ZyXEL Communications P-334WT Informacje Techniczne Strona 1

P-334WT Support NotesV360(JN0)Last Update: October 8, 2004FAQ- ZyNOS FAQ- Product FAQ- Firewall FAQ- Content Filtering FAQ- VPN FAQ- Wireless FAQAppli

10. What network interface does the Prestige support?The Prestige supports 10/100M Ethernet to connect to the computer and 10M Ethernet to connect to

4. On the opposite side, your partner select Accept to accept your conversation request.

5. Finally, your video conversation is achieved.

3. View dynamic ports opened by UPnPWhen using UPnP, if the ZyXEL device is configured as "Allow users to make configuration changes through UPnP

ras> ip nat server dispServer Set: 1Rule name Svr P Range Server IP LeasedTime Active protocol Int Svr P Range

Filter ● How does ZyXEL filter work?● Filter Examples❍ A filter for blocking the web service❍ A Filter for blocking the FTP connection

Filter How does ZyXEL filter work? ● Filter Structure The P-334WT allows you to configure up to twelve filter sets with six rules in each set, for

● Filter Types and SUAConceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the device c

Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the mixing of different category rules within

Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule

1. WinGate is a software only solution that needs to be installed in a dedicated Windows 95 PC based server. The total cost and complexity are many t

Menu 11.1 - Remote Node ProfileRem Node Name= LAN Route= IPActive= Yes Bridge= NoE

In order to avoid operational problems later, the P-334WT will disable its routing/bridging functions if there is an inconsistency among its filter ru

Filter Example A filter for blocking the web service ● ConfigurationBefore configuring a filter, you need to know the following information: 1. Th

Menu 21 - Filter Set Configuration Filter Filter Set # Comments S

Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to

Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule

Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters=

Filter Example A filter for blocking the FTP connections from WAN● IntroductionThe P-334WT supports the firmware and configuration files upload us

Menu 21 - Filter Set Configuration Filter Filter Set # Comments S

IP Mask= 0.0.0.0 Port #= Port # Comp= None

19. What to do when when Prestige response nothing via console ? When Prestige responses nothing on your terminal (e.g. embedded HyperTerminal), pleas

Menu 21.4 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------

Filter Example A filter for blocking a specific client Configuration1. Create a filter set in Menu 21, e.g., set 1 Menu 21 - Fi

Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule

Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters=

Filter Example A filter for blocking a specific MAC address This configuration example shows you how to use a Generic Filter to block a specific MAC a

The detailed format of the Ethernet Version II: + Ethernet Version II - Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45 (Des

TIME: 37c060 enet0-RECV len:74 call=0 0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00 0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d

case, we intent to set to 'ffffffffffff' to mask the incoming source MAC address, [00 80 c8 4c ea 63]. ● Value (in hexadecimal)Specify t

Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters=

Filter Example A filter for blocking the NetBIOS packets ● IntroductionThe NETBIOS protocol is used to share a Microsoft comupter of a workgroup.

starting with how fast your PC can handle IP traffic, then how fast your PC to cable modem interface is, then how fast the cable modem system runs and

Menu 21 - Filter Set Configuration Filter Filter Set # Comments S

Press ENTER to Confirm or ESC to Cancel: ● Rule 2-Destination port number 137 with protocol number 17 (UDP)

Menu 21.1.3 - TCP/IP Filter Rule Filter #: 1,3 Filter Type= TCP/IP Filter Rule

Port # Comp= None TCP Estab= N/A More= No Log= None

Menu 21.1.6 - TCP/IP Filter Rule Filter #: 1,6 Filter Type= TCP/IP Filter Rule

● Apply the first filter set 'NetBIOS_WAN' to the 'Output Protocol Filter' in menu 11.5 for activating it.

