Prestige 2602HWL-DXA Support Notes Version 3.40 Feb.
Prestige 2602HWL-DxA Support Notes Index Application Notes ..........................................................................................9 General Application Notes.....................................................................................9 Internet Connection................................................................................................9 Setup the Prestige as a DHCP Relay............................................................
Prestige 2602HWL-DxA Support Notes Voice – Common Settings .........................................................................148 FAQ .............................................................................................................149 ZyNOS FAQ ......................................................................................................149 What is ZyNOS? ........................................................................................
Prestige 2602HWL-DxA Support Notes Is it possible to access a server running behind SUA from the outside Internet? If possible, how?.........................................................................156 What DHCP capability does the Prestige support?....................................156 How do I used the reset button, more over what field of parameter will be reset by reset button? .................................................................................
Prestige 2602HWL-DxA Support Notes Can H.323 and SIP interoperate with one another?...................................164 What is voice quality?................................................................................164 How are voice quality normally rated?......................................................164 What is codec? ...........................................................................................165 What is the relation of codec and VoIP? ......................................
Prestige 2602HWL-DxA Support Notes What is IPSec? ...........................................................................................174 What secure protocols does IPSec support? ..............................................174 What are the differences between 'Transport mode' and 'Tunnel mode? ...174 What is SA? ...............................................................................................175 What is IKE?............................................................................
Prestige 2602HWL-DxA Support Notes What are the disadvantages of Wireless LANs ?.......................................183 Where can you find wireless 802.11 networks ? .......................................183 What is an Access Point ?..........................................................................183 What is IEEE 802.11 ?...............................................................................184 What is 802.11b ? ..........................................................................
Prestige 2602HWL-DxA Support Notes What is 802.1x ? ........................................................................................190 What is the difference between No authentication required, No access allowed and Authentication required ? ......................................................190 What is AAA ?...........................................................................................190 What is RADIUS ?..............................................................................
Prestige 2602HWL-DxA Support Notes Application Notes General Application Notes Internet Connection A typical Internet access application of the Prestige is shown below. For a small office, there are some components needs to be checked before accessing the Internet. • • Before you begin Setting up the Windows Setting up the Prestige router Troubleshooting • Before you begin • • The Prestige is shipped with the following factory default: 1. IP address = 192.168.1.1, subnet mask = 255.255.255.
Prestige 2602HWL-DxA Support Notes • • If you only have one PC, connect the PC's Ethernet adapter to the Prestige's LAN port with a crossover (red one) Ethernet cable. If you have more than one PC, both the PC's Ethernet adapters and the Prestige's LAN port must be connected to an external hub with straight Ethernet cable. 2. TCP/IP Installation You must first install TCP/IP software on each PC before you can use it for Internet access.
Prestige 2602HWL-DxA Support Notes The following procedure is for the most typical usage of the Prestige where you have a single-user account (SUA). The Prestige supports embedded web server that allows you to use Web browser to configure it. Before configuring the router using Browser please be sure there is no Telnet or Console login. 1. Retrieve Prestige Web Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the Prestige.
Prestige 2602HWL-DxA Support Notes The Web screen shown below takes PPPoE as the example. 12 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Setup the Prestige as a DHCP Relay • What is DHCP Relay? DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602 supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the 13 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses negotiating between the DHCP clients and the server. See figure 1. • Setup the Prestige as a DHCP Client 1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server Address' field. Menu 3.
Prestige 2602HWL-DxA Support Notes Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Configure an Internal Server Behind SUA • Introduction If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number.
Prestige 2602HWL-DxA Support Notes To make a server visible to the outside world, specify the port number of the service and the inside address of the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using the Prestige's WAN IP address which can be obtained from menu 24.1. • For example (Configuring an internal Web server for outside access) : Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No.
Prestige 2602HWL-DxA Support Notes DNS (Domain Name Server) 53 www-http (Web) 80 Configure a PPTP server Behind SUA • Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.0 Remote Access Server.
Prestige 2602HWL-DxA Support Notes Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem. The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade.
Prestige 2602HWL-DxA Support Notes • • o PPTP client setup (Win9x) Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server. Set the Internet gateway to the router that is connecting to ISP o Prestige router setup Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige router to your ISP first.
Prestige 2602HWL-DxA Support Notes Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the remote Win9x client. For example: C:\ping 203.66.113.2 When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic through that connection. Therefore, the output below shows the default gateway of the Win9x client after the dial-up connection has been established.
Prestige 2602HWL-DxA Support Notes Using NAT / Multi-NAT • What is Multi-NAT? NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside.
Prestige 2602HWL-DxA Support Notes 1. NAT Mapping Types NAT supports five types of IP/port mapping. They are: 2. One to One In One-to-One mode, the Prestige maps one ILA to one IGA. 3. Many to One In Many-to-One mode, the Prestige maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA only option in today's routers). 4.
Prestige 2602HWL-DxA Support Notes The following table summarizes these types. NAT Type IP Mapping Mapping Direction One-to-One ILA1<--->IGA1 Both Many-to-One (SUA/PAT) ILA1---->IGA1 ILA2---->IGA1 ... Outgoing Many-to-Many Overload ILA1---->IGA1 ILA2---->IGA2 ILA3---->IGA1 ILA4---->IGA2 ... Outgoing ILA1---->IGA1 Many-to-Many No ILA2---->IGA3 Overload ILA3---->IGA2 (Allocate by Connections) ILA4---->IGA4 ...
Prestige 2602HWL-DxA Support Notes You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet access in menu 4. Enter 4 from the Main Menu to go to Menu 4-Internet Access Setup.
Prestige 2602HWL-DxA Support Notes Overload mapping. Select Full Feature when you require other mapping types. It is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. Note that there is also a Server type whose IGA is 0.0.0.0 in this set. Table: Applying NAT in Menu 4 and Menu 11.3 2. Configuring NAT To configure NAT, enter 15 from the Main Menu to bring up the following screen.
Prestige 2602HWL-DxA Support Notes Menu 15.1 - Address Mapping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Set Number to Edit: Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL routers. The fields in this menu cannot be changed. Entering 255 brings up this screen. Menu 15.1.1 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1.
Prestige 2602HWL-DxA Support Notes The following table explains the fields in this screen. Please note that the fields in this menu are read-only. Field Description Option/Example Set Name This is the name of the set you selected in Menu 15.1 or enter SUA the name of a new set you want to create. Idx This is the index or rule number. Local Start IP This is the starting local IP address (ILA). 1 0.0.0.0 for Many-to-One type. the This is the starting local IP address (ILA).
Prestige 2602HWL-DxA Support Notes 9. 10. Action= Edit , Select Rule= 0 Press ENTER to Confirm or ESC to Cancel: We will just look at the differences from the previous menu. Note that, this screen is not read only, so we have extra Action and Select Rule fields. Not also that the [?] in the Set Name field means that this is a required field and you must enter a name for the set. The description of the other fields is as described above. The Type, Local and Global Start/End IPs are configured in Menu 15.
Prestige 2602HWL-DxA Support Notes Local IP: Start= 0.0.0.0 End = N/A Global IP: Start= 0.0.0.0 End = N/A Press ENTER to Confirm or ESC to Cancel: The following table describes the fields in this screen. Field Description Type One-to-One Many-to-One Press [SPACEBAR] to toggle through a total of 5 types. These Many-to-Many Overload are the mapping types discussed above plus a server type. Some Many-to-Many No examples follow to clarify these a little more.
Prestige 2602HWL-DxA Support Notes The NAT Server Set is a list of LAN side servers mapped to external ports (similar to the old SUA menu of before). If you wish, you can make inside servers for different services, e.g., Web or FTP, visible to the outside users, even though NAT makes your network appears as a single machine to the outside world. A server is identified by the port number, e.g., Web service is on port 80 and FTP on port 21.
Prestige 2602HWL-DxA Support Notes 2. 21 21 192.168.1.33 3. 80 80 192.168.1.36 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: The most often used port numbers are shown in the following table. Please refer RFC 1700 for further information about port numbers.
Prestige 2602HWL-DxA Support Notes Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= PPPoE Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= cso@zyxel My Password= ******** Idle Timeout (sec)= 0 IP Address Assignment= Dynamic IP Address= N/A Network Address Translation= SUA Only Address Mapping Set= 1 Press ENTER to Confirm or ESC to Cancel: 32 All contents copyright (c) 2005 ZyXEL Communica
Prestige 2602HWL-DxA Support Notes From Menu 4 shown above simply choose the SUA Only option from the NAT field. This is the Many-to-One mapping discussed earlier. The SUA read only option from the NAT field in menu 4 and 11.3 is specifically pre-configured to handle this case. 2. Internet Access with an Internal Server In this case, we do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu 15.
Prestige 2602HWL-DxA Support Notes 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 3.Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs (IGA1, IGA2 and IGA3) from the ISP. We have two very busy internal FTP servers and also an internal general server for the web and mail.
