. Configuring Triple Play What is Triple Play? To increase revenue, more and more Telco/ISPs are integrating value-added services (such as media-on-demand and VoIP) over existing ADSL connection. All these services are in addition to Internet access using one simple DSL connection. Thus comes the age of “Triple Play” (Video, Voice ad Internet Data service) multimedia services.
P-660 Series Support Notes Traffic from each Ethernet port will be mapped to a specific PVC associated to an ATM QoS. Administrators can assign an ATM QoS type (CBR, VBR, and UBR) and cell rate (PCR, SCR) for each PVC. z Ethernet port 1 (for VoIP service): map to PVC 1 that supports CBR ATM QoS (high priority); traffic can be sent between Ethernet port 1 and PVC 1.
P-660 Series Support Notes Map Ethernet port 3 to PVC 3 Map Ethernet port 4 to PVC 4 Step 3, Enable and save the port base policy Step4, Display the port and PVC mapping policy 106 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 17. Configuring and Using WAN backup (For P660H & P660HW) WAN Backup, also known as Traffic Redirect, is a routing mechanism to forward WAN traffic to a backup gateway when the Prestige cannot connect to the Internet through its normal gateway. Thus this sets the backup gateway as an auxiliary backup of your WAN connection. Once the Prestige’s WAN connection is down, the Prestige will try to forward outgoing traffic to the configured backup gateway.
P-660 Series Support Notes The following table shows the IP addresses used in this example. P660HW-61 WAN:220.130.46.205 P2302R WAN:172.23.3.35 LAN HOST DHCP Client LAN:192.168.1.1 LAN:192.168.254 192.168.1.X Assumptions: The configuration for the example network assumes that the DHCP server in the P660HW-61 is enabled. In this example, we will refer to all P660HW series models as the “P660”. All P2302R series models will be referred to as the “P2302”.
P-660 Series Support Notes P660 WAN Backup Setup Using SMT Menu 2 WAN Backup Setup on the P660 to configure a WAN backup gateway: 1. Access the SMT Menu 2 WAN Backup Setup screen. 109 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 2. 3. 4. 5. 6. 7. Specify the Check Mechanism (DSL Link or ICMP) that the P660 uses to check the DSL connection. (ICMP check method will be applied in this example) If you select IGMP in the Check Mechanism field, set the WAN IP address (1~3). In the Fail Tolerance field, enter the number of times that your P660 may ping the IP addresses without getting a response before switching to a WAN backup connection.
P-660 Series Support Notes 12. Access the web configurator and click Advanced Setup > Firewall > Default Policy. 13. Select Allow Asymmetrical Route to bypass firewall checking for the incoming packets. 111 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes P2302R LAN Setup 1. 2. Access SMT Menu 3.2 TCP/IP and DHCP Ethernet Setup and disable DHCP setting on the P2302R. Set the P2302R LAN IP address to 192.168.1.254/24. 112 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Verify WAN Backup Functionality 1. 2. 3. Enable the ADSL connection on the P660. Disconnect the WAN RJ-45 cable from the COE device (for example the IES-1000) to simulate a dropped WAN connection. Access SMT Menu 24.8 and enter the ip route staus CLI command to verify the default gateway has been changed in the P660 routing table. 113 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Wireless Application Notes (For P-660HW Only) 1. Configure a Wireless Client to Ad hoc mode • • • Ad hoc Introduction Configuration for wireless station A Configuration for wireless station B Ad hoc Introduction What is Ad Hoc mode ? Ad hoc mode is a wireless network consists of a number of stations without access points.
P-660 Series Support Notes 3. Select Ad hoc from the operation mode pull down menu, fill you an SSID and select a channel you want to use than press OK to apply. 4. Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. 115 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 5. From general tab select TCP/IP and click property 6. Fill in your network IP address and subnet mask and click OK to finish. Configuration for Wireless Station B To configure Ad hoc mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following step. 1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. 2. Select configuration tab. 116 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 3. Select Ad hoc from the operation mode pull down menu, fill you an SSID and select a channel you want to use than press OK to apply. 4. Since there is no DHCP server to give the host IP you must first designate a static IP for your station. From Windows Start select Control Panel >Network Connection>Wireless Network Connection. 117 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 5. From general tab select TCP/IP and click property 6. Fill in your network IP address and subnet mask and click OK to finish. 7. Station A now are able to connect to Station B. 2.
