ZyXEL Communications 2602H-6XC manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto ZyXEL Communications 2602H-6XC. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoZyXEL Communications 2602H-6XC vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual ZyXEL Communications 2602H-6XC você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual ZyXEL Communications 2602H-6XC, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual ZyXEL Communications 2602H-6XC deve conte:
- dados técnicos do dispositivo ZyXEL Communications 2602H-6XC
- nome do fabricante e ano de fabricação do dispositivo ZyXEL Communications 2602H-6XC
- instruções de utilização, regulação e manutenção do dispositivo ZyXEL Communications 2602H-6XC
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque ZyXEL Communications 2602H-6XC não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos ZyXEL Communications 2602H-6XC e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço ZyXEL Communications na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas ZyXEL Communications 2602H-6XC, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo ZyXEL Communications 2602H-6XC, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual ZyXEL Communications 2602H-6XC. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    Prestige 2602H-6xC ADSL V oIP IAD Support Notes V ersion 3.40 March. 2005[...]

  • Página 2

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 2 INDEX Application Notes ......................................................................................................... 8 General Application Notes .....................................................................................8[...]

  • Página 3

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 3 What is SUA? When should I use SUA? ................................................... 103 What is the difference between NAT and SUA? ....................................... 103 How many network users can the SUA/NAT support? ................[...]

  • Página 4

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 4 What DDNS servers does the Prestige support? ........................................ 1 12 What is DDNS wildcard?........................................................................... 1 12 Does the Prestige support DDNS wildcard? .........[...]

  • Página 5

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 5 What is SYN Flood attack?........................................................................ 1 19 What is LAND attack? ............................................................................... 120 What is Brute-force attack? ........[...]

  • Página 6

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 6 Why does VPN throughput decrease when staying in SMT menu 24.1? .. 129 Where can I configure Phase 1 ID in Prestige? ......................................... 130 If I have NA T router between two VPN gateways, and I would like to use IP type a[...]

  • Página 7

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 7 What is an ESSID ?.................................................. 錯誤 ! 尚未定義書籤。 How do I secure the data across an Access Point's radio link ? 錯誤 ! 尚未定義書籤。 What is WEP ? ...............................[...]

  • Página 8

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 8 Application Notes General Application Notes Internet Connection A typical Internet access application of the Prestige is shown b e l o w . F o r a s m a l l o f f i c e , t h e r e a r e s o m e components needs to be checked before accessing t[...]

  • Página 9

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 9 • If you only have one PC, connect the PC's Ethern et adapter to the Prestige's LAN port with a crossover (red one) Ethernet cable. • If you have more than one PC, both the PC's Ethe rnet adapters and the Prestige' s LAN[...]

  • Página 10

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 10 The following procedure is for the most typical u sage of the Pr estige where you have a single-user account (SUA). The Prestige supports embedded web server that allows yo u to use W eb browser to configure it. Before configuring the router u[...]

  • Página 11

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 Select “ Dynamic " if the ISP provides the IP dyn amically, otherwise select “ Use Fixed IP address " and enter the static IP given by ISP in the box following“ MY WAN IP Address "field. Setup the Prestige as a DHCP Relay • What [...]

  • Página 12

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 12 • Setup the Prestige as a DHCP Client 1. Toggle the DHCP to Relay in menu 3.2 and enter the IP addres s of the DHCP server in the 'Relay S erver Address' field. Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Relay Client IP Pool[...]

  • Página 13

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 13 Press ENTER to Confirm or ESC to Cancel: Configure an Internal Server Behind SUA • Introduction If you wish, you can make internal servers (e.g., Web, ftp or m ail server) accessible fo r outside users, even though SUA makes your LAN appear [...]

  • Página 14

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 14 • For example (Configuring an internal W eb server for outside access) : Menu 15.2 - NAT Server S etup Rule Star t Port No. End Port No. IP Add ress ---------- --------------- --------------- ----------- 1. D efault Def ault 0.0.0 .0 2. 80 8[...]

  • Página 15

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 15 Configure a PPTP server Behind SUA • Introduction PPTP is a tunneling protocol defined by the PPTP forum that all ows PPP packets to be encapsulated withi n Internet Protocol (IP) packets a nd forwarded over any IP networ k, including the In[...]

  • Página 16

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 16 The PPT P is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by the Dial-Up Networking 1.2 upgrade. • Configuration This application note explains how to establish a PPTP connecti on with a remote priv[...]

  • Página 17

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 17  Set the Internet gateway to the r outer that is connecting to ISP o Prestige router setup • Before making a VPN connection from W i n9x to W i nNT server , you need to connect Prestige router to your ISP first. • Enter the IP address o[...]

  • Página 18

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 18 C:ping 203.66.113.2 When a dial-up connection to I SP is established, a default gate way is assigned to the router traffic through that connection. Therefore, the output below shows the default gateway of the Win9x client after the dial-up co[...]

  • Página 19

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 19 Using NA T / Multi-NA T • What is Multi-NA T? NAT (Network Address Translation-NAT RFC 1631) is the translati on of an Internet Protocol address used within one network to a different IP address known within a noth er network. One network is[...]

  • Página 20

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 20 1. NA T Mapping T ypes NAT supports five types of IP/port mapping. They are: 2. One to One In One-to-One mode, the Pres tige maps one ILA to one IGA. 3. Many to One In Many-to-One mode, the Prestige maps multiple ILA to one IGA. This is equiva[...]

