Instruction/ maintenance manual of the product 2602H-6XC ZyXEL Communications
Go to page of 159
Prestige 2602H-6xC ADSL V oIP IAD Support Notes V ersion 3.40 March. 2005.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 2 INDEX Application Notes ......................................................................................................... 8 General Application Notes .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 3 What is SUA? When should I use SUA? ................................................... 103 What is the difference between NAT and SUA? .........
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 4 What DDNS servers does the Prestige support? ........................................ 1 12 What is DDNS wildcard?................................
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 5 What is SYN Flood attack?........................................................................ 1 19 What is LAND attack? .....................
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 6 Why does VPN throughput decrease when staying in SMT menu 24.1? .. 129 Where can I configure Phase 1 ID in Prestige? ............................
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 7 What is an ESSID ?.................................................. 錯誤 ! 尚未定義書籤。 How do I secure the data across an Access Point's radio link ? 錯誤 ! 尚未定義書籤。 What is WEP ? .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 8 Application Notes General Application Notes Internet Connection A typical Internet access application of the Prestige is shown b e l o w .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 9 • If you only have one PC, connect the PC's Ethern et adapter to the Prestige's LAN port with a crossover (red one) Ethernet cable.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 10 The following procedure is for the most typical u sage of the Pr estige where you have a single-user account (SUA). The Prestige supports embedded web server that allows yo u to use W eb browser to configure it.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 Select “ Dynamic " if the ISP provides the IP dyn amically, otherwise select “ Use Fixed IP address " and enter the static IP given by ISP in the box following“ MY WAN IP Address "field.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 12 • Setup the Prestige as a DHCP Client 1. Toggle the DHCP to Relay in menu 3.2 and enter the IP addres s of the DHCP server in the 'Relay S erver Address' field.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 13 Press ENTER to Confirm or ESC to Cancel: Configure an Internal Server Behind SUA • Introduction If you wish, you can make internal servers (e.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 14 • For example (Configuring an internal W eb server for outside access) : Menu 15.2 - NAT Server S etup Rule Star t Port No. End Port No. IP Add ress ---------- --------------- --------------- ----------- 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 15 Configure a PPTP server Behind SUA • Introduction PPTP is a tunneling protocol defined by t.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 16 The PPT P is supported in Windows NT and Windows 98 already.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 17 Set the Internet gateway to the r outer that is connecting to ISP o Prestige router setup • Before making a VPN connection from W i n9x to W i nNT server , you need to connect Prestige router to your ISP first.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 18 C:ping 203.66.113.2 When a dial-up connection to I SP is established, a default gate way is assigned to the router traffic through that connection.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 19 Using NA T / Multi-NA T • What is Multi-NA T? NAT (Network Address Translation-NAT RFC 1631) is the translati on of an Internet Protocol address used within one network to a different IP address known within a noth er network.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 20 1. NA T Mapping T ypes NAT supports five types of IP/port mapping. They are: 2. One to One In One-to-One mode, the Pres tige maps one ILA to one IGA.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 21 The following table summarizes these types. NA T T ype IP Mapping Mapping Direction One-to-One ILA1<--->IGA1 Both Many-to-One (SUA/P A T) ILA1---->IGA1 ILA2---->IGA1 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 22 You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet access in menu 4. Enter 4 from the Main Menu to go to Menu 4- Internet Access Setup .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 23 Overload mapping. Select Full Featur e when you require other mapping types.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 24 Menu 1 5.1 - Address M apping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Set Numbe r to Edit: Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL rout ers.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 25 The following table explains the fields in this screen. Please note that the fields in this menu are read-only. Field Description Option/Example Set Name This is the name of the set you selected in Menu 15.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 26 9. 10. Action= Edit , Select Rule= 0 Press EN TER to Confirm or ESC to Cance l: We will just look at the differences from the previous menu. No te that, this screen is not read only, so we have extra Action and Select Rule fields.