manualshive.com logo in svg

ZyXEL Communications P-324, User Manual

The ZyXEL Communications P-324 is a high-performance network router designed for seamless connectivity. To make the most of its features, we provide a comprehensive User Manual with detailed instructions. Download the free manual from our website manualshive.com to ensure a smooth and hassle-free user experience.

Share
Download
background image

 

 

Prestige 324 

Intelligent Broadband Sharing Gateway 

 

 

 

User’s Guide 

Version V3.61(JF.0) 

April 2004 

 

 

 

 

Summary of Contents for P-324

Page 1: ...Prestige 324 Intelligent Broadband Sharing Gateway User s Guide Version V3 61 JF 0 April 2004 ...

Page 2: ...f ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described her...

Page 3: ...ctions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the re...

Page 4: ...mpliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment For t...

Page 5: ...E Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services ...

Page 6: ...714 632 0882 www us zyxel com NORTH AMERICA sales zyxel com 1 714 632 0858 ftp us zyxel com ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A support zyxel de 49 2405 6909 0 www zyxel de GERMANY sales zyxel de 49 2405 6909 99 ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany 33 0 4 72 52 97 97 FRANCE info zyxel fr 33 0 4 72 52 19 20 www zyxel fr ZyXEL France 1 ...

Page 7: ...N SALES E MAIL FAX1 FTP SITE REGULAR MAIL support zyxel se 46 31 744 7700 www zyxel se SWEDEN sales zyxel se 46 31 744 7701 ZyXEL Communications A S Sjöporten 4 41764 Göteborg Sweden FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland ...

Page 8: ......

Page 9: ... 1 Prestige Internet Security Gateway Overview 1 1 1 2 Prestige Features 1 1 1 3 Applications for the Prestige 1 4 Chapter 2 Introducing the Web Configurator 2 1 2 1 Web Configurator Overview 2 1 2 2 Accessing the Prestige Web Configurator 2 1 2 3 Resetting the Prestige 2 2 2 4 Navigating the Prestige Web Configurator 2 2 Chapter 3 Wizard Setup 3 1 3 1 Wizard Setup Overview 3 1 3 2 Wizard Setup Ge...

Page 10: ...CP Setup 5 1 5 3 LAN TCP IP 5 1 5 4 Configuring IP 5 3 5 5 Configuring IP Alias 5 6 Chapter 6 WAN Screens 6 1 6 1 WAN Overview 6 1 6 2 TCP IP Priority Metric 6 1 6 3 WAN IP Address Assignment 6 1 6 4 Configuring Route 6 2 6 5 Configuring WAN ISP 6 3 6 6 Configuring WAN IP 6 9 6 7 Configuring WAN MAC 6 13 6 8 Traffic Redirect 6 14 6 9 Configuring Traffic Redirect 6 15 6 10 Configuring Dial Backup 6...

Page 11: ...ute Overview 8 1 8 2 Configuring IP Static Route 8 1 UPnP and Firewall IV Chapter 9 UPnP 9 1 9 1 Universal Plug and Play Overview 9 1 9 2 UPnP and ZyXEL 9 2 9 3 Configuring UPnP 9 2 9 4 Installing UPnP in Windows Example 9 4 9 5 Using UPnP in Windows XP Example 9 6 Chapter 10 Firewall 10 1 10 1 Introduction 10 1 10 2 Firewall Settings Screen 10 3 10 3 The Firewall NAT and Remote Management 10 5 10...

Page 12: ...ttings 12 2 Chapter 13 Maintenance 13 1 13 1 Maintenance Overview 13 1 13 2 Status Screen 13 1 13 3 DHCP Table Screen 13 4 13 4 F W Upload Screen 13 5 13 5 Configuration Screen 13 7 13 6 Restart Screen 13 10 SMT General Configuration VII Chapter 14 Introducing the SMT 14 1 14 1 SMT Introduction 14 1 14 2 Navigating the SMT Interface 14 3 14 3 Changing the System Password 14 6 Chapter 15 Menu 1 Gen...

