zyxel prestige router technical training zyxel communications corporation march. 1999
TRANSCRIPT
ZyXEL Prestige Router Technical Training
ZyXEL Communications Corporation
March. 1999
Outline
• Prestige Product Line Overview.
• Prestige Technical Training.
Prestige Product Line Overview
• An overview of Prestige router product line– Prestige Product Family– Small Office and Home Office (SOHO)– Small and Medium Business (SMB)
Prestige Product Family
• Prestige 100 series: First generation• Prestige 200 series
– SOHO market– IP-based, single WAN port
• Prestige 400 series– Small business market– Multi-protocol, single/dual WAN port
• Prestige 1000 series– Small/Medium Business– Multi-protocol, T1/E1 WAN speed, VPN & Firewall
SOHO Router Product Line
P100 P200
P100MH
P100WH
P204
P240
P220
P100IH
Q1 Q2 Q3 Q4 Q1/Y2KCurrent
IP only, ISDN+10/100M Switch/hub
+Printer Server
IP only, ADSL lite+10/100M
IP only, ISDN+10/100M
IP only, 10M LAN as WAN
+10/100M
P206
IP only, ISDN+HomePNA
SMB Router Product Line
P128 P400
P128L
P2864I P128IMH
P128MH
Q1 Q2 Q3 Q4 Q1/Y2KCurrent
P480P482
IP/IPX, Dual BRI+10/100M
IP/IPX, Dual BRI+ Dual CSM+10/100M
IP/IPX, ISDN+10/100M
Total Internet Access
• ISDN Router– One/Dual BRI
• PSTN Router– One/Dual 56k modem
• WAN Router– Async/Sync WAN port
– One/Three WAN port
• xDSL Router – ADSL
– IDSL
Prestige Technical Training
• Software information
• User interface and system information
• Application case study
Software Information
• ZyXEL Networking Operating System (ZyNOS)– Operating System with Network Protocol
support– Remote Access Service code - RAS code– Configuration file - Romfile0– Boot module
Software Information
Kernal
System Service NDIS driver Boot Module
Connection Manager Network Protocols
Applications
User interface and system information
• User interface– System Management Terminal (SMT)– Prestige Web Configurator (PWC)
• Prestige Configuration Tool (PCT)
– PNC
System information
• Debug mode
• Command Interpreter mode
• System upgrade– RAS code (firmware)– Romfile0– Boot module
• Hardware and software feature matrix– DRAM vs SRAM vs Flash vs PWC vs RAS version
ISDN Model vs RAS Version
P2864I(1,0.5)
Yes A2No NoNoNo P128IMH
P128(1, 0.5)
Yes A0No NoNoNo P128+
P128L(1, 0.5)
Yes A0No NoNoNo *
P100(1,0.5,256)
YesB2-> C1(1,2,128)
No YesYesYes
(S/T only)P200
P128+(2,2,256)
YesB3 -> C1(2,2,128)
No YesYesYes
(S/T only)P400
P100IH(1,2)
Yes A0No YesYesYes
(S/T only)P100IH
New
P100IHNew(1,2)
No A0No YesYesNo P204
P128IMH(2,4)
No A0No YesYesNo *
F/W ( RAS version )H/W Migration
1.5x 2.402.20 2.212.1
P2864I(1,0.5)
Yes A2No NoNoNo P128IMH
P128(1, 0.5)
Yes A0No NoNoNo P128+
P128L(1, 0.5)
Yes A0No NoNoNo *
P100(1,0.5,256)
YesB2-> C1(1,2,128)
No YesYesYes
(S/T only)P200
P128+(2,2,256)
YesB3 -> C1(2,2,128)
No YesYesYes