  • Página 21

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 21 The following table summarizes these types. NA T T ype IP Mapping Mapping Direction One-to-One ILA1<--->IGA1 Both Many-to-One (SUA/P A T) ILA1---->IGA1 ILA2---->IGA1 ... Outgoing Many-to-Many Overload ILA1---->IGA1 ILA2---->I[...]

  • Página 22

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 22 You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet access in menu 4. Enter 4 from the Main Menu to go to Menu 4- Internet Access Setup . Men u 4 - Internet Access Setup ISP's Na me= MyISP [...]

  • Página 23

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 23 Overload mapping. Select Full Featur e when you require other mapping types. It is a convenient, pre-configured, read only , Many-to-One mapping set, suf ficient for most purposes and helpful to people already familiar with SUA in previous ZyN[...]

  • Página 24

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 24 Menu 1 5.1 - Address M apping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Set Numbe r to Edit: Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL rout ers. The fields in this menu cannot be chang[...]

  • Página 25

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 25 The following table explains the fields in this screen. Please note that the fields in this menu are read-only. Field Description Option/Example Set Name This is the name of the set you selected in Menu 15.1 or enter the name of a new set you [...]

  • Página 26

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 26 9. 10. Action= Edit , Select Rule= 0 Press EN TER to Confirm or ESC to Cance l: We will just look at the differences from the previous menu. No te that, this screen is not read only, so we have extra Action and Select Rule fields. N ot also th[...]

  • Página 27

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 27 Local IP : Start= 0.0.0.0 End = N/A Global I P: Start= 0.0.0.0 End = N/A Press EN TER to Confirm or ESC to Cance l: The following table describes the fields in this screen. Field Description Option/Example T ype Press [SP ACEBAR] to toggle thr[...]

  • Página 28

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 28 The NAT Server Set is a list of LAN side servers mapped to exte rnal ports (similar to the old SUA menu of before). If you wish, you can make inside s ervers for different services, e.g., Web or FTP, visible to the outside users, even though N[...]

  • Página 29

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 29 2. 21 21 192.168.1 .33 3. 80 80 192.168.1 .36 4. 0 0 0.0.0 .0 5. 0 0 0.0.0 .0 6. 0 0 0.0.0 .0 7. 0 0 0.0.0 .0 8. 0 0 0.0.0 .0 9. 0 0 0.0.0 .0 10. 0 0 0.0.0 .0 11. 0 0 0.0.0 .0 12. 0 0 0.0.0 .0 Press ENTER to Confir m or ESC to Can cel: The mos[...]

  • Página 30

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 30 Men u 4 - Internet Access Setup ISP's Na me= MyISP Encapsul ation= PPPoE Multiple xing= LLC-based VPI #= 0 VCI #= 3 3 ATM QoS Type= UBR Peak C ell Rate (PCR)= 0 Sustai n Cell Rate (SC R)= 0 Maximu m Burst Size (M BS)= 0 My Login = cso@zyx[...]

  • Página 31

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 31 From Menu 4 shown above simply choose the SUA Only option from the NAT field. This is the Many-to-One mapping discussed earlier. The SUA read only option from the NA T field in menu 4 and 11.3 is specifically pre-configured to handle this case[...]

  • Página 32

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 32 8. 0 0 0.0.0 .0 9. 0 0 0.0.0 .0 10. 0 0 0.0.0 .0 11. 0 0 0.0.0 .0 12. 0 0 0.0.0 .0 Press ENTER to Confir m or ESC to Can cel: 3. Using Multiple Global IP addresse s for clients and servers (One -to-One, M any-to-One, Server Set mapping types a[...]

  • Página 33

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 33 Step 1: In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Addr ess Mapping Sets . Therefore we must choose the Full Feature option from the NAT field in menu 4 or menu 11.3, and assign IGA3 to Prestige WAN IP Address. Men[...]

  • Página 34

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 34 Start= 192.168.1. 10 End = N/A Global I P: Start= [Enter IGA 1] End = N/A Press EN TER to Confirm or ESC to Cance l: Rule 2 Setup: Selecting One-to -One type to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2. Menu 15. 1.1.2 - - Rule 2 T[...]

  • Página 35

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 35 Press EN TER to Confirm or ESC to Cance l: Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu 15. 1.1.4 - - Rule 4 Type: Server Local IP : Start= N/A End = N/A Global I P: Start= [Ente[...]

  • Página 36

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 36 9. 10. Press ESC or RE TURN to Exit: Step 3: Now we configure all other incoming traffic to go to our web se rver aand mail server from Menu 15.2 - NAT Server Setup (not Set 1, Set 1 is used for SUA Only case). Menu 15.2 - NAT Server Setup Rul[...]

  • Página 37

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 37 Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. In this case it is better to use Man y-to-Many No Overload or One-to-One NAT mapping types, thus each user login to t[...]

  • Página 38

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 38 Local IP : Start= 192.168.1. 10 End = N/A Global I P: Start= [Enter IGA 1] End = N/A Press EN TER to Confirm or ESC to Cance l: Menu 15. 1.1.2 - - Rule 2 Type: One-to-One Local IP : Start= 192.168.1. 11 End = N/A Global I P: Start= [Enter IGA [...]

  • Página 39

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 39 Press EN TER to Confirm or ESC to Cance l: Prestige supports mu ltiple type of NA T mapping rules • SUA • One to One • Many to One • Many to Many overload • Many One to One • Server The following table summarizes these types. NAT T[...]

  • Página 40

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 40 ... Server (SUA) Server 1 IP<--->IGA1 Server 2 IP<--->IGA1 About Filter & Filter Examples How does ZyXEL filter work? • Filter S tructure The Prestige allows you to configure up to twelve filter sets w ith six rules in each s[...]