Prestige 2602HWL-DxA Support Notes Step 1: In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Address Mapping Sets. Therefore we must choose the Full Feature option from the NAT field in menu 4 or menu 11.3, and assign IGA3 to Prestige WAN IP Address.
Prestige 2602HWL-DxA Support Notes Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: Rule 2 Setup: Selecting One-to-One type to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2. Menu 15.1.1.2 - - Rule 2 Type: One-to-One Local IP: Start= 192.168.1.11 End = N/A Global IP: Start= [Enter IGA2] End = N/A Press ENTER to Confirm or ESC to Cancel: Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3. Menu 15.1.1.
Prestige 2602HWL-DxA Support Notes Press ENTER to Confirm or ESC to Cancel: Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu 15.1.1.4 - - Rule 4 Type: Server Local IP: Start= N/A End = N/A Global IP: Start= [Enter IGA3] End = N/A Press ENTER to Confirm or ESC to Cancel: When we have configured all four rules Menu 15.1.1 should look as follows. Menu 15.1.
Prestige 2602HWL-DxA Support Notes 9. 10. Press ESC or RETURN to Exit: Step 3: Now we configure all other incoming traffic to go to our web server aand mail server from Menu 15.2 - NAT Server Setup (not Set 1, Set 1 is used for SUA Only case). Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 80 80 192.168.1.20 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.
Prestige 2602HWL-DxA Support Notes Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. The following figure illustrates this. One rule configured for using Many-to-Many No Overload mapping type is shown below. Menu 15.1.1.
Prestige 2602HWL-DxA Support Notes Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= [Enter IGA1] End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.2 - - Rule 2 Type: One-to-One Local IP: Start= 192.168.1.11 End = N/A Global IP: Start= [Enter IGA2] End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.3 - - Rule 3 Type: One-to-One Local IP: Start= 192.168.1.
Prestige 2602HWL-DxA Support Notes Press ENTER to Confirm or ESC to Cancel: Prestige supports multiple type of NAT mapping rules • • • • • • SUA One to One Many to One Many to Many overload Many One to One Server The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 Many-to-One (SUA/PAT) ILA1<--->IGA1 ILA2<--->IGA1 ...
Prestige 2602HWL-DxA Support Notes ... Server (SUA) Server 1 IP<--->IGA1 Server 2 IP<--->IGA1 About Filter & Filter Examples How does ZyXEL filter work? • Filter Structure The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.
Prestige 2602HWL-DxA Support Notes • Filter Types and SUA Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the protocol category; they act on the IP and IPX packets. 43 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes In order to allow users to specify the local network IP address and port number in the filter rules with SUA connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point when the Prestige is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has to be changed.
Prestige 2602HWL-DxA Support Notes same error if you try to activate a Generic filter rule in a filter set that has already had one or more active TCP/IP (or IPX) filter rules. Menu 21.1.1: Menu 21.1.1 - Generic Filter Rule Filter #: 1,1 Filter Type= Generic Filter Rule Active= Yes Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Menu 21.1.2: Menu 21.1.
Prestige 2602HWL-DxA Support Notes More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: Saving to ROM. Please wait... Protocol and device rule cannot be active together To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown below. Menu 3.1: Menu 3.
Prestige 2602HWL-DxA Support Notes Outgoing: Session Options: My Login= testt Edit Filter Sets= Yes My Password= ***** Authen= CHAP/PAP Press ENTER to Confirm or ESC to Cancel: Menu 11.5: Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in Menu 3.1, 11.
Prestige 2602HWL-DxA Support Notes 1. The outbound packet type (protocol & port number) 2. The source IP address Generally, the outbound packets for Web service could be as following: a. HTTP packet, TCP (06) protocol with port number 80 b. DNS packet, TCP (06) protocol with port number 53 or c. DNS packet, UDP (17) protocol with port number 53 For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP Address for the workstation you want to block.
Prestige 2602HWL-DxA Support Notes 2. Rule one for (a). http packet, TCP(06)/Port number 80 Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 80 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: 3.
Prestige 2602HWL-DxA Support Notes Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: 4. Rule 3 for (c). DNS packet UDP(17)/Port number 53 Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
Prestige 2602HWL-DxA Support Notes Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N 3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F 6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup. A filter for blocking a specific client Configuration 1. Create a filter set in Menu 21, e.g.
Prestige 2602HWL-DxA Support Notes 2. One rule for blocking all packets from this client Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None Source: IP Addr= 192.168.1.5 IP Mask= 255.255.255.
Prestige 2602HWL-DxA Support Notes This configuration example shows you how to use a Generic Filter to block a specific MAC address of the LAN. Before you Begin Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be provided by the NICs. If there is the LAN packet passing through the Prestige you can identify the uninteresting MAC address from the Prestige's LAN packet trace.
Prestige 2602HWL-DxA Support Notes + Internet Protocol - Version (MSB 4 bits): 4 - Header length (LSB 4 bits): 5 - Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal - Total length: 60 (Octets) - Fragment ID: 60172 - Flags: May be fragmented, Last fragment, Offset=0 (0x00) - Time to live: 32 seconds/hops - IP protocol type: ICMP (0x01) - Checksum: 0xE3EA - IP address 202.132.155.93 (Source IP address) ----> 202.132.155.
Prestige 2602HWL-DxA Support Notes Menu 21.1.
Prestige 2602HWL-DxA Support Notes • Action Matched= Enter the action you want if the masked packet matches the 'Value'. In this case, we will drop it. • Action Not Matched= Enter the action you want if the masked packet does not match the 'Value'. In this case, we will forward it. If you want to configure more rules please select 'Check Next Rule' to start configuring the next new rule. However, please note that the 'Filter Type' must be also 'Generic Filter Rule' but not others.
Prestige 2602HWL-DxA Support Notes A filter for blocking the NetBIOS packets • Introduction The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the NetBIOS connection to a outside host is blocked by Prestige router as factory defaults. Users can remove the filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS services. The details of the filter settings are described as follows.
Prestige 2602HWL-DxA Support Notes Set # Comments Set # ------ ----------------- Comments ------ ----------------- 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________ Enter Filter Set Number to Configure= 1 Edit Comments= Press ENTER to Confirm or ESC to Cancel: Configure the first filter set 'NetBIOS_WAN' by selecting
Prestige 2602HWL-DxA Support Notes • Rule 2-Destination port number 137 with protocol number 17 (UDP) Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
Prestige 2602HWL-DxA Support Notes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 138 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: • Rule 4-Destination port number 138 with protocol number 17 (UDP) Menu 21.1.
Prestige 2602HWL-DxA Support Notes Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: • Rule 5-Destination port number 139 with protocol number 6 (TCP) Menu 21.1.5 - TCP/IP Filter Rule Filter #: 1,5 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 139 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
Prestige 2602HWL-DxA Support Notes Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 139 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A More= No Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: • After the first filter set is finished, you will get the complete rules summary as below. Menu 21.
Prestige 2602HWL-DxA Support Notes • Apply the first filter set 'NetBIOS_WAN' to the 'Output Protocol Filter' in the remote node setup. Configure the second filter set 'NetBIOS_LAN' by selecting the Filter Set number 2. • Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP) Menu 21.2.1 - TCP/IP Filter Rule Filter #: 2,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
Prestige 2602HWL-DxA Support Notes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 53 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal TCP Estab= N/A More= No Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: 1. After the first filter set is finished, you will get the complete rules summary as below. Menu 21.
Prestige 2602HWL-DxA Support Notes protocol filters= 2 device filters= Output Filter Sets: protocol filters= device filters= Using the Dynamic DNS (DDNS) 1. What is DDNS? The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an IP associated with dynamic IPs.
Prestige 2602HWL-DxA Support Notes Menu 1 - General Setup System Name= Prestige Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= Yes Route IP= Yes Bridge= No Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= Yes Host=[the local server's host name] EMAIL= USER= Password= ******** Enable Wildcard= No Key Settings for using DDNS function: Option Description Service Provider Enter the DDNS server WWW.DYNDNS.ORG. Active Toggle to 'Yes'.
Prestige 2602HWL-DxA Support Notes Password Enter the password that the DDNS server gives to you. Enable Wildcard Enter the hostname for the wildcard function that the WWW.DYNDNS.ORG supports. Note that Wildcard option is available only when the provider is WWW.DYNDNS.ORG. Network Management Using SNMP 1. SNMP Overview The Simple Network Management Protocol (SNMP) is an applications-layer protocol used to exchange the management information between network devices (e.g., routers).
Prestige 2602HWL-DxA Support Notes The current Internet-standard MIB, MIB-II, is defined in RFC 1213 and contains 171 objects. These objects are grouped by protocol (including TCP, IP, UDP, SNMP, and other categories, including 'system' and 'interface.' The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands: 6.
