P-793H v2 G.SHDSL.bis Bonded Broadband Gateway Support Notes Version 3.
P-793H v 2 Support Notes FAQ ............................................................................................................................... 4 ZyNOS FAQ ...................................................... 4 1. What is ZyNOS? ................................................................................... 4 2. How do I access the P-793H v2 SMT menu? .................................... 4 3. How do I upload the ZyNOS firmware code via console? ............... 4 4.
P-793H v 2 Support Notes 19. What is DDNS wildcard? Does the P-793H v2support DDNS wildcard? ................................................................................................................ 15 20. Can the P-793H v2's SUA handle IPSec packets sent by the IPSec gateway? ............................................................................................... 15 21. How do I setup my P-793H v2 for routing IPSec packets over SUA? ...........................................................
P-793H v 2 Support Notes 15. Using Call Scheduling .................................................................... 73 16. Using IP Multicast ............................................................................. 75 17. Using Bandwidth Management....................................................... 76 18. How to configure packet filter on P-793H v2? .............................. 79 19. How could I configure triple play on P-793H v2? ......................... 79 20.
P-793H v 2 Support Notes FAQ ZyNOS FAQ 1. What is ZyNOS? ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all P-793H v2 routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites as they become available. 2.
P-793H v 2 Support Notes (1) Use the TELNET client program in your PC to login to your P-793H v2, and use Menu 24.8 to enter CI command 'sys stdio 0' to disable console idle timeout (2) To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the P-793H v2. After data transfer is finished, the P-793H v2 will program the upgraded firmware into FLASH ROM and reboot itself. (3) To backup your firmware, use the TFTP client program to get file 'ras' from the P-793H v2. 5.
P-793H v 2 Support Notes (2) Press the RESET button for longer than one second and shorter than five seconds and release it. If the POWER LED begins to blink, the P793H v2‟s wireless auto security function-OTIST has been enabled. (3) Press the RESET button for six seconds and release it. If the POWER LED begins to blink, the default configuration has been restored and the P-793H v2 restarts. 9.
P-793H v 2 Support Notes The P-793H v2 supports NAT sets on a remote node basis. They are reusable, but only one set is allowed for each remote node. The P-793H v2 supports 8 sets since there are 8 remote nodes. By factory default, the NAT is select as SUA in Web Configurator, Advanced Setup, Network -> NAT -> General -> NAT Setup. 11.
P-793H v 2 Support Notes Many to One: In Many-to-One mode, the P-793H v2 maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA is optional in today's P-793H v2 routers). Many to Many Overload: In Many-to-Many Overload mode, the P-793H v2 maps multiple ILA to shared IGA. Many One-to-One: In Many One-to-One mode, the P-793H v2 maps each ILA to unique IGA.
P-793H v 2 Support Notes 15. What are Device filters and Protocol filters? In ZyNOS, the filters have been separated into two groups. One group is called 'device filter group', and the other is called 'protocol filter group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'. You can configure the filter rule in SMT. Note: In ZyNOS, you can not mix different filter groups in the same filter set. 16.
P-793H v 2 Support Notes Allow packets that originate from us Filter rule setup: Filter Type =TCP/IP Filter Rule Active =Yes Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z Action Matched =Drop Action No Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask. 10 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Product FAQ 1. What is SHDSL, SHDSL.bis? SHDSL stands for Symmetric High-data-rate Digital Subscriber Line. SHDSL bases on TC-PAM (Trellis Coded Pulse Amplitude Modulation) which offers symmetrical transmission speed up to 2.30 Mbps (2-wire mode). SHDSL.bis boots SHDSL performance to approximately 5.70 Mbps (2-wire mode) or 11.4 Mbps (4-wire mode). 2. How can I manage P-793H v2? Multilingual Embedded Web GUI for Local and Remote management SMT via console.
P-793H v 2 Support Notes 6. What do I need before using the SHDSL? 1. You must order the SHDSL service from your telephone company and choose the service category. 2. Your telephone company must have tested the phone line for the SHDSL transfer rate. 3.
P-793H v 2 Support Notes Traffic shaping parameters (PCR, SCR, MBS) can be set in Menu 4 and Menu 11.6 and is valid for both incoming and outgoing direction since G.shdsl is symmetric. Peak Cell Rate(PCR): The maximum bandwidth allocated to this connection. The VC connection throughput is limited by PCR. Sustainable Cell Rate(SCR): The least guaranteed bandwidth of a VC. When there are multi-VCs on the same line, the VC throughput is guaranteed by SCR.
P-793H v 2 Support Notes P-793H v2 to avoid congestion; traffic shaping takes measures to adapt to unpredictable fluctuations in traffic flows and other problems among virtual connections. 14. The P-793H v2 supports Bridge and Router mode, what's the difference between them? When the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered.
P-793H v 2 Support Notes www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the P-793H v2. When the ISP assigns the P-793H v2 a new IP, the P-793H v2 updates this IP to DDNS server so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable. 18.
P-793H v 2 Support Notes For forwarding the inbound IPSec ESP tunnel, A 'Default' server set is required. You could configure it in Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding -> Default Server Setup: It is because SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. So, to make an internal server for outside access, we must specify the service port and the LAN IP of this server in Web configurator.
P-793H v 2 Support Notes 24. What is Traffic Redirect ? Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet through it's normal gateway. Thus make your backup gateway as an auxiliary backup of your WAN connection. Once Prestige detects its WAN connectivity is broken, Prestige will try to forward outgoing traffic to backup gateway that users specify in traffic redirect configuration menu. 25.
P-793H v 2 Support Notes two-way cable modem transmissions, and while the figure also grows steadily, it will not catch up with telephone lines for many years. Additionally, many of the older cable networks are not capable of offering a return channel; consequently, such networks will need significant upgrading before they can offer high bandwidth services. 2. How do I know the DSL line is up? You can see the DSL LEDs on the P-793H v2's front panel are on Green when the DSL physical layer is up.