TCP Estab= No More= No Log= None Action Matched= Drop Action

Menu 21.2 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------

Setting Up the Syslog ● Prestige Setup● UNIX SetupThe Prestige is able to send four types of system log to a Syslog deamon such as Unix Syslog

2. Edit the file /etc/syslog.conf by adding the following line at the end of the /etc/syslog.conf file. local1.* /var/log/zyxel.logWhere

If you are not able to get the Internet IP from the ISP, check which authentication method your ISP uses and troubleshoot the problem as described bel

Network Management Using SNMP 1. SNMP Overview The Simple Network Management Protocol (SNMP) is an applications-layer protocol used to exchange the ma

The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands

2. ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some Prestige routers. It is implemented based on the SNMPv1, so it will be abl

If the machine coldstarts, the trap will be sent after booting. 2. warmStart (defined in RFC-1215) :If the machine warmstarts, the trap will be sent

3. Configure the Prestige for SNMP The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps describe

Menu 22 - SNMP Configuration SNMP: Get Community= public Set Communi

Using the Dynamic DNS (DDNS) ● What is DDNS?The DDNS service, an IP Registry provides a public central database where information such as email ad

Menu 1 - General Setup System Name= P-334WT Domain Name= First System DNS Server= From

Service ProviderEnter the DDNS server in this field. Currently, we support WWW.DYNDNS.ORG.Active Toggle to 'Yes'.HostEnter the hostname you

Using IP Alias ● What is IP Alias ?In a typical environment, a LAN router is required to connect two local networks. The Prestige supports to conn

Menu 1 - General SetupSystem Name= zyxelKey Setting:● System Name=, The system name must be the same as the PC's computer name.3. Your IS

Copyright (c) 1994 - 1999 ZyXEL Communications Corp. ras> ip ro st Dest FF Len Interface Gateway Metric stat Timer Use 192.168

TCP/IP SetupEnter the first LAN IP address for the Prestige. This will create the first route in the enif0 interface.Edit IP Alias Toggle to 'Yes

Using FTP to Upload the Firmware and Configuration FilesIn addition to upload the firmware and configuration file via the console port and TFTP client

ftp: 924512 bytes sent in 4.83Seconds 191.41Kbytes/sec.ftp>Here, the 'p312.bin' is the local file and 'ras' is the remote file

2. Press 'OK' to ignore the 'Username' prompt.3. To upload the firmware file, we transfer the local 'ras' file to overwr

4.The Prestige reboots automatically after the uploading is finished. All contents copyright (c) 2004 ZyXEL Communications Corporation.

Firmware/Configurations Uploading and Downloading using TFTP ● Using TFTP client software● Using TFTP command on Windows NT● Using TFTP co

The 192.168.1.1 is the IP address of the Prestige. The local file is the source file of the ZyNOS firmware that is available in your hard disk. The re

1. TELNET to your Prestige first before using TFTP command2. Type the CI command 'sys stdio 0' to disable console idle timeout in Menu 24.

[cppwu@faelinux cppwu]$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. Password: ****

● Service Type...Currently, there are two authentication types that Road Runner supports, RR-TAS and RR-Manager. Choose the correct one for yo

5. Backup Configuration6. Restore Configuration7. Firmware Upload8. Command Interpreter Mode9. Call Control10. Time and Date Setting11. Remote Managem

Using Traffic Redirect ● What is Traffic Redirect ?● How to deploy backup gateway?● Are you using Prestige family?● What is Traffic Re

Traffic Redirect on LAN port● Traffic Redirect SetupConfigure parameters that determine when Prestige will forward WAN traffic to the backup gatew

Fail ToleranceSpecify the number of times your Prestige may attempt and fail to connect to Internet before triggering traffic redirect connection.Peri

VPN Application Notes● Using P-334WT IPSec VPN P-334WT to ZyWALL Tunneling Suecure Gateway with Dynamic WAN IP Address Configure N

P-334WT to ZyWALL Tunneling 1. Setup P-334WT2. Setup ZyWALL3. Troubleshooting4. View LogThis page guides us to setup a VPN connection between P-33

2. In this example, we presume that P-334WT's model name is P-334WT. And since it's P-334WT, so only 1 PC can use the tunnel. 3. In this exa

2. Setup ZyWALLSimilar to the settings for P-334WT, ZyWALL is configured in the same way. 1. Using a web browser, login ZyWALL by giving the LAN IP a

3. Troubleshooting Q: How do we know the above tunnel works?A: If the connection between PC 1 and PC 2 is ok, we know the tunnel works.Please try to p

