Page
Prestige 2802HW(L)-IxSupport Notes
Index
Application Notes
Configure an Internal Server Behind SUA
Configure a PPTP server Behind SUA
Page
Page
Page
Page
Page
Page
Application Notes
General Application Notes
Internet Connection
2.TCP/IP Installation
Control Panel/Network
Add
•In the Select Network Component Type windows, select Protocol and click Add
Select Network Protocol
'1234
WIZARD SETUP
The Web screen shown below takes PPPoE as the example
Setup the Prestige as a DHCP Relay
'Remote DHCP Server
Configure an Internal Server Behind SUA
WAN IP
Service
Port Number
Configure a PPTP server Behind SUA
Page
Page
Page
Using NAT / Multi-NAT
'Multi-NAT
2.One to One
3.Many to One
4.Many to Many Overload
5.Many to Many No Overload
•Server
NAT Type
IP Mapping
Mapping
1.Applying NAT in the WEB GUI
Full
Feature
Field
Options
2. Address Mapping Sets and NAT Server Sets
NAT Server Sets
Now let's look at WEB GUI Menu Network > NAT > Address Mapping
Option/Example
Address Mapping
One-to-One
Global Start IP
One-to-One, Many-to-One and Server types
Address Mapping Setup
NAT Server Setup
Service Name
Server IP Address
Add
1.Internet Access Only
SUA Only
NAT Setup
2. Internet Access with an Internal Server
Prestige
2802HW(L)-Ix
Support Notes
3.Using Multiple Global IP addresses for clients and servers
(One-to-One
Menu
Set Name
Edit Action
Select Rule
Server type
Menu 15.2 - NAT Server Setup
4. Support Non NAT Friendly Applications
Many-to-Many
No Overload
The three rules configured for using One-to-One mapping type is shown below
Prestige supports multiple type of NAT mapping rules
Page
Using the Dynamic DNS (DDNS)
'Dynamic DNS
Option
Active Dynamic DNS
Service Provider
Dynamic DNS Type
Host Name
Use WAN IP Address
Dynamic DNS server
auto detect IP Address
Use specific IP Address
Network Management Using SNMP
Management Information Base
6.Reads
7.Writes
8.Traversal operations
9.Traps
2. SNMPv1 Operations
•Get
Allows the NMS to retrieve an object variable from the agent
•GetNext
•Set
PDU type
Request ID
Error status
Error index
Variable-bindings
Page
4. Configure the Prestige for SNMP
Access Status
Secured Client
Get Community
Set Community
Community
Destination
If 0.0.0.0 is
entered, the Prestige will not send trap any NMS manager
Using syslog
4.Prestige Setup
1. Make sure that your syslogd starts with -r argument
/etc/syslog.conf
Where /var/log/zyxel.log is the full path of the log file
3. Restart syslogd
•CDR log(call messages)
•Packet triggered log
Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG)
Data: We will send forty-eightHex characters to the server
•Filter log
'Log
•PPP Log
sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );
Using IP Alias
•What is IP Alias
'IP Alias
'IP Alias 1
'IP Alias 2
enif0
enif0:0
enif0:1
IP Alias 1,2
IP Address
IP Subnet
Mask
Using IP Multicast
Page
Multicast
Using Prestige traffic redirect
Traffic Redirect on LAN port
Page
Using Universal Plug n Play (UPnP)
•1. What is UPnP
Devices
Services
Control points
Addressing
Discovery
Control point can also discover services provided by devices
Description
•Control: Devices can be manipulated by control points through Control message
Page
Page
Accept
Wireless Application Notes
Page
Active wireless LAN
•Configuration Wireless Station to Infrastructure mode
Page
Wireless MAC address filtering
MAC Filter Overview
2. ZyXEL MAC Filter Implementation
3. Configure the WLAN MAC Filter
ipconfig /all
Network
Wireless LAN
Allow Association
Deny Association
MAC Address
WEP configuration (Wired Equivalent Privacy)
Page
Setting up the Access Point
Key settings
Access Point (encrypt data by Key 3)
> Station (decrypt data by Key 3)
Access Point (decrypt data by Key 2)
Station (encrypt data by Key 2)
Setting up the Station
Page
Page
Check 'ASCII
uncheck 'ASCII
Configuring
IEEE 802.1x Introduction
IEEE 802 LAN infrastructures
1. Authenticator :