Prestige 2602HWL-DxA Support Notes 2. SNMPv1 Operations SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below. • Get Allows the NMS to retrieve an object variable from the agent. • GetNext Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Prestige 2602HWL-DxA Support Notes so on) and the object values involved in the operation. The following figure shows the SNMPv1 message format. The SNMP PDU contains the following fields: • • • • • PDU type Specifies the type of PDU. Request ID Associates requests with responses. Error status Indicates an error and an error type. Error index Associates the error with a particular object variable. Variable-bindings Associates particular object with their value. 3.
Prestige 2602HWL-DxA Support Notes • warmStart (defined in RFC-1215) : If the machine warmstarts, the trap will be sent after booting. • linkDown (defined in RFC-1215) : If any link of IDSL or WAN is down, the trap will be sent with the port number . The port number is its interface index under the interface group. • linkUp (defined in RFC-1215) : If any link of IDSL or WAN is up, the trap will be sent with the port number . The port number is its interface index under the interface group.
Prestige 2602HWL-DxA Support Notes 4. Configure the Prestige for SNMP The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 192.168.1.33 72 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Trap: Community= public Destination= 192.168.1.33 Press ENTER to Confirm or ESC to Cancel: Key Settings: Option Descriptions Get Community Enter the correct Get Community. This Get Community must match the 'Get-' and 'GetNext' community requested from the NMS. The default is 'public'. Set Community Enter the correct Set Community. This Set Community must match the 'Set-community requested from the NMS. The default is 'public'. Enter the IP address of the NMS.
Prestige 2602HWL-DxA Support Notes Configuration: 1. Active, use the space bar to turn on the syslog option. 2. Syslog IP Address, enter the IP address of the UNIX server that you wish to send the syslog. 3. Log Facility, use the space bar to toggle between the 7 different local options. • UNIX Setup 1. Make sure that your syslogd starts with -r argument. -r, this option will enable the facility to receive message from the network using an Internet domain socket with the syslog services.
Prestige 2602HWL-DxA Support Notes L02 Call Terminated C02 Call Terminated Example: Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call OK Feb 14 17:07:18 192.168.1.1 ZyXEL Communications Corp.
Prestige 2602HWL-DxA Support Notes prot: Protocol (TCP,UDP,ICMP) spo: Source port dpo: Destination port Example: Jul 19 14:44:09 192.168.1.1 ZyXEL Communications Corp.: IP[Src=202.132.154.1 Dst=192.168.1.33 UDP spo=0035 dpo=05d4]}S03>R01mF Jul 19 14:44:13 192.168.1.1 ZyXEL Communications Corp.: IP[Src=192.168.1.33 Dst=202.132.154.
Prestige 2602HWL-DxA Support Notes Using IP Alias • What is IP Alias ? In a typical environment, a LAN router is required to connect two local networks. The Prestige can connect three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal router is not required. For example, the network manager can divide the local network into three networks and connect them to the Internet using Prestige's single user account. See the figure below.
Prestige 2602HWL-DxA Support Notes Two new protocol filter interfaces in menu 3.2.1 allow you to accept or deny LAN packets from/to the IP alias 1 and IP alias 2 go through the Prestige. The filter set in menu 3.1 is used for main network configured in menu 3.2. • IP Alias Setup 1. Edit the first network in menu 3.2 by configuring the Prestige's first LAN IP address. Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.
Prestige 2602HWL-DxA Support Notes Edit IP Alias Toggle to 'Yes' to enter menu 3.2.1 for setting up the second and third networks. 2. Edit the second and third networks in menu 3.2.1 by configuring the Prestige's second and third LAN IP addresses. Menu 3.2.1 - IP Alias Setup IP Alias 1= Yes IP Address= 192.168.2.1 IP Subnet Mask= 255.255.255.0 RIP Direction= None Version= RIP-1 Incoming protocol filters= Outgoing protocol filters= IP Alias 2= Yes IP Address= 192.168.3.1 IP Subnet Mask= 255.255.255.
Prestige 2602HWL-DxA Support Notes Call scheduling enables the mechanisim for the Prestige to run the remote node connection according to the pre-defined schedule.This feature is just like the scheduler ina video recorder which records the program according to the specified time. Users can apply at most 4 schedule sets in Menu 11 ( Remote Node Setup), and configure each schedule in Menu 26(Schedule Setup).
Prestige 2602HWL-DxA Support Notes 4 _______________ 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________ Enter Schedule Set Number to Configure= 1 Edit Name= ZyXEL Press ENTER to Confirm or ESC to Cancel: 3. The Menu 26.1 Schedule Set Setup is as follows: Menu 26.
Prestige 2602HWL-DxA Support Notes Start Date Start date of this schedule rule. It can be unmatched with weekday setting. For example, if Start Date is 2004/10/02(Monday), but Monday setting in weekday can be No. How Often If once is selected, all weekday settings will ne marked as N/A. After the rule is completely, it will be deleted automatically. Forced On The node will always keep up during the setting period. It is equivalent to diable the idel timeout.
Prestige 2602HWL-DxA Support Notes Session Options: Edit Filter Sets= No Idle Timeout(sec)= 100 Edit Traffic Redirect= No Press ENTER to Confirm or ESC to Cancel: • Time Service in Prestige There is no RTC (Real-Time Clock) chip so the Prestige should launch a mechanism to get current time and date from external server in boot time. Time service is implemented by the Daytime protocol(RFC-867), Time protocol(RFC-868), and NTP protocol(RFC-1305).
Prestige 2602HWL-DxA Support Notes Press ENTER to Confirm or ESC to Cancel: Using IP Multicast • What is IP Multicast ? Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts. Host groups are identified by class D IP addresses, i.e., those with "1110" as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to 239.255.255.255. Among them, 224.0.0.
Prestige 2602HWL-DxA Support Notes IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-2B Multicast= IGMP-v2 IP Policies= Edit IP Alias= No Press ENTER to Confirm or ESC to Cancel: Enable IGMP in Prestige's remote node in menu 11.3: Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.
Prestige 2602HWL-DxA Support Notes Using Prestige traffic redirect • What is Traffic Redirect ? Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through it's normal gateway. Thus make your backup gateway as an auxiliary backup of your WAN connection. Once Prestige detects it's WAN connectivity is broken, Prestige will try to forward outgoing traffic to backup gateway that users specify in traffic redirect configuration menu.
Prestige 2602HWL-DxA Support Notes Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.0 KeepAlive Fail Tolerance = 5 Recovery Interval(sec) = 60 ICMP Timeout(sec) = 0 Traffic Redirect = Yes Key Settings: Label Description Backup Select the method that the Prestige uses to check the DSL connection. Type Select DSL Link to have the Prestige check if the connection to the DSLAM is up.
Prestige 2602HWL-DxA Support Notes Label Description Redirect Active Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down. If you activate traffic redirect, you must configure at least one Check WAN IP Address. Metric This field sets this route's priority among the routes the Prestige uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost".
Prestige 2602HWL-DxA Support Notes • Devices: Network devices, such as networking gateways, TV, refrigerators, printers...etc, which provides services. • Services: Services are provided by devices, such as time services provided by alarm clocks. In UPnP, services are described in XML format. Control points can set/get services information from devices.
Prestige 2602HWL-DxA Support Notes • • • Eventing: Devices can send event message to notify control points if there is any update on services provided. Presentation: Each device can provide their own control interface by URL link. So that users can go to the device's presentation web page by the URL to control this device. 2. Using UPnP in ZyXEL devices In this example, we will introduce how to enable UPnP function in ZyXEL devices.
Prestige 2602HWL-DxA Support Notes Go to Advanced->UPnP, check two boxes, Active UPnP feature and Allow users to make configuration changes through UPnP. The first check box enables UPnP function in this device. The second check box allow users' application to change configuration in this device. For instance, if you enable this item, then user's MSN application can assign dynamic port mapping to the router. So that network administrator don't need to setup SUA port mapping in the router. 2.
Prestige 2602HWL-DxA Support Notes 3. Start a Video conversation with one online user. 4. On the opposite side, your partner select Accept to accept your conversation request. 92 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 5. Finally, your video conversation is achieved. 93 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Wireless Application Notes (For Wireless Model Only) Infrastructure mode What is Infrastructure mode? Infrastructure mode, sometimes referred to as Access Point mode, is an operating mode of an 802.11b/Wi-Fi client unit. In infrastructure mode, the client unit can associate with an 802.11b/Wi-Fi Access Point and communicate with other clients in infrastructure mode through that access point. 94 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Configuration Prestige Wireless using SMT. To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps below. 1. From the SMT main menu, enter 3 to display Menu 3 – LAN Setup. 2. Enter 5 to display Menu 3.5 – Wireless LAN Setup. Menu 3.5- Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH07 2442MHz RTS Threshold= 2432 Frag.
Prestige 2602HWL-DxA Support Notes Edit MAC Address Filter= No Press ENTER to Confirm or ESC to Cancel: 3. Configure ESSID, Channel ID, WEP, Default Key and Keys as yo desire. Configuration Wireless Access Point to Infrastructure mode using Web configurator. To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps below. 1. From the web configurator main menu, click Network->wireless LAN to display –Wireless LAN. 3.