● Using CI command 'ipsec debug 1'Please enter 'ipsec debug 1' in Menu 24.8. There should be lots of detailed messages printed

Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. Thus, users on the same

Secure Gateway with Dynamic WAN IP Address● P-334WT static WAN IP v.s. peer side dynamic IP ● P-334WT dynamic WAN IP v.s. peer side static IPM

2. In remote side, generally speaking, most VPN clients will bind PPP/Ethernet adapter's dynamic IP address to IPSec automatically . The only th

1. In VPN settings of P-334WT, please specify the IP address of My IP as 0.0.0.0. P-334WT will automatically bind it's current WAN IP address to

2. IPSec tunnel in this case, can ONLY be initiated from P-334WT.

Configure NAT for Internal ServersSome tips for this application:Generally, without IPSec, to configure an internal server for outside access, we need

Configure P-334WT Behind a NAT RouterSome tips for this application: 1. The NAT router must support to pass through IPSec protocol. Only ESP tunnel m

Relaying NetBIOS Broadcast over IPSec tunnel.¡@By NetBIOS broadcast supported in VPN tunnel, users of Microsoft Windows can search computers in remote

Phase 2 - Active Protocol= ESPEncryption Algorithm= DES Authentication Algorithm= MD5SA Life Time (Seconds)= 28800Encapsulation= TunnelPerfect Forward

Wireless Application Notes● Infrastructure Mode● Wireless MAC Address Filtering● WEP Configurations● IEEE 802.1x● Site Survey All

Configuring Infrastructure mode ● Infrastructure Introduction ● Configure wireless access point to Infrastructure mode with SMT ● Config

Many-to-One (SUA/PAT)ILA1<--->IGA1 ILA2<--->IGA1 ...Many-to-Many OverloadILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA1

2. Enter 5 to display Menu 3.5 ¡V Wireless LAN Setup. Menu 3.5 - Wireless LAN SetupESSID= ZyXELHide ESSID= NoC

3. Configure the desired configuation on P-334WT.4. Finished.● Configuration Wireless Station to Infrastructure modeTo configure Infrastructure m

3. Select Infrastructure from the operation mode pull down menu, fill in an SSID or leave it as any if you wish to connect to any AP than press Apply

5. Double click on the AP you want to associated with.

6. After the client have associated with the selected AP. The linked AP's channel, current linkup rate, SSID, link quality, and signal strength

MAC Filter ● MAC Filter Overview ● ZyXEL MAC Filter Implementation ● Configure the WLAN MAC Filter 1. MAC Filter Overview Users can use

Menu 3.5.1 - WLAN MAC Address FilterActive= NoFilter Action= Allowed Association----------------

All contents copyright (c) 2004 ZyXEL Communications Corporation.

Setup WEP (Wired Equivalent Privacy)● Introduction ● Setting up the Access Point● Setting up the Station Introduction The 802.11 standard

Setting up the Access Point Most access points and clients have the ability to hold up to 4 WEP keys simultaneously. You need to specify one of the 4

Without DDNS, we always tell the users to use the WAN IP of the Prestige to reach our internal server. It is inconvenient for the users if this IP is

● Setting up the Access Point from SMT Menu 3.5B1000 hold up to 4 WEP Keys. You have to specify one of the 4 keys as default Key which be used to

So, the Key 3 of station has to equal to the Key 3 of access point.Though access point use Key 3 as default key, but the station can use the other Key

The utility will pop up on your windows screen. Note: If the utility icon doesn't exist in your task bar, click Start -> Programs -> IEE

Key settings The WEP Encryption type of station has to equal to the access point. Check 'ASCII' field for characters WEP key or unchec

Hexadecimal digits don't need to preceded by '0x'.For example, 64-bits with characters WEP key : Key1= 2e3f4 Key2= 5y7jsKey3= 24fg7Key

Setup IEEE 802.1x Access Control (Authentication and Accounting)● What is IEEE 802.1x ? IEEE 802.1x Introduction Authentication Port St

The device (i.e. Wireless AP) facilitates authentication for the supplicant (Wireless client) attached on the Wireless network. Authenticator controls

