Gebruiksaanwijzing /service van het product P-660H-TX van de fabrikant ZyXEL Communications
Ga naar pagina of 89
P-660H-Tx v2 Series ADSL2+ 4-port Gateway Support Notes Version3.40 Feb. 2007.
P-660H-Tx v2 Support Notes FAQ ................................................................................................................. 4 ZyNOS FAQ ..............................................................................................
P-660H-Tx v2 Support Notes 17. What do the ATM QoS Types (C BR, UBR, VBR-nRT, VBR-RT) mean? ................................................................................................................ 14 18. What is content filter? ...............
P-660H-Tx v2 Support Notes General Application Notes ................................................................... 27 1. Internet Access Using P-660H-Tx v2 under Bridge mode .... 27 2. Internet Access Using P- 660H-Tx v2 under Routing mode .. 29 3.
P-660H-Tx v2 Support Notes FAQ ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network O perating System. It is the platform on all Prestige routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features.
P-660H-Tx v2 Support Notes a. Use the TELNET client program in your PC to login to your P-660H-Tx v2. b. Enter CI command 'sys stdio 0' to disable Stdio idle timeout c. To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the Prestige.
P-660H-Tx v2 Support Notes 9. What is SUA? When should I use SUA? SUA (Single User Account) is a unique feature supported by Prestige router which allows multiple people to access Inte rnet concurrently for the cost of a single user account.
P-660H-Tx v2 Support Notes 11. Is it possible to access a server running behind SUA from the outside Internet? How can I do it? Yes, it is possible because P-660H-Tx v2 delivers the packet to the local server by looking up to a SUA server tabl e.
P-660H-Tx v2 Support Notes • Many One-to-One: In Many One-to-One mo de, the P-660H-Tx v2 maps each ILA to unique IGA. • Server: In Server mode, the P-660H-Tx v2 maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NA T for outside access.
P-660H-Tx v2 Support Notes 16. How can I protect against IP spoofing attacks? The P-660H-Tx v2's filter sets provi de a means to protect against IP spoofing attacks.
P-660H-Tx v2 Support Notes Product FAQ 1. How can I manage P-660H-Tx v2? Multilingual Embedded Web GUI for Local and Remote management CLI (Command-line interface) Telnet support (Administ.
P-660H-Tx v2 Support Notes 4. How do I know the P-660H-Tx v2' s WAN IP address assigne d by the ISP? You can view "My WAN IP <from ISP> : x.x.x.x" shown in Web Configurator ‘Status->Device Information ->WAN Informat ion’ to check this IP address.
P-660H-Tx v2 Support Notes 9. What is DDNS? The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname, allowing y our computer to be more easily accessed from various locations on the Internet. To use the service, you must first apply an account from several free Web servers such as http://www.
P-660H-Tx v2 Support Notes and source port for the host. To pa ss IPSec packets, SUA must understand the ESP packet with protocol number 50, r eplace the source IP address of the IPSec gateway to the router's WAN IP address. However, SUA should not change the source port of the UDP packets which are used for key managements.
P-660H-Tx v2 Support Notes 15. Why do we perform traffi c shaping in the P-660H-Tx v2? The P-660H-Tx v2 must manage traffic fa irly and provide bandwidth allocation for different sorts of applications, such as voice, video, and data. All applications have their own natural bi t rate.
P-660H-Tx v2 Support Notes Variable bit rate(VBR) : An ATM bandwidth-allocation service that allows users to specify a throughput capacity (i .e., a peak rate) and a sustained rate but data is not sent evenly. You c an select VBR for bursty traffic and bandwidth sharing with other applicatio ns.
P-660H-Tx v2 Support Notes ADSL FAQ 1. How does ADSL compare to Cable modems? ADSL provides a dedicated service over a single telephone line; cable modems offer a dedicated service over a shared media.
P-660H-Tx v2 Support Notes 4. How do I know the ADSL line is up? You can see the DSL LED Green on the P- 660H-Tx v2's front panel is on when the ADSL physical layer is up.
