IES-5000
Support Notes
Oct 2006
IES-5000 Support Notes
INDEX
Application Notes ............................................................................................................................ 3
Provide Different DSL Port Speeds to different subscribers....................................... 3
How to configure 802.1Q VLAN ................................................................................. 7
Triple play Application ................................................................................................ 9
802.1x Application.................................................................................................... 16
Setting up the Syslog Server ................................................................................... 20
Setting up the Ring Environment ............................................................................. 23
Setting up the IGMP Snooping/IGMP Filtering......................................................... 29
Limit the users behind the certain DSL port ............................................................. 31
DHCP Relay Option 82 Application.......................................................................... 32
Filter Some Certain Packet ...................................................................................... 42
VDSL Application- Triple Play .................................................................................. 45
2
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Application Notes
Provide Different DSL Port Speeds to different subscribers
An ISP may provide different Line speeds for each DSL port. In our IES-5000 have
an easy way to configure the line speed for each port. It can create some profiles
which can set different parameters to meet the different users’ requirement.
In this application, we will set up two profiles. One is for low speed requirement with
upstream/downstream is 2M/512Kbps and the other is for high speed requirement
with upstream/downstream is 25M/1Mbps. We suppose there are general subscribers
from port 1 to port 24 with a low speed profile and some enterprise users from port 25
to port 48 with high speed profile.
Internet
Uplink
IES-5000
ALC-1248G
xDSL
modem
Port 1
2M/512K
Port 24
Port 25
Port 48
25M/1M
How to apply the profile to ports
In this application, we need to configure IES-5000 and ADSL CPE. We use ZyXEL
Prestige 660R-61 CPE here.
1. IES-5000 Settings
1.1 Profiles settings
Set up Low Speed Profile. Give this profile a name like Profile_LowSpeed and input
the MaxRate for Up Stream and Down Stream. In this case, we set 512Kbps and
2048Kbps for Up Stream and Down Stream.
3
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Set up High Speed Profile. Give this profile a name like Profile_HighSpeed and input
the MaxRate for Up Stream and Down Stream. In this case, we set 1280Kbps and
24992Kbps for Up Stream and Down Stream.
CI command:
a.)High Speed (1M/24M) profile setup:
MSG1000G> profile adsl set 1_24M 1024 24576 minrate 64 64 delay 20 20 usmgn
310 0 60 dsmgn 310 0 60 usra startup 90 30 dsra startup 90 30
b.) Low Speed (512k/2M) profile setup:
MSG1000G> profile adsl set 512_2M 512 2048 minrate 64 64 delay 20 20 usmgn
310 0 60 dsmgn 310 0 60 usra fixed 90 30 dsra startup 90 30
Save current configurations
MSG1000G> config save
1.2 Profile Assignment
Assign Profile_LowSpeed to port 1. Select the Profile_LowSpeed profile. Copy the
settings of port 1 to the ports from 2 to 24. After finishing port 1 setting.
For the high speed profile, you can set the Profile_HighSpeed to port 25. You also can
select ADSL2+ mode. That will fix the mode on ADSL2+ mode.
Copy the settings of port 25 to the ports from 26 to 48. You can follow the same
procedures as port 1.
CI command:
MSG1000G> port adsl set 7-1~24 512_2M auto
MSG1000G> port adsl set 7-25~48 1_24M auto
MSG1000G> port enable 7-1~48
MSG1000G> port pvc set 7-1~48-0/33 DEFVAL llc 1 0
MSG1000G> config save
2. Prestige 660R-61 Settings
We configure Prestige 660R-61 as bridge mode. The default VPI/VCI of IES-5000 is
4
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
0/33. So we need to set up such values. Prestige 660R-61 has a Telnet server inside.
We need to configure it via Telnet.
2.1 Menu1: General Setup
Go to Menu 1. In this menu, we must set “Rout IP = NO” and “Bridge = YES”.
2.2 Menu4: Internet Access Setup
The encapsulation must be RFC 1483 for bridge mode. The Multiplexing should be
the same as IES-5000. The LLC-based is default mode of IES-5000. Additionally, we
must check if the VPI/VCI is the same as IES-5000. The default VPI/VCI of
IES-5000 is 0/33.
2.3 Menu11.1: Remote Node Profile
In menu11.1, we should activate this profile with “Active= Yes”. The Encapsulation
and the Multiplexing are the same as the menu 4. Setting “Edit ATM Options=Yes”
5
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
will enter Menu 11.6.
2.4 Menu11.6: Remote Node ATM Layer Options
Check the values above are the same as the IES-5000.