Prestige 2602HWL-DxA Support Notes • Configuration Wireless Station to Infrastructure mode To configure Infrastructure mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the following steps. 1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen. 2. Select configuration tab. 3.
Prestige 2602HWL-DxA Support Notes 5. Double click on the AP you want to associated with. 98 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 6. After the client have associated with the selected AP. The linked AP's channel, current linkup rate, SSID, link quality, and signal strength will show on the Link Info page. You now successfully associate with the selected AP with Infrastructure Mode. Wireless MAC address filtering MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs.
Prestige 2602HWL-DxA Support Notes not knowing what your MAC address is, please enter a command "ipconfig /all" after DOS prompt to get the MAC (physical) address of your wireless client. If you use SMT management, the MAC Address Filter configuration are as shown below. Enter the MAC Addresses of wireless cards in the filter set to allow or deny association from these cards. Menu 3.5.
Prestige 2602HWL-DxA Support Notes MAC Address This field specifies those MAC Addresses that you want to add in the list. If you use WEB configuration, the MAC Address Filter configuration are as shown below. 1. Using a web browser, login AP by giving the LAN IP address of AP in URL field. Default LAN IP is 192.168.1.1, default password to login web configurator is 1234. 2. Click Network, and click Wireless LAN tab on the left. 3. Click MAC Filter link and check Active MAC Filter to enable MAC Filter. 4.
Prestige 2602HWL-DxA Support Notes WEP configuration (Wired Equivalent Privacy) Introduction The 802.11 standard describes the communication that occurs in wireless LANs. The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping, because wireless transmissions are easier to intercept than transmissions over wired networks, and wireless is a shared medium, everything that is transmitted or received over a wireless network can be intercepted.
Prestige 2602HWL-DxA Support Notes Setting up the Access Point Most access points and clients have the ability to hold up to 4 WEP keys simultaneously. You need to specify one of the 4 keys as default Key for data encryption.
Prestige 2602HWL-DxA Support Notes You can set up the Access Point by SMT or Web configurator • Setting up the Access Point from SMT Menu 3.5 B1000 hold up to 4 WEP Keys. You have to specify one of the 4 keys as default Key which be used to encrypt wireless data transmission. For example, 3.5- Wireless LAN Setup ESSID= Wireless Hide ESSID= No Channel ID= CH07 2442MHz RTS Threshold= 2432 Frag.
Prestige 2602HWL-DxA Support Notes Key3= 0x3456789ABC Key4= 0x456789ABCD 128-bit WEP with 13 characters 128-bit WEP with 26 hexadecimal digits ('0-9', 'A-F') Key1= 2e3f4w345ytre Key2= 5y7jse8r4i038 Key3= 24fg70okx3fr7 Key4= 98jui2wss35u4 Key1= 0x112233445566778899AABBCDEF Key2= 0x2233445566778899AABBCCDDEE Key3= 0x3344556677889900AABBCCDDFF Key4= 0x44556677889900AABBCCDDEEFF Select one of the WEP key as default Key to encrypt wireless data transmission.
Prestige 2602HWL-DxA Support Notes Key settings Enter exactly 5, 13 or 29 characters to match the security strength 40/64bit, 128-bit, 256-nit respectively. Setting up the Station 1. Double click on the utility icon in your windows task bar or right click the utility icon then select 'Show Config Utility'. The utility will pop up on your windows screen. 106 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> IEEE802.11b WLAN Card -> IEEE802.11b WLAN Card. 2. Select the 'Encryption' tab. Select encryption type correspond with access point. Set up 4 Keys which correspond with the WEP Keys of access point. And select on WEP key as default key to encrypt wireless data transmission. 107 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 108 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Key settings The WEP Encryption type of station has to equal to the access point. Check 'ASCII' field for characters WEP key or uncheck 'ASCII' field for Hexadecimal digits WEP key. Hexadecimal digits don't need to preceded by '0x'. For example, 64-bits with characters WEP key : Key1= 2e3f4 Key2= 5y7js Key3= 24fg7 Key4= 98jui 64-bits with hexadecimal digits WEP key : Key1= 123456789A Key2= 23456789AB Key3= 3456789ABC Key4= 456789ABCD Configuring 802.1x IEEE 802.
Prestige 2602HWL-DxA Support Notes IEEE 802.1x authentication is a client-server architecture delivered with EAPOL (Extensible Authentication Protocol over LAN). The authentication server authenticates each client connected to a Access Point (For Wireless LAN) or switch port (for Ethernet) before accessing any services offered by the Wireless AP. 802.1x contains tree major components : 1. Authenticator : The device (i.e.
Prestige 2602HWL-DxA Support Notes The device (i.e. RADIUS server) provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator. The authentication server performs the actual authentication of the client. It validates the identity of the supplicant.
Prestige 2602HWL-DxA Support Notes 1. Force Authorized : Disables 802.1x and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. This is the default port control setting. While AP is setup as Force Authorized, Wireless client (supported 802.1x client or none-802.1x client) can always access the network. 2.
Prestige 2602HWL-DxA Support Notes The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc. Typically, the authenticator will send an initial Identity Request followed by one or more Requests for authentication information. When supplicant receive the EAP request, it will reply associated EAP response.
Prestige 2602HWL-DxA Support Notes The EAPOL packet contains the following fields: protocol version, packet type, packet body length and packet body. Most of the fields are obvious. The packet type can have four different values, and these values are described below: 114 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes • • • • EAP-Packet : Both the supplicant and the authenticator send this packet when authentication is taking place. This is the packet that contains either the MD5-Challenge or TLS information required for authentication. EAPOL-Start : This supplicant sends this packet when it wants to initiate the authentication process. EAPOL-Logoff : The supplicant sends this packet when it wants to terminate its 802.1x session.
Prestige 2602HWL-DxA Support Notes Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= N/A Idle Timeout (in second)= N/A Key Management Protocol= N/A Dynamic WEP Key Exchange= N/A PSK= N/A WPA Mixed Mode= N/A Data Privacy for Broadcast/Multicast packets= N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= N/A Press ENTER to Confirm or ESC to Cancel: If you use WEB Configuration, 1.
Prestige 2602HWL-DxA Support Notes • Using Internal Authentication Server ZyXEL Wireless Access Point has an internal authentication server for authenticating the wireless 802.1x client users. It builds total 32-users database and allows up to 32 authorized users to login to the Wireless AP simultaneously. When you use internal authentication server, ZyXEL wireless AP is acted as Authenticator and Authentication Server. By storing wireless 802.
Prestige 2602HWL-DxA Support Notes 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 10. ________ 11. ________ 12. ________ 13. ________ 14. ________ 15. ________ 16. ________ 18. ________ 19. ________ 20. ________ 21. ________ 22. ________ 23. ________ 24. ________ 26. ________ 27. ________ 28. ________ 29. ________ 30. ________ 31. ________ 32. ________ Enter Menu Selection Number: 2. Type a number and press [Enter] to edit the wireless 802.
Prestige 2602HWL-DxA Support Notes • Using External RADIUS Authentication Server In addition to the internal authentication server inside ZyXEL AP, you can use external RADIUS authentication server to centrally manage the user account profile. RADIUS is based on a client-server model that supports authentication, authorization and accounting. The wireless AP is the client and the server is the RADIUS server.
Prestige 2602HWL-DxA Support Notes between the supplicant and the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch port becomes authorized. The specific exchange of EAP frames depends on the authentication method being used. The figure below shows a message exchange initiated by the client using the MD5 Challenge authentication method with a RADIUS server. 1. From the SMT main menu, enter Menu 23.
Prestige 2602HWL-DxA Support Notes Shared Secret= ***** Accounting Server: Active= Yes Server Address= 192.168.1.100 Port #= 1813 Shared Secret= ****** Press ENTER to Confirm or ESC to Cancel: Key settings for authentication server: Option Descriptions User Name Enter a username up to 31 alphanumeric characters long. Active Press [SPACE BAR] to select Yes and press [Enter] to enable 802.1x user authentication through an external RADIUS authentication server.
Prestige 2602HWL-DxA Support Notes Site Survey Introduction What is Site Survey? An RF site survey is a MAP to RF contour of RF coverage in a particular facility. With wireless system it is very difficult to predict the propagation of radio waves and detect the presence of interfering signals. Walls, doors, elevator shafts, and other obstacles offer different degree of attenuation. This will cause the RF coverage pattern be irregular and hard to predict.
Prestige 2602HWL-DxA Support Notes 3. Identify user's area, when doing so ask a question where is wireless coverage needed and where does not, and note and take note on the diagram this is information is needed to determine the number of AP required. 4. Determine the preliminary access point location on the facility diagram base on the service area needed, obstacles, power wall jack considerations. Survey on Site 1. With the diagram with all information you gathered in the preparation phase.