1. Force Authorized : Disables 802.1x and causes the port to transition to the authorized state without any authentication exchange required. The port

However, if during bootup, the supplicant does not receive an EAP-request/identity frame from the Wireless AP, the client can initiate authentication

● EAP-Packet : Both the supplicant and the authenticator send this packet when authentication is taking place. This is the packet that contains ei

ZyNOS FAQ 1. What is ZyNOS?2. How do I access the Prestige SMT menu?3. What is the default console port baud rate? Moreover, how do I change it?4.

packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be

Authentication Control Press [SPACE BAR] to select from Force Authorized, Force UnAuthorized or Auto. The default is Force Authorized.Auto : Enables 8

● Using External RADIUS Authentication ServerIn addition to the internal authentication server inside ZyXEL AP, you can use external RADIUS authen

1. From the SMT main menu, enter Menu 23.2 to setup System Security - RADIUS Server to setup the RADIUS authentication server. Me

ActivePress [SPACE BAR] to select Yes and press [Enter] to enable 802.1x user authentication through an external RADIUS authentication server. Select

All contents copyright © 2004 ZyXEL Communications Corporation.

Setup 802.1x client in the station● Setup Windows XP 802.1x client ● Setup MeetingHouse AEGIS 802.1x client ● Setup 802.1x client in the

4. In Authentication tab, check Enable network access control using IEEE 8021.x and choose the MD5-Challenge in the EAP type: list, as shown below.

5. Connect to ZyXEL AP, in Wireless Network Connection, choose View Available Wireless Networks

6. In the Connect to Wireless Network window, select the AP you would like to connect in the Available networks field then click Connect button for co

7. Windows XP will show you the message "Click here to enter your user name and password for the network <AP_name>" where the <AP_n

Firewall FAQ 1. Geneal2. Log and AlertBack to Main Menu of the P-334WT Support NoteGeneral 1. What is a network firewall? 2. What makes P-334WT s

9. Windows XP completes the negotiation and changes the status for you automatically as shown on following figure.● Setup MeetingHouse AEGIS 802.1

1. Please connect your wireless client to AP before configuring AEGIS 802.1x client.2. Open AEGIS Client- Running window, choose Client --> Config

3. Right click the specified wireless client adapter in the AEGIS Client --> Select Start to start the 802.1x authentication on the specified wirel

5. If AEGIS 802.1x client does not start to negotiate with wireless AP, please perform Step 1 again. All contents copyright © 2004 ZyXEL Communication

Site Survey ● Site survey introduction ● Preparation ● Survey on site ● IntroductionWhat is Site Survey?An RF site survey is a MAP t

2. Install an access point at the preliminary location. 3. User a notebook with wireless client installed and run it's utility. An utility will

5. When you reach the farthest point of connection mark the spot. Now you move the access point to this new spot as have already determine the farthe

Note: If there are more than one access point is needed be sure to make the adjacent access point service area over lap one another. So the wireless

TMSS Application Notes● Registration Steps(Demo)● FAQ All contents copyright (c) 2004 ZyXEL Communications Corporation.

Stateful Inspection Firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP a

TMSS ● TMSS Introduction ● TMSS Registration Demo● TMSS IntroductionWhat is TMSS?Help to identify vulnerabilities and to protect PCs and

3. When you apply "Continue" button, the web page will redirect to TMSS dashboard as below.

4. Click "Service Summary", in this page you can activate the TMSS service. (You can press the "?" mark in the page for more detai

5. Click "Activate My Services", you will receive the pages below. (Please follow instruction in the page to finish the steps of registratio

6. After you receive the registration mail from TMSS, please follow the instruction in the mail to validate your account. After you validate your acco

7. You can back to TMSS dashboard, you can see the status already change. (If you want extend you TMSS service after Trial expired, please check the O

8. You can use "Security Scan" for security scan on your PC or the entire PCs in your network (under LAN of the device.) After security scan

series of IP fragments with overlapping offset fields. When these fragments are reassembled at the destination, some systems will crash, hang, or rebo