P-793H v 2 Support Notes 6. What are the signaling pins of the DSL connector? The signaling pins on the P-793H v2's DSL connector RJ11 cable are pin 3 and 4 for 2-wire mode, and pin 2, 3, 4 and 5 for 4-wire mode. 7. What is triple play? More and more Telco/ISPs are providing three kinds of services (VoIP, Video and Internet) over one existing DSL connection. The different services (such as video, VoIP and Internet access) require different Quality of Service. The high priority is Voice (VoIP) data.
P-793H v 2 Support Notes Triple Play is a VLAN-based policy to forward packets from LAN ports to different PVCs, thus you can configure each PVC separately to assign different QoS to different application. Firewall FAQ General 1. What is a network firewall? A firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network.
P-793H v 2 Support Notes Application-level Firewalls generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform logging and auditing of traffic passing through them. A proxy server is an application gateway or circuit-level gateway that runs on top of general operating system such as UNIX or Windows NT. It hides valuable data by requiring users to communicate with secure systems by mean of a proxy. A key drawback of this device is performance.
P-793H v 2 Support Notes 6. What is Denials of Service (DoS) attack? Denial of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. There are four types of DoS attacks: 1. Those that exploits bugs in a TCP/IP implementation such as Ping of Death and Teardrop. 2.
P-793H v 2 Support Notes 10. What is LAND attack? In a LAN attack, hackers flood SYN packets to the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
P-793H v 2 Support Notes 2. How do I prevent others from configuring my firewall? There are several ways to protect others from touching the settings of your firewall. 1. Change the default Administrator password since it is required when setting up the firewall using Telnet, Console or Web browser. 2. Limit who can telnet to your P-793H v2 or access P-793H v2‟s Web Configurator.
P-793H v 2 Support Notes (1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable WWW/Telnet from WAN, you must turn the firewall off, or create a firewall rule to allow WWW/Telnet connection from WAN. The WAN-to-LAN ACL summary will look like as shown below.
P-793H v 2 Support Notes (4)A filter set which blocks WWW/Telnet from WAN is applied to WAN node. The default filter rule 3 (Telnet_FTP_WAN) is applied in the Input Protocol field in menu 11.5. 4. Why can't I upload the firmware and configuration file using FTP over WAN? (1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable FTP from WAN, you must turn the firewall off (Menu 21.2) or create a firewall rule to allow FTP connection from WAN.
P-793H v 2 Support Notes The P-793H v2 generates the firewall log immediately when the packet matches a firewall rule. The log for Default Firewall Policy (LAN to WAN, WAN to LAN, WAN to WAN) is generated automatically with factory default setting, but you can customize it in Web Configurator, Advanced setup, Maintenance -> Logs ->Log Settings. 2. What does the log show to us? The log supports up to 128 entries. There are 5 columns for each entry. Please see the example shown below: 3.
P-793H v 2 Support Notes 4. When does the P-793H v2 generate the firewall alert? The P-793H v2 generates the alert when an attack is detected by the firewall and sends it via Email. So, to send the alert, you must configure the mail server and Email address using Web Configurator, Advanced Setup, Maintenance -> Logs -> Log Settings. You can also specify how frequently you want to receive the alert in it. 5.
P-793H v 2 Support Notes Because users typically dial the their local ISP for VPN, thus, long distance phone charge is reduced than making a long direct connection to the remote office. (2).Reducing number of access lines Many companies pay monthly charges for two types access lines: (1) highspeed links for their Internet access and (2) frame relay, ISDN Primary Rate Interface or T1 lines to carry data.
P-793H v 2 Support Notes There are two protocols provided by IPSec, they are AH (Authentication Header, protocol number 51) and ESP (Encapsulated Security Payload, protocol number 50). 8. What are the differences between 'Transport mode' and 'Tunnel mode? The IPSec protocols (AH and ESP) can be used to protect either an entire IP payload or only the upper-layer protocols of an IP payload.
P-793H v 2 Support Notes For IKE VPN, the key and SPIs are negotiated from one VPN gateway to the other. Afterward, two VPN gateways use this negotiated keys and SPIs to send packets between two networks. For manual key VPN, the encryption key, authentication key (if needed), and SPIs are predetermined by the administrator when configuring the security association. IKE is more secure than manual key, because IKE negotiation can generate new keys and SPIs randomly for the VPN connection. 13.
P-793H v 2 Support Notes 15. When should I use FQDN? If your VPN connection is P-793H v2 to P-793H v2, and both of them have static IP address, and there is no NAT router in between, you can ignore this option. Just leave Local/Peer ID type as IP, then skip this option. If either side of VPN tunneling end point is using dynamic IP address, you may need to configure ID for the one with dynamic IP address. And in this case, "Aggressive mode" is recommended to be applied in phase 1 negotiation .
P-793H v 2 Support Notes If your P-793H v2 is capable of VPN, you can find the VPN options in Advanced>VPN tab. For configuring a 'box-to-box VPN', there are some tips: 1. If there is a NAT router running in the front of P-793H v2, please make sure the NAT router supports to pass through IPSec. 2. In NAT case (either run on the frond end router, or in P-793H v2 VPN box), only IPSec ESP tunneling mode is supported since NAT againsts AH mode. 3.
P-793H v 2 Support Notes Netopia VPN III VPN 7. What VPN software that has been tested with P-793H v2 successfully? We have tested P-793H v2 successfully with the following third party VPN software. SafeNet Soft-PK, 3DES edition Checkpoint Software SSH Sentinel, 1.4 SecGo IPSec for Windows F-Secure IPSec for Windows KAME IPSec for UNIX Nortel IPSec for UNIX Intel VPN, v. 6.90 FreeS/WAN for Linux SSH Remote ISAKMP Testing Page, (http://isakmp-test.ssh.
P-793H v 2 Support Notes 9. How do I configure P-793H v2 with NAT for internal servers? Generally, without IPSec, to configure an internal server for outside access, we need to configure the server private IP and its service port in SUA/NAT Server Table. However, if both NAT and IPSec is enabled in P-793H v2, the edit of the table is necessary only if the connection is a non-secure connections. For secure connections, none SUA server settings are required since private IP is reachable in the VPN case.
P-793H v 2 Support Notes \ Non-secure host 11. How can I keep a tunnel alive? To keep a tunnel alive, you can check "keep alive" option when configuring your VPN tunnel. With this option, whenever phase 2 SA lifetime is due, IKE negotiation procedure will be invoked automatically even without traffic to make the connection stay.