Prestige 2602HWL-DxA Support Notes 5. When you reach the farthest point of connection mark the spot. Now you move the access point to this new spot as have already determine the farthest point of the access point installation spot if wireless service is required from corner of the room. 6. Repeat step 1~5 and now you should be able to mark an RF coverage area as illustrated in above picutre. 7.
Prestige 2602HWL-DxA Support Notes Note: If there are more than one access point is needed be sure to make the adjacent access point service area over lap one another. So the wireless station are able to roam. For more information please refer to roaming at PSTN Lifeline Application Notes (For Lifeline model only) Usage of PSTN Lifeline By using the PSTN lifeline function, you can make and receive regular PSTN phone calls in coexistence with VoIP service on the same set of phone.
Prestige 2602HWL-DxA Support Notes Furthermore, when the P2602HWL – D1A experience power loss such as in case of earthquake and other natural hazard that cause power loss, it will automatically switch to PSTN line and you can dial a regular phone number without dialing a prefix number. This can be applied on the emergency situation such as for contacting police, fire or emergency medical services when is powerless situation.
Prestige 2602HWL-DxA Support Notes Relay to PSTN The Relay to PSTN field can be find under PSTN configuration WEB GUI in Relay to PSTN section. This field is used to specify phone numbers to which the Prestige will always send calls through the regular PSTN phone service without pushing prefix. In other words, numbers which specify on this field do not need to dial prefix number to be dialed out.
Prestige 2602HWL-DxA Support Notes 1. The P2602HWL-D1A includes a DSL cable and a RJ-11 cable. Connect the DSL cable to the DSL port and connect RJ-11 to Lifeline port. 2. Connect the RJ11 to the splitter phone jack or a telephone wall jack 3. Connect the DSL cable to the splitter modem jack or ADSL line 4. Connect the splitter jack where it label Line to ADSL line from the ISP. Figure 2 Splitterless type 1. 2. 3. 4. 5. The P2602HWL-D1A includes a DSL cable and a RJ-11 cable.
Prestige 2602HWL-DxA Support Notes Setup SIP Account VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet.
Prestige 2602HWL-DxA Support Notes Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP address of the Prestige (LAN IP address). The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' Step 3. On the left column click on VoIP to bring you to VoIP configuration menu than click on SIP.
Prestige 2602HWL-DxA Support Notes Address SIP Server Enter the SIP server’s listening port for SIP in this field. Leave this field set to the default if your VoIP service provider did not give you a local port number Port for SIP. REGISTER Server Address A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. Enter the SIP register server’s address in this field.
Prestige 2602HWL-DxA Support Notes Peer to Peer call Topology Topology Explanation 1. Device A and B located at Internet. 2. Device A and B WAN interface is Public Static IP (220.130.46.197 and 220.130.46.198). 3. SIP number for device A and B is 197 and 198. Preparation and Steps 1. Install the device properly in user’s networking topology. 2. Setup device’s WAN connection. 3. Configuring SIP / VoIP related settings in device A and B. There are two ways to make IP to IP call.
Prestige 2602HWL-DxA Support Notes server all in the VOIP screen. Setup--- Configuring SIP / VoIP related settings in device A 133 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 1. Setup WEB GUI VoIP, enter device A’s number in the SIP number column. 2. Fill in device B’s IP into SIP server address, Register server address… as example. 3. Setup speed dial, put device B’s information into the column. Setup--- Configuring SIP / VoIP related settings in device B 134 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 135 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes 1. Setup WEB GUI VoIP, enter device B’s number in the SIP number column. 2. Fill in device A’s IP into SIP server address, Register server address… as example. 3. Setup speed dial, put device A’s information into the column. After completing the setting, you can dial #01 from the phone under device A, then the phone under device B will ring. Phone port settings Prestige allow you to configure the volume and echo cancellation setting for each individual phone port.
Prestige 2602HWL-DxA Support Notes To configure the phone port setting please follow the below step. Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP address of the Prestige. The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' Step 3.
Prestige 2602HWL-DxA Support Notes quietest and 1 is the loudest. G.168 Active Select this check box to cancel the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. VAD Support Select this check box to use Voice Activity Detection (VAD) to reduce the bandwidth that a call uses. The Prestige will generate and send comfort noise when you are not talking.
Prestige 2602HWL-DxA Support Notes Each field's detail description of the page is listed below. Label Description SIP Account This read-only field displays the number of the SIP account that you are configuring. The changes that you save in this page affect the Prestige’s settings with the SIP account displayed here.. 139 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes URL Type Select SIP to have the Prestige include the domain name with the SIP number in the SIP messages that it sends. Select TEL to have the Prestige use the SIP number without a domain name in the SIP messages that it sends. Expiration Duration This field sets how long an entry remains registered with the SIP register server. After this time period expires, the SIP register server deletes the Prestige’s entry from the database of registered SIP numbers.
Prestige 2602HWL-DxA Support Notes Select RFC 2833 to send the DTMF tones in RTP packets. Select PCM (Pulse Code Modulation) to include the DTMF tones in the voice data stream. This method works best when you are using a codec that does not use compression (like G.711). Codecs that use compression (like G.729) could distort the tones. Select SIP INFO to send the DTMF tones in SIP messages.
Prestige 2602HWL-DxA Support Notes To configure phone book for speed dial please follow the below step. Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP address of the Prestige. The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' Step 3.
Prestige 2602HWL-DxA Support Notes Label Description Speed Dial Select a speed dial key combination from the drop-down list box. SIP Number Enter the SIP number of the party that you will call (use the number or text that comes before the @ symbol in a full SIP URI). You can use up to 127 ASCII characters. Name Enter a descriptive name to identify the party that you will use this entry to call. You can use up to 127 ASCII characters.
Prestige 2602HWL-DxA Support Notes Voice - QoS setup Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to provide bandwidth for real-time multimedia applications. Click VoIP -> SIP -> QoS to display the following screen. Each field's detail description of the page is listed below. Label Description SIP TOS Priority Type a priority for voice transmissions.
Prestige 2602HWL-DxA Support Notes VLAN group to communicate with the SIP server. Apply Click Apply to save your changes back to the Prestige. Call Forwarding setup Call forwarding function allows users to determine handling of incoming calls. For example, a user may wish to decide that all incoming calls will ring his cell phone as well. The following screenshot shows how users can use this screen to configure the Prestige to block or redirect calls.
Prestige 2602HWL-DxA Support Notes Enable this feature to have the Prestige forward incoming calls to the number that you configure. Busy Forward to Number Enable this feature to have the Prestige forward incoming calls to the number that you configure when your SIP account has a call connected. No Answer Forward to Number Enable this feature to have the Prestige forward incoming calls to the number that you configure whenever you do not answer the call after a specific time period.
Prestige 2602HWL-DxA Support Notes Forward to Number number that you configure whenever you do not answer the call after a specific time period. Set how long the Prestige should let a call ring before considering the call No Answer Waiting Time unanswered. Advanced Setup Configure Advanced Setup call forwarding entries to have the Prestige perform specific actions on calls from specific numbers.
Prestige 2602HWL-DxA Support Notes the Incoming Call Number field. Voice – Common Settings Click VoIP -> Phone -> Common to display the following screen. Use this screen to configure Immediate Dial Click VoIP -> Phone -> Region to display the following screen. Use this screen to configure VoIP Common Settings. Label Description 148 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes Region Settings Use the drop-down list box to select the country where your Prestige is located. Immediate Dial Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service without the need of dialing a prefix number. These numbers must be for phones on the PSTN (not VoIP phones).
Prestige 2602HWL-DxA Support Notes ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all Prestige routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites and public Web download site as they become available.
Prestige 2602HWL-DxA Support Notes The Prestige allows you to transfer the firmware from/to Prestige by using FTP program via LAN. The procedure for uploading ZyNOS via FTP is as follows. a. To upgrade firmware, use FTP client program to put firmware in file 'ras' in the Prestige. After data transfer is finished, the Prestige will program the upgraded firmware into FLASH ROM and reboot itself. Note: Do not power off the unit after upload the file via ftp until the system LED have become steady light up.
Prestige 2602HWL-DxA Support Notes c. To restore the configurations, use the FTP client program to put your configuration in file ROM-0 in the Prestige. Why can't I make Telnet to Prestige from WAN? There are three possible reasons that Telnet from WAN is blocked. a. You have not enable Telnet service on WAN interface in Menu 24.11. b. Telnet service is enabled but your host IP is not the secured host entered in Menu 24.11.
Prestige 2602HWL-DxA Support Notes What is the difference between NAT and SUA? NAT is a generic name defined in RFC 1631 'The IP Network Address Translator (NAT)'. SUA (Internet Single User Account) is ZyXEL's implementation and trade name for functioning PAT which is a specific type of NAT. SUA (or PAT for NAT) translates address into port mapping. The primary motivation for RFC 1631 is that there is not enough IP address to go around.