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 27 Local IP : Start= 0.0.0.0 End = N/A Global I P: Start= 0.0.0.0 End = N/A Press EN TER to Confirm or ESC to Cance l: The following table describes the fields in this screen.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 28 The NAT Server Set is a list of LAN side servers mapped to exte rnal ports (similar to the old SUA menu of before). If you wish, you can make inside s ervers for different services, e.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 29 2. 21 21 192.168.1 .33 3. 80 80 192.168.1 .36 4. 0 0 0.0.0 .0 5. 0 0 0.0.0 .0 6. 0 0 0.0.0 .0 7. 0 0 0.0.0 .0 8. 0 0 0.0.0 .0 9. 0 0 0.0.0 .0 10.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 30 Men u 4 - Internet Access Setup ISP's Na me= MyISP Encapsul ation= PPPoE Multiple xing= .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 31 From Menu 4 shown above simply choose the SUA Only option from the NAT field. This is the Many-to-One mapping discussed earlier. The SUA read only option from the NA T field in menu 4 and 11.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 32 8. 0 0 0.0.0 .0 9. 0 0 0.0.0 .0 10. 0 0 0.0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 33 Step 1: In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Addr ess Mapping Sets . Therefore we must choose the Full Feature option from the NAT field in menu 4 or menu 11.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 34 Start= 192.168.1. 10 End = N/A Global I P: Start= [Enter IGA 1] End = N/A Press EN TER to Confirm or ESC to Cance l: Rule 2 Setup: Selecting One-to -One type to map the FTP Server 2 with ILA2 (192.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 35 Press EN TER to Confirm or ESC to Cance l: Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 36 9. 10. Press ESC or RE TURN to Exit: Step 3: Now we configure all other incoming traffic to go to our web se rver aand mail server from Menu 15.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 37 Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 38 Local IP : Start= 192.168.1. 10 End = N/A Global I P: Start= [Enter IGA 1] End = N/A Press EN TER to Confirm or ESC to Cance l: Menu 15. 1.1.2 - - Rule 2 Type: One-to-One Local IP : Start= 192.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 39 Press EN TER to Confirm or ESC to Cance l: Prestige supports mu ltiple type of NA T mapping rules • SUA • One to One • Many to One • Many to Many overload • Many One to One • Server The following table summarizes these types.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 40 ... Server (SUA) Server 1 IP<--->IGA1 Server 2 IP<--->IGA1 About Filter & Fil.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 41 • Filter T ypes and SUA Conceptually, there are two categories of filter rules: device and protocol . The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 42 In order to allow users to specify the local network IP address and port number in the filter.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 43 same error if you try to activate a Generic filter rule in a fi lter set that has already had one or more active TCP/IP (or IPX) filter rules. Menu 21.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 44 More= No Log= None Action M atched= Check N ext Rule Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: Saving to ROM .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 45 Outgoing: Session O ptions: My Login= tes tt Edit Fi lter Sets= Yes My Password= ***** Authen= CHAP/ PAP Pr ess ENTER to Co nfirm or ESC to Cancel: Menu 11.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 46 1. The outbound packet type (protocol & port number) 2. The source IP address Generally, the outbound packets for Web service could be as fol lowing: a.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 47 2. Rule one for (a). http packet, TCP(06)/Port number 80 Men u 21.1.1 - TCP/ IP Filter Rule Filter # : 1,1 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 6 IP S ource Route= No Destinat ion: IP Addr= 0 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 48 Sou rce: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= Port # Com p= None TCP Esta b= No More= No Log= None Action M atched= Drop Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: 4.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 49 Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --- --------------- --------------- ----- - - - 1 Y IP Pr= 6, SA=0.0.0.0, DA=0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 50 2. One rule for blocking all packets from this client Men u 21.1.1 - TCP/ IP Filter Rule Filter # : 1,1 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 0 IP S ource Route= No Destinat ion: IP Addr= 0 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 51 This configuration examp le shows you how to use a Generic Filte r to block a specific MAC address of the LAN. Before you Begin Before you configure the filter, you need to know the MAC addre ss of the client first.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 52 + Internet Pr otocol - Version (MSB 4 bits): 4 - Header length (LSB 4 b its): 5 - Service typ.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 53 Menu 21.1 .1 - Generic Fi lter Rule Filter # : 1,1 Filter T ype= Generic Fi lter Rule Active=.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 54 • Action Matched= Enter the action you want if the masked packet matc hes the ' V alue'. In this case, we will drop it. • Action Not Matched= Enter the action you want if the masked packet doe s not match th e 'V alue'.