P-793H v 2 Support Notes function on P-793H v2. To disable it, you can either deactivate each VPN rule or issue a CI command, "ipsec switch off" from SMT menu 24.8. You can get into SMT menu via either telnet or console connection. 15. How do I use PTM Transfer Mode? P-793H v2 supports ENET, PPPOE and RFC1483 encapsulation. Following original design, P-793H v2 supports 8 remote nodes, and each remote node is separated by VLAN ID. 37 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Application Notes General Application Notes 1. Internet Access Using P-793H v2 under Bridge mode Setup your workstation Setup your P-793H v2 under bridge mode If the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use P-793H v2 which works as an DSL bridge modem to connect to the ISP.
P-793H v 2 Support Notes Setup your P-793H v2 The following procedure shows you how to configure your P-793H v2 as bridge mode. We will use Web Configurator to guide you through the related menu. (1) Configure P-793H v2 as bridge mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network -> WAN -> Internet Connection. 39 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Key Settings: Option T ransfer Mode Encapsulation Multiplexing VPI & VCI number Description Select the correct Transfer Mode that your ISP supports. For example, ATM. Select the correct Encapsulation type that your ISP supports. For example, RFC 1483. Select the correct Multiplexing type that your ISP supports. For example, LLC. Specify a VPI (Virtual Path Identifier) and a VCI (Virtual Channel Identifier) given to you by your ISP.
P-793H v 2 Support Notes Set up your P-793H v2 under routing mode The following procedure shows you how to configure your P-793H v2 as Routing mode for routing traffic. We will use Web Configurator to guide you through related menu. (1) Configure P-793H v2 as routing mode and configure Internet setup parameters in Web Configurator, Advanced Setup, Network -> WAN -> Internet Connection. Key Settings: Option Encapsulation Description Select the correct Encapsulation type that your ISP supports.
P-793H v 2 Support Notes (2) Configure a LAN IP for the P-793H v2 and the DHCP settings in Web Configurator, Advanced Setup, Network -> LAN. 3. Internet Access scenarios 4 Wire Application 2 Wire Application Configuration Guide: In WEB Configurator, Network WAN Internet Connection, there are three sets of settings: General, IP Address, and Service Type. 42 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Please set proper parameter for your Internet Access. 4. Back to back scenarios 1 - 1 back to back (1) 4 Wire Application (2) 2 Wire Application 43 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes 1 - 2 back to back Note 1: It is also compatible with G.SHDSL 2.3Mbps application when we connect it with P-792H or P-791R. Note2 : There are two DSL led: DSL1 and DSL2. When we use one line for Internet access or back to back application, DSL1 and DSL2 will act the same as one LED. When we use 1-2 back to back application by Y cable, they will show the respective DSL line status. 5. What is the checklist for making a 1-1 Back-to-Back connection over P793H v2? 1.
P-793H v 2 Support Notes Note: When P-793H v2 works as client, options “Enable Rate Adaption” “Transfer Max Rate” “Transfer Min Rate” and “Standard Mode” are not available to choose. These parameters are then determined by server side. 6. What is the checklist for making a 1-2 Back-to-Back connection over P793H v2? 1. Make sure the two remote P-793H v2s are with Service Mode=2 wire, and Service Type = Client. The central one is with Service Mode=4 wire, and Service Type = Server. 2.
P-793H v 2 Support Notes Setup the P-793H v2 as a DHCP Relay We could set the P-793H v2 as a DHCP Relay via menu 3.2 as below: Or via the following command in CLI: Ip dhcp enif0 mode relay Ip dhcp enif0 relay server [Server IP Address] 8. SUA Notes Tested SUA/NAT Applications (e.g., Cu-SeeMe, ICQ, NetMeeting) 46 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Introduction Generally, SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. However, some applications such as Cu-SeeMe, and ICQ will need to connect to the local user behind the P-793H v2. In such case, a SUA server must be configured to forward the incoming packets to the true destination behind SUA.
P-793H v 2 Support Notes ICQ 99a None for Chat. For DCC, please set: ICQ -> preference -> connections -> firewall and set the firewall time out to 80 seconds in firewall setting. None for Chat ICQ 2000b Default/client IP None for Chat ICQ Phone 2000b None Cornell 1.1 Cu-SeeMe None 2 White Pine 3.1.2 Cu-SeeMe 7648/client IP & 24032/client IP White Pine 4.0 Cu-SeeMe 7648/client IP & 24032/client IP Microsoft NetMeeting 2.1 & None 3.013 Cisco IP/TV 2.0.
P-793H v 2 Support Notes (VNC) AIM (AOL Instant Messenger) None for Chat and IM 5800/client IP 5900/client IP None for Chat and IM 4661 - 4662/client IP e-Donkey None POLYCOM Video None Default/client IP Conferencing iVISTA 4.1 None 80/server IP Microsoft Xbox Live7 None N/A 1 Since SUA enables your LAN to appear as a single computer to the Internet, it is not possible to configure similar servers on the same LAN behind SUA.
P-793H v 2 Support Notes Configure an Internal Server behind SUA Introduction If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number.
P-793H v 2 Support Notes Setup, Network -> NAT -> Port Forwarding. The outside users can access the local server using the P-793H v2's WAN IP address which can be obtained from Web Configurator, Status -> WAN Information. For example: Configuring an internal Web server for outside access (suppose the Server IP Address is 192.168.1.
P-793H v 2 Support Notes Telnet 23 SMTP 25 DNS (Domain Name Server) 53 www-http (Web) 80 Configure a PPTP server behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4.
P-793H v 2 Support Notes PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system. Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter.
P-793H v 2 Support Notes Add an user account for PPTP logged on user Enable RAS port Select the network protocols from RAS such as IPX, TCP/IP NetBEUI Set the Internet gateway to P-793H v2 (2) PPTP client setup (Win9x) Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the P-793H v2's Internet IP address for logging to NT RAS server.
P-793H v 2 Support Notes Before making a VPN connection from the Win9x client to the NT server, you need to know the exact Internet IP address that the ISP assigns to P-793H v2 router in SUA mode and enter this IP address in the VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or Web Configurator, Status -> WAN Information. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can always use this IP address for reaching the VPN server.