P-660H-Tx v2 Support Notes 8. What are the signaling pins of the ADSL connector? The signaling pins on the P-660H-Tx v2's ADSL connector are pin 3 and pin 4. The middle two pins for a RJ11 cable. 9. What is triple play? More and more Telco/ISPs are providing three kinds of services (VoIP, Video and Internet) over one existing ADSL connection.
P-660H-Tx v2 Support Notes Firewall FAQ General 1. What is a network firewall? A firewall is a system or group of syst ems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network.
P-660H-Tx v2 Support Notes address and protocol. They also 'ins pect' the session data to assure the integrity of the connection and to adapt to dynamic protocols.
P-660H-Tx v2 Support Notes 1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop. 2. Those that exploits weaknesses in the TCP/IP specification such as SYN Flood and LAND Attacks. 3. Brute-force attacks that flood a network with useless data such as Smurf attack.
P-660H-Tx v2 Support Notes 11 What is Brute-force attack? A Brute-force attack, such as 'Smurf' attack, targets a f eature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data.
P-660H-Tx v2 Support Notes 1. Change the default Administrator pa ssword since it is required when setting up the firewall. 2. Limit who can access to your P-660H -Tx v2’s Web Configurator or CLI.
P-660H-Tx v2 Support Notes (3) WWW/Telnet service is enabled but your host IP is not the secured host entered in Web Configur ator, Advanced setup, Advanced -> Remote MGNT: (4)A filter set which blocks WWW/Telnet from WAN is applied to WAN node. You can check by command: wan node index [index #] wan node display 4.
P-660H-Tx v2 Support Notes (2) You have disabled FTP service in Web Configurator, Advanced setup, Advanced -> Remote MGNT. (3) FTP service is enabled but your host IP is not the secured host entered in Web Configurator , Advanced setup, Advanced -> Remote MGNT.
P-660H-Tx v2 Support Notes • Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings , check Access Control and Attacks options depending on your real situation. • CI command: sy s logs category [access | attack] (2) Enable log function in firewall def ault policy or in firewall rules.
P-660H-Tx v2 Support Notes Application Notes General Application Notes 1. Internet Access Using P- 660H-Tx v2 under Bridge mode • Setup your workstation • Setup your P-660H-Tx v2 under bridge mode.
P-660H-Tx v2 Support Notes Setup your P-660H-Tx v2 under bridge mode The following procedure shows you how to configure your P-660H-Tx v2 as bridge mode.
P-660H-Tx v2 Support Notes Key Settings: Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For example, RFC 1483.
P-660H-Tx v2 Support Notes Connect the LAN ports of all computers to the LAN Interface of P-660H-Tx v2 using Ethernet cable. (2) TCP/IP configuration Since the P-660H-Tx v2 is set to DHCP server as default, so you need only to configure the workstations as the DHCP clients in the networking settings.
P-660H-Tx v2 Support Notes Option Description Encapsulation Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. Multiplexing Select the correct Multiplexing type that your ISP supports.
P-660H-Tx v2 Support Notes 4. SUA Notes Tested SUA/NAT Applications (e.g ., Cu-SeeMe, ICQ, NetMeeting) Introduction Generally, SUA makes your LAN appear as a single machine to the outside world.
P-660H-Tx v2 Support Notes mIRC None for Chat. For DCC, please set Default/Client IP . Windows PPTP None 1723/client IP ICQ 99a None for Chat. For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting.
P-660H-Tx v2 Support Notes Network Time Protocol (NTP) None 123 /server IP Win2k Terminal Server None 3389/server IP Remote Anything None 3996 - 4000/client IP Virtual Network Computing (VNC) None 550.
P-660H-Tx v2 Support Notes Configure an Internal Server behind SUA Introduction If you wish, you can make internal serv ers (e.g., Web, ftp or mail server) accessible for outside users, even t hough SUA makes your LAN appear as a single machine to the outside world.
P-660H-Tx v2 Support Notes Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-660H-Tx v2's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information . For example: Configuring an internal Web server for outside access (suppose the Server IP Address is 192.