6
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
How to configure 802.1Q VLAN
A VLAN (Virtual Area Network) allows a physical network to be partitioned into
multiple logical networks. Stations on a logical network belong to one group called
VLAN group. A station can belong to more than one group. The stations on the same
VLAN group can communicate with each other. With VLAN, a station cannot directly
talk to or hear from stations that are not in the same VLAN groups.
We want to deploy VALN environment in this application. The following figure
shows the VLAN example. Two PCs connect to the port 1 and port 2 of the line card
and belong to different VLAN. One is VLAN 10 and the other is VLAN 20. So they
can’t communication with each other. But both PC 1 and PC 2 can connect to Internet.
Internet
Uplink
IES-5000
ALC-1248G
SLC-1248G
ADSL/SHDSL
modem
PC 1
VLAN10
ADSL/SHDSL
Port 1
Port 2
modem
PC 2
VLAN20
How to set up a VLAN environment
In this application, we need to configure IES-5000 and ADSL CPE(or SHDSL CPE).
We use ZyXEL Prestige ADSL 660R-61(or you may use P791 for SLC-1248G) CPE
here. Because the two ports belong to different VLAN want to go to the Internet via
Uplink port of IES-5000, we need to set up an extra VLAN and let the two ports be
members of this VLAN.
7
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
1. IES-5000 Settings
1.1 VLAN settings
Add VLAN10. Assign Port 1, ENET1 and ENET2 to be members of VLAN10.
CI command:
TGE1> vlan set 10 up1 fix untag
TGE1> vlan set 10 up2 fix untag
TGE1> vlan name 10 VLAN10
TGE1> port pvc vlan 7-1-0/33 10 join untag
Add VLAN20. Assign Port 2, ENET1 and ENET2 to be members of VLAN20 as
shown.
CI command:
TGE1> vlan name 20 VLAN20
TGE1> vlan set 20 up1 fix untag
TGE1> vlan set 20 up2 fix untag
TGE1> port pvc vlan 7-2-0/33 20 join untag
Add VLAN200. Assign slot 7, Port 1, Port2, ENET1 and ENET2 to be members of
VLAN200 as shown.
CI command:
TGE1> vlan name 200 VLAN200
TGE1> vlan set 200 up1 fix untag
TGE1> vlan set 200 up2 fix untag
TGE1> port pvc vlan 7-1-0/33 200 join untag
TGE1> port pvc vlan 7-2-0/33 200 join untag
1.2 PVID settings
After set up the three VLAN, then, set the PVID.
We assign VLAN 200(PVID) to ENET1, ENET2. Also, we assign VLAN 10 and
VLAN 20 to Port1 and port2, respectively as shown.
8
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
CI command:
TGE1> switch port pvid up1 200
TGE1> switch port pvid up2 200
TGE1> port pvc set 7-1-0/33 DEFVAL llc 10 0
TGE1> port pvc set 7-2-0/33 DEFVAL llc 20 0
1.3 Port Isolation
If we just want to isolate ports of IES-5000 and don’t want to set any VLAN, there is
another easy way to do this, setup Port isolation.
CI command:
TGE1> switch isolation enable
2. Prestige 660R-61(P791) Settings
Please refer to the procedures in previous application.
Triple play Application
The IES-5000 allows you to use different channels (also called Permanent Virtual
Circuits or PVCs) for different services. Define channels on each DSL port for
different services and assign each channel a priority, a VLAN and ATM Quality of
Service (QoS). The ATM QoS allows you to regulate the average rate and fluctuations
of data transmission. This helps eliminate congestion to allow transmission of real
time data (such as audio and video).
In this application, we demonstrate how to set up the multiple PVCs environment.
From the figure below, the PC wants to access the two kinds of network services. One
is the Internet service (data service) and the other is Video service. Because we hope
we can see the video smoothly, we need to set the video service higher priority. In
IES-5000, we can set the two services with different VLANs and assign the PVCs
with different VLAN, priority and ATM QoS. That will make the video traffic get the
higher priority than data traffic. We also can expand this application to triple play
9
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
environment.
IES-5000
SLC-1248G or
ALC-1248G
Internet
802.1Q VLAN
Switch
Port 10
Port 2
PVID=20
Internet Access
Ethernet Port
Port 1
DSL Port 1
VLAN 20
PVID=10
PVID =10
Priority =7
ATM QoS=CBR
0/33
PVID =20
Priority =0
ATM QoS=UBR
Video Server
1/34
VLAN 10
CPE
How to set up a Multiple PVCs environment.