(S/T only)P400
P100IH(1,2)
Yes A0No YesYesYes
(S/T only)P100IH
New
P100IHNew(1,2)
No A0No YesYesNo P204
P128IMH(2,4)
No A0No YesYesNo *
F/W ( RAS version )H/W Migration
1.5x 2.402.20 2.212.1
ISDN Model vs PWC Version
P2864I(1,0.5)
No NoNo
P128(1, 0.5)
Yes No NoNo
P128L(1, 0.5)
No No NoNo
P100(1,0.5,256)
Yes Yes YesYes
P128+(2,2,256)
Yes Yes YesYes
P100IH(1,2)
Yes Yes YesYes
P100IHNew(1,2)
No Yes YesYes
P128IMH(2,4)
Yes No YesYes
S/W (PWC)
2.10 2.20 2.21PNC
Yes
WAN/Modem Model vs RAS Version
P2864I(1,0.5)
Yes A2No NoNoNo P128IMH
P128(1, 0.5)
Yes A0No NoNoNo P128+
P128L(1, 0.5)
Yes A0No NoNoNo *
P100(1,0.5,256)
YesB2-> C1(1,2,128)
No YesYesYes
(S/T only)P200
P128+(2,2,256)
YesB3 -> C1(2,2,128)
No YesYesYes
(S/T only)P400
F/W ( RAS version )H/W Migration
1.5x 2.402.20 2.212.1
P100MH(1,2)
No A2->B0Yes YesYesNo *
P100WH(1,2)
No A1Yes YesYesNo *
P153(2,4)
No B0Yes YesYesNo *
P153X(2,4)
No A1Yes YesYesNo
P128MH(2,4)
No A2 -> B0Yes YesYesNo *
F/W ( RAS version )H/W Migration
1.5x 2.402.20 2.212.1
*
WAN/Modem Model vs PWC Version
P100MH No YesYes
P100WH(1,2)
Yes No YesYes
P153(2,4)
No No YesNo
P153X(2,4)
No No YesNo
P128MH(2,4)
No No YesYes
S/W (PWC)
2.10 2.20 2.21PNC
Yes
Application Case Study
(1) Internet Access with SUA
InternetW AN(ISDN/PSTN) ISP
(1) Single User Account
WS
ISP
Prestige
Source IP=192.168.10.1Source port=1038Destination IP=200.101.1.1Destination port=23
Source IP=200.100.1.1Source port=5001Destination IP=200.101.1.1Destination port=23
LAN IP address WAN IP addressIP = 200.100.1.1
(2) LAN-to-LAN for TCP/IP
W AN(ISDN/PSTN)
Pre_1192.168.10.1
Internet
Pre_2192.168.20.1
SUA
LAN_1 LAN_2
202.132.154.10
202.132.154.1192.168.20.2
(2) LAN-to-LAN for TCP/IPPre_1> ip route statusDest FF Len Interface Gateway Metric stat Timer Use202.132.154.1 00 32 wan1ppp 202.132.154.1 1 0329 0 0192.168.20.1 01 32 wan0ppp 192.168.20.1 1 0329 0 0192.168.10.255 00 32 en0if 192.168.10 1 1 001d 0 0192.168.20.0 01 24 wanIdle 192.168.20.1 2 002b 0 0192.168.10.0 00 24 en0if 192.168.10.1 1 001b 0 0default 00 0 wan1ppp ISP 2 00ab 0 5
Dest : Destination routeFF: Remote node index referenced by RAS codeLEN : Subnet mask lengthInterface: en0if -> Ethernet interface; wan0ppp / wan1ppp -> WAN interface (non-ZyNOS)Gateway: gateway IP addressMetric : Hop countTimer : Timer for a route that is learned by RIP. For example, if Timer=30, it means that if Prestige does not receive corresponding RIP packet within 30 seconds. This route will be deleted.0 means infinity.Use : The number of packet that go through the corresponding route.Default : Default route. All the unknown packet will be sent to default route. In this case, to the remote node name ISP.
(2) LAN-to-LAN for TCP/IP
• How the route is decided ?• RIP-1, RIP-2B, RIP-2M
– RIP-1• accept & send RIP-1 message only.