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 55 A filter for blocking the NetBIOS packets • Introduction The NETBIOS protocol is used to share a Microsoft comupter of a workgroup.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 56 Set # Comments S et # Com ments ------ --------------- -- - ----- -------- ----- ---- 1 NetBI.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 57 • Rule 2-Destination port number 137 with protocol number 17 (UDP) Men u 21.1.2 - TCP/ IP Filter Rule Filter # : 1,2 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 58 IP Proto col= 6 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 13 8 Port # Com p= Equal Sou rce: IP Addr= 0 .0.0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 59 Action M atched= Drop Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: • Rule 5-Destination port number 139 with protocol number 6 (TCP) Men u 21.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 60 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 13 9 Port # Com p= Equal Sou rce: IP Addr= 0 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 61 • Apply the first filter set ' NetBIOS_W AN' to the 'Output Pr otocol Filter' in the remote node setup. Configure the second filter set 'NetBIOS_LAN' by selecting the Filter Set number 2.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 62 IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 53 Port # Com p= Equal Sou rce: IP Addr= 0 .0.0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 63 proto col filters= 2 dev ice filters= Output F ilter Sets: proto col filters= dev ice filters= Using the Dynamic DNS (DDNS) 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 64 Menu 1 - Gener al Setup System N ame= Prestige Location = Contact Person's Name= Domain N ame= Edit Dyn amic DNS= Yes Route IP = Yes Bridge= No Me nu 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 65 Password Enter the password that th e DDNS server gives to you. Enable Wildcard Enter the hostname for the wildca rd function that the WWW .DYNDNS.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 66 The current I nternet-standard MIB, MIB-II, is defined in RFC 12 13 and contains 171 objects. These objects are grouped by protocol (including TCP, IP, UDP, SNMP, and other ca tegories , including 'system' and 'interface.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 67 2. SNMPv1 Operations SNMP itself is a simple reques t/response protocol. 4 SNMPv1 ope rations are defined as belo w. • Get Allows the NMS to retrieve an object variable from the agent.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 68 so on) and the object values involved in the operation. The fol lowing figure shows the SNMPv1 message format. The SNMP PDU contains the following fields: • PDU type Specifies the type of PDU.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 69 • warmS tart (defined in RFC-1215) : If the machine warmstarts, the trap will be sent after booting. • linkDown (defined in RFC-1215) : If any link of IDSL or WAN is down, the trap will be sent with the port number .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 70 4. Configure the Pr estige for SNMP The SNMP related settings in Prestige are configured in menu 22 , SNMP Configuration. The following steps describe a simple setup procedur e for configuring all SNMP sett ings.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 71 Trap: Commun ity= public Destin ation= 192.168. 1.33 Press ENTE R to Confirm or ESC to Cancel: Key Settings: Option Descriptions Get Community Enter the correct Get Community .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 72 Configuration: 1. Active , use the space bar to turn on the syslog option. 2. Syslog IP Address , enter the IP address of the UNIX server that you wish to send the syslog.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 73 L02 Call Terminated C02 Call Terminated Example: Feb 14 16 :57:17 192.168.1.1 Z y XEL Communications Cor p .: board 0 line 0 ch annel 0 , call 18 , C01 Incomin g Call OK Feb 14 17 :07:18 192.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 74 prot: Protocol (TCP,UDP,ICMP) spo: Source port dpo: Destination port Example: Jul 19 14:44: 09 192.168.1.1 ZyXEL Communica tions Corp.: IP [Src=202.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 75 Using IP Alias • What is IP Alias ? I n a t y p i c a l e n v i r o n m e n t , a L A N r o u t e r i s r e q u i r e d t o c o n n e c t t wo local networks.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 76 Two new protocol filter interfaces in menu 3.2.1 allow you to a ccept or deny LAN packets from/to the IP alia s 1 and IP alias 2 go through the Prestig e.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 77 Edit IP Alias T oggle to 'Y es' to enter menu 3.2.1 for setting up the second and third networks. 2. Edit the second and third networks in menu 3.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 78 Call scheduling enables t he mechanisim for the Prestige to run the remote node connection according to the pre-defined schedule.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 79 4 __________ _____ 10 ____________ ___ 5 __________ _____ 11 ____________ ___ 6 __________ _____ 12 ____________ ___ Enter S chedule Set Num ber to Configur e= 1 Edit Na me= ZyXEL Press E NTER to Confirm or ESC to Canc el: 3.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 80 S tart Date S tart date of this schedule rule. It can be unmatched with weekday setting. For example, if S tart Date is 2004/10/02(Monday) , but Monday setting in weekday can be No.