9. Before you validate your account, the status of Parental Control will like below.

10. Below is the page which you validate your account.

11. After you finish your TMSS registration and install the TIS software, in Web GUI will display as below. (the information of Client Antivirus Prote

TMSS FAQ 1. Entire network result will never be "Risk Free".2. If user sets incorrect DNS setting for router, parental controls will not w

4. The scanning result will be sent to default gateway.If our network topology is using multiple routers, e.g. ADSL-----TMSS router------ router2

TMSS will not send DQM to query client status before DQM time(30 mins) out reach.13. If port 40116(UDP) is used by another program, discovery would b

CI Command List Command Class List Table System Related Command Exit Command Device Related Command Ethernet Related Command POE Related Command

System Related Command Ho

The above figure indicates the "triangle route" topology. It works fine if you turn off firewall function on P-334WT box. By default, your c

hostname [hostname] display system hostname logs category access [0:none/1:log/2:alert/3:both] record the access cont

disp clear log error online turn on/off error log online display load load the log setting buffer mail aler

server [domainName/IP] syslog server to send the logs log clear clear log error disp display log error online [

nat <none|sua|full_feature> config remote node nat nailup <no|yes> config remote node nailup mtu <value> set re

romreset restore default romfile server access <telnet|ftp|web|icmp|snmp|dns> <value> set server access type l

disp <ch-name> show the connection trace of this channel clear <ch-name> clear the connection trace of this channel

netbios upnp active [0:no/1:yes] Activate or deactivate the saved upnp settings config [0:deny/1:permit] Allow users

dial <node#> dial to remote node Ethernet Related Command

disp <ch_name> display ethernet debug infomation level <ch_name> <level> set the ethernet debug level level 0: disable

dial <rn-name> dial a remote node drop <rn-name> drop a remote node call tunnel <tunnel id> display pptp tunnel infor

(B) Deploying your second gateway on WAN side.(C) To resolve this conflict, we add an option for users to allow/disallow such Triangle Route topology

e-mail mail-server <mail server IP> Edit the mail server IP to send the alert return-addr <e-mail address> Edit the mail

minute-high <0~255> The threshold to start to delete the old half-opened sessions to minute-low minute-low <0~255> The

pnc <yes|no> PNC is allowed when 'yes' is set even there is a rule to block PNC log <yes|no> Switch on/off s

destaddr-range <start ip address> <end ip address> Select and edit a destination address range of a packet which complies to th

set <set#> rule <rule#> Insert a specified rule in a set to the firewall configuration cli Display the choices of comman

server <primary> [secondary] [third] set dns server stats clear clear dns statistics disp display dns statis

stroute display [rule # | buf] display rule index or detail message in rule. load <rule #> load static route rule in buf

reginfo display display urlfilter registration information name set urlfilter registration name eMail <size>

time [pending] set time clearAll clear all listupdate information exemptZone display display exemptzone informati

tredir failcount <count> set tredir failcount partner <ipaddr> set tredir partner target <ipaddr> set

General 1. What is a network firewall? 2. What makes P-334WT secure?3. What are the basic types of firewalls? 4. What kind of firewall is the P-33

edit remotehost <start ip> [end ip] set nat server remote host ip edit leasetime [time] set nat server lease time edit

<iface> query send query on iface <iface> rsptime [time] set igmp response time <iface> start turn on of

wan <on|off> After a packet is IPSec processed and will be sent to WAN side, this switch is to control if this packet can be applied IPSe

- 0 means never timeout update_peer <0~255> - Adjust auto-timer to update IPSec rules which use domain name as the secure gate

keep_alive <rule #> <on|off> Set ipsec keep_alive flag load <rule #> Load ipsec rule save Save ipsec rules config

lcPortEnd <port> Set local end port rmAddrType <0:single | 1:range | 2:subnet> Set remote address type rmAddrStart <

p2SaLifeTime <seconds> Set sa life time in phase 2 in IKE encap <0:Tunnel | 1:Transport> set encapsulation in phase 2 in

Command Description sys Firewall acl disp Display specific ACL set # rule #, or all ACLs. active <yes|no> Ac

smtp Set SMTP DoS defender on/off display Display SMTP DoS defender setting. ignore Set if firewall ignore DoS in lan/wan/d