Prestige 2602HWL-DxA Support Notes Product FAQ What is the Prestige Integrated Access Device? The Prestige series fulfills a range of application environments, from small and medium businesses, SOHO, or Telecommuters, to home user or education applications. Prestige's design helps users to save expenses, minimize maintenance, and simultaneously provide a high quality networking environment.
Prestige 2602HWL-DxA Support Notes Does the Prestige support PPPoE? Yes. The Prestige supports PPPoE since ZyNOS 2.50. How do I know I am using PPPoE? PPPoE requires a user account to login to the provider's server. If you need to configure a user name and password on your computer to connect to the ISP you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP.
Prestige 2602HWL-DxA Support Notes Does Prestige support dynamic IP addressing? The Prestige supports either a static or dynamic IP address from ISP. What is the difference between the internal IP and the real IP from my ISP? Internal IPs is sometimes referred to as virtual IPs. They are a group of up to 255 IPs that are used and recognized internally on the local area network. They are not intended to be recognized on the Internet.
Prestige 2602HWL-DxA Support Notes How do I used the reset button, more over what field of parameter will be reset by reset button? You can used a sharp pointed object insert it into the little reset hole beside the power connector. Press down the reset button and hold down for approx 5 second, the unit will be reset. When the reset button is pressed the devices all parameter will be reset back to factory default include, password, and IP address. The default IP address is 192.168.1.1, Password 1234.
Prestige 2602HWL-DxA Support Notes Cable modems on the same node share bandwidth, which means that congestion is created when too many people are on simultaneously. One user downloading large graphic or video files can use a significant portion of shared bandwidth, slowing down access for other users in the same neighborhood. Most independent Internet Service Providers today connect to the Internet using a single 1.5 Mbps "T1" telephone line. All of their subscribers share that 1.5 Mbps pipeline.
Prestige 2602HWL-DxA Support Notes a. Support Non-NAT Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address.
Prestige 2602HWL-DxA Support Notes NAT Type IP Mapping One-to-One ILA1<--->IGA1 Many-to-One (SUA/PAT) ILA1<--->IGA1 ILA2<--->IGA1 ... Many-to-Many Overload ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2 ... ILA1<--->IGA1 ILA2<--->IGA2 Many-to-Many No ILA3<--->IGA3 Overload ILA4<--->IGA4 ...
Prestige 2602HWL-DxA Support Notes What is DDNS? The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname, allowing your computer to be more easily accessed from various locations on the Internet. To use the service, you must first apply an account from several free Web servers such as WWW.DYNDNS.ORG. Without DDNS, we always tell the users to use the WAN IP of the 312 to reach our internal server. It is inconvenient for the users if this IP is dynamic.
Prestige 2602HWL-DxA Support Notes Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige? Yes, the Prestige's SUA can handle IPsec ESP Tunneling mode. We know when packets go through SUA, SUA will change the source IP address and source port for the host. To pass IPsec packets, SUA must understand the ESP packet with protocol number 50, replace the source IP address of the IPsec gateway to the router's WAN IP address.
Prestige 2602HWL-DxA Support Notes Can I connect more than one phone on the phone port? Yes, P2602HWL - 6xC supports REN (Ringer Equivalence Number), it can determine the number of devices that is connected to the phone line. P2602HWL – 6xC can support up to three devices per telephone port. Can I receive incoming PSTN call through P2602HWL- 6xC? Yes, P2602HWL has a line port for connecting a PSTN line. Thus enable you to receive incoming PSTN calls.
Prestige 2602HWL-DxA Support Notes already runs on IP, by using IP as a platform integrate service is now possible and low cost where traditional circuit may take long time to achieve. What is the relationship between codec and VoIP? In order to transfer voice (analog signal) over IP it first need to be digitized. Codec is a technic to digitize analog signal to digital and vice versa. There are various speech codec available and can be used with VoIP each with it's advantage and disadvantage.
Prestige 2602HWL-DxA Support Notes What is codec? Codec is a algorithm which converts analog signal into digital signal and vice versa. There are three main type of waveform codec, source codec, and hybrid codec. Each consume different amount of bandwidth and provide different voice quality level.
Prestige 2602HWL-DxA Support Notes 2. A PC with VoIP software installed or a hardware VoIP box such as ATA or device like Prestige 2602 VoIP station router. 3. An account with a VoIP provider such as an ITSP. The account can be configured to recognize your calls automatically, or you can require the users to enter their unique account numbers issued. Unable to register with the SIP server? If you are unable to register with SIP server. 1.
Prestige 2602HWL-DxA Support Notes If all the about have been tried, but register still fail what should I do? In such case, please contact your local vendor for support. If they can't help out the problem they will escalate your problem to ZyXEL tech center. To report a problem please prepared below info. 1. Serial number of the device. 2. SIP Call server type and vendor. 3. Your device firmware version and romfile with password. 4. Detail information what you have tried to resolve the problem.
Prestige 2602HWL-DxA Support Notes What are the basic types of firewalls? Conceptually, there are three types of firewalls: 1. Packet Filtering Firewall 2. Application-level Firewall 3. Stateful Inspection Firewall Packet Filtering Firewalls generally make their decisions based on the header information in individual packets. These header information include the source, destination addresses and ports of the packets.
Prestige 2602HWL-DxA Support Notes Why do you need a firewall when your router has packet filtering and NAT built-in? With the spectacular growth of the Internet and online access, companies that do business on the Internet face greater security threats. Although packet filter and NAT restrict access to particular computers and networks, however, for the other companies this security may be insufficient, because packets filters typically cannot maintain session state.
Prestige 2602HWL-DxA Support Notes SYN-ACK, it queues up all outstanding SYN-ACK responses on what is known as a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer (which is set a relatively long intervals) terminates the TCP three-way handshake. Once the queue is full , the system will ignore all incoming SYN requests, making the system unavailable for legitimate users.
Prestige 2602HWL-DxA Support Notes How can I protect against IP spoofing attacks? The Prestige's firewall will automatically detect the IP spoofing and drop it if the firewall is turned on. If the firewall is not turned on we can configure a filter set to block the IP spoofing attacks.
Prestige 2602HWL-DxA Support Notes • • • • • Active =Yes Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z Action Matched =Drop Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask. Content Filter FAQ What types of content filter does Prestige provide? Can I have different policies in effect for different times of the day or week? Yes, but only one blocking period of time is supported currently on ZyXEL appliance.
Prestige 2602HWL-DxA Support Notes Why do I need VPN? There are some reasons to use a VPN. The most common reasons are because of security and cost. Security 1). Authentication With authentication, VPN receiver can verify the source of packets and guarantee the data integrity. 2). Encryption With encryption, VPN guarantees the confidentiality of the original user data. Cost 1).
Prestige 2602HWL-DxA Support Notes PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade. What is L2TP? Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet.
Prestige 2602HWL-DxA Support Notes What is SA? A Security Association (SA) is a contract between two parties indicating what security parameters, such as keys and algorithms they will use. What is IKE? IKE is short for Internet Key Exchange. Key Management allows you to determine whether to use IKE (ISAKMP) or manual key configuration to set up a VPN. There are two phases in every IKE negotiation- phase 1 (Authentication) and phase 2 (Key Exchange).
Prestige 2602HWL-DxA Support Notes What are Local ID and Peer ID? Local ID and Peer ID are used in IKE phase 1 negotiation. It’s in FQDN(Fully Qualified Domain Name) format, IKE standard takes it as one type of Phase 1 ID. Phase 1 ID is an identification for each VPN peer. The type of Phase 1 ID may be IP/FQDN(DNS)/Ueser FQDN(E-mail). The content of Phase 1 ID depends on the Phase 1 ID type. The following is an example for how to configure phase 1 ID.
Prestige 2602HWL-DxA Support Notes is ready in your Prestige. You then can configure VPN via web configurator. Please download the firmware from our web site. NOTE: For updating from ZyNOS V3.2x to V3.5x, please use console or TFTP update. This is because the memory allocation difference between these two versions. How do I configure Prestige VPN? You can configure Prestige for VPN using SMT or Web configurator. Prestige 1 supports Web only.
Prestige 2602HWL-DxA Support Notes If your Prestige is capable of VPN, you can find the VPN options in Advanced>VPN tab. For configuring a 'box-to-box VPN', there are some tips: 1. If there is a NAT router running in the front of Prestige, please make sure the NAT router supports to pass through IPSec. 2. In NAT case (either run on the frond end router, or in Prestige VPN box), only IPSec ESP tunneling mode is supported since NAT againsts AH mode. 3.
Prestige 2602HWL-DxA Support Notes What VPN software that has been tested with Prestige successfully? We have tested Prestige successfully with the following third party VPN software. • • • • • • • • • • • SafeNet Soft-PK, 3DES edition Checkpoint Software SSH Sentinel, 1.4 SecGo IPSec for Windows F-Secure IPSec for Windows KAME IPSec for UNIX Nortel IPSec for UNIX Intel VPN, v. 6.90 FreeS/WAN for Linux SSH Remote ISAKMP Testing Page, (http://isakmp-test.ssh.