– RIP-2B• accept RIP-1 & RIP-2 message (both broadcast &
multicast)• send RIP-2 message in broadcast format
– RIP-2M• accept RIP-1 & RIP-2 message (both broadcast &
multicast)• send RIP-2 message in multicast format
(2) LAN-to-LAN for TCP/IP
• Routing table with ZyNOSPre_1> ip route statDest FF Len Interface Gateway Metric stat Timer Use202.132.154.1 00 32 wanif1 202.132.154.1 1 03a9 0 3192.168.20.1 01 32 wanif0 192.168.20.1 1 03a9 0 6202.132.154.0 00 24 wanif1 202.132.154.1 2 0029 170 0192.168.20.0 01 24 wanif0 192.168.20.1 2 00ab 0 0192.168.10.0 00 24 enif0 192.168.10.1 1 041b 0 17default 00 0 wanif1 ISP 2 00ab 0 1
pre-ZyNOS ZyNOSwan0ppp wanif0wan1ppp wanif1
en0if enif0
(3) Multiple SUA
Pres_1192.168.10.1
Internet
Pre_2192.168.20.1
SUA
LAN_1 LAN_2
202.132.154.10
202.132.154.1192.168.20.2
192.168.20.10
SUA
(3) IPCP under SUA
Pre_1> ppp iface wan0ppp ipcp ( ZyNOS: ppp iface wanif0 ipcp )Iface wan0ppp IPCP Opened In: 6 Out: 4; IP In: 29 Out: 6 Local: will(000c) want(000c) work(000c) Want: address 0.0.0.0
Work: address 192.168.20.10 <--- Assigned by Pre_2 IP pool Remote: will(000c) want(0000) work(000c) Want: address 192.168.20.1 Work: +address 192.168.20.1 In: TCP comp 16 (01) 0:0, 0 Bad, 0 Tossed Out: TCP comp 16 (01) 0:0, 0 AsIs 0 Searches, 0 Misses, 6 NotTCP
If WAN IP address is not specified in Menu 11.3, thenLAN IP address is used. It is called IP unnumbered in terms of Cisco.Borrow LAN IP to be as WAN IP.
(4) Win9x/NT DUN dial to Prestige
W AN(ISDN/PSTN)
Pres_1IP:202.132.155.91
LAN
TA
Internet
P153IP:202.132.155.253
(4) Win9x IP routing table
< Before dial up to Prestige> Network Address Netmask Gateway Address Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
< After dial up to Prestige> Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 202.132.155.92 202.132.155.92 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 202.132.155.0 255.255.255.0 202.132.155.92 202.132.155.92 1 202.132.155.92 255.255.255.255 127.0.0.1 127.0.0.1 1 202.132.155.255 255.255.255.255 202.132.155.92 202.132.155.92 1 224.0.0.0 224.0.0.0 202.132.155.92 202.132.155.92 1 255.255.255.255 255.255.255.255 202.132.155.92 202.132.155.92 1
(5) Microsoft Call Back Control ProtocolPrestige-to-Prestige
W AN(ISDN/PSTN)
LAN
Prestige call back to Prestige with call back number pre-configured
LAN
Pre_2 P128
(5) Microsoft Call Back Control ProtocolPrestige-to-Prestige
Pre_2> sys trcl disp 70 546be 15e PDI1 dialer Dialing chan<1> phone(last 9-digits):3000072 54830 0 PDI1 ebp=44c94c,seqNum=20 PPP1-XMIT:3 len:23 0000: ff 03 c0 21 01 03 00 13 01 04 05 f4 02 06 00 00 0010: 00 00 08 02 0d 03 0675 5484e 0 PNET ebp=44c9dc,seqNum=23 PPP1-RECV:3 len:23 0000: ff 03 c0 21 02 03 00 13 01 04 05 f4 02 06 00 00 0010: 00 00 08 02 0d 03 06 76 54858 0 PNET ebp=44ca0c,seqNum=24 PPP1-RECV:3 len:24 0000: ff 03 c0 21 01 46 00 14 01 04 05 f4 02 06 00 00 0010: 00 00 03 04 c0 23 08 02 77 54858 0 PNET ebp=44ca3c,seqNum=25 PPP1-XMIT:3 len:24 0000: ff 03 c0 21 02 46 00 14 01 04 05 f4 02 06 00 00 0010: 00 00 03 04 c0 23 08 02 78 54858 186 PNET ppp LCP up 79 54862 189 PNET ppp PAP sending acnt/pw 93 55438 157 PDI2 dialer Incoming call,chan<2> 94 554ec 169 PDI2 dialer Call CONNECT speed<64000> chan<2> prot<1>102 558a2 186 PNET ppp LCP up 103 558ac 0 PNET ebp=44c46c,seqNum=36 PPP2-RECV:4 len:14 0000: c0 23 01 05 00 0c 03 32 33 34 03 32 33 34 104 558ac 18a PNET ppp PAP verify usr/pw OK! 105 558b6 0 PNET ebp=44c49c,seqNum=37 PPP2-XMIT:4 len:7 0000: c0 23 02 05 00 05 00 106 558b6 225 PNET ppp IPCP negotiation started
(5) Microsoft Call Back Control ProtocolWin9x/NT-to-Prestige
W AN(ISDN/PSTN)
LAN
Win9x dial up to Prestige, then Prestige callback to Win9x.