Bridge cnt related to bridge routing statistic table Disp display bridge route counter Clear clear bridge route counte

3. Stateful Inspection Firewall Packet Filtering Firewalls generally make their decisions based on the header information in individual packets. Thes

Trace show all supplications in the supplication table User [username] show the specified user status in the supplicant table All conte

Prestige 334WT Troubleshooting ● Unable to get the WAN IP from the ISP● Unable to run applications● Embedded packet trace● Debug PPPoE

My P-334WT can not get an IP address from the ISP to connect to the Internet, what can I do?Currently, there are various ways that ISPs control their

Menu 2 - WAN SetupLink Mode= Half DuplexMAC Address:Assigned By= IP address attached on LANIP Address= 192.168.1.33¡@Key settings:● Assigned By=,

¡@3. Your ISP checks 'User ID' This authentication type is used by RoadRunner ISP, currently they use RR-TAS(Toshiba Authentication Service)

otherwise, select Static. ● IP Address & Subnet Mask & Gateway IP Address...Enter the IP address, subnet mask & gateway IP when Static

If any application does not work behind P-334WT's SUA 1. Currently, the applications supported in SUA mode are listed in the ZyXEL SUA Support T

Embedded Packet Trace The P-334WT packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical

P324> sys trcp channel enet1 none P324> sys trcp channel enet0 bothway P324> sys trcp sw on P324> sys trcl sw on P324> sys trcd brief

Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A7 (12391847) Ack Number = 0x00000000 (0) Head

Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to di

TCP Header: Source Port = 0x0050 (80) Destination Port = 0x045C (1116) Sequence Number = 0x4AD1B57F (12552

Source IP = 0xC0A80102 (192.168.1.2) Destination IP = 0xC01F0782 (192.31.7.130) TCP Header: Source Port

P324> sys trcp channel enet0 none P324> sys trcp channel enet1 bothway P324> sys trcp sw on P324> sys trcl sw on P324> sys trcd brief 0

Sequence Number = 0xD3E95985 (3555285381) Ack Number = 0x00C18F63 (12685155) Header Length = 20 Flag

Idetification = 0x7A0C (31244) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0

Idetification = 0x7B0C (31500) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0

1.5 Disable the trace log by entering: sys trcp sw off & sys trcl sw off 1.6 Display the trace briefly by entering: sys trcp brief 1.7 Display spe

Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.2) TCP Header: Source Port

P324> sys trcp channel enet0 none P324> sys trcp channel enet1 bothway P324> sys trcl sw on P324> sys trcp sw on P324> sys trcl sw off

TCP Header: Source Port = 0x0050 (80) Destination Port = 0x2826 (10278) Sequence Number = 0x4D713D8A (1299

A Brute-force attack, such as 'Smurf' attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly

IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x018D (397)

bestoftimes.gi P324> ¡@All contents copyright ?1999 ZyXEL Communications Corporation.

Debug PPPoE ConnectionThe P-334WT supports traces when there is problem to connect your ISP using PPPoE protocol. Please follow the procedure below to

bdcastSendInit: l1.pktTx() failed, pch poe0 ch enet0poePut1SrvcName: '' len 0host-uniq 31303030 len 4putPoeHdr: ver 1 type 1 code x09 sess-i

0x00000000 r12=0x56FF54FF sp= 0x0001EDBC lr= 0x00004F64 pc= 0x0001395400 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0Fe5bdbfe0: e2 8f 00 06

Enter Debug ModeatgoBootbase Version: V1.12 | 1/27/2000 11:00:09RAM: Size = 4096 KbytesFLASH: Intel 8MRAS Version: V3.20(M.01)b2 | 8/18/2000 14:05:08P

The default console port baud rate is 9600bps, you can change it to 115200bps in Menu 24.2.2 to speed up the SMT access. 3. What is the default conso

on P-334WT box. By default, your connection will be blocked by firewall because of the following reason. Step 1. Being the default gateway of PC,

(C) To resolve this conflict, we add an option for users to allow/disallow such Triangle Route topology in both CI command and Web configurator . You