  • Página 41

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 41 • Filter T ypes and SUA Conceptually, there are two categories of filter rules: device and protocol . The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to[...]

  • Página 42

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 42 In order to allow users to specify the local network IP address and port number in the filter rules with SUA connections, the TCP/IP filter function has to be ex ecuted befo re SUA for WAN outgoing packets and after the SUA for WAN incoming IP[...]

  • Página 43

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 43 same error if you try to activate a Generic filter rule in a fi lter set that has already had one or more active TCP/IP (or IPX) filter rules. Menu 21.1.1: Men u 21.1.1 - Gene ric Filter Rule Filter # : 1,1 Filter T ype= Generic Fi lter Rule A[...]

  • Página 44

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 44 More= No Log= None Action M atched= Check N ext Rule Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: Saving to ROM . Please wait. .. Protocol a nd device rule cannot be active together To separate the device an[...]

  • Página 45

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 45 Outgoing: Session O ptions: My Login= tes tt Edit Fi lter Sets= Yes My Password= ***** Authen= CHAP/ PAP Pr ess ENTER to Co nfirm or ESC to Cancel: Menu 11.5: Men u 11.5 - Remote Node Filter Input Fi lter Sets: protoc ol filters= devi ce filte[...]

  • Página 46

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 46 1. The outbound packet type (protocol & port number) 2. The source IP address Generally, the outbound packets for Web service could be as fol lowing: a. HTTP packet, TCP (06) protocol with port number 80 b. DNS packet, TCP (06) protocol wi[...]

  • Página 47

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 47 2. Rule one for (a). http packet, TCP(06)/Port number 80 Men u 21.1.1 - TCP/ IP Filter Rule Filter # : 1,1 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 6 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Por[...]

  • Página 48

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 48 Sou rce: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= Port # Com p= None TCP Esta b= No More= No Log= None Action M atched= Drop Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: 4. Rule 3 for (c). DNS packet UDP([...]

  • Página 49

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 49 Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --- --------------- --------------- ----- - - - 1 Y IP Pr= 6, SA=0.0.0.0, DA=0.0.0.0, DP= 80 N D N 2 Y IP Pr= 6, SA=0.0.0.0, DA=0.0.0.0, DP= 53 N D N 3 Y IP Pr= 17, SA=0.0.0[...]

  • Página 50

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 50 2. One rule for blocking all packets from this client Men u 21.1.1 - TCP/ IP Filter Rule Filter # : 1,1 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 0 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #[...]

  • Página 51

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 51 This configuration examp le shows you how to use a Generic Filte r to block a specific MAC address of the LAN. Before you Begin Before you configure the filter, you need to know the MAC addre ss of the client first. The MAC address can be prov[...]

  • Página 52

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 52 + Internet Pr otocol - Version (MSB 4 bits): 4 - Header length (LSB 4 b its): 5 - Service type: Precd=Ro utine, Delay=No rmal, Thrput=No rmal, Reli=Norm al - Total l ength: 60 (Octe ts) - Fragmen t ID: 60172 - Flags: May be fragment ed, Last f[...]

  • Página 53

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 53 Menu 21.1 .1 - Generic Fi lter Rule Filter # : 1,1 Filter T ype= Generic Fi lter Rule Active= Yes Offset= 6 Length= 6 Mask= ff ffffffffff Value= 0 080c84cea63 More= No Log= None Action M atched= Drop Action N ot Matched= For ward Key Settings:[...]

  • Página 54

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 54 • Action Matched= Enter the action you want if the masked packet matc hes the ' V alue'. In this case, we will drop it. • Action Not Matched= Enter the action you want if the masked packet doe s not match th e 'V alue'.[...]

  • Página 55

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 55 A filter for blocking the NetBIOS packets • Introduction The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the NetBIOS connection to a outside host is blocked by Prestige rou ter as factor y[...]

  • Página 56

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 56 Set # Comments S et # Com ments ------ --------------- -- - ----- -------- ----- ---- 1 NetBIOS_WAN 7 _______ ________ 2 NetBIOS_LAN 8 _______ ________ 3 ______________ _ 9 _______ ________ 4 ______________ _ 10 _______ ________ 5 ____________[...]

  • Página 57

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 57 • Rule 2-Destination port number 137 with protocol number 17 (UDP) Men u 21.1.2 - TCP/ IP Filter Rule Filter # : 1,2 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask=[...]

  • Página 58

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 58 IP Proto col= 6 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 13 8 Port # Com p= Equal Sou rce: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 0 Port # Com p= None TCP Esta b= No More= No Log= None Action M atched[...]

  • Página 59

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 59 Action M atched= Drop Action N ot Matched= Che ck Next Rule Press EN TER to Confirm or ESC to Cance l: • Rule 5-Destination port number 139 with protocol number 6 (TCP) Men u 21.1.5 - TCP/ IP Filter Rule Filter # : 1,5 Filter T ype= TCP/IP F[...]

  • Página 60

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 60 Filter T ype= TCP/IP Fil ter Rule Active= Yes IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 13 9 Port # Com p= Equal Sou rce: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 0 Port # Com p= None TC[...]

  • Página 61

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 61 • Apply the first filter set ' NetBIOS_W AN' to the 'Output Pr otocol Filter' in the remote node setup. Configure the second filter set 'NetBIOS_LAN' by selecting the Filter Set number 2. • Rule 1-Source port [...]