Page 13: ... 1 17 2 Protocol Dependent Ethernet Setup 17 2 17 3 TCP IP Ethernet Setup and DHCP 17 2 Chapter 18 Internet Access 18 1 18 1 Introduction to Internet Access Setup 18 1 18 2 Ethernet Encapsulation 18 1 18 3 Configuring the PPTP Client 18 3 18 4 Configuring the PPPoE Client 18 4 18 5 Basic Setup Complete 18 5 Chapter 19 Remote Node Configuration 19 1 19 1 Introduction to Remote Node Setup 19 1 19 2 ...

Page 14: ... 3 Enabling the Firewall 22 1 SMT Advanced Management VIII Chapter 23 Filter Configuration 23 1 23 1 Introduction to Filters 23 1 23 2 Configuring a Filter Set 23 4 23 3 Example Filter 23 13 23 4 Filter Types and NAT 23 15 23 5 Firewall Versus Filters 23 16 23 6 Applying a Filter 23 16 Chapter 24 SNMP Configuration 24 1 24 1 About SNMP 24 1 24 2 Supported MIBs 24 2 24 3 SNMP Configuration 24 2 24 ...

Page 15: ...mand Interpreter Mode 27 1 27 2 Call Control Support 27 2 27 3 Time and Date Setting 27 4 Chapter 28 Remote Management 28 1 28 1 Remote Management 28 1 Chapter 29 Call Scheduling 29 1 29 1 Introduction to Call Scheduling 29 1 Appendices and Index IX Appendix A PPPoE A 1 Appendix B PPTP B 1 Appendix C NetBIOS Filter Commands C 1 Appendix D Log Descriptions D 1 Appendix E Setting up Your Computer s ...

Page 16: ......

Page 17: ... Encapsulation 3 6 Figure 3 5 Wizard 3 3 10 Figure 4 1 System General Setup 4 1 Figure 4 2 DDNS 4 3 Figure 4 3 Password 4 5 Figure 4 4 Time Setting 4 6 Figure 5 1 IP 5 3 Figure 5 2 IP Alias 5 6 Figure 6 1 WAN Setup Route 6 3 Figure 6 2 Ethernet Encapsulation 6 4 Figure 6 3 PPPoE Encapsulation 6 6 Figure 6 4 PPTP Encapsulation 6 8 Figure 6 5 WAN IP 6 11 Figure 6 6 MAC Setup 6 14 Figure 6 7 Traffic ...

Page 18: ...ute 8 2 Figure 8 3 Static Route Edit 8 3 Figure 9 1 Configuring UPnP 9 3 Figure 10 1 Firewall Settings 10 3 Figure 10 2 Firewall Rule Directions 10 5 Figure 10 3 Firewall Filter 10 7 Figure 10 4 Firewall Service 10 9 Figure 11 1 Remote Management WWW 11 3 Figure 11 2 Telnet Configuration on a TCP IP Network 11 4 Figure 11 3 Remote Management Telnet 11 5 Figure 11 4 Remote Management FTP 11 6 Figur...

Page 19: ...10 Figure 13 13 Reset Warning Message 13 10 Figure 13 14 Restart 13 11 Figure 14 1 Login Screen 14 2 Figure 14 2 SMT Menu Overview 14 3 Figure 14 3 SMT Main Menu 14 5 Figure 14 4 Menu 23 System Password 14 6 Figure 15 1 Menu 1 General Setup 15 2 Figure 15 2 Menu 1 1 Configure Dynamic DNS 15 4 Figure 16 1 MAC Address Cloning in WAN Setup 16 1 Figure 16 2 Menu 2 Dial Backup Setup 16 2 Figure 16 3 Me...