P-660H-Tx v2 Support Notes Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Configure a PPTP server behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Inte rnet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
P-660H-Tx v2 Support Notes Window98 PPTP Client / Internet / NT RAS Server Protocol Stack PPTP appears as new modem type (Virt ual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear el sewhere in the system.
P-660H-Tx v2 Support Notes Example The following example shows how to dial to an ISP via the P-660H-Tx v2 and then establish a tunnel to a private netwo rk. There will be three items that you need to set up for PPTP application, t hese are PPTP server (WinNT), PPTP client (Win9x) and the P-660H-Tx v2.
P-660H-Tx v2 Support Notes Select service name as ‘PPTP’, fill in t he Server IP Address, then press button ‘Add’. When you have finished the above settings, you can ping to the remote Win9x client from WinNT. This ping comm and is used to demonstrate that remote the Win9x can be reached across the In ternet.
P-660H-Tx v2 Support Notes 5. Using Full Feature NAT When P-660H-Tx v2 is in Routing mode, you can select NAT Option as Full Feature in Network -> General ->NAT Setup Key Settings: Field Options Description Full Feature When you select this option you can select Address Mapping Set Number 1~8 in the pull-down menu on the right.
P-660H-Tx v2 Support Notes The P-660H-Tx v2 has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Sets, You must specify which NAT Address Mapping Set (1~8) to use in the remote node when you select Full Feature NAT. You can edit 10 rules for each Address Mapping Set.
P-660H-Tx v2 Support Notes IP. Global End IP This is the ending global IP address (IGA). N/A Type This is the NAT mapping types. Many-to-One and Server Here we’ll guide you to confi gure Address Mapping Sets from Web Configurator and CLI . (Since in Web Configurator we can only edit the rules for Address Mapping Sets #1.
P-660H-Tx v2 Support Notes The following table describes the fields in this screen. Field Description Option/Example Type You can select one of the fi ve mapping types from the pull-down menu 1. One-to-One 2. Many-to-One 3. Many-to-Many Overload 4. Many-to-Many No Overload 5.
P-660H-Tx v2 Support Notes Setp 3: Set NAT address mapping rule for t he Address Mapping Set you just configured (Set 2 in this example) by command ‘ ip nat addrmap rule [rule#] [insert | edit] [type] [local start IP] [l ocal end IP] [global start IP] [global end IP] [server set #] ’.
P-660H-Tx v2 Support Notes server sets ip nat server save Save the NAT server set buffer into flash ip nat server clear [set#] Clear the server set [set#], must use “sav e” command to let it save .
P-660H-Tx v2 Support Notes Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail service, while another provides only Web service. The following procedures show how to configure a server behind NAT. Step 1: Login Web Configur ator, Advanced Setup, Network -> NAT -> Port Forwarding.
P-660H-Tx v2 Support Notes could select Full Feature NAT and select an Address Mapping Set with a Many-to-One Rule. See the following figure. (2) Internet Access with an Internal Server In this case, .
P-660H-Tx v2 Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs from the I SP. We have two very busy internal FTP servers and also an internal general server for the web and mail.
P-660H-Tx v2 Support Notes Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-660H-Tx v2’s WAN IP Address.
P-660H-Tx v2 Support Notes Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3 (200.0.0.3). Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.
P-660H-Tx v2 Support Notes Step 3: Now we configure a ll other incoming traffic to go to our web server and mail server from Web Conf igurator, Advanced Setup, Netw ork -> NAT -> Port Forwarding.
P-660H-Tx v2 Support Notes One rule configured for using Many-to-Many No Overload mapping type is shown below. We can also do this by configure three One-to-One mapping type rules.
P-660H-Tx v2 Support Notes When the ISP assigns the P-660H-Tx v2 a new IP, the P-660H-Tx v2 must inform the DDNS server the change of this IP so that the se rver can update its IP-to-DNS entry. Once the IP-to-DNS t able in the DDNS serv er is updated, the DNS name for your web server (i.