  • Página 62

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 62 IP Proto col= 17 IP S ource Route= No Destinat ion: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 53 Port # Com p= Equal Sou rce: IP Addr= 0 .0.0.0 IP Mask= 0 .0.0.0 Port #= 13 7 Port # Com p= Equal TCP Esta b= N/A More= No Log= None Action M at[...]

  • Página 63

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 63 proto col filters= 2 dev ice filters= Output F ilter Sets: proto col filters= dev ice filters= Using the Dynamic DNS (DDNS) 1. What is DDNS? The DDNS service, an IP Registry provides a public central data base where information such as email a[...]

  • Página 64

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 64 Menu 1 - Gener al Setup System N ame= Prestige Location = Contact Person's Name= Domain N ame= Edit Dyn amic DNS= Yes Route IP = Yes Bridge= No Me nu 1.1 - Config ure Dynamic DNS Service Provider= WWW.D ynDNS.ORG Active= Yes Host= [the lo[...]

  • Página 65

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 65 Password Enter the password that th e DDNS server gives to you. Enable Wildcard Enter the hostname for the wildca rd function that the WWW .DYNDNS.ORG supports. Note that W i ldcard option is available only when the provider is WWW .DYNDNS.OR [...]

  • Página 66

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 66 The current I nternet-standard MIB, MIB-II, is defined in RFC 12 13 and contains 171 objects. These objects are grouped by protocol (including TCP, IP, UDP, SNMP, and other ca tegories , including 'system' and 'interface.' [...]

  • Página 67

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 67 2. SNMPv1 Operations SNMP itself is a simple reques t/response protocol. 4 SNMPv1 ope rations are defined as belo w. • Get Allows the NMS to retrieve an object variable from the agent. • GetNext Allows the NMS to retrieve the next object v[...]

  • Página 68

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 68 so on) and the object values involved in the operation. The fol lowing figure shows the SNMPv1 message format. The SNMP PDU contains the following fields: • PDU type Specifies the type of PDU. • Request ID Associates requests with response[...]

  • Página 69

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 69 • warmS tart (defined in RFC-1215) : If the machine warmstarts, the trap will be sent after booting. • linkDown (defined in RFC-1215) : If any link of IDSL or WAN is down, the trap will be sent with the port number . The port number is its[...]

  • Página 70

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 70 4. Configure the Pr estige for SNMP The SNMP related settings in Prestige are configured in menu 22 , SNMP Configuration. The following steps describe a simple setup procedur e for configuring all SNMP sett ings. Menu 22 - SNMP Conf iguration [...]

  • Página 71

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 71 Trap: Commun ity= public Destin ation= 192.168. 1.33 Press ENTE R to Confirm or ESC to Cancel: Key Settings: Option Descriptions Get Community Enter the correct Get Community . This Ge t Community must m atch the 'Get-' and 'Get[...]

  • Página 72

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 72 Configuration: 1. Active , use the space bar to turn on the syslog option. 2. Syslog IP Address , enter the IP address of the UNIX server that you wish to send the syslog. 3. Log Facility, use the space bar to toggle between the 7 different lo[...]

  • Página 73

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 73 L02 Call Terminated C02 Call Terminated Example: Feb 14 16 :57:17 192.168.1.1 Z y XEL Communications Cor p .: board 0 line 0 ch annel 0 , call 18 , C01 Incomin g Call OK Feb 14 17 :07:18 192.168.1.1 ZyXEL Commu nications Corp.: board 0 line 0 [...]

  • Página 74

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 74 prot: Protocol (TCP,UDP,ICMP) spo: Source port dpo: Destination port Example: Jul 19 14:44: 09 192.168.1.1 ZyXEL Communica tions Corp.: IP [Src=202.132.15 4.1 Dst=192.168 .1.33 UDP spo=0035 dpo =05d4]}S03>R01m F Jul 19 14:44: 13 192.168.1.1[...]

  • Página 75

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 75 Using IP Alias • What is IP Alias ? I n a t y p i c a l e n v i r o n m e n t , a L A N r o u t e r i s r e q u i r e d t o c o n n e c t t wo local networks. The Prestige can connect three local networks to the ISP or a remote node, we call[...]

  • Página 76

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 76 Two new protocol filter interfaces in menu 3.2.1 allow you to a ccept or deny LAN packets from/to the IP alia s 1 and IP alias 2 go through the Prestig e. The filter set in men u 3.1 is used for main n etwork configured in menu 3.2. • IP Ali[...]

  • Página 77

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 77 Edit IP Alias T oggle to 'Y es' to enter menu 3.2.1 for setting up the second and third networks. 2. Edit the second and third networks in menu 3.2.1 by configur ing the Prestige's second and third LAN IP addresses. Menu 3.2.1 -[...]

  • Página 78

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 78 Call scheduling enables t he mechanisim for the Prestige to run the remote node connection according to the pre-defined schedule.This feature is just like the scheduler i n a video recorder which records the program according to the specified [...]

  • Página 79

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 79 4 __________ _____ 10 ____________ ___ 5 __________ _____ 11 ____________ ___ 6 __________ _____ 12 ____________ ___ Enter S chedule Set Num ber to Configur e= 1 Edit Na me= ZyXEL Press E NTER to Confirm or ESC to Canc el: 3. The Menu 26.1 Sch[...]

  • Página 80

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 80 S tart Date S tart date of this schedule rule. It can be unmatched with weekday setting. For example, if S tart Date is 2004/10/02(Monday) , but Monday setting in weekday can be No. How Often If once is s elected, all weekday settings will ne [...]