Page 20: ...Remote Node Network Layer Options for Ethernet Encapsulation 19 7 Figure 19 5 Menu 11 5 Remote Node Filter Ethernet Encapsulation 19 9 Figure 19 6 Menu 11 5 Remote Node Filter PPPoE or PPTP Encapsulation 19 10 Figure 19 7 Menu 11 6 Traffic Redirect Setup 19 10 Figure 20 1 Menu 12 IP Static Route Setup 20 1 Figure 20 2 Menu12 1 Edit IP Static Route 20 2 Figure 21 1 Menu 4 Applying NAT for Internet ...

Page 21: ...p 21 18 Figure 22 1 Menu 21 2 Firewall Setup 22 2 Figure 23 1 Outgoing Packet Filtering Process 23 2 Figure 23 2 Filter Rule Process 23 3 Figure 23 4 Menu 21 Filter and Firewall Setup 23 4 Figure 23 5 Menu 21 1 Filter Set Configuration 23 4 Figure 23 6 Menu 21 1 1 1 TCP IP Filter Rule 23 7 Figure 23 7 Executing an IP Filter 23 10 Figure 23 8 Menu 21 1 4 1 Generic Filter Rule 23 11 Figure 23 9 Teln...

Page 22: ...ion Example 26 4 Figure 26 3 Telnet into Menu 24 6 26 7 Figure 26 4 Restore Using FTP Session Example 26 8 Figure 26 5 Telnet Into Menu 24 7 1 Upload System Firmware 26 9 Figure 26 6 Telnet Into Menu 24 7 2 System Maintenance 26 9 Figure 26 7 FTP Session Example of Firmware File Upload 26 10 Figure 27 1 Command Mode in Menu 24 27 1 Figure 27 2 Valid Commands 27 2 Figure 27 3 Menu 24 9 System Maint...

Page 23: ...neral Setup 4 1 Table 4 2 DDNS 4 4 Table 4 3 Password 4 5 Table 4 4 Time Setting 4 6 Table 5 1 IP 5 3 Table 5 2 IP Alias 5 6 Table 6 1 Private IP Address Ranges 6 2 Table 6 2 Example of Network Properties for LAN Servers with Fixed IP Addresses 6 2 Table 6 3 WAN Setup Route 6 3 Table 6 4 Ethernet Encapsulation 6 4 Table 6 5 PPPoE Encapsulation 6 6 Table 6 6 PPTP Encapsulation 6 8 Table 6 7 WAN IP ...

Page 24: ... 3 Firewall Service 10 9 Table 11 1 Remote Management WWW 11 3 Table 11 2 Remote Management Telnet 11 5 Table 11 3 Remote Management FTP 11 6 Table 11 4 SNMP Traps 11 8 Table 11 5 Remote Management SNMP 11 10 Table 11 6 Remote Management DNS 11 11 Table 11 7 Security 11 12 Table 12 1 View Log 12 2 Table 12 2 Log Settings 12 3 Table 13 1 System Status 13 2 Table 13 2 System Status Show Statistics 1...

Page 25: ...et Access Setup Ethernet 18 2 Table 18 2 New Fields in Menu 4 PPTP Screen 18 4 Table 18 3 New Fields in Menu 4 PPPoE screen 18 5 Table 19 1 Menu 11 1 Remote Node Profile for Ethernet Encapsulation 19 2 Table 19 2 Fields in Menu 11 1 PPPoE Encapsulation Specific 19 5 Table 19 3 Menu 11 1 Remote Node Profile for PPTP Encapsulation 19 6 Table 19 4 Remote Node Network Layer Options 19 7 Table 19 5 Men...

Page 26: ...nformation 25 4 Table 25 3 Menu 24 3 2 System Maintenance Syslog and Accounting 25 5 Table 25 4 System Maintenance Menu Diagnostic 25 11 Table 26 1 Filename Conventions 26 2 Table 26 2 General Commands for GUI based FTP Clients 26 4 Table 26 3 General Commands for GUI based TFTP Clients 26 6 Table 27 1 Budget Management 27 3 Table 27 2 Call History Fields 27 4 Table 27 3 Time and Date Setting Fiel...