P-660 Series Support Notes Configure Wireless Access Point to Infrastructure mode using SMT. To configure Infrastructure mode of your P660HW-T1 wireless AP please follow the steps below. 1. From the SMT main menu, enter 3 to display Menu 3 ? LAN Setup. 2. Enter 5 to display Menu 3.5 ? Wireless LAN Setup. Menu 3.5 - Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH01 2412MHz RTS Threshold= 0 Frag.
P-660 Series Support Notes Configure Wireless Access Point to Infrastructure mode using Web configurator. To configure Infrastructure mode of your P660HW-T1 wireless AP please follow the steps below. 1. From the web configurator main menu, click advanced->Wireless Lanto display ?Wireless LAN. 2. Configure the desired configuration on P660HW-T1. 3. Finished.
P-660 Series Support Notes 3. Select Infrastructure from the operation mode pull down menu, fill in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect. 4. Click on Site Survey tab, and press search all the available AP will be listed. 5. Double click on the AP you want to associated with. 121 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 6. After the client have associated with the selected AP. The linked AP's channel, current linkup rate, SSID, link quality, and signal strength will show on the Link Info page. You now successfully associate with the selected AP with Infrastructure Mode. 3. MAC Filter • • • MAC Filter Overview ZyXEL MAC Filter Implementation Configure the WLAN MAC Filter MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs.
P-660 Series Support Notes ZyXEL MAC Filter Implementation ZyXEL's MAC Filter Implementation allows users to define a list to allow or block association from STAs. The filter set allows users to input 12 entries in the list. If Allow Association is selected, all other STAs which are not on the list will be denied. Otherwise, if Deny Association is selected, all other STAs which are not on the list will be allowed for association. Users can choose either way to configure their filter rule.
P-660 Series Support Notes 6= 00:00:00:00:00:00 18= 00:00:00:00:00:00 30= 00:00:00:00:00:00 7= 00:00:00:00:00:00 19= 00:00:00:00:00:00 31= 00:00:00:00:00:00 8= 00:00:00:00:00:00 20= 00:00:00:00:00:00 32= 00:00:00:00:00:00 9= 00:00:00:00:00:00 21= 00:00:00:00:00:00 10= 00:00:00:00:00:00 22= 00:00:00:00:00:00 11= 00:00:00:00:00:00 23= 00:00:00:00:00:00 12= 00:00:00:00:00:00 24= 00:00:00:00:00:00 ------------------------------------------------------------------------------ ENTER here to CONFIRM or ESC to CAN
P-660 Series Support Notes 4. Setup WEP (Wired Equivalent Privacy) • • • Introduction Setting up the Access Point Setting up the Station Introduction The 802.11 standard describes the communication that occurs in wireless LANs.
P-660 Series Support Notes WEP employs the key encryption algorithm, Ron's Code 4 Pseudo Random Number Generator (RC4 PRNG). The same key is used to encrypt and decrypt the data. WEP has defensed against this attack. To avoid encrypting two cipher texts with the same key stream, an Initialisation Vector (IV) is used to augment the shared WEP key (secret key) and produce a different RC4 key for each packets, the IV is also included in the package.
P-660 Series Support Notes The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. Setting up the Access Point 127 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Most access points and clients have the ability to hold up to 4 WEP keys simultaneously. You need to specify one of the 4 keys as default Key for data encryption.
P-660 Series Support Notes WEP= 64-bit WEP Default Key= 3 Key1= 0x123456789A Key2= 0x23456789AB Key3= 0x3456789ABC Key4= 0x456789ABCD Edit MAC Address Filter= No Key settings Hexadecimal digits have to preceded by '0x', WEP Key type Example Key1= 2e3f4 64-bit WEP with 5 Key2= 5y7js characters Key3= 24fg7 Key4= 98jui 64-bit WEP with 10 hexadecimal digits ('0-9', 'A-F') Key1= 0x123456789A Key2= 0x23456789AB Key3= 0x3456789ABC Key4= 0x456789ABCD 128-bit WEP with 13 characters Key1= 2e3f4w345ytre Key2= 5y7j
P-660 Series Support Notes Access Point (encrypt data by Key 3) --------> Station (decrypt data by Key 3) Access Point (decrypt data by Key 2) <-------- Station (encrypt data by Key 2) In this case, access point transmits data to station which encrypt data by Key 3 of access point. The station will decrypt the data by its Key 3. At the same time, when the station transmits data to access point which encrypt data by Key 2. The access point will decrypt the data by its Key 2.