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 81 S ession Options: Edit Filter Se ts= N o Idle Timeout(s ec)= 100 E dit Traffic Red irect= No .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 82 Press E NTER to Confirm or ESC to Canc el: Using IP Multicast • What is IP Multicast ? T raditionally , IP packets are transmitted in two ways - unicast or broadcast.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 83 IP Sub net Mask= 255.2 55.255.0 RIP Di rection= Both Vers ion= RIP-2B Multic ast= IGMP-v2 IP Pol icies= Edit I P Alias= No Press EN TER to Confirm or ESC to Cance l: Enable IGMP in Prestige's remote node in menu 11 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 84 Using Prestige traffic redirect • What is T r af fic Redirect ? Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through it's normal gateway.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 85 Check Mechanism = DSL Link Check WAN IP Address1 = 0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 86 Label Description Redirect Act i ve Select this check bo x to have the Prestige use tra ffic redirec t if the normal WAN connection goes down. If you activate traffic redirect, you must configu re at leas t one Check WAN IP Address .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 87 Using Universal Plug n Play (UPnP) • 1. What is UPnP UPnP (Universal Plug and Play) makes c.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 88 UPnP Operations • Addressing : UPnPv1 devices MAY support IPv4, IPv 6, or both. For IPv4, each devices should have DHCP client, when the device gets connected to the network, it will discover DHCP server on network to get an IP address.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 89 In the diagram, suppose PC1 and PC2 both sign in MSN server, an d they w ould like to establish a video conference. PC1 is behind PPPoE dial-up router which supports U PnP.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 90 2. After getting IP address, you can go to open MSN application on PC and sign in MSN server. 3. Start a Video conversation with one online user.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 91 5. Finally, your video conversation is achieved.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 92 VoIP Application Notes Setup SIP Account VoIP is the sending of voice signals o ver the Internet Protocol .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 93 Note: You should have a voice accou nt already set up and have VoIP in formation from your VoIP service provider prior to configure SIP account on to the unit.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 94 Step 3. On the left column click on Voice to bring you to Voice configuration menu than click on S I P Settings.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 95 SIP Local Port Use this field to configure the Presti ge’s listening port for SIP. Leave this field set to the default if you were not given a local port number for SIP.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 96 SIP account on Phone 1 , Phone 2 or both. If you sele ct both, you will not know which SIP account a call is coming in on.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 97 To configure the phone port setting please follow the below ste p. Step 1. Open the web browser from your workstation to connect to the P restige by entering the Management IP address of the Prestige.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 98 Dialing Interval When you are dialing a telephone number the Prestige waits this long after you stop pressing the buttons before in itiating the call.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 99 Step 2. Enter the administrator passwor d appear on the page of login a nd click on login. The default is '1234' Step 3. On the left c olumn click on Speed Dial to bring you to Speed Dial page to enter speed dial configuration page.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 100 Speed Dial This is the entry’s speed dial key combi nation. Press this key combination on a telephone attached to the Prestige in order to call the party named in this entry.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 101 The Web configurator a user friendly configuration interface vi a user's web browser, which can be access by t y p in g i n t he LA N I P a d d re ss of th e P re st ig e i n u s e rs we b b ro ws er.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 102 How do I upload or backup ROMFILE via w eb configurator? In some situations, you may need to upload the ROMFILE, r estore to previous saved configuration, or th e need of resetting SMT to factory default.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 103 c. The default filter rule 3 (Telnet_FTP_WAN) is applied in the In put Protocol field in menu 11.5. What should I do if I forget the system password? In case you forget the system password.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 104 The design goal of ZyXEL's SUA is to minimize the Internet acce ss cost in a small office environment by using a single IP address to r epresent the multiple hosts inside.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 105 Will the Prestige work with my Internet connection? The Prestige is designed to be comp atible major ISP utilize ADS L as a broadband service.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 106 Why does my provider use PPPoE? PPPoE emulates a famili ar Dial-Up connection. It allows your IS P to provide services u sing their existing network configuration over the broadband connections.