Following procedures will introduce the settings of IES-5000, VLAN-aware switch
and ADSL (SHDSL) CPE. We use ZyXEL ES-2024 and Prestige 660R-61(You may
use P791 for SLC-1248G) as VLAN-aware switch and xDSL CPE, respectively.
1. IES-5000 Settings
1.1 VLAN setup
We can set up VLAN like procedure described in VLAN application. Add VLAN10.
Assign Port 1, ENET1 to be members of VLAN10 as show. We need to check the
Tx Tagging on ENET1.
TGE1> vlan name 10 VLAN10
TGE1> vlan set 10 up1 fix tag
TGE1> port pvc vlan 7-1-0/33 10 join untag
Add VLAN20. Assign Port 1, ENET1 to be members of VLAN20 as show. We need
to check the Tx Tagging on ENET1.
TGE1> vlan name 20 VLAN20
10
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
TGE1> vlan set 20 up1 fix tag
TGE1> port pvc vlan 7-1-0/33 20 join untag
1.2 VC profile setup
Add Defval_CBR VC profile for Profile Setup. Set up Encap, Class, PCR and CDVT
as shown. Encap should be LLC the same as IES-5000. Class should be CBR which
has higher priority in ATM QoS.
CI command
TGE1> profile atm set Def_CBR cbr 300000
1.3 Multiple PVCs setup
We hope VPI/VCI with 0/33 get the higher priority. We should modify this VPI/VCI
with Defval_CBR profile which we created before.
CI command:
TGE1> port pvc set 7-1-0/33 Defval_CBR llc 0 7
Then, we add the VPI/VCI with 0/34. We apply the DEFVAL profile to this channel.
CI command:
TGE1> port pvc set 7-1-0/34 Defval llc 20 0
2. Prestige 660R-61(P791) Settings
We need to set two channels. One is 0/33 and the other is 0/34. From former
application, we already knew how to set up CPE with one channel (0/33). We just
demonstrate how to set up second channel.
2.1 Menu11.1: Remote Node Profile
In menu11.1, we should activate this profile with “Active= Yes”. The Encapsulation
and the Multiplexing are the same as the menu 4. Setting “Edit ATM Options=Yes”
will enter Menu 11.6.
11
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
2.2 Menu11.6: Remote Node ATM Layer Options
We should set up another VPI/VCI with 0/34 the same as the IES-5000.
3. ES-2024 settings
3.1 VALN
Click Advanced Application and VLAN in navigation panel to display configuration
screen as shown. Click Static VLAN to show VLAN setup screen.
12
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Add VLAN10. Assign Port 1, Port 10 to be members of VLAN10 as show.
We need
to check the Tx Tagging on Port 10.
13
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Add VLAN20. Assign Port 2, Port 10 to be members of VLAN20 as show.
We need
to check the Tx Tagging on Port 10.
3.2 PVID setup
Click Advanced Application and VLAN in navigation panel to display configuration screen
as shown. Click VLAN Port Setting to show PVID setup screen.
14
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Let 10 be the PVID of Port 1 and 20 be the PVID of Port 2.
In this application, you will see the video traffic will go via 0/33 and data traffic will
15
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
go via 0/34. And the 0/33 get the higher priority. The video traffic will go first when the
two traffics arrive at the same time.
802.1x Application
IEEE 802.1x port-based authentication is desired to prevent unauthorized ports
(clients) from gaining access to the network. It is an extended authentication protocol
that allows support of RADIUS (Remote Authentication Dial in User Service,
RFC2138, 2139) for centralized user profile management on a network RADIUS
server.
We want to deploy 802.1x environment in this application. The following figure
shows the 802.1x example. PC1(supplicant) and PC2(supplicant) want to access to the
application server. If PC1 is not unauthorized, the traffic from PC1 to application
server will be blocked. If PC2 is an authorized client, then it can access to the
application server. From the figure, IES-5000 acts as an authenticator.
Authentication
Server (RADIUS)
X
IES-5000(SLC/ALC)
(Authenticator)
Authorized
Station/
Application server
Unauthorized
SHDSL/ADSL
SHDSL/ADSL
modem
Port x
Port y
modem
PC 1
(Supplicant)
PC 2
(Supplicant)
16
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
How to set up an 802.1x environment.
We should configure Authenticator, RADIUS and Supplicant three parts in 802.1x
environment. The Microsoft 802.1x client and ZyXEL Vantage 50 will be used as
supplication and RADIUS, respectively. Following sections will describe the detailed
procedure to set up the environment.
1. IES-5000 (Authenticator) settings:
1.1 RADIUS settings:
Enable the 802.1x Authentication and the RADIUS server IP address, UDP port and
shared Secret, which is the same as Radius server. Then click Apply to make the
settings take effect.