P-660H-Tx v2 Support Notes For example, zyxel.com.tw. User Name Enter the user name that the DDNS server gives to you. Password Enter the password that the DDNS se rver gi ves to you. Enable Wildcard Enter the hostname for the w ildcard function that the WWW.
P-660H-Tx v2 Support Notes When receiving any SNMP get or se t requirement with wrong community, this trap is sent to the manager. 6. whyReboot (defined in ZYXEL-MIB) : When the system is going to restart (wa rmstart), the trap will be sent with the reason of restart before rebooting.
P-660H-Tx v2 Support Notes The SNMP related settings in P- 660H-Tx v2 are configured in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> SNMP The following steps describe a simple set up procedure for configuring all SNMP settings. Key Settings: Option Descriptions Get Community Enter the correct Get Community.
P-660H-Tx v2 Support Notes 'public'. Trap Destination Enter the IP address of the NMS that you wish to send the traps to. If 0.0.0.0 is entered, the P-660H-Tx v2HW-DX will not send trap any NMS manager. Note: You may need to edit a fire wa ll rule to permit SNMP Packets.
P-660H-Tx v2 Support Notes The P-660H-Tx v2 supports three virtual LAN interfaces via its single physical Ethernet interface. The first network can be configured in Web Configurator, Advanced Setup, Network -> LAN -> DHCP Setup .
P-660H-Tx v2 Support Notes You can edit filter rule to accept or deny LAN packets from/to the IP alias 1/2 go through the P-660H-Tx v2 by command in CLI : lan index [index number] Usage: index number .
P-660H-Tx v2 Support Notes traffic among multiple paths. For example, if a network has both the Internet and remote node connections, we can rout e the Web packets to the Internet using one policy and route the FTP packets to the remote LAN using another policy.
P-660H-Tx v2 Support Notes The actions that can be taken include rout ing the packet to a different gateway (and hence the outgoing interface) and t he TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation.
P-660H-Tx v2 Support Notes (Set the protocol ID as 6(TCP) for the rule) ip policyrouting set criteria serviceType 0 (Set the criteria type of servic e as don’t care for this rule) ip policyrouting s.
P-660H-Tx v2 Support Notes 11. Using Call Scheduling • What is Call Scheduling? Call scheduling enables the mechanism for the P-660H-Tx v2 to run the remote node connection according to the pre-defined schedule. This feature is just like the scheduler ina video recorder which records the program according to the specified time.
P-660H-Tx v2 Support Notes wan callsch oncedate 2005 12 27 (Set the schedule used just once, it works on 2005-12-27) wan callsch starttime 12 00 (Set the schedule start time as 12:00) wan callsch dura.
P-660H-Tx v2 Support Notes • Time Service in P-660H-Tx v2 There is no RTC (Real-Time Clock) chip so the P-660H-Tx v2 should launch a mechanism to get current time and date from external server in boot time. Time service is implemented by the Daytime protocol(RFC-867) , Time protocol(RFC-868) , and NTP protocol(RFC-1305) .
P-660H-Tx v2 Support Notes needs to be forwarded. At start up, the P-660H-Tx v2 queries all directly connected networks to gather group membership. After that, the P-660H-Tx v2 updates the information by periodic queries. The P-660H-Tx v2 implementation of IGMP is also compatible with version 1.
P-660H-Tx v2 Support Notes Fairness-Based is chosen, then the bandwidth is allocated by ratio. Which means if A class needs 300 kbps, B cla ss needs 600 kbps, then the ratio of A and B's actual bandwidth is 1: 2. So if we get 450 kbps in total, then A would get 150 kbps, B would get 300 kbps.
P-660H-Tx v2 Support Notes Step 3 : You can modify the rule by clicking the button ‘Edit’ on the rule: Key Settings: RuleName Give this rule a name, for example, 'WWW' BW Budget Configure the bandwidth you would like to allocate to this rule Priority Enter a number between 0 and 7 to set the priority of this class.
P-660H-Tx v2 Support Notes Destination Subnet Mask Enter the destination subnet mask. Destination Port Enter the destination port number of the traffic.