Page 27: ... CD for support documents Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains a detailed easy to follow connection diagram default settings handy checklists and information on setting up your network and configuring for Internet access Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary inform...

Page 28: ...Bold Times New Roman font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar The choices of a menu item are in Bold Arial font Mouse action sequences are denoted using a comma For example click the Apple icon Control Panels and then Modem means first click the Apple icon then point your mous...

Page 29: ...Getting Started I Part I Getting Started This part helps you get to know your Prestige introduces the web configurator and covers how to configure the Wizard Setup screens ...

Page 30: ......

Page 31: ...e allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network Auto crossover 10 100 Mbps Ethernet Interface s These interfaces automatically adjust to either a crossover or straight through Ethernet cable 4 Por...

Page 32: ... web sites containing keywords that you specify You can define time periods and days during which content filtering is enabled and include or exclude a range of users on the LAN from content filtering Packet Filtering Packet filtering blocks unwanted traffic from entering leaving your network Universal Plug and Play UPnP Using the standard TCP IP protocol the Prestige and other UPnP enabled device...

Page 33: ...Prestige through the network The Prestige supports SNMP version one SNMPv1 Network Address Translation NAT Network Address Translation NAT allows the translation of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Traffic Redirect ...

Page 34: ...and packet tracing Unix syslog facility support Firewall logs Content filtering logs Upgrade Prestige Firmware via LAN The firmware of the Prestige can be upgraded via the LAN refer to Maintenance F W Upload Screen Embedded FTP and TFTP Servers The Prestige s embedded FTP and TFTP Servers enable fast firmware upgrades as well as configuration file backups and restoration 1 3 Applications for the P...

Page 35: ...Prestige 324 User s Guide Introducing the Web Configurator 1 5 Figure 1 1 Secure Internet Access via Cable DSL or Wireless Modem ...

Page 36: ......

Page 37: ...ou see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual Prestige models or firmware versions 2 2 Accessing the Prestige Web Configurator Step 1 Make sure your Prestige hardware is properly connected and prepare your computer computer network to connect to the Prestige refer to the Quick Start Guide Step 2 Launch your web browser S...

Page 38: ...se all configurations that you had previously and the password will be reset to 1234 2 3 1 Procedure To Use The Reset Button Make sure the PWR LED is on not blinking before you begin this procedure Step 1 Make sure the PWR LED is on not blinking Step 2 Press the RESET button for ten seconds or until the PWR LED begins to blink and then release it When the PWR LED begins to blink the defaults have ...

Page 39: ...nistrative and system related information DDNS Use this screen to set up dynamic DNS Password Use this screen to change your password Time Setting Use this screen to change your Prestige s time and date Click WIZARD for initial configuration including general setup ISP parameters for Internet Access and WAN IP DNS Server MAC address assignment Use submenus to configure Prestige features Click MAIN...

Page 40: ...ort Use this screen to change your Prestige s trigger port settings STATIC ROUTE IP Static Route Use this screen to configure IP static routes UPnP UPnP Use this screen to enable UPnP on the Prestige FIREWALL Settings Use this screen to activate deactivate the firewall and log packets related to firewall rules Filter This screen allows you to block sites containing certain keywords in the URL and ...

Page 41: ...ed Log Settings Use this screen to change your Prestige s log settings MAINTENANCE Status This screen contains administrative and system related information DHCP Table This screen displays DHCP Dynamic Host Configuration Protocol related information and is READ ONLY F W Upload Use this screen to upload firmware to your Prestige Configuration Use this screen to backup and restore the configuration ...

Page 42: ......

Page 43: ...ame In Windows 95 98 click Start Settings Control Panel Network Click the Identification tab note the entry for the Computer Name field and enter it as the System Name In Windows 2000 click Start Settings and Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name In Wi...

Page 44: ...Wizard Setup Figure 3 1 Wizard 1 3 3 Wizard Setup Screen 2 The Prestige offers three choices of encapsulation They are Ethernet PPP over Ethernet or PPTP 3 3 1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet ...