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 107 How does e-mail work through the Prestige? It depends o n what kind of IP you have: Static or Dynamic. If y our company has a domain name, it means that you have a static IP address.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 108 What network interface does the new Prestige series support? The new Prestige series support auto MDX/MDIX 10/100M Ethernet LAN port to connect to the computer or Switch on LAN and ADSL port on WAN.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 109 To create the appearan ce of faster network access, service comp anies plan to store or "cache" frequently requested web sites and Usenet newsgroups on a server at their h ead-end.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 0 What IP/Port mapping does Multi-NA T support? NAT supports five types of IP/port mapping. They are: One to On e, Many to One, Many to Many Overload, Many to Many No Overload and Server.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 111 Overload ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2 ... Many-to-Many No Overload ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA3 ILA4<--->IGA4 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 2 (e.g., www.zyxel.com.tw) for your server (e.g., Web server) fro m a DDNS server. The out side users can always access the web server using the www.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 3 How do I setup my Prestige for r outing IPsec p ackets over SUA? For outgoing IPsec tunnels, no extra setting is required. For f orwarding the inbound IPsec ESP tunnel, A 'Default' server set in menu 15 is required.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 4 What is the relationship between codec and VoIP? In order to transfer voice (analog signal) over IP it first nee d to be digitized. Codec is a technic to digitize analog signal to digital and vice versa.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 5 What is codec? Codec is a algorithm which converts analog signal into digital signal and vice versa. There are three main type of waveform codec, source codec, and hybrid codec.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 6 2. A PC with VoIP software installed or a hardware VoIP box suc h as ATA or device like Prestige 2602 VoIP station router. 3. An account with a VoIP provider such as an ITSP.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 7 If all the about have been tried, but register still fail what should I do? In such case, please contact your local vendor for support. If they can't help out the problem they will escalate your problem to ZyXEL tech center.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 8 What are the basic types of firewalls? Conceptually, there are three types of firewalls: 1. Packet Filtering Firewall 2. Application-level Firewall 3.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 9 Why do you need a firewall when your router has packet filtering and NAT built-in? With the spectacular g rowth of the Internet and online access, comp anies that do bus iness on the Internet face greater security threat s.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 120 SYN-ACK, it queues up all outstand ing SYN-ACK responses on what is known as a backlog queue.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 121 How can I protect against IP spoofing attacks? The Prestige's firewall will auto matically detect the IP spoofi ng and drop it if the firewall is turned on.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 122 • Active =Yes • Destination IP Addr =a.b.c.d • Destination IP Mask =w.x.y.z • Action Matched =Drop • Action No Matched =Forward Where a.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 123 Why do I need VPN? There are some reasons to use a VPN.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 124 PPTP is supported in Windows NT and Windows 98 al ready.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 125 What is SA? A Security Association (SA) is a co ntract between two parties indicatin g what security parameters, such as keys and algorithms they will use.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 126 What are Local ID and Peer ID? Local ID and Peer ID are used in IKE phase 1 ne gotiation. It’s in FQDN(Fully Qualif ied Domain Name) format, IKE standard takes it as one type of Phase 1 ID.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 127 is ready in your Prestige. You then can configur e VPN via web configurator. Please download the firmware from our web site. NOTE: For updating from ZyNOS V3.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 128 If your Prestige is capable of VP N, you can find the VPN options in Advanced>VPN tab. For configuring a 'box-to-box VPN', there are some tips: 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 129 What VPN sof tware that has been test ed with Prestige successfully? We have tested Prestige successfully with the following third party VPN software.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 130 Where can I configure Phase 1 ID in Prestige? Phase 1 ID can be configured in VPN setup me nu as following. Note that you can make such configuration in either web configurator or SMT menu.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 131 VPN client: 10.1.33.33 NAT router WAN IP: 202.132.154.2 Prestige WAN: 202.132.154.3 Since the VPN client is behind a NAT router, it must have a private IP address in most case.