TGE1> sys sw dot1x enable
TGE1> sys sw dot1x set radius server 192.168.1.3
TGE1> sys sw dot1x set radius port 1812
TGE1> sys sw dot1x set radius sec 12345678
TGE1> config save
2. Vantage 50(RADIUS) settings:
We use Vantage 50 as the RADIUS server. It’s a one of ZyXEL’s product. Of course,
you can use other RADIUS server like Funk Steel-Belted RADIUS, Cisco Access
Control Server, MeetingHouse Aegis server and so on. You can configure it by WEB
GUI and its default IP is 192.168.1.3.
2.1 RADIUS server setup
Click RADIUS, RADIUS SERVER in the navigation panel to display configuration screen
as shown. You can use the default values or change the Authentication port, Shared Secret.
Remember these values MUST be the as the settings of client.
17
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
2.2 Create User Account
Click RADIUS, USER ACCOUNT in the navigation panel to display configuration screen as
shown. You can use the existed user account or create the new one by clicking Add New User
button. Remember the client site MUST use the account in RADIUS server.
3. Windows XP(Supplicant) settings:
There are many supplicants we can choose like MeetingHouse Aegis client, Funk
Odyssey client and Microsoft 802.1x client. We take Microsoft 802.1x client as an
example here.
3.1 802.1x/MD5-challenge setup
Open the Local Area connection Properties, and then click Authentication page. Check the
Enable IEEE 802.1x authentication for this network and select the MD5-challenge in EAP
type combobox. Please see the following figure.
18
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
When the 802.1x starts, it will prompt you to enter the user name and password. Please see
the following figure.
After click the icon, there will be a dialog for entering the user name and password. Click ok
after input the correct user name and password that are in the database of authentication server.
19
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
The settings of client site are finished.
After above procedure, we can allow the authenticated port the access the server. If the DSL
port doesn’t be authenticated, the PCs behind the port can’t access the network.
4. Prestige 660R-61 Settings
Please refer to the procedures in previous application.
Setting up the Syslog Server
ZyXEL products are able to send system log to a Syslog deamon such as Unix
Syslogd and Kiwi's Syslog Daemon ( http://www.kiwisyslog.com/ ). When DSL or
Ethernet ports are linked up/down, IES-5000 sends a record to Syslog server. The
Syslog server can be placed on the network, which IES-5000 can access.
20
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Syslog server
Network
Uplink
IES-5000
ALC-1248G
SLC-1248G
ADSL/SHDSL
modem
How to set up a Syslog server.
We should configure IES-5000 and Syslog server in this application. Here, we use the
Kiwi's Syslog Daemon as an example. Following sections will describe the detailed
procedures to set up the environment.
1. Install and Run Kiwi’s Syslog Server
Double Click the Kiwi’s Syslog Server installing program. It is very easy to install it.
21
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
After finishing the installation, you can run it from the Start Menu. And you will see
following dialog. And the Server’s IP is 192.168.1.77.
2. IES-5000 settings
Enable Syslog server within the IES-5000. Assign the UNIX Syslog Server IP,
192.168.1.77 in this case. Choose a log facility from 'Local 1' to 'Local 7'. Then save
the configurations.
CI command:
TGE1> sys syslog enable
TGE1> sys syslog server 192.168.1.77
TGE1> sys syslog facility 1
TGE1> config save
When DSL ports are linked up/down, IES-5000 sends a record to Syslog server. We
can see these logs in Kiwi’s Syslog server.
22
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Setting up the Ring Environment
The Ring topology is used to guarantee the network being normal even if one link
between two device broken. So, in ring topology, the network will work well if one
link is broken. In Ring Topology, you must enable RSTP/STP to prevent the loop
issue.
Network
PC
switch
ALC-1248G
IES2000 Uplink1
Uplink2
ADSL/SHDSL
IES-5000
Port1
Port2
Uplink1
SLC-1248G
Uplink2
modem
ADSL/SHDSL
modem
PC
PC
How to set up a Ring Environment.
We set up Ring environment with one IES-5000, one IES-2000 and one ES-4024. A
PC behind IES can connect the PC in the network even one of the links broken.
Following sections will describe the detailed procedures to set up the environment.
1. IES-5000 settings
1.1 Enable Spanning Tree protocol on Ethernet ports
Configure Spanning Tree Protocol settings.
Click Active to enable Spanning Tree Protocol. Then enable it on port 1 and port 2.