P-660H-Tx v2 Support Notes services of the line will be. After t hat, system will save back the correct VPI, VCI and also services (encapsulation) type into profile of WAN interface.
P-660H-Tx v2 Support Notes (3) Delete items from the auto-haunting preconfigur ed table by useing command: wan atm vchunt remove <remote node> <vpi> <vci> • Using Zero configuration. You can enable/disable Zero Configuration in Netw ork -> WAN -> Advanced Setup: (1) After configure the auto-haunting pr econfigured table.
P-660H-Tx v2 Support Notes (4) Basically the zero conf iguration only work on the VC that was preconigured in the auto-haunting preconfigured table. 15.
P-660H-Tx v2 Support Notes The packet filter function on P-660H-Tx v2 is the same as befor e, just that you could only configure the filter set and apply them by command in CLI.
P-660H-Tx v2 Support Notes • Apply to LAN Interface: lan index [index#] Usage: index#=1 main LAN 2 I P A l i a s # 1 3 I P A l i a s # 2 lan filter <incoming|outgoing> <tcpip |generic> <set1#> <set2#> <set3#> <set4#> Usage: You can apply at mo st four filter sets to LAN Interface.
P-660H-Tx v2 Support Notes mask] the rule sys filter set destport [port#] [compare type = none|equal|notequal|less|greate r] Set the destination port and compare type (co mpare type could be 0(none)|1.
P-660H-Tx v2 Support Notes Support Tool 1. LAN/WAN Packet Trace The Prestige packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for us ers with technical backgrounds who are interested in the details of the packet fl ow on LAN or WAN end of Prestige.
P-660H-Tx v2 Support Notes (2) Trace WAN packet • Disable the capture of t he LAN packet by entering: sys trcp channel enet0 none • Enable to capture the WAN packet by entering: sys trcp chann el .
P-660H-Tx v2 Support Notes • Offline Trace • Disable the capture of t he WAN packet by entering: sys trcp channel mpoa00 none • Enable the capture of t he LAN packet by entering: sys trcp channe.
P-660H-Tx v2 Support Notes • Capture the detailed l ogs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-660H-Tx v2) Step 2: Click the ‘properties’ to conf igure parameters to telnet to the P-660H-Tx v2.
P-660H-Tx v2 Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you’ve captured. 81 All contents copyright © 2006 ZyXEL Communicati ons Cor poration.
P-660H-Tx v2 Support Notes 2. Firmware/Configurations Upload ing and Downloading using TFTP • Using TFTP client software • Upload/download ZyNOS via LAN • Upload/download Prestige c onfiguration.
P-660H-Tx v2 Support Notes The 192.168.1.1 is the IP addr ess of the Prestige. The lo cal file is the source file of the ZyNOS firmware that is availa ble in your hard disk. The remote file is the file name that will be saved in Pr estige. Check the port number 69 and 512-Octet blocks for TFTP.
P-660H-Tx v2 Support Notes The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of y our configuration file that is available in your hard disk. The remote file is the file name that will be saved in Prestige.
P-660H-Tx v2 Support Notes [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 put [local-ras] ras <- upload firmware 3. Using FTP to Upload the Firmware and Configuration Files In addition to upload the f.
P-660H-Tx v2 Support Notes 'Binary' . Step 2: Press 'OK' to ignore the 'Username' prompt. Step 3: To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file.
P-660H-Tx v2 Support Notes Step 4: The Prestige reboots automatica lly after the uploading is finished. Please do not power off the router at this moment.
P-660H-Tx v2 Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command < iface | device > subcommand [ param ] command subcommand [ param ] command ? | help command subcommand ? | help General user interface: 1.
Een belangrijk punt na aankoop van elk apparaat ZyXEL Communications P-660H-TX (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen ZyXEL Communications P-660H-TX heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens ZyXEL Communications P-660H-TX vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding ZyXEL Communications P-660H-TX leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over ZyXEL Communications P-660H-TX krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van ZyXEL Communications P-660H-TX bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de ZyXEL Communications P-660H-TX kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met ZyXEL Communications P-660H-TX . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.