P-660 Series Support Notes The utility will pop up on your windows screen. Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> IEEE802.11b WLAN Card -> IEEE802.11b WLAN Card. 2. Select the 'Encryption' tab. Select encryption type corresponding with access point. Set up 4 Keys which correspond with the WEP Keys of access point. And select on WEP key as default key to encrypt wireless data transmission. 131 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Key settings The WEP Encryption type of station has to equal to the access point. 132 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Check 'ASCII' field for characters WEP key or uncheck 'ASCII' field for Hexadecimal digits WEP key. Hexadecimal digits don't need to preceded by '0x'. For example, 64-bits with characters WEP key : Key1= 2e3f4 Key2= 5y7js Key3= 24fg7 Key4= 98jui 64-bits with hexadecimal digits WEP key : Key1= 123456789A Key2= 23456789AB Key3= 3456789ABC Key4= 456789ABCD 5.
P-660 Series Support Notes 2. Visually inspect the facility, walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf, metal desk, etc on the diagram. 3. Identify user's area, when doing so ask a question where is wireless coverage needed and where does not, and note and take note on the diagram this is information is needed to determine the number of AP required. 4.
P-660 Series Support Notes 5. When you reach the farthest point of connection mark the spot. Now you move the access point to this new spot as have already determine the farthest point of the access point installation spot if wireless service is required from corner of the room. 6. Repeat step 1~5 and now you should be able to mark an RF coverage area as illustrated in above picutre. 7. You may need more than one access point is the RF coverage area have not cover all the wireless service area you needed.
P-660 Series Support Notes Note: If there are more than one access point is needed be sure to make the adjacent access point service area over lap one another. So the wireless station are able to roam. For more information please refer to roaming at 6. Using VPN over Wireless LAN 1. Setup Sentinel 2. Setup Prestige VPN You can use IPsec to improve the security for your wireless connections. This document guides you how it works and how to configure VPN rules in both Prestige and your wireless station.
P-660 Series Support Notes The IP addresses we use in this example are as shown below. PC1 192.168.1.33 Prestige LAN: 192.168.1.1 WAN: 172.21.1.252 Before you continue, please note that in this document, we presume that you already complete the deployment of your Wireless LAN environment, including configuration in both your WLAN station and Prestige WLAN. If you have not complete them yet, please go back to application notes for how to configure WLAN in Infrastructure Mode. 1. Setup Sentinel 1.
P-660 Series Support Notes 3. Select Create a preshared key, and press Next. 4. Give this preshared key a name, ZyWALL. And then enter the preshared key "12345678" in both Shared secret and Confirm shared secret fields. Finally press Finish. 138 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 5. Press Apply in Main menu to save the above settings for latter use. 6. Switch to Security Policy tab. Choose VPN connections, and then press Add... 139 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 7. Add VPN Connection window will pop out. Press IP button besides Gateway Name box. Enter Prestige's LAN IP address in Gateway IP address. 8. Press ... button besides Remote network. 140 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 9. Network Editor Window will pop out. Press New button, and Enter ZyWALL in Network name, and 192.168.1.0 in IP address field, and 0.0.0.0 in Subnet Mask field. Then click OK to go back to Add VPN Connection window. 10. Choose ZyWALL as Authentication Key. Then click OK to save. In SSH Sentinel Policy Editor, you will get a new VPN connection, 192.168.1.1 (ZyWALL), choose this item, and then press Properties... button.