P-793H v 2 Support Notes None NAT is disabled w hen you select this option. When you select this option, this remote node w ill use default SUA Address Mapping Set. SUA Only You can see it in CLI by command „ip nat lookup 255‟. It‟s a read-only sets w ith tw o rules: Many-to-One and server mapping. Select Full Feature when you require other mapping types.
P-793H v 2 Support Notes -> NAT -> Port Forwarding. The following table explains the fields in this above screen: Field Description set This is sequence number for Address Mapping Sets 255 for SUA Internal Start IP This is the starting local IP address (ILA). Local End IP Global Start IP Global End IP Option/Example 0.0.0.0 for the Many-to-One type. This is the starting local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255. 255.
P-793H v 2 Support Notes Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail service, while another provides only Web service. The following procedures show how to configure a server behind NAT. Step 1: Login Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding. Step 2: Select the service name from the pull-down menu, and fill in the server Address on „Server IP Address‟, then click button „Add‟ to save it.
P-793H v 2 Support Notes (2) Internet Access with an Internal Server In this case, we do exactly as the figure (use the convenient pre-configured SUA Only set) and also go to Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding to specify the Internet Server behind the NAT as 59 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes below: (3) Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping types are used) In this case we have 3 IGAs from the ISP. We have two very busy internal FTP servers and also an internal general server for the web and mail. In this case, we want to assign the 3 IGAs by the following way using 4 NAT rules. Rule 1 (One-to-One type) to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1 (200.0.0.1).
P-793H v 2 Support Notes Step 1: In this case, we need to map ILA to more than one IGA, therefore we must choose the Full Feature option from the NAT field in currently active remote node, and assign IGA3 to P-793H v2‟s WAN IP Address. Step 2: Go to Web Configurator, Advanced Setup, Network -> NAT -> Address Mapping to begin configuring Address Mapping Set #1. We can see there are 10 blank rule table that could be configured. See the following setup for the four rules in our case.
P-793H v 2 Support Notes Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3. Menu Network -> NAT -> Address Mapping should look as follows now: Step 3: Now we configure all other incoming traffic to go to our web server and mail server from Web Configurator, Advanced Setup, Network -> NAT -> Port Forwarding: (4) Support Non NAT Friendly Applications 62 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. The following figure illustrates this. One rule configured for using Many-to-Many No Overload mapping type is shown below. We can also do this by configure threeOne-to-One mapping type rules. 10.
P-793H v 2 Support Notes With DDNS supported by the P-793H v2, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the P-793H v2. When the ISP assigns the P-793H v2 a new IP, the P-793H v2 must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry.
P-793H v 2 Support Notes Active Toggle to 'Yes'. Host Name Enter the hostname you subscribe from the above DDNS server. For example, zyxel.com.tw . User Name Enter the user name that the DDNS server gives to you. Password Enter the passw ord that the DDNS server gives to you. Enter the hostname for the w ildcard function that the Enable Wildcard WWW.DYNDNS.ORG supports. Note that Wildcard option is available only w hen the provider is http://w ww.dyndns.org/. 11.
P-793H v 2 Support Notes 5. authentication Failure (defined in RFC-1215) : When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager. 6. why Reboot (defined in ZYXEL-MIB) : When the system is going to restart (warm start), the trap will be sent with the reason of restart before rebooting. (1) For intentional reboot : In some cases (download new files, CI command "sys reboot"), reboot is done intentionally.
P-793H v 2 Support Notes The SNMP related settings in P-793H v2are configured in Web Configurator, Advanced Setup, Advanced -> Remote MGNT -> SNMP The following steps describe a simple setup procedure for configuring all SNMP settings. Key Settings: Option Descriptions Enter the correct Get Community. This Get Community must match the Get 'Get-' and 'GetNext' community requested from the NMS. The default is Community 'public'. Enter the correct Set Community.
P-793H v 2 Support Notes Enter the IP address of the NMS that you w ish to send the traps to. If Trap Destination 0.0.0.0 is entered, the P-793H v2w ill not send trap any NMS m anager. Note: You may need to edit a firewall rule to permit SNMP Packets. 12. Using syslog You can configure it in Web Configurator, Advanced Setup, Maintenance -> Logs -> Log Settings -> Syslog logging. Key Settings: Active: Select it to active UNIX Syslog.
P-793H v 2 Support Notes The P-793H v2supports three virtual LAN interfaces via its single physical Ethernet interface. The first network can be configured in Web Configurator, Advanced Setup, Network -> LAN -> DHCP Setup. The second and third networks that we call 'IP Alias 1' and 'IP Alias 2' can be configured in Network -> LAN -> IP Alias. There are three internal virtual LAN interfaces for the P-793H v2 to route the packets from/to the three networks correctly.
P-793H v 2 Support Notes You can edit filter rule to accept or deny LAN packets from/to the IP alias 1/2 go through the P-793H v2 in SMT menu 3.2.
P-793H v 2 Support Notes IP Alias 1 IP Alias 2 Active it and enter the second LAN IP address for the P-793H v2. This w ill create the second route in the enif0:0 interface. Active it and enter the third LAN IP address for the P-793H v2. This w ill create the third route in the enif0:1 interface. 14. Using IP Policy Routing What is IP Policy Routing (IPPR)? Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet.
P-793H v 2 Support Notes Cost Savings- IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost path while using low-path for batch traffic. Load Sharing- Network administrators can use IPPR to distribute traffic among multiple paths. How does the IPPR work? A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met.
P-793H v 2 Support Notes Type of Service= No Change Precedence = No Change This policy example forces the Web packets originated from the clients with IP addresses from 192.168.1.2 to 192.168.1.20 be routed to the remote LAN via the gateway 192.168.1.254. 15. Using Call Scheduling What is Call Scheduling? Call scheduling enables the mechanism for the P-793H v2 to run the remote node connection according to the pre-defined schedule.
P-793H v 2 Support Notes Start Date Start date of this schedule rule. It can be unmatched w ith w eekday setting. For example, if Start Date is 2000/10/02(Monday), but Monday setting in w eekday can be No. The node w ill alw ays keep up during the setting period. It is equivalent to disable the idle timeout. Forced On The node w ill alw ays keep open during the setting period. The Forced Dow n connected remote node w ill be dropped.