  • Página 81

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 81 S ession Options: Edit Filter Se ts= N o Idle Timeout(s ec)= 100 E dit Traffic Red irect= No Press EN TER to Confirm or ESC to Cance l: • T ime Service in Prestige There is no RTC (Real-Time Clock) chip so the Prestige should l aunch a mecha[...]

  • Página 82

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 82 Press E NTER to Confirm or ESC to Canc el: Using IP Multicast • What is IP Multicast ? T raditionally , IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts . Host [...]

  • Página 83

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 83 IP Sub net Mask= 255.2 55.255.0 RIP Di rection= Both Vers ion= RIP-2B Multic ast= IGMP-v2 IP Pol icies= Edit I P Alias= No Press EN TER to Confirm or ESC to Cance l: Enable IGMP in Prestige's remote node in menu 11 .3: Menu 11.3 - Remote [...]

  • Página 84

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 84 Using Prestige traffic redirect • What is T r af fic Redirect ? Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through it's normal gateway. Thus make your backup gateway as a n aux[...]

  • Página 85

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 85 Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.0 Keep Alive Fail Tole rance = 5 Reco very Interval(s ec) = 60 ICMP Timeout(sec) = 0 Traffi c Redirect = Yes Key Settings:[...]

  • Página 86

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 86 Label Description Redirect Act i ve Select this check bo x to have the Prestige use tra ffic redirec t if the normal WAN connection goes down. If you activate traffic redirect, you must configu re at leas t one Check WAN IP Address . Metric Th[...]

  • Página 87

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 87 Using Universal Plug n Play (UPnP) • 1. What is UPnP UPnP (Universal Plug and Play) makes connecting PCs of all form factors, intelligent ap pliances, and wireless devices in the home, office, and ev er ywhere in between easier a nd even aut[...]

  • Página 88

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 88 UPnP Operations • Addressing : UPnPv1 devices MAY support IPv4, IPv 6, or both. For IPv4, each devices should have DHCP client, when the device gets connected to the network, it will discover DHCP server on network to get an IP address. If n[...]

  • Página 89

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 89 In the diagram, suppose PC1 and PC2 both sign in MSN server, an d they w ould like to establish a video conference. PC1 is behind PPPoE dial-up router which supports U PnP. Since the router supports UPnP, we don't need to setup NAT mappin[...]

  • Página 90

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 90 2. After getting IP address, you can go to open MSN application on PC and sign in MSN server. 3. Start a Video conversation with one online user. 4. On the opposite side, your partner select Accept to accept your conversation request.[...]

  • Página 91

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 91 5. Finally, your video conversation is achieved.[...]

  • Página 92

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 92 VoIP Application Notes Setup SIP Account VoIP is the sending of voice signals o ver the Internet Protocol . This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switche[...]

  • Página 93

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 93 Note: You should have a voice accou nt already set up and have VoIP in formation from your VoIP service provider prior to configure SIP account on to the unit. With the account information your ITSP provider provided now yo u may start. Step 1[...]

  • Página 94

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 94 Step 3. On the left column click on Voice to bring you to Voice configuration menu than click on S I P Settings. While in the SIP Settings page use the account selector on upper right of the page to se l e c t t h e S I P account you will like[...]

  • Página 95

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 95 SIP Local Port Use this field to configure the Presti ge’s listening port for SIP. Leave this field set to the default if you were not given a local port number for SIP. SIP Server Address Type the IP address of the SIP server in this field.[...]

  • Página 96

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 96 SIP account on Phone 1 , Phone 2 or both. If you sele ct both, you will not know which SIP account a call is coming in on. Advanced Settings Click Settings to open a screen where you can configure the Prestige’s advanced VoIP settings like S[...]

  • Página 97

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 97 To configure the phone port setting please follow the below ste p. Step 1. Open the web browser from your workstation to connect to the P restige by entering the Management IP address of the Prestige. The default management IP of Prestige is 1[...]

  • Página 98

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 98 Dialing Interval When you are dialing a telephone number the Prestige waits this long after you stop pressing the buttons before in itiating the call. Select how many seconds you want the Prestige to wait after the last input on the telephone?[...]

  • Página 99

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 99 Step 2. Enter the administrator passwor d appear on the page of login a nd click on login. The default is '1234' Step 3. On the left c olumn click on Speed Dial to bring you to Speed Dial page to enter speed dial configuration page. [...]

  • Página 100

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 100 Speed Dial This is the entry’s speed dial key combi nation. Press this key combination on a telephone attached to the Prestige in order to call the party named in this entry. Name This is the descriptive name of the party that you will use [...]

  • Página 101

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 101 The Web configurator a user friendly configuration interface vi a user's web browser, which can be access by t y p in g i n t he LA N I P a d d re ss of th e P re st ig e i n u s e rs we b b ro ws er. To access the Prestige's web co[...]

  • Página 102

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 102 How do I upload or backup ROMFILE via w eb configurator? In some situations, you may need to upload the ROMFILE, r estore to previous saved configuration, or th e need of resetting SMT to factory default. The procedure for uploading ROMFILE v[...]

  • Página 103

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 103 c. The default filter rule 3 (Telnet_FTP_WAN) is applied in the In put Protocol field in menu 11.5. What should I do if I forget the system password? In case you forget the system password. You can reset the unit back to factory default. You [...]

  • Página 104

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 104 The design goal of ZyXEL's SUA is to minimize the Internet acce ss cost in a small office environment by using a single IP address to r epresent the multiple hosts inside. It does more t han IP address translation, so that multiple hosts[...]