P-660 Series Support Notes Choose Settings button in Remote endpoint section. Please uncheck the boxes of "Acquire virtual IP address" and "Extended authentication". Tune IKE proposal to Encryption algorithm as DES, Integrity function as MD5, IKE mode as main mode, IKE group as MODP 768 (group 1), and IPSec proposal to Encryption algorithm as DES, Integrity funciton as HMAC-MD5, PFS group as none. 142 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Press Apply to save all of the settings. Initiate VPN connection from Sentinel by selecting your VPN connection from Select VPN item. Note: 143 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes A. When building VPN between Sentinel and Prestige, the tunnel can't be initiated from Prestige side. Please always initiate the tunnel from Sentinel. B. VPN tunnel on Sentinel can't be initiated by triggered packets (such as ping, ftp, telnet, HTTP...etc.) You can only initiate VPN tunnel by choosing "Select VPN" from SSH/Sentinel tray. NOTE: Please check your Prestige's release note, if your current firmware version doesn't support Mega Bytes as SA lifetime.
P-660 Series Support Notes 2. Setup Prestige VPN Using a web browser, login Prestige by giving the LAN IP address of Prestige in URL field. Default LAN IP is 192.168.1.1, default password to login web configurator is 1234. Go to Advanced -> VPN Select Negotiation Mode to Main, as we configured in Sentinel. Local IP, Address Type is Subnet, Address Start is 0.0.0.0 End/Subnet Mask is 0.0.0.0 Remote IP, leave the field as defalut. My IP Addr is the LAN IP of Prestige. Secure Gateway IP Addr is 0.0.0.0.
P-660 Series Support Notes Set IKE Phase 1 and Phase 2 parameters. 146 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 7. Configure 802.1x and WPA What is the WPA Functionality? Configuration for Access Point Configuration for your PC What is WPA Functionality? Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences between WAP and WEP are user authentication and improved data encryption WAP applies IEEE 802.1x Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database.
P-660 Series Support Notes named Michael, an extend initialization vector (IV) with sequencing rules and a rekeying mechanism. If you do not have an external RADIUS, server, you should use WPA-PSK (WPA Pre-Share Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the password match, a client will be granted access to a WLAN. Here comes WPA-PSK Application example for your reference.
P-660 Series Support Notes 6. select TKIP in the Group Data Privavy. 7. Click Apply to finish. Configuration for your PC 1. Double click on your wireless utility icon(here is the Centrion on Windows XP) in your windows task bar the utility will pop up on your windows screen. 2. Select the wireless card that you want to configure. 3. Select on from the Switch Radio. 149 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 4. choose Network option. 5. Add a new wireless profile. 6. Type the Profile Name and Network Name (SSID) in the field. 150 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 7. Click Next button. 8. Select WPA-PSK from the Network Authentication field. 9. Select TKIP from the Data Encryption field. 10. Type the Pre Share Key (8-63 character) in the Pass phrase field. 11. Click Finish to exit the Profile Wizard screen. 151 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 12. After you finished the profile settings, choose the profile you configured. Then, click Connect button to associate with the Access Point. 152 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 13. Click the General option, we will see the following information, that means the PC associated and authenticated with AP successfully. 153 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes Support Tool 1. LAN/WAN Packet Trace The Prestige packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of Prestige. It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule.
P-660 Series Support Notes 0 11880.160 ENET0-R[0062] TCP 192.168.1.2:1108->192.31.7.130:80 1 11883.100 ENET0-R[0062] TCP 192.168.1.2:1108->192.31.7.130:80 2 11883.330 ENET0-T[0058] TCP 192.31.7.130:80->192.168.1.2:1108 3 11883.340 ENET0-R[0060] TCP 192.168.1.2:1108->192.31.7.130:80 4 11883.340 ENET0-R[0339] TCP 192.168.1.2:1108->192.31.7.130:80 5 11883.610 ENET0-T[0054] TCP 192.31.7.130:80->192.168.1.2:1108 6 11883.620 ENET0-T[0102] TCP 192.31.7.130:80->192.168.1.2:1108 7 11883.630 ENET0-T[0054] TCP 192.31.
P-660 Series Support Notes Source MAC Addr Network Type = 00A0C5921311 = 0x0800 (TCP/IP) IP Header: IP Version =4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Idetification = 0x57F3 (22515) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xED (237) Protocol = 0x06 (TCP) Header Checksum = 0xAC8C (44172) Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.