P-793H v 2 Support Notes Protocol (RFC-868), and NTP protocol (RFC-1305). You have to assign an IP address of a time server and then, the P-793H v2will get the date, time, and time-zone information from this server. You can configure it in Web Configurator, Advanced Setup, Maintenance -> System -> Time Setting. 16. Using IP Multicast What is IP Multicast ? Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts.
P-793H v 2 Support Notes IP Multicast Setup (1) Enable IGMP in P-793H v2's LAN in Web Configurator, Advanced Setup, Network -> LAN -> IP -> Advanced Setup. (2) Enable IGMP in P-793H v2's remote node in Web Configurator, Advanced Setup, Network -> Remote Node -> Edit -> Multicast. Key Settings: Multicast IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. 17. Using Bandwidth Management Why Bandwidth Management (BWM)? Nowadays, we have many different traffic types for Internet applications.
P-793H v 2 Support Notes Key Settings: Check the box to enable BWM on the interface. Note that if you w ould like Active Speed to manage traffic from WAN to LAN, you should apply BWM on LAN interface. Enter the total speed to manage on this interface. This value is the budget of the class tree's root. Choose the principle to allocate bandw idth on this interface. Scheduler Priority-Based allocates bandw idth via priority. Fairness-Based allocates bandw idth by ratio.
P-793H v 2 Support Notes Key Settings: RuleName Give this rule a name, for example, 'WWW' BW Budget Configure the bandw idth you w ould like to allocate to this rule Priority Enter a number betw een 0 and 7 to set the priority of this class. The higher the number, the higher the priority. The default setting is 3. Check this box if you w ould like to let this class to borrow bandw idth from it's parents w hen the required bandw idth is higher than the configured Use All Managed amount.
P-793H v 2 Support Notes Source Port Enter the source port number of the traffic. Protocol ID Enter the protocol number for the traffic. 1 for ICMP, 6 for TCP or 17 for UDP After configuration BWM, you can check current bandwidth of the configured traffic in Web Configurator, Advanced Setup, Advanced -> Bandwidth MGMT-> Monitor. 18.
P-793H v 2 Support Notes For example: 802 groupset 1 1 LAN 1 PVC 1 untagged 802 groupset 2 2 LAN 2 PVC 2 untagged 802 groupset 3 3 LAN 3 PVC 3 untagged The traffic from Ethernet port 1 must be forwarded to PVC1, vice versa. The traffic from Ethernet port 2 must be forwarded to PVC2, vice versa. The traffic from Ethernet Port 3 must be forwarded to PVC3, vice versa. Note: Only the group vid matches management vid, PC in this group could manage the device. 20.
P-793H v 2 Support Notes Fail Tolerance: Type the number of times (2 recommended) that your P-793H v2 may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection. Recovery Interval: When the P-793H v2 is using a lower priority connection (usually a WAN Backup connection), it periodically checks to whether or not it can use a higher priority connection.
P-793H v 2 Support Notes 21. How to deal with Triangle Route and Traffic redirect? Traffic redirect scenario: (1). Triangle route introduction 82 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes A traffic route is a path for sending or receiving date packets between two Ethernet devices. Some companies have more than one alternate route to one or more ISPs. If the LAN and ISP(s) are in the same subnet, the “triangle route” problem may occur. The steps below describe the “triangle route” problem. 1. A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. 2.
P-793H v 2 Support Notes 2) Deploy your second gateway on WAN side Put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your P-793H v2 to your LAN. Therefore your LAN is protected. Traffic redirect LAN setup example 2: 3) Allow firewall bypass triangle route checking To resolve this conflict, we add an option for users to allow/disallow such Triangle Route topology in both CI command and Web configurator .
P-793H v 2 Support Notes 22. How to setup Dial Backup? Please refer to “20.How to setup traffic redirect in P-793H v2?” to Configure parameters in WEB Configuration “Network WAN Wan Backup”. After finishing WAN Backup Setup settings, please do below configurations for dial backup: Active: Turn on or off dial backup. Metric: Enter a number from 1 to 15 to give your dial backup route a priority number. The smaller the number, the higher priority the route has.
P-793H v 2 Support Notes remote node. Advanced Setup: Click this button to display the Advanced Setup screen and edit more details of your WAN backup setup.(For more descriptions, please refer to User‟s Guide). IPSEC VPN Application Notes 1. How to use P-793H v2 to build VPN Tunnel with another VPN Gateway/ Software? This page will guide you to setup a VPN connection between two Prestige routers. In addition to Prestige to Prestige, Prestige can also talk to other VPN hardwards/softwares.
P-793H v 2 Support Notes As the figure shown below, the tunnel between Prestige 1 and Prestige 2 ensures the packets flow between PC 1 and PC 2 are secure. Because the packets go through the IPSec tunnel are encrypted. To achieve this VPN tunnel, the settings required for each Prestige are explained in the following sections. The IP addresses we use in this example are as below. PC 1 192.168.1.33 Prestige A Prestige B PC 2 LAN: 192.168.1.1 LAN: 192.168.2.1 192.168.2.33 WAN: WAN: 202.132.154.1 168.10.
P-793H v 2 Support Notes (3) On the SUMMARY menu, select a policy to edit by clicking Edit. On P793H v2, we can build at most 2 VPN Tunnels. Just make a click on the „Edit‟ button in the table, we can begin to configure the VPN rule. (4) In the IPSEC Setup field, toggle Active check box and give a name, Test in the example to this policy. Select IPSec Key Mode to IKE, Negotiation Mode to Main, and Encapsulation Mode to Tunnel, just the same as we will configure in Prestige B.
P-793H v 2 Support Notes My IP Address is the WAN IP of Prestige A, 202.132.154.1 in the example. Secure Gateway Address is the remote secure gateway, Prestige B‟s WAN IP, 168.10.10.66 in the example. Local ID Type as IP, and Content as 0.0.0.0 in the example. Peer ID Type as IP, and Content as 0.0.0.1 in the example. Note: Make sure the ID Type and content consistent between the two VPN secure gateways.