23
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
CI command:
TGE1> sys sw rstp enable
TGE1> sys sw rstp port enable 1
TGE1> sys sw rstp port enable 2
2. Setup IES-2000
2.1 Enable Spanning Tree protocol
Click Switch Setup in the navigation panel to display configuration screen as shown. Then
check Spanning Tree Protocol to enable it.
2.2 Enable Spanning Tree protocol on Ethernet ports
Click Port Setup in the navigation panel to display configuration screen as shown. Click msc
to display MSC card Port setup.
24
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Click Uplink2 to set up this port.
Check Spanning Tree Protocol to enable it.
25
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Take the same procedures with Uplink1. Please see the following figure.
26
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
3. Setup ES-4024
3.1 Enable Spanning Tree protocol on Ethernet ports
Click Advanced Application, Spanning Tree Protocol in the navigation panel to display
configuration screen as shown. You will see the Spanning Tree Protocol Status page. Click
Configuration to configure panning tree protocol settings.
Click Active to enable Spanning Tree Protocol. Then enable it on Port 1 and Port 2.
27
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
4. Results
We can see the link between port 2 of ES-4024 and Uplink1 of IES-2000 will be
blocked as shown after we connect.
After we remove the cable between port 1 of IES-5000 and port 1 of ES-4024, the
connection still exists. We can remove any one of the cable. That will not affect the
connection. You can see the blocking port will become forwarding port.
28
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Setting up the IGMP Snooping/IGMP Filtering
Without IGMP snooping multicast traffic is treated in the same manner as broadcast
traffic, that is, it is forwarded to all port. With IGMP snooping, multicast traffic of a
group is only forwarded to ports that have members of that group. IGMP snooping
generates no additional network traffic, allowing you to significantly reduce multicast
traffic passing through the IP-DSLAM. IGMP filtering is for allowing a port to join
some specific IGMP groups. This can be applied in Video service providers. They can
only open some specific channels (groups) to specific ports.
Internet
Video
Server
IES-5000(ALC/SLC)
Ethernet Port
IGMP
Router
Port 1
ADSL/SHDSL
CPE
Video Client
29
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
How to set up IGMP snooping/IGMP filtering
Here, we only set up the IES-5000 to support IGMP snooping and IGMP filtering.
Please refer to the user guide of the Video Server and the subscriber device. We
assume the video server provides three channels, movie 1 on 240.10.10.8 group,
movie 2 on 240.10.10.9 group and movie 3 on 240.10.10.10 group. And we assume
the subscriber want to subscribe two channel, movie 1 and movie 2. If we don’t
enable the IGMP snooping, every one can see all movies. If we don’t set the IGMP
filtering on the port, the subscriber behind the port will receive all movies.
1. IES-5000 settings
1.1 Enable IGMP Snooping
Enable IGMP Snooping to switch on the IGMP Snooping function.
CI command:
TGE1> multicast igmp enable snooping
1.2 Set up IGMP Filtering
If we don’t set up IGMP filtering, the subscriber will receive all the movies. We set up
a IGMP filter Profile and apply it to specific port to limit the channels subscriber can
see.
In this case we only allow the subscriber to join movie 1 and movie 2. That means
only the groups 240.10.10.8 and 240.10.10.9 can be forwarded this subscribed port.
We create a IGMP Filter profile and apply the profile to port 1.Then, we select the
Subscriber1 in IGMP Filter Profile. And save the configurations letting the setting
to take effect.
CI command:
TGE1> profile igmpfilter set Subscriber1 1 224.10.10.8 224.10.10.9
TGE1> multicast igmpfilter set 7-1 Subscriber1
TGE1> config save
30
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Limit the users behind the certain DSL port
ISP may want to limit the number of PC behind certain DSL port to access the
Internet or allow PCs with specific MAC address to access the Internet. They can
easily to achieve this with Port Security and MAC filter features.
Internet
IES-5000(ALC/SLC)
Port 3
ADSL/SHDSL CPE
PC 1
PC 2
PC 3
How to set up MAC Filter/Port Security
Here, we will set up an environment to allow PCs with certain MAC address and the
number of PCs behind port 3 to access the Internet.
1. IES-5000 settings
1.1 Set up MAC filter
Enable the MAC filter for port 3, input the MAC address you allow to access the
Internet. Save the configuration to take effective.
Only the MAC addresses listed here can access the Internet behind certain ports.
CI command:
TGE1> lcman port macfilter enable 7-3
31
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
TGE1> lcman port macfilter set 7-3 00:a0:c5:12:34:56
TGE1> lcman port macfilter set 7-3 00:a0:c5:77:88:99
TGE1> config save
1.2 Set up Port Security
Input the MAC address number you want to limit to access the Internet. Note that the
MAC filter and Port security can’t be used at the same time.