P-660 Series Support Notes TCP Header: Source Port = 0x045C (1116) Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A8 (12391848) Ack Number = 0x4AD1B580 (1255257472) Header Length = 20 Flags = 0x10 (.A....) Window Size = 0x2238 (8760) Checksum = 0xE8ED (59629) Urgent Ptr = 0x0000 (0) TCP Data: (Length=6, Captured=6) 0000: 20 20 20 20 20 20 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 00 .........L.c..E. 0010: 00 28 35 0B 40 00 80 06-3C 79 C0 A8 01 02 C0 1F .(5.@...
P-660 Series Support Notes Time to Live = 0xEE (238) Protocol = 0x06 (TCP) Header Checksum = 0xA9AB (43435) Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xCA849B61 (202.132.155.97) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x281E (10270) Sequence Number = 0xD3E95985 (3555285381) Ack Number = 0x00C18F63 (12685155) Header Length = 20 Flags = 0x19 (.AP..
P-660 Series Support Notes Using TFTP client software • • Upload/download ZyNOS via LAN Upload/download SMT configurations via LAN Using TFTP to upload/download ZyNOS via LAN • • • • • TELNET to your Prestige first before running the TFTP software Type the CI command 'sys stdio 0' to disable console idle timeout in Menu 24.8 and stay in Menu 24.8 Run the TFTP client software Enter the IP address of the Prestige To upload the firmware, please save the remote file as 'ras' to Prestige.
P-660 Series Support Notes • • To download the SMT configuration, please get the remote file 'rom-0' from the Prestige. To upload the SMT configuration, please save the remote file as 'rom-0' in the Prestige. An example: The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of your configuration file that is available in your hard disk. The remote file is the file name that will be saved in Prestige. Check the port number 69 and 512-Octet blocks for TFTP.
P-660 Series Support Notes c:\tftp -i [PrestigeIP] get rom-0 [localfile] Using TFTP command on UNIX Before you begin: 1. TELNET to your Prestige first before using TFTP command 2. Type the CI command 'sys stdio 0' to disable console idle timeout in Menu 24.8 and stay in Menu 24.8 Example: [cppwu@faelinux cppwu]$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. Password: **** Copyright (c) 1994 – 2005 ZyXEL Communications Corp.
P-660 Series Support Notes configurations [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-rom] rom-0 <- upload configurations [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 get ras [local-ras ] <- download firmware [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-ras] ras <- upload firmware 3.
P-660 Series Support Notes C:\temp>ftp 192.168.1.1 Connected to 192.168.1.1 220 FTP version 1.0 ready at Thu Jan 1 00:02:09 1970 User (192.168.1.1:(none)): 331 Enter PASS command Password:**** 230 Logged in ftp> bin 200 Type I OK ftp> put prestige.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 924512 bytes sent in 4.83Seconds 191.41Kbytes/sec. ftp> Here, the 'prestige.
P-660 Series Support Notes 1. Connect to the Prestige by entering the Prestige's IP and SMT password in the FTP software. Set the transfer type to 'Auto-Detect' or 'Binary'. 2. Press 'OK' to ignore the 'Username' prompt. 3. To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file. To upload the configuration file, we transfer the local 'rom-0' to overwrite the remote 'rom-0' file. 164 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes 4. The Prestige reboots automatically after the uploading is finished. Please do not power off the router at this moment. 165 All contents copyright © 2005 ZyXEL Communications Corporation.
P-660 Series Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: Shows the following commands and all major (sub)commands Returns to SMT 1. ? 2. exit 1.