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 132 If the VPN connection is initiated from the secu rity gateway behind Prestige, no configuration is necessary for NAT nor Firewall.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 133 0 11880.1 60 ENET0-R[0062 ] TCP 192.168.1 .2:1108->192.31 .7.130:80 [index] [timer/second][channel-receive/transmit][length] [protoc ol] [sourceIP/port] [destIP/port] There are two ways to dump the trace: 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 134 4 11883 .340 ENET0-R[03 39] TCP 192.168 .1.2:1108->192. 31.7.130:80 5 11883 .610 ENET0-T[00 54] TCP 192.31. 7.130:80->192.1 68.1.2:1108 6 11883 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 135 Ack Numbe r = 0x00000000 ( 0) Header Le ngth = 28 Flags = 0x02 (.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 136 Destinati on IP = 0xC0A80102 ( 192.168.1.2) TCP Header: Source Po rt = 0x0050 (80) Destinati on Port = 0x045C (1116 ) Sequence Number = 0x4AD1B57F ( 1255257471) Ack Numbe r = 0x00BD15A8 ( 12391848) Header Le ngth = 24 Flags = 0x12 (.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 137 Flags = 0x02 Fragment Offset = 0x00 Time to L ive = 0x80 (128) Protocol = 0x06 (TCP) Header Ch ecksum = 0x3C79 (1548 1) Source IP = 0xC0A80102 ( 192.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 138 Example: Prestige> sys trcp channel e net0 none Prestige> sys trcp channel e net1 bothway Prestige> sys trcp sw on Prestige> sys trcl sw on Prestige> sys trcd brief 0 12367.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 139 Source IP = 0xC01F0782 ( 192.31.7.130) Destinati on IP = 0xCA849B61 ( 202.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 140 IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 141 Ethernet He ader: Destinati on MAC Addr = 00A0C5012345 Source MA C Addr = 00A0C5921312 Netwo.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 142 0030: 1D D5 7A 11 00 00 . .z... Prestige> Offline Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel enet1 none 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 143 5 10856 .030 ENET0-T[00 58] TCP 192.31. 7.130:80->192.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 144 Header Le ngth = 24 Flags = 0x12 (.A..S. ) Window Si ze = 0xFAF0 (6424 0) Checksum = 0xDCEF (5655 9) Urgent Pt r = 0x0000 (0) Options = 0000: 02 04 05 B4 RAW DATA: 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 145 2 12864 .900 ENET1-T[04 16] TCP 202.132 .155.97:10282-> 204.217.0.2:80 3 12865 .120 ENET1-R[02 47] TCP 204.217 .0.2:80->202.13 2.155.97:10278 4 12865 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 146 Window Si ze = 0x2238 (8760 ) Checksum = 0xAB57 (4386 3) Urgent Pt r = 0x0000 (0) TCP Data: ( Length=193, Cap tured=42) 0000: 48 54 54 50 2F 31 2E 31-20 33 30 34 20 4E 6F 74 H TTP/1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 147 Header Ch ecksum = 0xD59C (5468 4) Source IP = 0xCA849B61 ( 202.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 148 The Prestige supports traces when there is problem to connect your ISP using PPPoE protocol. Please follow the procedure below to collect the trace for our troubleshooting.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 149 putPoeHdr: ver 1 type 1 code x09 sess-id 0 len 12(x000C) bdcastSendInit: l1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 150 Undefined Address : 0xE3F045C4 Undefined Data : 0x56FF54FF r0= 0xE3F045C4 r1= 0x0001FFC0 r2=.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 151 initialize ch = 0, ethernet address: 00:a0:c5:d1:78:e9 Wan Channel init ........ done ........................................ done VC5402 Init.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 152 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel mpoa00 none 1.2 Enable to capture the LAN packet by entering: sys trcp channel enet0 bothway 1.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 153 IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 154 Frame Type: T CP 192.31.7.130 :80->192.168.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 155 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 . ..L.c........E. 0010: 00 2C 57 F3 40 00 ED 06-AC 8C C0 1F 07 82 C0 A8 . ,W.@...........
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 156 Checksum = 0xE8ED (5962 9) Urgent Pt r = 0x0000 (0) TCP Data: ( Length=6, Captu red=6) 0000: 20 20 20 20 20 20 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 00 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 157 Source MA C Addr = 00A0C5012345 Network T ype = 0x0800 (TCP/ IP) IP Header: IP Versio n = 4 .
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 158 0010: 04 8B B1 39 40 00 EE 06-A9 AB C0 1F 07 82 CA 84 . ..9@........... 0020: 9B 61 00 50 28 1E D3 E9-59 85 00 C1 8F 63 50 19 . a.P(...Y....cP.
Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 159 CLI Command List The latest CI command list is ava ilable in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www .
An important point after buying a device ZyXEL Communications 2602H-6XC (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications 2602H-6XC yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications 2602H-6XC - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications 2602H-6XC you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications 2602H-6XC will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications 2602H-6XC, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications 2602H-6XC.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications 2602H-6XC. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications 2602H-6XC along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center