Here we allow only 1 user to access Internet on slot 7 port 3.
CI command:
TGE1> lcman port maccount enable 7-3
TGE1> lcman port maccount set 7-3 1
TGE1> config save
DHCP Relay Option 82 Application
ISP may want to limit the number of IP address or deliver some specific IP addresses
according to certain DSL port, VLAN ID and option 82 string. They can easily to
achieve this with DHCP Relay Option 82 feature and a DHCP server supporting
Option 82 function.
32
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Network
DHCP
Server
IES-5000(ALC/SLC)
Port 25
ADSL/SHDSL CPE
DHCP Client
How to set up DHCP Relay Option 82 Environment
Here, we will set up an environment to allow a PC get DHCP IP address in specific IP
pool according to its DSL port, VLAN ID and the option 82 string. In this case, the
PC is behind 25th DSL port and the option 82 string is a string “5000”. We use the IP
Commander as DHCP server. Its IP is 192.168.1.99 and the IP pool is between
192.168.1.201 and 192.168.1.203 for VID=1, DSL port=25 and the option 82 string is
“5000”.
1. IES-5000 settings
Enable the DHCP relay and Option 82 function including the IP address of DHCP
server. The IP address is 192.168.1.99 in our case. Also, enter “5000” as the Option 82
string.
CI command:
TGE1> ip dhcprelay enable
TGE1> ip dhcprelay relay enable
TGE1> ip dhcprelay server 1 192.168.1.99
TGE1> ip dhcprelay relayinfo add 5000
33
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
2. CPE settings
Connect CPE to the 25th DSL port. Please see former applications for Detailed
settings.
3. IP Commander settings
Open IP Commander. Right click “IP commander and then click “connect new
server”.
Input the DHCP IP address or domain name and click “ok”. Our IP is 192.168.1.99.
34
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Input user name and password. The default user name is “administrator” and
password is “incognito”.
35
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
It will bring up the following screen, please make sure that your DHCP is in “online”
status. Then click “wizard” in the top tool bars and select “rule wizard”.
Give a name and description to the new rule.
36
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Assign a range of IP addresses or just one IP address to this rule. In our case, we set
the IP pool from 192.168.1.201 to 192.168.1.203.
37
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
After input IP pool, we select “DHCP Option” in Keywords combobox.
After select the “DHCP Option”, it will pop up “Add DHCP Option Rule” dialog.
Select “option 82 Relay Agent Information”, sub-option 1, binary data. For port 25,
VLAN 1, “5000”, please key in “0019000131323438” as the key value and click OK.
Please note that the first 2 bytes define port number, the second 2 bytes is VLAN ID
and the other bytes are the Option 82 string.
38
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
After you finish above step, you will see the following figure.
Then pop up the following screen and you can just press Next button.
39
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Then you can add DHCP template (option) such as gateway, DNS server and so on.
Here we use “192.168.1.1” as gateway IP address of DHCP client PC.
40
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
You can apply DDNS service to DHCP server or not.
The rule creation has been finished.
41
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
After finishing all above procedures, your PC will get the IP address 192.168.1.201
when you send a DHCP request.
Filter Some Certain Packet
ISP may want to filter some kinds of packets. IES-5000 provide “Packet Filter”
function to filter some specific packets, like IP, ARP, DHCP, EAPoL, PPPoE,
NETBIOS and IGMP.
42
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Network
Client 2
IES-5000(ALC/SLC)
Port 1
ADSL/SHDSL
CPE
Specific Protocol
Packet. Ex. NetBIOS
Client 1
How to Filter Some Specific Packet
Here, we will set up an environment to block NETBIOS protocol packets.
1. IES-5000 ALC-1248G/SLC 1248G settings
Type the following packet filter command with in specific slot-port.
TGE1> lcman port pktfilter set 7-1 netbios
Display the port filter status on slot 7.