  • Página 105

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 105 Will the Prestige work with my Internet connection? The Prestige is designed to be comp atible major ISP utilize ADS L as a broadband service. Prestige IAD offers an Ethernet port to connect to your computer so the Pres tige is placed in the [...]

  • Página 106

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 106 Why does my provider use PPPoE? PPPoE emulates a famili ar Dial-Up connection. It allows your IS P to provide services u sing their existing network configuration over the broadband connections. Besides, PPPoE supports a broad range of existi[...]

  • Página 107

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 107 How does e-mail work through the Prestige? It depends o n what kind of IP you have: Static or Dynamic. If y our company has a domain name, it means that you have a static IP address. S uppose your company's e-mail ad dress is xxx@mycompa[...]

  • Página 108

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 108 What network interface does the new Prestige series support? The new Prestige series support auto MDX/MDIX 10/100M Ethernet LAN port to connect to the computer or Switch on LAN and ADSL port on WAN. How does the Prestige support TFTP? In addi[...]

  • Página 109

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 109 To create the appearan ce of faster network access, service comp anies plan to store or "cache" frequently requested web sites and Usenet newsgroups on a server at their h ead-end. Storing data l ocally will remov e some of the bott[...]

  • Página 110

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 0 What IP/Port mapping does Multi-NA T support? NAT supports five types of IP/port mapping. They are: One to On e, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping b e t w e e n I L A a n d I [...]

  • Página 111

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 111 Overload ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2 ... Many-to-Many No Overload ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA3 ILA4<--->IGA4 ... Server Server 1 IP<--->IGA1 Server 2 IP<--->IGA1[...]

  • Página 112

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 2 (e.g., www.zyxel.com.tw) for your server (e.g., Web server) fro m a DDNS server. The out side users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the 312. When the ISP assigns the Prestige a new IP, [...]

  • Página 113

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 3 How do I setup my Prestige for r outing IPsec p ackets over SUA? For outgoing IPsec tunnels, no extra setting is required. For f orwarding the inbound IPsec ESP tunnel, A 'Default' server set in menu 15 is required. It is because S[...]

  • Página 114

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 4 What is the relationship between codec and VoIP? In order to transfer voice (analog signal) over IP it first nee d to be digitized. Codec is a technic to digitize analog signal to digital and vice versa. There are various spe ech codec avail[...]

  • Página 115

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 5 What is codec? Codec is a algorithm which converts analog signal into digital signal and vice versa. There are three main type of waveform codec, source codec, and hybrid codec. Each consume different amount of bandwidth and provide differen[...]

  • Página 116

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 6 2. A PC with VoIP software installed or a hardware VoIP box suc h as ATA or device like Prestige 2602 VoIP station router. 3. An account with a VoIP provider such as an ITSP. The account can be configured to recognize your calls automaticall[...]

  • Página 117

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 7 If all the about have been tried, but register still fail what should I do? In such case, please contact your local vendor for support. If they can't help out the problem they will escalate your problem to ZyXEL tech center. To report a[...]

  • Página 118

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 8 What are the basic types of firewalls? Conceptually, there are three types of firewalls: 1. Packet Filtering Firewall 2. Application-level Firewall 3. Stateful Inspection Firewall Packet Filtering Firewalls generally make their decisions bas[...]

  • Página 119

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 11 9 Why do you need a firewall when your router has packet filtering and NAT built-in? With the spectacular g rowth of the Internet and online access, comp anies that do bus iness on the Internet face greater security threat s. Although packet f[...]

  • Página 120

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 120 SYN-ACK, it queues up all outstand ing SYN-ACK responses on what is known as a backlog queue. SYN-ACKs are moved off the queue only when an ACK co mes back or when an internal tim er (which is set a relatively long intervals) te rminates the [...]

  • Página 121

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 121 How can I protect against IP spoofing attacks? The Prestige's firewall will auto matically detect the IP spoofi ng and drop it if the firewall is turned on. If the firewall is not turned on we can configure a filter set to bloc k the IP [...]

  • Página 122

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 122 • Active =Yes • Destination IP Addr =a.b.c.d • Destination IP Mask =w.x.y.z • Action Matched =Drop • Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask. Content Filter FAQ Wha[...]

  • Página 123

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 123 Why do I need VPN? There are some reasons to use a VPN. The m ost common reasons are because of security and cost. Security 1). Authentication With authentication, VPN receiver can verify the s ource of packets and guaran tee the data in tegr[...]

  • Página 124

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 124 PPTP is supported in Windows NT and Windows 98 al ready. For Windows 95, it ne eds to be upgraded by the Dial-Up Networking 1.2 upgrade. What is L2TP? Layer Two Tunneling Protocol (L2TP) is an extensi on of the Point-to-Point Tunneling Protoc[...]

  • Página 125

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 125 What is SA? A Security Association (SA) is a co ntract between two parties indicatin g what security parameters, such as keys and algorithms they will use. What is IKE? IKE is short for Internet Key Exchange. Key Management allows you to dete[...]

  • Página 126

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 126 What are Local ID and Peer ID? Local ID and Peer ID are used in IKE phase 1 ne gotiation. It’s in FQDN(Fully Qualif ied Domain Name) format, IKE standard takes it as one type of Phase 1 ID. Phase 1 ID is an identification for each VP N peer[...]

  • Página 127

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 127 is ready in your Prestige. You then can configur e VPN via web configurator. Please download the firmware from our web site. NOTE: For updating from ZyNOS V3.2x to V3.5x, please use console or TFTP update. This is because the memory allocatio[...]