P-793H v 2 Support Notes Note: If there‟s a NAT router between the two VPN Secure Gateways, we should only choose „ESP‟ VPN Protocol. The minimum length of Pre-Shared Key is 8. (8) A common VPN Rule has been completed, you can click „Apply‟ to save it. But if you want to make more special configuration, you could click „Advanced‟ to continue: Note: If you make any change in advanced setup, you need to configure the same on Prestige B. We don‟t do any advanced setup in the example.
P-793H v 2 Support Notes Secure Gateway Address is the remote secure gateway, Prestige A‟s WAN IP, 202.132.154.1 in the example. (3) Local ID Type /Content should be the same as Prestige A‟s Peer ID Type/Content, IP/0.0.0.1 in the example. Peer ID Type /Content should be the same as Prestige A‟s Local ID Type/ Content, IP/0.0.0.0 in the example. Step 3: Verify if the VPN Tunnel has been established successfully If the connection between PC 1 and PC 2 is ok, we know the tunnel works.
P-793H v 2 Support Notes Prestige> ipsec debug 1 IPSEC debug level 1 Prestige> catcher(): recv pkt numPkt<1> get_hdr nxt_payload<1> exchMode<2> m_id<0> len<80> f76af206 b187aae3 00000000 00000000 01100200 00000000 00000050 00000034 00000001 00000001 00000028 01010001 00000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c0e10 In isadb_get_entry, nxt_pyld=1, exch=2 New SA (2) View IPSec Log We can also view the log for IPSec and IKE connections for trouble shooting.
P-793H v 2 Support Notes Most of the cases, static IP addresses are used for VPN tunneling endpoints. But for SOHO users, generally, it is a dynamic case. In this case, this IP will not be available to be predefined in the VPN box. There are some tips when configure Prestige in any dynamic case. Prestige static WAN IP v.s. peer side dynamic IP We need to note: (1) In VPN settings of Prestige, please specify the IP address of Secure Gateway as 0.0.0.
P-793H v 2 Support Notes Solution 1: Step 1: In Prestige A, please register a DDNS account from http://www.dyndns.org or http://dynupdate.no-ip.com Setp 2: Enable DynDNS function on Prestige A via Web configurator, Advanced -> Dynamic DNS. And in VPN settings on Prestige A, please specify the IP address of My IP as 0.0.0.0 and Secure Gateway as 0.0.0.0 (Here we take P-793H v2 Web Configurator as the example). Step 3: In Prestige B, please specify the IP address of My IP as 0.0.0.
P-793H v 2 Support Notes Generally, without IPSec, to configure an internal server for outside access, we need to configure the server private IP and its service port in SUA/NAT Server Table. The NAT router then will forward the incoming connections to the internal server according to the service port and private IP entered in SUA/NAT Server Table. However, if both NAT and IPSec is enabled in Prestige, the edit of the table is necessary only if the connection is a non-secure connections.
P-793H v 2 Support Notes The IP addresses we use in this example are as shown below. Branch_A WAN:202.3.1.1 LAN:192.168.3.1 LAN of Branch_A 192.168.3.0/24 Headquarter WAN:202.1.1.1 LAN:192.168.1.1 LAN of Headquarter 192.168.1.0/24 Branch_B WAN:202.2.1.1 LAN:192.168.2.1 LAN of Branch_B 192.168.2.0/24 Setp 1: Setup VPN in branch office A Because VPN routing enables branch offices to talk to each other via tunnels concentrated on headquarter.
P-793H v 2 Support Notes Remote Address Type is Range Address and IP Address Start is 192.168.1.0, IP Address End is 192.168.2.255. This section covers the LAN segment of both headquarter and branch office B. (2) My IP Address is the WAN IP of Prestige in Branch_A, 202.3.1.1 in the example. Secure Gateway Address is IP address of Headquarter, 202.1.1.1 in the example. (3) Suppose the pre-shared key is 01234567, we should configure the same key in the corresponding rule in Headquarter VPN Gateway.
P-793H v 2 Support Notes (3) Suppose the pre-shared key is 01234567, we should configure the same key in the corresponding rule in Headquarter VPN Gateway. (4) You can setup IKE phase 1 and phase 2 parameters by pressing Advanced button. Please make sure that parameters you set in this menu match with all the parameters with the corresponding VPN rule in headquarter. We don‟t make any advanced setup in the example. 98 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Support Tool 1. LAN/WAN Packet Trace The P-793H v2 packet trace records and analyzes packets running on LAN and WAN interfaces. It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of P-793H v2. It is also very helpful for diagnostics if you have compatibility problems you‟re your ISP or if you want to know the details of a packet for configuring a filter rule.
P-793H v 2 Support Notes (2) Trace WAN packet Disable the capture of the LAN packet by entering: sys trcp channel enet0 none Enable to capture the WAN packet by entering: sys trcp channel mpoa00 bothw ay Enable the trace log by entering: sys trcp sw on & sys trcl sw on Display the brief trace online by entering: sys trcd brief Display the detailed trace online by entering: sys trcd parse Example: 100 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Offline Trace Disable the capture of the WAN packet by entering: sys trcp channel mpoa00 none Enable the capture of the LAN packet by entering: sys trcp channel enet0 bothw ay Enable the trace log by entering: sys trcp sw on & sys trcl sw on Wait for packet passing through the P-793H v2 over LAN Disable the trace log by entering: sys trcp sw off & sys trcl sw off Display the trace briefly by entering: sys trcp brief Display specific packets by using: sys trcp par
P-793H v 2 Support Notes Capture the detailed logs by Hyper Terminal Step 1: Initiate a hyper terminal connection from your PC(suppose you connected to the LAN port of P-793H v2) Step 2: Click the „properties‟ to configure parameters to telnet to the P-793H v2. 102 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Step 3: So that after you invoke the relevant commands, you could save the logs you‟ve captured. 2. Firmware/Configurations Uploading and Downloading using TFTP 103 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes Using TFTP client software Upload/download ZyNOS via LAN Upload/download P-793H v2 configurations via LAN (1) Using TFTP to upload/download ZyNOS via LAN Step 1: TELNET to your P-793H v2 first before running the TFTP software Step 2: Type the CI command 'sys stdio 0' to disable console idle timeout in Command Line Interface (CLI) Step 3: Run the TFTP client software Step 4: Enter the IP address of the P-793H v2 Step 5:To upload the firmware, please save the remote file as 'ra
P-793H v 2 Support Notes Step 5: To upload the P-793H v2configuration, please save the remote file as 'rom-0' in the P-793H v2. An example: The 192.168.1.1 is the IP address of the P-793H v2. The local file is the source file of your configuration file that is available in your hard disk. The remote file is the file name that will be saved in P-793H v2. Check the port number 69 and 512-Octet blocks for TFTP. Check 'Binary' mode for file transfering.