TAWin9x/NT
(6) Caller ID Call Back
W AN(ISDN/PSTN)
LAN LAN
P128_1IP:192.168.20.1
P128-2IP:192.168.10.1
(6) Caller ID Callback
• You can check CLID information from– Prestige system log
• Go to menu 24.8 and enable packet trace on screen– sys event (pre-ZyNOS)
– sys trcl call (ZyNOS)
– Prestige ring buffer • isdn drv ring [1/2] (pre-ZyNOS)• isdn atring disp [bri0|bri1] (ZyNOS)
– ISDN EPA• isdn ana on, isdn ana disp (pre-ZyNOS)• isdn fw ana on, isdn fw ana dump (ZyNOS)
Connection Manager
• The function of Call Control– Control the number of outgoing call retry– Control the incoming authentication
• The function of Call Management – Budget control– Timer of date schedule
(7) Filter rule
OutgoingPacket
DataFilters
Droppacket
User-definedCall Filters
(if applicable)
Initiate callif line not up
Active Data
Send packetand resetIdle Timer
Or Or
Drop packetif line not up
Drop packetif line not up
Send packetbut do not reset
Idle Timer
Send packetbut do not reset
Idle Timer
Match MatchMatch
Nomatch
Nomatch
Nomatch
Call Filters
Built-inCall Filters
Note: With RAS version prior 1.51. ZyNOS filter rule is different.
(7) Input & Output & Call Filter
LANWAN
LAN filter sets (Menu 3)WAN filter sets (Menu 11)
WAN input(Input from WNA)
LAN input(Input from LAN)
WAN call/ output(Output to WAN)
LAN output(Output to LAN)
(7) Filter Example -- (1)
InternetW AN(ISDN/PSTN) ISP
NTIP:192.168.10.2
Win 9xIP:192.168.10.101
IP:192.168.10.1
Case 1:Block Win9x/NT’s NetBios over IP packet from triggering call.
(7) Filter Example -- (2)
Case 2:Only stations with IP address in first 64 address, that is 192.168.10.0 to 63 are allowed to access WAN.
InternetW AN(ISDN/PSTN) ISP
WS1IP:192.168.10.2
WS2IP:192.168.10.65
IP:192.168.10.1
(7) Filter rule flow with SUA ( pre-ZyNOS)
LANWANSUA
LAN filter setsWAN filter sets
192.168.1.33/1023
(1)(2)
203.205.115.6/4034
(3)
(4)
203.205.115.6/4034
WAN input
(5)
192.168.1.33/1023
LAN inputWANoutput
(7) Filter rule flow with SUA - ZyNOS
LANWANSUA
LAN device & protocol INPUT filter sets
WAN protocolOUPUT filter sets
192.168.1.33/1023
(2)(4)
203.205.115.6/4034
203.205.115.6/4034
WAN input
(7)
192.168.1.33/1023
LAN inputWANoutput
WAN deviceOUTPUT filter sets
(3)
(6) (8)
LAN device & protocolOUTPUT filter set
(1)
(5)
WAN deviceINPUT filter sets
WAN protocol INPUT filter sets
(7) Filter Example -- (3) Generic filter rule
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10MAC:0080C82DF13F
ServerIP:192.168.10.10
Case 3: Filter all traffic with Source Ethernet MAC address = 0080c82DF13F
(7) Filter Example -- (4) Generic filter rule
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10MAC:0080C82DF13F
IP:192.168.10.10MAC:00E00820000A
Case 4: Filter all traffic with Destination Ethernet MAC address = 00E00820000A
(8) Syslog & call history & filter
W AN(ISDN/PSTN)
LAN LAN
P128-PIP:192.168.20.1
P100IHIP:192.168.10.1
WS1IP:192.168.20.10
IP:192.168.10.10Syslog daemon
Menu 24.3.2 Syslog: Active= Yes Syslog IP Address= 192.168.10.10 Log Facility= Local 3
Menu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 200020000 IN 64K 12 0:53:04 0:00:24 1:37:31 2. 300030000 IN 64K 4 0:02:14 0:01:40 0:07:55
(8) Syslog & call history & filter
Example: Feb 14 16:57:17 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming Call 64000K 200020000
*Feb 14 16:58:56 192.168.10.1 ZyXEL Communications Corp.: IP[Src=192.168.20.10 Dst=192.168.10.10 TCP spo=040f dpo=0015] } S04>R01mD Feb 14 17:07:18 192.168.10.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated
* where S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
(9) Bridging
Data Link
Physical
Data Link
Physical
Segment A Segment B
Bridge
WS1
WS2
WS3
(9) Bridging case
W AN(ISDN/PSTN)
P128_2 P128-1
Mac:
00:e0:08:20:00:0a Mac:00:80:c8:2b:c9:56
P128_1> bri brt dispBRT Source Cache: (Bridge remote table)00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:00 00:00:00:00:00:0000:00:00:00:00:00 00:00:00:00:00:00 00:80:c8:2b:c9:56 00:00:00:00:00:00BLT Destination Cache: (Bridge local table)00:00:00:00:00:00 00:00:00:00:00:00 00:e0:08:20:00:0a 00:00:00:00:00:0000:00:00:00:00:00 00:00:00:00:00:00 00:80:c8:2b:c9:56 00:00:00:00:00:00Dst Cache pointer: 0 0 0 0 0 0 44a96c 0Addr Node Flags Uses----------------- ---- ----- ----------00:80:c8:2b:c9:56 1 0 0 10
Win9xWin9x
(10) NetBios Over TCP/IP
W AN(ISDN/PSTN)
P128_1 P128-2
Netbios name=zy-fae-notebookIP:192.168.10.10
Netbios name=Felix-engIP:202.132.155.82
Win9x_2Win9x_1
202.132.155.253 192.168.10.1
(11) DHCP
DHCP clientDHCP Serv er
(1) DHCP-Discover
(2) DHCP-Offer
(3) DHCP-Request
(4) DHCP-Ack
Ethernet adapter :
Description . . . . . . . . : AboCom LM28X Ethernet Fax/Modem CardPhysical Address. . . . . . : 00-E0-08-20-00-0ADHCP Enabled. . . . . . . . : YesIP Address. . . . . . . . . : 192.168.0.2Subnet Mask . . . . . . . . : 255.255.255.0Default Gateway . . . . . . : 192.168.0.1DHCP Server . . . . . . . . : 192.168.0.1Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : 10 13 98 2:45:37 PMLease Expires . . . . . . . : 10 16 98 2:45:37 PM
(12) Cisco Mutual Authentication
Cisco
Case: Cisco initiate call to Prestige
Challenge value Name=Cisco host nameChallenge
Challenge valueName=Outgoing user name(Prestige system name)
Challenge
Hash value Name=Cisco host nameResponse
Hash value Name=Outgoing user name Response
Success/Fail
Success/Fail
(12) Cisco Mutual Authentication
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Edit PPP Options= No Active= Yes Rem IP Addr= 140.113.1.1 Call Direction= Outgoing Edit IP= No Edit Script Options= No Incoming:
Rem Login= [cisco_hostname] Telco Option:
Rem Password= 1234 Allocated Budget(min)= 0 Rem CLID= N/A Period(hr)= 0 Call Back= N/A
Outgoing: Session Options:
My Login= [prestige_system name] Input Filter Sets=
My Password= 1234 Output Filter Sets= Authen= CHAP/PAP Call Filter Sets= Pri Phone #= 0,5009097 Idle Timeout(sec)= 300 Sec Phone #=
Menu 11.1 - Remote Node Profile
Rem Node Name= hinet Edit PPP Options= No Active= Yes Rem IP Addr= 140.113.1.1 Call Direction= Outgoing Edit IP= No Edit Script Options= No Incoming:
Rem Login= [cisco_hostname] Telco Option:
Rem Password= 1234 Allocated Budget(min)= 0 Rem CLID= N/A Period(hr)= 0 Call Back= N/A
Outgoing: Session Options:
My Login= [prestige_system name] Input Filter Sets=
My Password= 1234 Output Filter Sets= Authen= CHAP/PAP Call Filter Sets= Pri Phone #= 0,5009097 Idle Timeout(sec)= 300 Sec Phone #=
CHAP case:
(13) RADIUS
LAN
RA DIUS Serv er
(1) User dial in.
(2) Access-request to RADIUS server
(3) Access-Accept or Access-Reject
(4) Authen. result
Menu 23.2 - System Security - External Server Authentication Server: Active= Yes Type: RADIUS Server Address= RADIUS Server’s IP address Port #= 1645 Key= Shared secret
RADIUSClient
(13) RADIUS - PAP.RADIUS ClientUser RADIUS server
Password UsernamePAP req. Access-req.