Wireless network. Authenticator
2. Supplicant :
3. Authentication Server :
•Authentication Port State and Authentication Control
Force Unauthorized :
Force Unauthorized
•Re-Authentication
•EAPOL (Extensible Authentication Protocol over LAN)
EAP over LANs, or EAPOL
EAPOL Exchange between 802.1x Authenticator and Supplicant
EAPOL-Start
EAPOL-Logoff
Page
IEEE 802.1x Configuration in ZyXEL Wireless Access Point
•Enable 802.1x in AP
Configure in WEB GUI Configuration
From the Web Configurator main menu, Click
2.Click Apply to make your setting work
•Using Internal Authentication Server
Active
User Name and Password
Key settings :
Yes
•Using External RADIUS Authentication Server
Page
Key settings for authentication server:
Server Address
Shared Secret
Site Survey
Preparation
Below are the step to complete a simple site survey with simple tools
Survey on Site
2.Install an access point at the preliminary location
Page
Page
PSTN Lifeline Application Notes
Lifeline configuration
Relay to PSTN
Relay to PSTN
How to connect Lifeline and DSL connection
phone
modem
Line
VoIP Application Notes
With the account information your ITSP provider provided now you may start
VoIP
SIP
SIP Settings
Authentication
Server
Address
REGISTER
If you were not given a register server address, then enter the address
from the SIP Server Address field again here
Reset
Peer to Peer call
Topology
Topology Explanation
Preparation and Steps
Setup---Configuring SIP / VoIP related settings in device A
Setup---Configuring SIP / VoIP related settings in device B
Page
Phone port settings
Speaking
Volume
Listening
quietest and 1 is the loudest
G.168 Active
Select this check box to cancel the echo caused by the sound of your voice
reverberating in the telephone receiver while you talk
VAD
Label Description
SIP Account
URL Type
TEL
Expiration
Duration
Register
RFC
PCM
SIP INFO
MWI
(Message
Page
Speed Dial
SIP Number
Name
Type
Use Proxy
Voice - QoS setup
Diffserv Code Point
Unused
6-bit
2-bit
Page
Page
SIP TOS
Priority
RTP TOS
Voice VLAN
Call Forwarding setup
Unconditional Forward to Number
Busy Forward to Number
No Answer Forward to Number
Table Number
Forward to
Advanced Setup
Unconditional
Incoming Call Number
Forward to Number
Activate
Incoming Call
Condition
Voice – Common Settings
Phone
Common
Region
Region
FAQ
ZyNOS FAQ
How do I access the embedded web configurator
What is the default LAN IP address and Password? Moreover, how do I change it
How do I upload the ZyNOS firmware code via embeded web configurator
How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN
How do I upload or backup ROMFILE via web configurator
How do I backup/restore configurations by using FTP client program via LAN
Why can't I make Telnet to Prestige from WAN
What should I do if I forget the system password
What is SUA? When should I use SUA
What is the difference between NAT and SUA
Product FAQ
Will the Prestige work with my Internet connection
What do I need to use the Prestige
What is PPPoE
Does the Prestige support PPPoE
How do I know I am using PPPoE
Why does my provider use PPPoE
Which Internet Applications can I use with the Prestige
How can I configure the Prestige
What network interface does the Prestige support
What can we do with Prestige
Page
What network interface does the new Prestige series support
How does the Prestige support TFTP
Can the Prestige support TFTP over WAN
How fast can the data go
What is Multi-NAT
When do I need Multi-NAT
What IP/Port mapping does Multi-NATsupport
1.One to One
2.Many to One
3.Many to Many Overload
4.Many to Many No Overload
Overload ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2
Many-to-ManyNo ILA2<--->IGA2
Server 1 IP<--->IGA1Server 2 IP<--->IGA1
What is the difference between SUA and Multi-NAT
What is BOOTP/DHCP
Page
PSTN Lifeline FAQ
VoIP FAQ
What advantage does Voice over IP can provide