CI command:
TGE1> lcman port pktfilter show 7
port filter
----- ------------------------------------7- 1 netbios
7- 2 accept-all
7- 3 accept-all
7- 4 accept-all
43
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
7- 5 accept-all
7- 6 accept-all
7- 7 accept-all
7- 8 accept-all
7- 9 accept-all
7-10 accept-all
7-11 accept-all
7-12 accept-all
7-13 accept-all
7-14 accept-all
7-15 accept-all
7-16 accept-all
7-17 accept-all
7-18 accept-all
7-19 accept-all
7-20 accept-all
7-21 accept-all
7-22 accept-all
7-23 accept-all
7-24 accept-all
7-25 accept-all
7-26 accept-all
7-27 accept-all
7-28 accept-all
7-29 accept-all
7-30 accept-all
7-31 accept-all
7-32 accept-all
7-33 accept-all
7-34 accept-all
7-35 accept-all
7-36 accept-all
7-37 accept-all
7-38 accept-all
7-39 accept-all
7-40 accept-all
7-41 accept-all
7-42 accept-all
44
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
7-43 accept-all
7-44 accept-all
7-45 accept-all
7-46 accept-all
7-47 accept-all
7-48 accept-all
TGE1>
VDSL Application- Triple Play
For the Triple-play scenario, 3 PVCs for multiple services (Data, Voice and Video) on
the VDSL port of IES-5000 VDSL line card are to be configured. The IEEE VLAN &
802.1p mechanism is used to guarantee the Voice stream and Video stream running
smoothly without interruption. The instructions to configure the IES-1248-71 device
are below.
45
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
# IES5000 Settings
1. Connect to the IES-5000 using Web GUI. The default Inband IP address of
IES-5000 is 192.168.1.1. Enter the default id ‘admin’ and password ‘1234’ to
access the device.
46
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
2. Set the IES-5000’s IP address to ‘192.168.1.100’.
Click the Sys > IP Setup. Type in the IP address ‘192.168.1.100’ and subnet mask
‘255.255.255.0’.
47
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
3. Create a VDSL profile
Type in the Name and select the Latency Mode. Then set the Max Rate of
Downstream/Upstream (here is an example ‘U35D65_INTE’ for 65Mbps/35Mbps
line) and the other related parameters.
48
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
4. Apply the VDSL profile to VDSL ports
Then select to which VDSL ports you would like to apply the VDSL profile you just
created.
Click Port > VDSL
Choose Slot 3 and Port 1. Check ‘Enable’. Choose ‘U35D65_INTE’ in the VDSL
Profile option. Click Apply to take effect.
49
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
5. Then click Setup in the VLAN option to create 3 VLANs: VLAN 1 (for DATA),
VLAN 102 (for VOICE) and VLAN 103 (for VIDEO) for the VDSL port.
50
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
a. Create VLAN 1
VLAN 1 is created by default. Click Modify and check the Tag box. Click Apply to
finish the VLAN 1 configuration.
51
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
b. Create VLAN 102
Fill in VID with ‘102’ and check the Tag box. Click Apply to finish the VLAN 102
configuration.
52
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
c. Create VLAN 103
Fill in VID with ‘103’ and check the Tag box. Click Apply to finish the VLAN 103
configuration.
53
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
6. Configure VLANs on ENET Port 3 (up1)
a.
Configure VLAN 1
Select Index 1 and click Modify. Check the Tag box on up1. Click Apply to take
effect.
54
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
b. Configure VLAN 102
Select Index 2 and click Modify. Choose the Registration as ‘Fix’ and check the Tag
box on up1. Click Apply to take effect.
55
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
c. Configure VLAN 103
Select Index 3 and click Modify. Choose the Registration as ‘Fix’ and check the Tag
box on up1. Click Apply to take effect.
56
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
7. Enable IGMP Proxy on IES-5000
Click Multicast > IGMP. Choose the IGMP Mode as Enable_IGMP_Proxy and
click Apply to finish the setup.
Fill in Add Static Query VLAN with ‘103’ and then click Apply to take effect.
57
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
8. Save configurations
Click Config Save > Config Save and click the Save button to save your
configurations.
# P870MH-C1 Installation
1. Get into the device by Telent. Access the SMT menu 24.8 into CI command mode.
58
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
2. Change mode to 802.1q by ‘vlan mode 1’. Meanwhile create 3 VLANs on
P870MH-C1, VLAN 1/102/103.
After you created 3 VLANS, check where the VLAN located by VLAN disp CI
command.
3. Display the configured VLANs, check the relationship between "ITEM" vs. the
VID whcich we just configured. Boundle VLAN1 on port 1, VLAN 102 on port 2,
Vlan 103 on port 3 without transmission any Tagged frame. Also, add the VLAN
tag(1, 102 & 103) onto outgoing VDSL port.
59
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
4. Since Port 1(VLAN 1) is for Data access, Port 2(VLAN 102) is for VoIP and Port
3(VLAN 103) is for IPTV service. On Port 2 & Port 3, we can assign it for higher
priority(qos=High) when there is traffic congestion occrued. For Port 1's traffic, we
can assign the priority as 'Low' since the Internet access traffic is not time sensitive.