  • Página 128

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 128 If your Prestige is capable of VP N, you can find the VPN options in Advanced>VPN tab. For configuring a 'box-to-box VPN', there are some tips: 1. If there is a NA T router running in the front of Prestige, please m a ke sure the[...]

  • Página 129

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 129 What VPN sof tware that has been test ed with Prestige successfully? We have tested Prestige successfully with the following third party VPN software. • SafeNet Soft-PK, 3DES edition • Checkpoint Software • SSH Sentinel, 1.4 • SecGo I[...]

  • Página 130

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 130 Where can I configure Phase 1 ID in Prestige? Phase 1 ID can be configured in VPN setup me nu as following. Note that you can make such configuration in either web configurator or SMT menu. If I have NA T router between tw o VPN gateways , an[...]

  • Página 131

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 131 VPN client: 10.1.33.33 NAT router WAN IP: 202.132.154.2 Prestige WAN: 202.132.154.3 Since the VPN client is behind a NAT router, it must have a private IP address in most case. This may cause the VPN client to send it's pr ivate IP addre[...]

  • Página 132

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 132 If the VPN connection is initiated from the secu rity gateway behind Prestige, no configuration is necessary for NAT nor Firewall. If the VPN connection is initiated from the securi ty gateway outside of Prestige, NAT port forwarding and Fire[...]

  • Página 133

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 133 0 11880.1 60 ENET0-R[0062 ] TCP 192.168.1 .2:1108->192.31 .7.130:80 [index] [timer/second][channel-receive/transmit][length] [protoc ol] [sourceIP/port] [destIP/port] There are two ways to dump the trace: 1. Online T race --display the tra[...]

  • Página 134

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 134 4 11883 .340 ENET0-R[03 39] TCP 192.168 .1.2:1108->192. 31.7.130:80 5 11883 .610 ENET0-T[00 54] TCP 192.31. 7.130:80->192.1 68.1.2:1108 6 11883 .620 ENET0-T[01 02] TCP 192.31. 7.130:80->192.1 68.1.2:1108 7 11883 .630 ENET0-T[00 54] T[...]

  • Página 135

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 135 Ack Numbe r = 0x00000000 ( 0) Header Le ngth = 28 Flags = 0x02 (....S. ) Window Si ze = 0x2000 (8192 ) Checksum = 0xBEC3 (4883 5) Urgent Pt r = 0x0000 (0) Options = 0000: 02 04 05 B4 01 01 04 02 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C E[...]

  • Página 136

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 136 Destinati on IP = 0xC0A80102 ( 192.168.1.2) TCP Header: Source Po rt = 0x0050 (80) Destinati on Port = 0x045C (1116 ) Sequence Number = 0x4AD1B57F ( 1255257471) Ack Numbe r = 0x00BD15A8 ( 12391848) Header Le ngth = 24 Flags = 0x12 (.A..S. ) W[...]

  • Página 137

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 137 Flags = 0x02 Fragment Offset = 0x00 Time to L ive = 0x80 (128) Protocol = 0x06 (TCP) Header Ch ecksum = 0x3C79 (1548 1) Source IP = 0xC0A80102 ( 192.168.1.2) Destinati on IP = 0xC01F0782 ( 192.31.7.130) TCP Header: Source Po rt = 0x045C (1116[...]

  • Página 138

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 138 Example: Prestige> sys trcp channel e net0 none Prestige> sys trcp channel e net1 bothway Prestige> sys trcp sw on Prestige> sys trcl sw on Prestige> sys trcd brief 0 12367.68 0 ENET1-R[0070] UDP 202.132.15 5.95:520->202.1 3[...]

  • Página 139

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 139 Source IP = 0xC01F0782 ( 192.31.7.130) Destinati on IP = 0xCA849B61 ( 202.132.155.97) TCP Header: Source Po rt = 0x0050 (80) Destinati on Port = 0x281E (1027 0) Sequence Number = 0xD3E95985 ( 3555285381) Ack Numbe r = 0x00C18F63 ( 12685155) H[...]

  • Página 140

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 140 IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0x0028 (40) Idetifica tion = 0x7A0C (3124 4) Flags = 0x02 Fragment Offset = 0x00 Time to L ive = 0x7F (127) Protocol = 0x06 (TCP) Header Ch ecksum = 0x[...]

  • Página 141

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 141 Ethernet He ader: Destinati on MAC Addr = 00A0C5012345 Source MA C Addr = 00A0C5921312 Network T ype = 0x0800 (TCP/ IP) IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0x0028 (40) Idetifica tion = 0x[...]

  • Página 142

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 142 0030: 1D D5 7A 11 00 00 . .z... Prestige> Offline Trace 1. Trace LAN packet 2. Trace WAN packet 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel enet1 none 1.2 Enable to capture the LAN packet by ente[...]

  • Página 143

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 143 5 10856 .030 ENET0-T[00 58] TCP 192.31. 7.130:80->192.1 68.1.2:1103 6 10856 .040 ENET0-R[00 60] TCP 192.168 .1.2:1103->192. 31.7.130:80 Prestige> sys trcp parse 5 5 ---<0005>---- --------------- --------------- --------------- [...]

  • Página 144

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 144 Header Le ngth = 24 Flags = 0x12 (.A..S. ) Window Si ze = 0xFAF0 (6424 0) Checksum = 0xDCEF (5655 9) Urgent Pt r = 0x0000 (0) Options = 0000: 02 04 05 B4 RAW DATA: 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 . ..L.c........E. 0010: [...]