Log and Alert 1. When does the P-334WT generate the firewall log?2. What is contained in P-334WT firewall log ?3. How do I view the firewall log? 4

All logs generated in P-334WT, including firewall logs and system logs are migrated to centralized logs. So you can view firewall logs in Centralized

Content Filter FAQ 1. What types of content filter does P-334WT provide?2. How many URL keyword does P-334WT support?3. What kinds of URL checking

IPSec FAQ VPN Overview 1. What is VPN?2. Why do I need VPN?3. What are most common VPN protocols?4. What is PPTP?5. What is L2TP?6. What is IPSe

There are some reasons to use a VPN. The most common reasons are because of security and cost.Security1). AuthenticationWith authentication, VPN recei

Transport mode is mainly for an IP host to protect the data generated locally, while tunnel mode is for security gateway to provide IPSec service for

E-mail [email protected] note that, in P-334WT, if "DNS" or "E-mail" type is chosen, you can still use a random string as

1. If there is a NAT router running in the front of P-334WT, please make sure the NAT router supports to pass through IPSec. 2. In NAT case (either

7. How do I backup/restore SMT configurations by using TFTP client program via LAN? a. Use the TELNET client program in your PC to login to your Pre

Phase 1 ID can be configured in VPN setup menu as following. Note that you can make such configuration in either web configurator or SMT menu. 13. How

private IP address as the content of it's phase 1 ID. So you have to configure P-334WT's secure gateway's phase 1 ID as the private IP

Wireless FAQ General FAQ 1. What is a Wireless LAN ? 2. What are the main advantages of Wireless LANs ? 3. What are the disadvantages of Wireless L

Security FAQ1. How do I secure the data across an Access Point's radio link? 2. What is WEP ? 3. What is the difference between 40-bit and 64

c. Installation Flexibility:Wireless technology allows the network to go where wire cannot go. d. Reduced Cost-of-Ownership:While the initial investme

8. How fast is 802.11b ?The IEEE 802.11b standard has a nominal speed of 11 megabits per second (Mbps). However, depending on signal quality and how m

Both the 802.11b and Bluetooth devices occupy the same2.4-to-2.483-GHz unlicensed frequency range-the same band. But a Bluetooth device would not inte

2. What is Infrastructure mode ?Infrastructure mode implies connectivity to a wired communications infrastructure. If such connectivity is required t

mobile device must match the ESSID of the AP to communicate with the AP. The ESSID is a 32-character maximum string and is case-sensitive. Security FA

broadcast beacon packets. Turning off the broadcast of SSID in the beacon message (a common practice) does not prevent getting the SSID; since the SSI

source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction

13. What is AAA ?AAA is the acronym for Authentication, Authorization, and Accounting and refers to the idea of managing subscribers by controlling th

Prestige 334WT Application Notes Internet ConnectionSetup Prestige for PPPoE ConnectionsSetup Prestige as a PPTP Client Using Multi-NATNAT Notes - Co

Internet Connection A typical Internet access application of the Prestige is shown below. For a small office, there are some components needs to be ch

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already installed TCP/IP, go to the next sect

Key Settings:Option DescriptionEncapsulation Select the encapsulation type your ISP supportsService Name Enter the 'Service Name' for the IS

5. Check if the connection is up by clicking the ADVANCED/MAINTENANCE menu. All contents copyright (c) 2004 ZyXEL Communications Corporation.

Setup the Prestige for PPPoE Connections ● IntroductionPPP over Ethernet is an IETF draft standard specifying how a host personal computer (PC) in

Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= PPPoE

Menu 11.1 - Remote Node ProfileRem Node Name= MyISP Rou

Setup the Prestige 334WT as a PPTP Client ● What is PPTP Client?Microsoft's Point-to-Point Tunneling Protocol (PPTP) is a network protocol th

If the firewall is not turned on we can configure a filter set to block the IP spoofing attacks. The basic scheme is as follows: For the input data fi

The PPTP client feature means the PPTP connection is initialized by the Prestige 334WT router, so this connection is transparent to the PPTP clients o

IP Address AssignmentChoose 'Dynamic' if the PPTP server provides the IP dynamically, otherwise choose 'Static'.IP AddressEnter th