Prestige 2602HWL-DxA Support Notes Where can I configure Phase 1 ID in Prestige? Phase 1 ID can be configured in VPN setup menu as following. Note that you can make such configuration in either web configurator or SMT menu. If I have NAT router between two VPN gateways, and I would like to use IP type as Phase 1 ID, what should I know? We presume your environment may look like this, 180 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige 2602HWL-DxA Support Notes VPN client: 10.1.33.33 NAT router WAN IP: 202.132.154.2 Prestige WAN: 202.132.154.3 Since the VPN client is behind a NAT router, it must have a private IP address in most case. This may cause the VPN client to send it's private IP address as the content of it's phase 1 ID. So you have to configure Prestige's secure gateway's phase 1 ID as the private IP address of the VPN client.
Prestige 2602HWL-DxA Support Notes If the VPN connection is initiated from the security gateway behind Prestige, no configuration is necessary for NAT nor Firewall. If the VPN connection is initiated from the security gateway outside of Prestige, NAT port forwarding and Firewall forwarding are necessary. To configure NAT port forwarding, please go to WEB interface, Setup/ "SUA/NAT", put the secure gateway's IP address in default server.
Prestige 2602HWL-DxA Support Notes networks. b. Installation Speed and Simplicity: Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings. c. Installation Flexibility: Wireless technology allows the network to go where wire cannot go. d.
Prestige 2602HWL-DxA Support Notes Ethernet connection that broadcasts information using radio signals. AP typically act as a bridge for the clients. It can pass information to wireless LAN cards that have been installed in computers or laptops allowing those computers to connect to the campus network and the Internet without wires. What is IEEE 802.11 ? The IEEE 802.11 is a wireless LAN industry standard, and the objective of IEEE 802.
Prestige 2602HWL-DxA Support Notes technology. An 802.11b radio card will interface directly with an 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. The range at 54 Mbps is less than for 802.11b operating at 11 Mbps. Is it possible to use products from a variety of vendors ? Yes. As long as the products comply to the same IEEE 802.11 standard. The Wi-Fi logo is used to define 802.11b compatible products. Wi-Fi5 is a compatibility standard for 802.
Prestige 2602HWL-DxA Support Notes metals and substances with a high water content do not allow radio waves to pass through. Metals reflect radio waves and concrete attenuates radio waves. The amount of attenuation suffered in passing through concrete will be a function of its thickness and amount of metal re-enforcement used. What are potential factors that may causes interference among WLAN products ? Factors of interference: 1. Obstacles: walls, ceilings, furniture… etc. 2.
Prestige 2602HWL-DxA Support Notes How many Access Points are required in a given area ? This depends on the surrounding terrain, the diameter of the client population, and the number of clients. If an area is large with dispersed pockets of populations then extension points can be used for extend coverage. What is Direct-Sequence Spread Spectrum Technology – (DSSS) ? DSSS spreads its signal continuously over a wide frequency band.
Prestige 2602HWL-DxA Support Notes SSID is a configurable identification that allows clients to communicate to the appropriate base station. With proper configuration, only clients that are configured with the same SSID can communicate with base stations having the same SSID. SSID from a security point of view acts as a simple single shared password between base stations and clients. What is an ESSID ? ESSID stands for Extended Service Set Identifier and identifies the wireless LAN.
Prestige 2602HWL-DxA Support Notes A WEP key is a user defined string of characters used to encrypt and decrypt data ? 128-bit WEP will not communicate with 64-bit WEP or 256-bit WEP Although 128 bit WEP also uses a 24 bit Initialization Vector, but it uses a 104 bit as secret key. Users need to use the same encryption level in order to make a connection. Can the SSID be encrypted ? WEP, the encryption standard for 802.11, only encrypts the data packets not the 802.
Prestige 2602HWL-DxA Support Notes authentication if the receiving station designates open system authentication. Share Key: The optional authentication that involves a more rigorous exchange of frames, ensuring that the requesting station is authentic. For a station to use shared key authentication, it must implement WEP. What is 802.1x ? IEEE 802.
Prestige 2602HWL-DxA Support Notes implemented into several software packages and networking devices. It allows user information to be sent to a central database running on a RADIUS Server, where it is verified. RADIUS also provides a mechanism for accounting. What is WPA ? WPA (Wi-Fi Protected Access) is a subset of the IEEE 802.11i security sepcification draft. difference between WPA and WEP are user authentication and improve data encryption.
Prestige 2602HWL-DxA Support Notes [index] [timer/second][channel-receive/transmit][length] [protocol] [sourceIP/port] [destIP/port] There are two ways to dump the trace: 1. Online Trace--display the trace real time on screen 2. Offline Trace--capture the trace first and display later The details for capturing the trace in SMT menu 24.8 are as follows. Online Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel enet1 none 1.
Prestige 2602HWL-DxA Support Notes 7 11883.630 ENET0-T[0054] TCP 192.31.7.130:80->192.168.1.2:1108 8 11883.630 ENET0-R[0060] TCP 192.168.1.2:1108->192.31.7.130:80 9 11883.650 ENET0-R[0060] TCP 192.168.1.2:1108->192.31.7.130:80 10 11883.650 ENET0-R[0062] TCP 192.168.1.2:1109->192.31.7.130:80 Prestige> sys trcd parse ---<0000>---------------------------------------------------------------LAN Frame: ENET0-RECV Size: 62/ 62 Time: 12089.790 sec Frame Type: TCP 192.168.1.2:1116->192.31.7.
Prestige 2602HWL-DxA Support Notes Window Size = 0x2000 (8192) Checksum = 0xBEC3 (48835) Urgent Ptr = 0x0000 (0) Options = 0000: 02 04 05 B4 01 01 04 02 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 00 .........L.c..E. 0010: 00 30 33 0B 40 00 80 06-3E 71 C0 A8 01 02 C0 1F .03.@...>q...... 0020: 07 82 04 5C 00 50 00 BD-15 A7 00 00 00 00 70 02 ...\.P........p. 0030: 20 00 BE C3 00 00 02 04-05 B4 01 01 04 02 .............
Prestige 2602HWL-DxA Support Notes Source Port = 0x0050 (80) Destination Port = 0x045C (1116) Sequence Number = 0x4AD1B57F (1255257471) Ack Number = 0x00BD15A8 (12391848) Header Length = 24 Flags = 0x12 (.A..S.) Window Size = 0xFAF0 (64240) Checksum = 0xF877 (63607) Urgent Ptr = 0x0000 (0) Options = 0000: 02 04 05 B4 RAW DATA: 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 ...L.c........E. 0010: 00 2C 57 F3 40 00 ED 06-AC 8C C0 1F 07 82 C0 A8 .,W.@...........
Prestige 2602HWL-DxA Support Notes Protocol = 0x06 (TCP) Header Checksum = 0x3C79 (15481) Source IP = 0xC0A80102 (192.168.1.2) Destination IP = 0xC01F0782 (192.31.7.130) TCP Header: Source Port = 0x045C (1116) Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A8 (12391848) Ack Number = 0x4AD1B580 (1255257472) Header Length = 20 Flags = 0x10 (.A....
Prestige 2602HWL-DxA Support Notes Prestige> sys trcp channel enet0 none Prestige> sys trcp channel enet1 bothway Prestige> sys trcp sw on Prestige> sys trcl sw on Prestige> sys trcd brief 0 12367.680 ENET1-R[0070] UDP 202.132.155.95:520->202.132.155.255:520 1 12370.980 ENET1-T[0062] TCP 202.132.155.97:10261->192.31.7.130:80 2 12373.940 ENET1-T[0062] TCP 202.132.155.97:10261->192.31.7.130:80 3 12374.930 ENET1-R[0064] TCP 192.31.7.130:80->202.132.155.97:10261 4 12374.940 ENET1-T[0054] TCP 202.132.
Prestige 2602HWL-DxA Support Notes Destination IP = 0xCA849B61 (202.132.155.97) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x281E (10270) Sequence Number = 0xD3E95985 (3555285381) Ack Number = 0x00C18F63 (12685155) Header Length = 20 Flags = 0x19 (.AP..F) Window Size = 0xFAF0 (64240) Checksum = 0x3735 (14133) Urgent Ptr = 0x0000 (0) TCP Data: (Length=1127, Captured=42) 0000: DF 33 AF 62 58 37 52 3D-79 99 A5 3C 2B 59 E2 78 .3.bX7R=y..<+Y.
Prestige 2602HWL-DxA Support Notes IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x0028 (40) Idetification = 0x7A0C (31244) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x7F (127) Protocol = 0x06 (TCP) Header Checksum = 0x543C (21564) Source IP = 0xCA849B61 (202.132.155.97) Destination IP = 0xC01F0782 (192.31.7.