P-660 Series Support Notes 0:crash no save,not in debug mode (default) 1:crash no save,in debug mode 2:crash save,not in debug mode 3:crash save,in debug mode event display trace display clear extraphnum add <1st phone num> [2nd phone num] display node remove reset feature fid display firmware hostname [hostname] display tag flags information display system event information display trace event clear trace event maintain extra phone numbers for outcalls add extra phon
P-660 Series Support Notes urlblocked [0:none/1:log/2:alert/3:both] urlforward [0:none/1:log] clear display errlog record and alert the web blocked logs record web forward logs clear log display all logs clear disp online display log error clear log error turn on/off error log online display load the log setting buffer alertAddr [mail address] send alerts to this mail address display mail setting send logs to this mail address display mail schedule hour time to send the logs minute time to send the log
P-660 Series Support Notes memwrite
[data list ...P-660 Series Support Notes start stop [tmValue] start a timer stop a timer monitor packets switch online [on|off] [on|off] level [level] type disp clear call encapmask [mask] set system trace log set on/off trace log online set trace level of trace log #:1-10 set trace type of trace log display trace log clear trace display call event set/display tracelog encapsulation mask create trcdisp trclog trcpacket destroy channel string switch [none|incoming|outg
P-660 Series Support Notes port save secureip information set server port save server information set server secure ip addr spt dump root rn user slot save size clear dump spt raw data dump spt root data dump spt remote node data dump spt user data dump spt slot data save spt data display spt record size clear spt data cmgr trace disp clear cnt socket show the connection trace of this channel clear the
P-660 Series Support Notes 2. Exit Related Commands Command Description exit smt menu exit 3. Ethernet Related Commands : enet0, mpoa00 Command Description ether config display LAN configuration information driver cnt iface ioctl mac reg disp clear rxmod display ether driver counters clear ether driver counters send driver iface Useless in this stage.
P-660 Series Support Notes 4. IP Related Commands format : xxx.xxx.xxx.xxx (ip Address) format : xx:xx:xx:xx:xx:xx : enif0, wanif0 : gateway ip address Command Description ip address loopbackaddr alias aliasdis arp status add resolve drop flush publish dhcp [addr] [IP2] <0|1> display host ip address Set loopback address.
P-660 Series Support Notes update table update static dhcp mac table address [timeout] debug name [timeout] status table [secondary] [third] resolve ip-addr to name enable dns debug value resolve name to ip-addr display dns query status display dns query table set dns server clear disp clear dns statistics display dns statistics display dns table debug [on|off] set http debug flag echo data status [on|off]
P-660 Series Support Notes status add addiface addprivate drop flush lookup [if] [/] [] [/] [] [/] [] [/] display routing table add route add an entry to the routing table to iface add private route drop a route flush route table find a route to the destination errcnt disp clear status adjTcp udp [] status display routing statistic counte
P-660 Series Support Notes trace [on|off] window [tcb] [] samenet uninet tftp support stats turn on/off trace for debugging TCP input window size display the ifaces that in the same net set the iface to uninet pritn if tfpt is support display tftp status xparent join break antiprobe igmp [] <0|1> 1:yes 0:no debug forwardall [level] [on|off] querier [on|off] join iface2 to iface1 group break iface to leave ipxparent group set ip anti-probe flag s
P-660 Series Support Notes iamt iface lookup new-lookup loopback [on|off] reset server disp load save clear edit active edit svrport [end port] edit intport [end port] edit remotehost [end ip] edit leasetime [time] edit rulename [name] edit forwardip [ip] edit protocol [protocol id] spSysParam display nat iamt information show nat status of an interface display nat lookup rule display new nat lookup
P-660 Series Support Notes open opencmd opmode perfdata rdata [start] [length] reset margin Open ADSL line Open ADSL line with specific standard Show the operational mode Show performance information,CRC,FEC, error seconds..
P-660 Series Support Notes defectcheck [on|off] txgain [value] targetnoise [value] maxtonelimit [value] rxgain [value] txoutputpwr [value] rxoutputpwr [value] maxoutputpwr [value] is?imeinterval?before starting again.
P-660 Series Support Notes on off node debug cnt [on|off] set bod flag on set bod flag off config the statistic method for remote node bod traffic data show bod debug flag disp clear [on|off] show bod state clear bod state set/display dial-in ccp switch acfc [on|off] pfc [on|off] mpin [on|off] callback bacp [on|off] [on|off] set address/control field compression flag set protocol field compression flag set incoming call MP flag set callback flag set bandwidth allocation control f
P-660 Series Support Notes sequence set/display mp start sequence configure ipcp compress [on|off] slots [slot_num] idcompress [on|off] address [on|off] atcp enable/disable compress select number of slots enable/disable slot id compress set/display ip one address option apple talk feature not supported anymore ccp ascend [on|off] history check [argv] reset pfc [on|off] debug [on|off] set/display ascend stac flag set/display stac history count set/display stac check mode set/display stac
P-660 Series Support Notes 7. Bridge Related Command Command Description bridge mode <1/0> (enable/disable) blt Disp reset traffic monitor [on|off] Time Disp reset [id] [id] brt cnt Disp clear stat Disp Clear disp turn on/off (1/0) LAN promiscious mode related to bridge local table display blt data reset blt data display local LAN traffic table turn on/off traffice monotor. Default is off.