  • Página 145

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 145 2 12864 .900 ENET1-T[04 16] TCP 202.132 .155.97:10282-> 204.217.0.2:80 3 12865 .120 ENET1-R[02 47] TCP 204.217 .0.2:80->202.13 2.155.97:10278 4 12865 .130 ENET1-T[04 11] TCP 202.132 .155.97:10278-> 204.217.0.2:80 5 12865 .220 ENET1-R[...]

  • Página 146

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 146 Window Si ze = 0x2238 (8760 ) Checksum = 0xAB57 (4386 3) Urgent Pt r = 0x0000 (0) TCP Data: ( Length=193, Cap tured=42) 0000: 48 54 54 50 2F 31 2E 31-20 33 30 34 20 4E 6F 74 H TTP/1.1 304 Not 0010: 20 4D 6F 64 69 66 69 65-64 0D 0A 44 61 74 65[...]

  • Página 147

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 147 Header Ch ecksum = 0xD59C (5468 4) Source IP = 0xCA849B61 ( 202.132.155.97) Destinati on IP = 0xCCD90002 ( 204.217.0.2) TCP Header: Source Po rt = 0x2826 (1027 8) Destinati on Port = 0x0050 (80) Sequence Number = 0x00C8C015 ( 13156373) Ack Nu[...]

  • Página 148

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 148 The Prestige supports traces when there is problem to connect your ISP using PPPoE protocol. Please follow the procedure below to collect the trace for our troubleshooting. 1. Remove the LAN cable attached on the Prestige 2. Enter SMT using c[...]

  • Página 149

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 149 putPoeHdr: ver 1 type 1 code x09 sess-id 0 len 12(x000C) bdcastSendInit: l1.pktTx() failed, pch poe0 ch enet0 poePut1SrvcName: '' len 0 host-uniq 31303030 len 4 putPoeHdr: ver 1 type 1 code x09 sess-id 0 len 12(x000C) ### Hit any ke[...]

  • Página 150

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 150 Undefined Address : 0xE3F045C4 Undefined Data : 0x56FF54FF r0= 0xE3F045C4 r1= 0x0001FFC0 r2= 0x000000E5 r3= 0x56FF54FF r4= 0xE3F045C4 r5= 0xE5BDBFEC r6= 0x0001C468 r7= 0x60000093 r8= 0x00000000 r9= 0xE3550000 r10=0xE3550000 fp= 0x00000000 r12[...]

  • Página 151

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 151 initialize ch = 0, ethernet address: 00:a0:c5:d1:78:e9 Wan Channel init ........ done ........................................ done VC5402 Init...OK Press ENTER to continue... Enter Password : XXXX LAN/WAN Packet Trace The Prestige packet tra[...]

  • Página 152

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 152 1. Trace LAN packet 1.1 Disable to capture the WAN packet by entering: sys trcp channel mpoa00 none 1.2 Enable to capture the LAN packet by entering: sys trcp channel enet0 bothway 1.3 Enable the trace log by entering: sys trcp sw on & sy[...]

  • Página 153

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 153 IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0x0030 (48) Idetifica tion = 0x330B (1306 7) Flags = 0x02 Fragment Offset = 0x00 Time to L ive = 0x80 (128) Protocol = 0x06 (TCP) Header Ch ecksum = 0x[...]

  • Página 154

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 154 Frame Type: T CP 192.31.7.130 :80->192.168.1. 2:1116 Ethernet He ader: Destinati on MAC Addr = 0080C84CEA63 Source MA C Addr = 00A0C5921311 Network T ype = 0x0800 (TCP/ IP) IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = [...]

  • Página 155

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 155 0000: 00 80 C8 4C EA 63 00 A0-C5 92 13 11 08 00 45 00 . ..L.c........E. 0010: 00 2C 57 F3 40 00 ED 06-AC 8C C0 1F 07 82 C0 A8 . ,W.@........... 0020: 01 02 00 50 04 5C 4A D1-B5 7F 00 BD 15 A8 60 12 . ..P.J.......`. 0030: FA F0 F8 77 00 00 02[...]

  • Página 156

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 156 Checksum = 0xE8ED (5962 9) Urgent Pt r = 0x0000 (0) TCP Data: ( Length=6, Captu red=6) 0000: 20 20 20 20 20 20 RAW DATA: 0000: 00 A0 C5 92 13 11 00 80-C8 4C EA 63 08 00 45 00 . ........L.c..E. 0010: 00 28 35 0B 40 00 80 06-3C 79 C0 A8 01 02 C[...]

  • Página 157

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 157 Source MA C Addr = 00A0C5012345 Network T ype = 0x0800 (TCP/ IP) IP Header: IP Versio n = 4 Header Le ngth = 20 Type of S ervice = 0x00 (0) Total Len gth = 0x048B (1163 ) Idetifica tion = 0xB139 (4536 9) Flags = 0x02 Fragment Offset = 0x00 Ti[...]

  • Página 158

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 158 0010: 04 8B B1 39 40 00 EE 06-A9 AB C0 1F 07 82 CA 84 . ..9@........... 0020: 9B 61 00 50 28 1E D3 E9-59 85 00 C1 8F 63 50 19 . a.P(...Y....cP. 0030: FA F0 37 35 00 00 DF 33-AF 62 58 37 52 3D 79 99 . .75...3.bX7R=y. 0040: A5 3C 2B 59 E2 78 A7[...]

  • Página 159

    Pr estige 2602H-6xC Support Notes All contents c opyright (c ) 2005 ZyXEL C ommunications C orporation. 159 CLI Command List The latest CI command list is ava ilable in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www .zyxel.com/support/download.php to download firmware package (*.zip), you should unzip t[...]