What is the difference between H.323 and SIP
Can H.323 and SIP interoperate with one another
What is voice quality
Voice quality is how well an person can hear the voice on the opposite end
What is the relation of codec and VoIP
What codec does Prestige support
Prestige supports the following commonly used codec
•G.729 voice codec
•G.711u-lawvoice codec
Unable to register with the SIP server
If you are unable to register with SIP server
2.Make sure the SIP account is correct and the password is key in correctly
I can register but can not establish a call
I can make a call but the voice only goes one way not bothway
Firewall FAQ
Page
What is Denials of Service (DoS)attack
What is Ping of Death attack
What is Teardrop attack
What is SYN Flood attack
What is LAND attack
What is Brute-forceattack
What is IP Spoofing attack
What are the default ACL firewall rules in Prestige
How can I protect against IP spoofing attacks
Content Filter FAQ
IPSec FAQ
Cost
What are most common VPN protocols
What is PPTP
What is L2TP
What is IPSec
What secure protocols does IPSec support
What are the differences between 'Transport mode' and 'Tunnel mode
What is SA
What is IKE
What is Pre-SharedKey
What are the differences between IKE and manual key VPN
What is Phase 1 ID for
What are Local ID and Peer ID
When should I use FQDN
Is my Prestige ready for IPSec VPN
How do I configure Prestige VPN
How many VPN connections does Prestige support
What VPN protocols are supported by Prestige
What types of encryption does Prestige VPN support
What types of authentication does Prestige VPN support
I am planning my Prestige-to-PrestigeVPN configuration. What do I need to know
Advanced>VPN
Does Prestige support dynamic secure gateway IP
What VPN gateway that has been tested with Prestige successfully
What VPN software that has been tested with Prestige successfully
Will ZyXEL support Secure Remote Management
Does Prestige VPN support NetBIOS broadcast
Is the host behind NAT allowed to use IPSec
NAT Condition
Supported IPSec Protocol
Page
Page
Wireless FAQ
e. Scalability:
What are the disadvantages of Wireless LANs
Where can you find wireless 802.11 networks
What is an Access Point
What is IEEE 802.11
What is 802.11b
How fast is 802.11b
What is 802.11a
What is 802.11g
Is it possible to use products from a variety of vendors
What is Wi-Fi
What types of devices use the 2.4GHz Band
Does the 802.11 interfere with Bluetooth devices
Can radio signals pass through walls
What are potential factors that may causes interference among WLAN products
Solution :
What's the difference between a WLAN and a WWAN
What is Ad Hoc mode
What is Infrastructure mode
How many Access Points are required in a given area
What is Frequency-hoppingSpread Spectrum Technology – (FHSS)
Do I need the same kind of antenna on both sides of a link
Why the 2.4 Ghz Frequency range
What is Server Set ID (SSID)
What is an ESSID
Page
Page
Page
Trouble Shooting
Using Embedded Packet Trace
Online Trace
1.Trace LAN packet
2.Trace WAN packet
1. Trace LAN packet
1.1Disable to capture the WAN packet by entering: sys trcp channel enet1 none
Page
Page
Page
2. Trace WAN packet
1.1Disable to capture the LAN packet by entering: sys trcp channel enet0 none
1.2Enable to capture the WAN packet by entering: sys trcp channel enet1 bothway
Page
Page
Page
Offline Trace
sys trcp sw off
sys trcp brief
1.7Display specific packets by using: sys trcp parse <from_index> <to_index
Exmaple:
Page
Page
Page
Page
Debug PPPoE Connection
ƒpoe debug 1 (turn on pppoe debug)
ƒdev dial 1 (dial remote node 1)
ƒsys trcp sw off (turn off packet trace)
ƒsys log disp i (capture system error log)
ƒsys trcp parse (parse the trace in detail)
Page
LAN/WAN Packet Trace
sys trcp channel mpoa00 none
Page
Page
Page
Page
Disable the capture of the LAN packet by entering:
sys trcp channel mpoa00 bothway
Page
CLI Command List