P-793H v 2 Support Notes 2. Type the CI command 'sys stdio 0' to disable console idle timeout in Command Line Interface (CLI) Example: [cppwu@faelinux cppwu]$ telnet 192.168.1.1 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. Password: **** ras> sys stdio 0 (Open a new window) [cppwu@faelinux cppwu]$ tftp -I 192.168.1.1 get rom-0 [local-rom] <- change to binary mode <- dow nload configurations [cppwu@faelinux cppwu]$ tftp -I 192.168.1.
P-793H v 2 Support Notes Step 5 Use 'put' command to transfer the file to the P-793H v2. Example: Step 1: Connect to the P-793H v2 by entering the P-793H v2's IP and Administrator password in the FTP software. Set the transfer type to 'AutoDetect' or 'Binary'. Step 2: Press 'OK' to ignore the 'Username' prompt. Step 3: To upload the firmware file, we transfer the local 'ras' file to overwrite the remote 'ras' file.
P-793H v 2 Support Notes the remote 'rom-0' file. Step 4: The P-793H v2 reboots automatically after the uploading is finished. Please do not power off the router at this moment. 108 All contents copy right © 2010 Zy XEL Communications Corporation.
P-793H v 2 Support Notes CI Command Reference Command Syntax and General User Interface CI has the following command syntax: command subcommand [param] command subcommand [param] command ? | help command subcommand ? | help General user interface: 1. 2. ? Shows the following commands and all major (sub)commands exit Exit Subcommand To get the latest CI Command list The latest CI Command list is available in release note of every ZyXEL firmware release.
P-793H v 2 Support Notes Reference 1. PPP Numbers POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS PPP DLL PROTOCOL NUMBERS The Point-to-Point Protocol (PPP) Data Link Layer [146,147,175] contains a 16 bit Protocol field to identify the encapsulated protocol. The Protocol field is consistent with the ISO 3309 (HDLC) extension mechanism for Address fields.
P-793H v 2 Support Notes 004d 004f 0051 0053 0055 0057 006f 0071 0073 007d 007f 0081 0083 00c1 00cf 00fb 00fd 00ff SNA Pv6 Header Compression KNX Bridging Data [ianp] Encryption [Meyer] Individual Link Encryption [Meyer] Internet Protocol version 6 [Hinden] Stampede Bridging Reserved [Fox] MP+ Protocol [Smith] reserved (Control Escape) [RFC1661] reserved (compression inefficient) [RFC1662] Reserved Until 20-Oct-2000 [IANA] Reserved Until 20-Oct-2000 [IANA] NTCITS IPI [Ungar] reserved (PPP NLPID) single li
P-793H v 2 Support Notes 802b 802d 802f 8031 8033 8035 8037 8039 803b 803d 803f 8041 8043 8045 8047 8049 804b 804d 804f 8051 8053 8055 8057 806f 8073 8071 807d 8081 8083 80c1 80cf 80fb 80fd 80ff 8207 8209 8235 8281 8283 Novell IPX Control Protocol reserved reserved Bridging NCP Stream Protocol Control Protocol Banyan Vines Control Protocol reserved till 1993 reserved reserved Multi-Link Control Protocol NETBIOS Framing Control Protocol Cisco Systems Control Protocol Ascom Timeplex Fujitsu LBLB Control
P-793H v 2 Support Notes c021 c023 c025 c027 c029 c02b c02d c081 c223 c225 c227 c229 c26f c281 c283 c481 Link Control Protocol Password Authentication Protocol Link Quality Report Shiva Password Authentication Protocol CallBack Control Protocol (CBCP) BACP Bandwidth Allocation Control Protocol [RFC2125] BAP [RFC2125] Container Control Protocol [KEN] Challenge Handshake Authentication Protocol RSA Authentication Protocol [Narayana] Extensible Authentication Protocol [RFC2284] Mitsubishi Security Info Exch
P-793H v 2 Support Notes 7 8* 9* 10 * 11 * 12 * 13 * 14 + 15 + * + Code-Reject Protocol-Reject Echo-Request Echo-Reply Discard-Request Identification Time-Remaining Reset-Request [RFC1962] Reset-Reply [RFC1962] LCP Only CCP Only PPP LCP CONFIGURATION OPTION TYPES The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) specifies a number of Configuration Options which are distinguished by an 8 bit Type field.
P-793H v 2 Support Notes 21 22 23 24 25 26 27 DCE-Identifier [SCHNEIDER] Multi-Link-Plus-Procedure [Smith] Link Discriminator for BACP [RFC2125] LCP-Authentication-Option [ Culbert] Consistent Overhead Byte Stuffing (COBS) [Carlson] Prefix elision [Bormann] Multilink header format [Bormann] IPV6CP CONFIGURATION OPTIONS IPV6CP Configuration Options allow negotiation of desirable IPv6 parameters. IPV6CP uses the same Configuration Option format defined for LCP, with a separate set of Options.
P-793H v 2 Support Notes 3 4-15 16 17 18 19 20 21 22 23 24 25 26 27-254 255 Puddle Jumper [RFC1962] unassigned Hewlett-Packard PPC [RFC1962] Stac Electronics LZS [RFC1974] Microsoft PPC [RFC2118] Gandalf FZA [RFC1962] V.
P-793H v 2 Support Notes A one octet field is used in the Challenge-Handshake Authentication Protocol (CHAP) to indicate which algorithm is in use [RFC1994].