Password Username Authenticator
Access-Accept/RejectPAP-Ack/RejectResponse-authenticator attribute
Password in Access-Request = Hash(authenticator value+shared secret) XOR (original password)
Response Authenticator=Hash(Request Authenticator+shared secret+attribute+…….) Thus the response is able to match those pending Access-request.
(14) Prestige PPTP VPN Support
In ternetTunnel
Office LAN SOHO
Win9XPPTP client
NT PPTP Server
Prestige(SUA/NAT)
Connection to local ISPConnection to local ISP
(14) Prestige PPTP VPN Support
In ternetTunnel
Office LAN
Win9XPPTP client
NT PPTP ServerIP:192.168.0.3
Prestige(SUA/NAT)
Menu 15 - Multiple Server Configuration
Port # IP Address ------ --------------- 1.Default 192.168.0.3 2. 1723 192.168.0.3 3. 0 0.0.0.0 4. 0 0.0.0.0 5. 0 0.0.0.0 6. 0 0.0.0.0 7. 0 0.0.0.0 8. 0 0.0.0.0
HTTP:80 FTP:21 TELNET:23 MAIL:25 PPTP:1723
(14) PPTP Tunnel
In ternetTunnel
PPTP clientPPTP Server
ISP
PPP connection
PPTP control connection
PPTP data connection
Connection #1
Connection #2
(14) PPTP Tunnel Protocol Stack
In ternetTunnel
PPTP client PPTP Server
ISP
Private network
PPP
GREPPP
IP IPX NetBEUIData
IPGREPPP
IP IPX NetBEUIData
IP
IP IPX NetBEUIData
InternalAddressing
Legal IPAddressing
(14) PPTP Tunnel Protocol Stack
In ternetTunnel
PPTP client PPTP Server
ISP
Private network
V.34, etc.
PPTP
IP
**
*V.34, etc. *
Modem
PPP
IP, IPX,NBF
IP, IPX,NBF
IPWAN /LAN
NT RASServer
RASClient
ISP
PPP
IP
PPTP
PPP
PPP
IP IP
(15) L2TP -- Direct Mode
In ternetTunnel
Office LANSOHO
Prestige(SUA/NAT)
NovellServer
NTNovell Client
LNS
Incoming call request
Incoming call reply
Incoming call connected
PPP NegotiationConnection Controlfor the tunnel
(15) L2TPIn ternetTunnel
LAC LNS
PAP Req
User dial up
PAP Req(user/passwd)LCPLCP
StartControlConnectionRequest
Partial Auth passed. Tunnel init.
StartControlConnectionReplyStartControlConnectionConnected
Control Connection ConnectedIncomingCallRequest
IncomingCallReplyIncomingCallConnected
CHAP Challenge
PAP ACK/NAK or CHAP Result
(1/2 PAP or 2/3 CHAP)
Tunnel Ready. NCP
In ternetTunnel
LAC LNS
Menu10:Endpoint Name= zyxel.com.twActive= YesMy Host Name= zyxel-USPeer Host Name= zyxel-HQshared Secret= ********IP Address= 202.155.1.1
Menu10:Endpoint Name= US-BranchActive= YesMy Host Name= zyxel-HQPeer Host Name= zyxel-USshared Secret= ********IP Address= 1.1.1.1(irrelevant)
Menu14:User Name= [email protected] Active= Yes Passwd= ********
NZ-2> ipx route statNetwork FF Interface Gateway Hops Ticks 1a7be8 4 lns0ppp 00:00:00:00:00:00 1 5 034a95c1a 1 en0if 00:80:c8:19:35:a8 1 2
Win9x-DUNTele#: ISP LAC #User: [email protected]:********
NovellServer
IP:202.155.1.1
(15) L2TP Protocol Stack (1)
In ternetTunnel
PPP
L2TP
IP/IPXIP/IPX
IP/IPXMAC Ethernet IP/IPXPPP
IP/IPXPPPL2TPIP UDP1701
Tunnel end-point IP
PPP end-pointPPP end-point
Ethernet PPP
(15) L2TP Protocol Stack (2)
NovellServer
In ternetTunnel
LAC LNS
PPP
L2TP
IP/IPXIP/IPX
IP/IPX PPP Ethernet IP/IPX PPP
IP/IPX PPPL2TPIP UDP1701
Tunnel end-point IP
PPP end-pointPPP end-point
PPPEthernet
(16) SNMP
Data Link Layer
IP
UDP (161/162)
SNMP Manager
Management Application
Get
Get-N
ext
Set
Get-R
esponse
Event
Data Link Layer
IP
UDP (161/162)
SNMP Agent
Managed Object
Get
Get-N
ext
Set
Get-R
esponse
Event
SNMP Message
Network
(16) SNMP
• Prestige MIB
(17) OSI Model and Netware
Physical
Data-Link
Network IPX
(Ethernet, ARCNET, Token-Ring ...)