Prestige 2602HWL-DxA Support Notes Source MAC Addr = 00A0C5921312 Network Type = 0x0800 (TCP/IP) IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x0028 (40) Idetification = 0x7B0C (31500) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x7F (127) Protocol = 0x06 (TCP) Header Checksum = 0x533C (21308) Source IP = 0xCA849B61 (202.132.155.97) Destination IP = 0xC01F0782 (192.31.7.
Prestige 2602HWL-DxA Support Notes Offline Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel enet1 none 1.2 Enable to capture the LAN packet by entering: sys trcp channel enet0 bothway 1.3 Enable the trace log by entering: sys trcp sw on & sys trcl sw on 1.4 Wait for packet passing through Prestige over LAN 1.5 Disable the trace log by entering: sys trcp sw off & sys trcl sw off 1.
Prestige 2602HWL-DxA Support Notes 6 10856.040 ENET0-R[0060] TCP 192.168.1.2:1103->192.31.7.130:80 Prestige> sys trcp parse 5 5 ---<0005>---------------------------------------------------------------LAN Frame: ENET0-XMIT Size: 58/ 58 Time: 10856.030 sec Frame Type: TCP 192.31.7.130:80->192.168.1.
Prestige 2602HWL-DxA Support Notes Flags = 0x12 (.A..S.) Window Size = 0xFAF0 (64240) Checksum = 0xDCEF (56559) Urgent Ptr = 0x0000 (0) Options = 0000: 02 04 05 B4 RAW DATA: 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 ...L.c........E. 0010: 00 2C 7F 02 40 00 ED 06-85 7D C0 1F 07 82 C0 A8 .,..@....}...... 0020: 01 02 00 50 04 4F D9 1B-18 26 00 AA 40 5F 60 12 ...P.O...&..@_`. 0030: FA F0 DC EF 00 00 02 04-05 B4 .......... Prestige> 2. Trace WAN packet 1.
Prestige 2602HWL-DxA Support Notes 3 12865.120 ENET1-R[0247] TCP 204.217.0.2:80->202.132.155.97:10278 4 12865.130 ENET1-T[0411] TCP 202.132.155.97:10278->204.217.0.2:80 5 12865.220 ENET1-R[0247] TCP 204.217.0.2:80->202.132.155.97:10282 Prestige> sys trcp parse 3 4 ---<0003>---------------------------------------------------------------LAN Frame: ENET1-RECV Size: 247/ 96 Time: 12865.120 sec Frame Type: TCP 204.217.0.2:80->202.132.155.
Prestige 2602HWL-DxA Support Notes Checksum = 0xAB57 (43863) Urgent Ptr = 0x0000 (0) TCP Data: (Length=193, Captured=42) 0000: 48 54 54 50 2F 31 2E 31-20 33 30 34 20 4E 6F 74 HTTP/1.1 304 Not 0010: 20 4D 6F 64 69 66 69 65-64 0D 0A 44 61 74 65 3A Modified..Date: 0020: 20 57 65 64 2C 20 30 37-20 4A Wed, 07 J RAW DATA: 0000: 00 A0 C5 92 13 12 00 A0-C5 59 12 84 08 00 45 00 .........Y....E. 0010: 00 E5 E9 3B 40 00 F0 06-6E 15 CC D9 00 02 CA 84 ...;@...n.......
Prestige 2602HWL-DxA Support Notes Source IP = 0xCA849B61 (202.132.155.97) Destination IP = 0xCCD90002 (204.217.0.2) TCP Header: Source Port = 0x2826 (10278) Destination Port = 0x0050 (80) Sequence Number = 0x00C8C015 (13156373) Ack Number = 0x4D713E47 (1299267143) Header Length = 20 Flags = 0x18 (.AP...
Prestige 2602HWL-DxA Support Notes The Prestige supports traces when there is problem to connect your ISP using PPPoE protocol. Please follow the procedure below to collect the trace for our troubleshooting. 1. 2. 3. 4. Remove the LAN cable attached on the Prestige Enter SMT using console port Enter Menu 24.
Prestige 2602HWL-DxA Support Notes putPoeHdr: ver 1 type 1 code x09 sess-id 0 len 12(x000C) bdcastSendInit: l1.pktTx() failed, pch poe0 ch enet0 poePut1SrvcName: '' len 0 host-uniq 31303030 len 4 putPoeHdr: ver 1 type 1 code x09 sess-id 0 len 12(x000C) ### Hit any key to continue.### $$$ DIALING dev=6 ch=0..........
Prestige 2602HWL-DxA Support Notes Undefined Address : 0xE3F045C4 Undefined Data : 0x56FF54FF r0= 0xE3F045C4 r1= 0x0001FFC0 r2= 0x000000E5 r3= 0x56FF54FF r4= 0xE3F045C4 r5= 0xE5BDBFEC r6= 0x0001C468 r7= 0x60000093 r8= 0x00000000 r9= 0xE3550000 r12=0x56FF54FF sp= 0x0001EDBC r10=0xE3550000 lr= 0x00004F64 fp= 0x00000000 pc= 0x00013954 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F e5bdbfe0: e2 8f 00 06 e5 d5 20 06 e5 d5 20 0a e5 d5 20 0e ...b...f...j...
Prestige 2602HWL-DxA Support Notes initialize ch = 0, ethernet address: 00:a0:c5:d1:78:e9 Wan Channel init ........ done ........................................ done VC5402 Init...OK Press ENTER to continue... Enter Password : XXXX LAN/WAN Packet Trace The Prestige packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of Prestige.
Prestige 2602HWL-DxA Support Notes 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel mpoa00 none 1.2 Enable to capture the LAN packet by entering: sys trcp channel enet0 bothway 1.3 Enable the trace log by entering: sys trcp sw on & sys trcl sw on 1.4 Display the brief trace online by entering: sys trcd brief or 1.
Prestige 2602HWL-DxA Support Notes IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x0030 (48) Idetification = 0x330B (13067) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x80 (128) Protocol = 0x06 (TCP) Header Checksum = 0x3E71 (15985) Source IP = 0xC0A80102 (192.168.1.2) Destination IP = 0xC01F0782 (192.31.7.
Prestige 2602HWL-DxA Support Notes Frame Type: TCP 192.31.7.130:80->192.168.1.2:1116 Ethernet Header: Destination MAC Addr = 0080C84CEA63 Source MAC Addr = 00A0C5921311 Network Type = 0x0800 (TCP/IP) IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Idetification = 0x57F3 (22515) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xED (237) Protocol = 0x06 (TCP) Header Checksum = 0xAC8C (44172) Source IP = 0xC01F0782 (192.31.7.
Prestige 2602HWL-DxA Support Notes 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 ...L.c........E. 0010: 00 2C 57 F3 40 00 ED 06-AC 8C C0 1F 07 82 C0 A8 .,W.@........... 0020: 01 02 00 50 04 5C 4A D1-B5 7F 00 BD 15 A8 60 12 ...P.\J.......`. 0030: FA F0 F8 77 00 00 02 04-05 B4 ...w...... ---<0002>---------------------------------------------------------------LAN Frame: ENET0-RECV Size: 60/ 60 Time: 12090.210 sec Frame Type: TCP 192.168.1.2:1116->192.31.7.
Prestige 2602HWL-DxA Support Notes Checksum = 0xE8ED (59629) Urgent Ptr = 0x0000 (0) TCP Data: (Length=6, Captured=6) 0000: 20 20 20 20 20 20 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 00 .........L.c..E. 0010: 00 28 35 0B 40 00 80 06-3C 79 C0 A8 01 02 C0 1F .(5.@...
Prestige 2602HWL-DxA Support Notes Source MAC Addr = 00A0C5012345 Network Type = 0x0800 (TCP/IP) IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x048B (1163) Idetification = 0xB139 (45369) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xEE (238) Protocol = 0x06 (TCP) Header Checksum = 0xA9AB (43435) Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xCA849B61 (202.132.155.
Prestige 2602HWL-DxA Support Notes 0010: 04 8B B1 39 40 00 EE 06-A9 AB C0 1F 07 82 CA 84 ...9@........... 0020: 9B 61 00 50 28 1E D3 E9-59 85 00 C1 8F 63 50 19 .a.P(...Y....cP. 0030: FA F0 37 35 00 00 DF 33-AF 62 58 37 52 3D 79 99 ..75...3.bX7R=y. 0040: A5 3C 2B 59 E2 78 A7 98-8F 3F A9 09 E4 0F 26 14 .<+Y.x...?....&. 0050: 9C 58 3E 95 3E E7 FC 2A-4C 2F FB BE 2F FE EF D0 .X>.>..*L/../... Offline Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.
Prestige 2602HWL-DxA Support Notes CLI Command List The latest CI command list is available in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www.zyxel.com/support/download.php to download firmware package (*.zip), you should unzip the package to get the release note in PDF format. 218 All contents copyright (c) 2005 ZyXEL Communications Corporation.