Using Multi-NAT ● What is Multi-NAT?● How NAT works● NAT Mapping Types● SUA Versus NAT● SMT Menus1. Applying NAT in the SMT Menus

address translation, please refer to RFC 1631, The IP Network Address Translator (NAT). ● How NAT worksIf we define the local IP addresses as th

2. Many to OneIn Many-to-One mode, the P-334WT maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL&a

● SUA Versus NATSUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server. The P-334WT now has Full F

Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= Ethernet

Step 1. Enter 11 from the Main Menu. Step 2. Move the cursor to the Edit IP field, press the [SPACEBAR] to toggle the default No to Yes, then press [E

3. Address Mapping Sets and NAT Server Sets Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresse

0.0.0.0 Server 3. 4. 5. 6. 7. 8. 9. 10. Press ESC or RETURN to Exit: The followi

Product FAQ General FAQ 1. What is the P-334WT Internet Access Sharing Router?2. Will the P-334WT work with my Internet connection? 3. What do I ne

Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Typ

Select RuleWhen you choose Edit, Insert Before or Save Set in the previous field the cursor jumps to this field to allow you to select the rule to app

IPEndThis is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255.

The following procedures show how to configure a server behind NAT. Step 1. Enter 15 in the Main Menu to go to Menu 15-NAT Setup. Step 2. Enter 2 to g

www-http (Web) 80PPTP (Point-to-Point Tunneling Protocol)1723 ● Examples1. Internet Access Only2. Internet Access with an Internal Server3. Usi

Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= Ethernet

In this case, we do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu 15.2.1-NAT Server Setup (Used for SUA Only)

3. Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGA

Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= Ethernet

Rule 2 Setup: Selecting One-to-One type to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2. Menu 15.1.1.2 - - Rule 2

10. What is the difference between SUA and Multi-NAT?11. What is BOOTP/DHCP? 12. What is DDNS?13. When do I need DDNS?14. What DDNS servers does

Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu 15.1.1.4 - - R

1 4. [IGA3] Server 5. 6. 7. 8. 9. 10. Press ESC

4. Support Non NAT Friendly Applications Some servers providing Internet applications such as some mIRC servers do not allow users to login using the

The three rules configured for using One-to-One mapping type is shown below. Menu 15.1.1.1 - - Rule 1 Type:

Menu 15.1.1.3 - - Rule 3 Type: One-to-One Local IP: Start= 192.168.

Configure a PPTP server behind SUA ● IntroductionPPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated

This application note explains how to establish a PPTP connection with a remote private network in the Prestige 324 SUA case. In ZyNOS, all PPTP packe

Menu 15 - SUA Server Setup Port # IP Address ------ ------------

All contents copyright © 2004 ZyXEL Communications Corporation.

Configure an Internal Server Behind SUA ● IntroductionIf you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for o

two Ethernet ports: LAN port and WAN port. You should connect the computer to the LAN port and connect the external modem to the WAN port. If the ISP

Menu 15 - SUA Server Setup Port # IP Address ------ ------------

Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) ● IntroductionGenerally, SUA makes your LAN appear as a single machine to the outsi

mIRCNone for Chat.For DCC, please set Default/Client IP.Windows PPTP None 1723/client IPICQ 99a None for Chat. For DCC, please set: ICQ -> prefere

Microsoft Xbox Live7None N/A1 Since SUA enables your LAN to appear as a single computer to the Internet, it is not possible to configure similar serve

7. 0 0.0.0.0 8. 0 0.0.0.0 All contents copyright (c) 2004 ZyXEL Communicatio

Using UPnP1. What is UPnP2. Use UPnP in ZyXEL devices3. View dynamic ports opened by UPnP1. What is UPnPUPnP (Universal Plug and Play) makes connec

UPnP Operations● Addressing: UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4, each devices should have DHCP client, when the device gets

Device: PPPoE Dial-up RouterService: NAT function provided by PPPoE Dial-up RouterControl Point: PC11. Enable UPnP function in ZyXEL deviceGo to Advan

2. After getting IP address, you can go to open MSN application on PC and sign in MSN server.

3. Start a Video conversation with one online user.