SPXTransport
NCP SAP RIP
(17) IPX Header -- 30 bytes
Checksum (2) FF FF
Length (2)
Transport Control (1)
Packet Type (1)
Destination Network Address (4)
Destination Node Address (6)
Destination Socket (2)
Source Network Address (4)
Source Node Address (6)
Source Socket (2)
(17) IPX RIPNWSERVER
FAE_SERVER
P128_NW
P128_FAE
Internal Net # : 12345678External net # : 3
Internal Net # : 34a95c1aExternal net # : 1
P128_NW> ipx route statNetwork FF Interface Gateway Hops Ticks Stat Timer Use12345678 1 en0if 00:80:c8:3a:7c:9e 1 2 0023 130 0 3 1 en0if 00:00:00:00:00:00 1 1 0037 0 0
P128_FAE> ipx route statNetwork FF Interface Gateway Hops Ticks Stat Timer Use 1 1 en0if 00:00:00:00:00:00 1 1 0037 0 034a95c1a 1 en0if 00:80:c8:19:35:a8 1 2 0023 180 0
(17) RIP ExampleNWSERVER
FAE_SERVER
P128_NW
P128_FAE
Internal Net # : 12345678External net # : 3
Internal Net # : 34a95c1aExternal net # : 1
P128_NW> ipx route statusNetwork FF Interface Gateway Hops Ticks Stat Timer Use12345678 1 en0if 00:80:c8:3a:7c:9e 1 2 0023 130 0 3 1 en0if 00:00:00:00:00:00 1 1 0037 0 0
P128_FAE> ipx route statusNetwork FF Interface Gateway Hops Ticks Stat Timer Use 1 1 en0if 00:00:00:00:00:00 1 1 0037 0 034a95c1a 1 en0if 00:80:c8:19:35:a8 1 2 0023 180 0
1 1 wan0ppp 00:a0:c5:08:09:02 2 3 0843 0 034a95c1a 1 wan0ppp 00:a0:c5:08:09:02 2 4 0843 0 16
12345678 3 wan0ppp 00:a0:c5:08:09:03 2 4 0843 0 7 3 3 wan0ppp 00:a0:c5:08:09:03 2 3 0843 0 29
(17) SAP ExampleNWSERVER
FAE_SERVER
P128_NW
P128_FAE
P128_NW> ipx sap statusType Network Node Sock Hop Interface FF Timer Stat Server 4 12345678 000000000001 451 1 en0if 1 150 00c3 NWSERVER
P128_FAE> ipx sap statusType Network Node Sock Hop Interface FF Timer Stat Server 4 34a95c1a 000000000001 451 1 en0if 1 180 00c3 FAE_SERVER
Internal Net # : 12345678External net # : 3
Internal Net # : 34a95c1aExternal net # : 1
(17) SAP Example NWSERVER
FAE_SERVER
P128_NW
P128_FAE
P128_NW> ipx sap statusType Network Node Sock Hop Interface FF Timer Stat Server 4 12345678 000000000001 451 1 en0if 1 150 00c3 NWSERVER
P128_FAE> ipx sap statusType Network Node Sock Hop Interface FF Timer Stat Server 4 34a95c1a 000000000001 451 1 en0if 1 180 00c3 FAE_SERVER
Internal Net # : 12345678External net # : 3
Internal Net # : 34a95c1aExternal net # : 1
4 34a95c1a 000000000001 451 2 wan0ppp 1 0 01c3 FAE_SERVER
4 12345678 000000000001 451 2 wan0ppp 3 0 01c3 NWSERVER
(18) IDSL
• Speed - 128kbps
• Line coding– 2B1Q (same as ISDN U interface)
• Distance: Up to 5.5km.
• Applications: – High speed data communication, no voice
service.