P-660 Series Support Notes type Key Key Set Default Set WEP key to 64, 128 or 256 bits.
P-660 Series Support Notes display firewall set set attack rule e-mail ? e-mail mail-server return-addr e-mail-to policy day hour <0~23> minute <0~59> attack Subject send-alert block block-minute <0~255> minute-high <0~255> minute-low <0~255> maxincomplete-high Displays all the firewall setting
P-660 Series Support Notes <0~255> set sessions to maxincomplete-low The threshold to stop deleting the half-opened session The threshold to start executing the block field maxincomplete-low <0~255> tcp-maxincomplete <0~255> name default-permit Edit the name for a set icmp-timeout udp-idle-timeout connectiontimeout fin-wait-timeout tcp-idle-timeout pnc log rule permit ac
P-660 Series Support Notes srcaddr-subnet srcaddr-range destaddr-single destaddr-subnet destaddr-range tcp destport-single tcp destport-range udp destportsingle udp destport-range desport-custom delete firewall e-mail attack set set rule complies
P-660 Series Support Notes insert firewall e-mail attack set set rule cli Insert email alert settings Insert attack alert settings Insert a specified rule set to the firewall configuration Insert a specified rule in a set to the firewall configuration Display the choices of command list. 12. Firewall Related Command Command Description sys firewall acl disp active Display specific ACL set # rule #, or all ACLs.
P-660 Series Support Notes Save all the parameters which will include menu1, menu 3.2 LAN, menu 4 or menu 11 WAN, menu 12 static route, menu 15 NAT server set, menu 21 filter sets, menu 22 SNMP, menu 24.11 remote management and 3.
P-660 Series Support Notes lan dhcp server gateway [IP address] lan dhcp server netmask [subnet mask] lan dhcp server leasetime [second] lan dhcp server renewaltime [second] lan dhcp server rebindtime [second] lan dhcp relay server [IP address] lan display lan clear lan save wan node index [1-8] wan node clear wan node ispname [ISP name] wan node enable wan node disable wan node encap [1483|pppoa|pppoe|enet] wan node mux [vc|llc] wan node ppp authen [chap|pap|both] wan node ppp username [name] wan node pp
P-660 Series Support Notes [rip1|rip2b|rip2m] wan node multicast [none|igmpv1|igmpv2] wan node filter [incoming|outgoing] [tcpip|generic] [set #1] [set #2] [set #3] [set #4] Set the wan IP multicast mode Set WAN filter, incoming or outgoing can be specified, and filter set can be 112, value 0 means empty Menu 11.3 Menu 11.
P-660 Series Support Notes ip nat server disp [1] ip nat server save ip nat server clear [set#] ip nat server edit [rule#] active ip nat server edit [rule#] svrport ip nat server edit [rule#] remotehost ip nat server edit [rule#] leasetime ip nat server edit [rule#] rulename ip nat server edit [rule#] forwardip ip nat server edit [rule#] protocol sys filter set index [set#] [rule#] ?isp 1?means to display the NAT se
P-660 Series Support Notes sys filter set actnomatch [type 0-2 = checknext | forward | drop] Set the action for not match sys filter set offset [#] Set offset for the generic rule sys filter set length [#] Set the length for generic rule sys filter set mask [#] Set the mask for generic rule sys filter set value [(depend on length Set the value for generic rule in hex)] sys filter set clear Clear the current filter set sys filter set save Save the filter set parameters Display Filter set information.
P-660 Series Support Notes Set to hide ESSID or not wlan hideessid [on|off] wlan chid [#=1~11] Set channel ID 1-11 wlan threshold rts [value] Set the RTS threshold value wlan threshold fragment [value] Set fragment threshold wlan wep type [none|64|128] Set the wep type to be none, 64bit or 128bits wlan wep key set [key set#1-4] [key value] Set wep key value wlan wep key default [key set # 1-4] Set default key set value wlan macfilter enable Enable mac filter wlan macfilter disable Disable mac