P-793H v 2 Support Notes The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Callback Configuration Option contains an 8-bit Operations field which identifies the format of the Message. These are assigned as follows: Operation Description ---------------------------------------------------------------------------------0 Location determined by user authentication. 1 Dialing string. 2 Location identifier. 3 E.164 number. 4 X.500 distinguished name.
P-793H v 2 Support Notes 4 5 6 7 8 AT-Compression-Protocol Reserved Server-information Zone-information Default-Router-Address PPP OSINLCP CONFIGURATION OPTION TYPES The Point-to-Point Protocol (PPP) OSI Network Layer Control Protocol (OSINLCP) specifies a number of Configuration Options [RFC1377] which are distinguished by an 8 bit Type field.
P-793H v 2 Support Notes 6 7 MAC-Address Spanning-Tree-Protocol PPP BRIDGING MAC TYPES The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP) contains an 8 bit MAC Type field which identifies the MAC encapsulated. These Types are assigned as follows: Type MAC -------------------------------------------------------------------------------0 Reserved 1 IEEE 802.3/Ethernet with cannonical addresses 2 IEEE 802.4 with cannonical addresses 3 IEEE 802.
P-793H v 2 Support Notes 2 3 4 5 6 IPX-Node-Number [RFC1552] IPX-Compression-Protocol [RFC1552] IPX-Routing-Protocol [RFC1552] IPX-Router-Name [RFC1552] IPX-Configuration-Complete [RFC1552] IPX COMPRESSION PROTOCOL VALUES Value Protocol Reference ----------------------------------------------------------------------2 Telebit Compressed IPX [Fox] 235 Shiva Compressed NCP/IPX [Fox] IPX-ROUTING-PROTOCOL OPTIONS Value Protocol Reference ----------------------------------------------------------0 No
P-793H v 2 Support Notes PPP EAP REQUEST/RESPONSE TYPES A one octet field is used in the Extensible Authentication Protocol (EAP) to indicate the function and structure of EAP Request and Response packets [RFC2284].
P-793H v 2 Support Notes discard discard systat systat 9/tcp sink null 9/udp sink null 11/tcp 11/tcp users daytime daytime netstat qotd qotd chargen chargen ftp-data ftp telnet smtp time time 13/tcp 13/udp 15/tcp 17/tcp quote 17/udp quote 19/tcp ttytst source 19/udp ttytst source 20/tcp 21/tcp 23/tcp 25/tcp mail 37/tcp timserver 37/udp timserver rlp name name 39/udp resource 42/tcp nameserver 42/udp nameserver # resource location whois domain domain 43/tcp nicname # usually to sri-nic 53/tcp namese
P-793H v 2 Support Notes sunrpc auth sftp path 111/udp 113/tcp 115/tcp 117/tcp authentication uucp-path 117/tcp nntp 119/tcp usenet # Network News Transfer ntp 123/udp ntpd ntp # network time protocol nbname 137/udp nbdatagram 138/udp nbsession 139/tcp NeWS 144/tcp news sgmp 153/udp sgmp tcprepo 158/tcp repository # PCMAIL snmp 161/udp snmp snmp-trap 162/udp snmp print-srv 170/tcp # network PostScript vmnet 175/tcp load 315/udp vmnet0 400/tcp sytek 500/udp biff 512/udp comsat exec 512/tcp login 513/tcp
P-793H v 2 Support Notes monitor 561/udp garcon 600/tcp maitrd 601/tcp busboy 602/tcp acctmaster 700/udp acctslave 701/udp acct 702/udp acctlogin 703/udp acctprinter 704/udp elcsd 704/udp acctinfo 705/udp acctslave2 706/udp acctdisk 707/udp kerberos 750/tcp kdc kerberos 750/udp kdc kerberos_master 751/tcp kerberos_master 751/udp passwd_server 752/udp userreg_server 753/udp krb_prop 754/tcp erlogin 888/tcp kpop 1109/tcp phone 1167/udp ingreslock 1524/tcp maze 1666/udp nfs 2049/udp knetd 2053/tcp eklogin 210
P-793H v 2 Support Notes rscs6 rscs7 rscs8 rscs9 rscsa rscsb qmaster qmaster 10006/udp 10007/udp 10008/udp 10009/udp 10010/udp 10011/udp 10012/tcp 10012/udp 3. Protocol Numbers In the Internet Protocol version 4 (IPv4) [RFC791] there is a field, called "Protocol", to identify the next level protocol. This is an 8 bit field. In Internet Protocol version 6 (IPv6) [RFC1883] this field is called the "Next Header" field.
P-793H v 2 Support Notes 22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX] 23 TRUNK-1 Trunk-1 [BWB6] 24 TRUNK-2 Trunk-2 [BWB6] 25 LEAF-1 Leaf-1 [BWB6] 26 LEAF-2 Leaf-2 [BWB6] 27 RDP Reliable Protocol [RFC908,RH6] Data 28 IRTP Internet Reliable Transaction[RFC938,TXM] 29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77] 30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1] 31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2] 32 MERIT-INP MERIT Internodal Protocol [HWB] 33 SEP Sequential Exchange Protocol [JC120]
P-793H v 2 Support Notes 65 KRYPTOLAN 66 67 68 69 70 RVD IPPC 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 Kryptolan [PXL1] MIT Remote Disk Protocol [MBG] Virtual Internet Pluribus Packet Core [SHB] any distributed file system [IANA] SAT-MON SATNET Monitoring [SHB] VISA VISA Protocol [GXT1] Packet Core Utility [SHB] Protocol Network Executive[DXM2] Protocol Heart Beat [DXM2] WSN Wang Span Network [VXD] PVP Packet Video Protocol [SC
P-793H v 2 Support Notes 109 110 111 112 115 116-254 255 SNP Compaq-Peer IPX-in-IP VRRP L2TP Sitara Networks Protocol [Sridhar] Compaq Peer Protocol [Volpe] IPX in IP [Lee] Virtual Router Redundancy Protocol [Hinden] Reliable Transport Protocol[Speakman] 0-hop protocol [IANA] Layer Two Tunneling Protocol [Aboba] Unassigned [IANA] Reserved [IANA] 129 All contents copy right © 2010 Zy XEL Communications Corporation.