5. Check whether all the settings are correct.
60
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
# ES2024A Settings
5. Connect to IES-1248 by Web GUI. The default IP address of ES-2024A is
192.168.1.1. Enter the default password ‘1234’ to get into the device.
61
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
6. Set the IES-1248’s IP address to ‘192.168.1.200’.
Open Basic Setting> IP setup. Type in the IP address ‘192.168.1.100’ and its subnet
mask ‘255.255.255.0’.
62
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
7. Enable the IGMP Snooping service in order to allow the Multicast traffic pass
through the ES-2024A
Click Basic Setting> Switch Setup. Then click on the Active checking Box of IGMP
Snooping.
8.
Create 3 VLANs, VLAN 1 for Data access (FTP server) connected to Ethernet
port 3, VLAN 102 for Voice (SIP server & ATA) connected to the Ethernet port 1
& 2 and finally VLAN 103 for Video server connected to the Ethernet Port 4. And
the Uplink port is 24.
d. Create VLAN 1
Click Advanced Application> VLAN> Static VLAN Setting and then click on VID
1. Check the Active Box then check the Tx Tagging Box on Port 24 (for the other
ports have this option unchecked) and swith Ports 1, 2 and 4 to status ‘Forbidden’.
Click Add to finish the VLAN 1 configuration.
63
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
e. Create VLAN 102
Click Advanced Application> VLAN> Static VLAN Setting then check the Active
Box, type in a name for VLAN as well as VLAN ID102. Then check the Tx Tagging
Box on Port 24 24 (for the other ports have this option unchecked) and switch Ports
1, 2 and 24 to status ‘Fixed’. Click Add to finish the VLAN 102 configuration.
64
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
f. Create VLAN 103
Click Advanced Application> VLAN> Static VLAN Setting then check the Active
Box, fill in a name for VLAN as well as VLAN ID 103. Then check the Tx Tagging
Box on Port 24 24 (for the other ports have this option unchecked) and switch Ports
4 and 24 to status ‘Fixed’. Click Add to finish the VLAN 103 configuration.
65
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
# P660H settings
9. Connect to the P660HW-61 using Telnet. The default IP address of P660H-61 is
192.168.1.1. Enter the default password ‘1234’ to access the device.
10. Disable the VC hunt mechanism and Reboot the device.
66
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
Select SMT menu 24 and 8 for Command Interface Mode. Type ‘wan atm vc active
no’ and then ‘wan atm vc save’ to save the settings. Reboot the device for the
changes to take effect.
3. There will have three bridge PVCs on the P660H-61. Configure the system to
support Bridge mode.
Access the SMT menu 1 and type in the System Name and enable the Bridge=Yes.
4. Change the P660H-61’s IP address to 192.168.1.10 and disable the DHCP server
function in SMT menu 3.2.
67
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
5. Create 3 PVCs in the P660H for Triple-play application (Data, Voice and Video)
a. Create a PVC for the Data access(Internet access)
Get into SMT menu 11.1 and switch the Rem Node Name=Data, Active=Yes,
Encapsulation= RFC 1483, Multiplexing= LLC-based and Route=None
Bridge=Yes.
Select the ATM options=Yes, VPI/VCI=0/33 then press‘Enter’ to apply the changes.
68
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
b. Create a PVC for the Voice channel
Get into SMT menu 11.2, select the Rem Node Name=Voice , Active=Yes,
Encapsulation= RFC 1483, Multiplexing= LLC-based and Route=None
Bridge=Yes.
Select the ATM options=Yes, VPI/VCI=0/34 then press ‘Enter’ to apply the changes.
69
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
c. Create a PVC for the Video channel
Access the SMT menu 11.3 and select the Rem Node Name=Video, Active=Yes,
Encapsulation= RFC 1483, Multiplexing= LLC-based and Route=None
Bridge=Yes.
Select the ATM options=Yes, VPI/VCI=0/35 then press ‘Enter’ to apply the changes.
70
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
3 PVCs will be created as on the following figure:
6. Map 3 PVC to specific Ethernet port of the P660H-61.
Access SMT menu 24.8
Type ‘sys triple port set 1 1’ to map the Ehternet port 1 to PVC 1(Data)
Type ‘sys triple port set 2 2’ to map the Ehternet port 2 to PVC 2(Voice)
Type ‘sys triple port set 3 3’ to map the Ehternet port 3 to PVC 3(Video)
71
All contents copyright (c) 2006 ZyXEL Communications Corporation.
IES-5000 Support Notes
7. Check whether the ADSL physical layer is UP in the SMT menu 24.1. if the PVC
counter is running.
72
All contents copyright (c) 2006 ZyXEL Communications Corporation.