Page 45: ...ard Telstra RoadRunner Telstra authentication method RR Manager Roadrunner Manager authentication method RR Toshiba Roadrunner Toshiba authentication method or Telia Login The following fields are not applicable N A for the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Login Server IP Address Type the auth...

Page 46: ...entication method that works with existing access control systems for instance Radius For the user PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a function ...

Page 47: ...ist box PPPoE forms a dial up connection Service Name Type the name of your service provider User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Nailed Up Connection Select Nailed Up Connection if you do not want the connection to time out Idle Timeout Type the time in seconds that elapses before the router automatically disconnects ...

Page 48: ... protocol that enables transfers of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet Refer to the appendix for more information on PPTP The PRESTIGE supports one PPTP server connection at any given time Figure 3 4 Wizard 2 P...

Page 49: ...address This is the default selection My IP Address Type the static IP address assigned to you by your ISP My IP Subnet Mask The subnet mask specifies the network number portion of an IP address Your Prestige automatically assigns a subnet mask based on the IP address typed in the previous field Server IP Address Select this option if your ISP gave you an IP address Otherwise select Server Domain ...

Page 50: ... the IANA from an ISP or have it assigned by a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situati...

Page 51: ...instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The Prestige can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses en...

Page 52: ...ble describes the fields in this screen Table 3 6 WAN Setup LABEL DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address ...

Page 53: ...the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right Select None if you do not want to configure DNS servers If you do not configure a system DNS server you must use IP addresses when configuring VPN DDNS and the time server WAN MAC Address The MAC address field allows you to configure the WAN port s MAC Address ...

Page 54: ...System LAN and WAN II Part II System LAN and WAN This part covers configuration of the system LAN and WAN screens ...

Page 55: ... General screen Figure 4 1 System General Setup The following table describes the labels in this screen Table 4 1 System General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes It is recommended you enter your computer s Computer name in this field see the Wizard Setup chapter for how to find your computer s name This name can be up to 30 alphanumeric char...

Page 56: ...if your ISP dynamically assigns DNS server information and the Prestige s WAN IP address The field to the right displays the read only DNS server IP address that the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None afte...

Page 57: ... Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname If you have a private WAN IP address then you cannot use Dynamic DNS 4 4 Configuring Dynamic DNS To change your Prestige s DDNS click SYSTEM...

Page 58: ...ield Check with your Dynamic DNS service provider to have traffic redirected to a URL that you can specify while you are off line Edit Update IP Address Server Auto Detect Select this option to update the IP address of the host name s automatically by the DDNS server It is recommended that you select this option User Specify Select this option to update the IP address of the host name s to the IP ...

Page 59: ...n this field New Password Type the new password in this field Retype to Confirm Type the new password again in this field Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh 4 6 Configuring Time Setting To change your Prestige s time and date click SYSTEM then the Time Setting tab The screen appears as shown Use this screen to confi...

Page 60: ...ministrator or use trial and error to find a protocol that works The main difference between them is the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 The default NTP RFC 1305 is similar to Time RFC 868 Select None to enter the time and date manually Time Server Addres...

Page 61: ... with the time server New Date This field displays the last updated date from the time server When you select None in the Time Protocol field enter the new date in this field and then click Apply Time Zone Choose the Time Zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use daylight savings time Da...

Page 62: ......

Page 63: ...must have another DHCP server on your LAN or else the computer must be manually configured 5 2 1 IP Pool Setup The Prestige is pre configured with a pool of 32 IP addresses starting from 192 168 1 33 to 192 168 1 64 This configuration leaves 31 IP addresses excluding the Prestige itself in the lower range for other server computers for instance servers for mail FTP TFTP web etc that you may have 5...

Page 64: ... uses multicasting then all routers on your network must use multicasting also By default RIP Direction is set to Both and RIP Version to RIP 1 5 3 4 Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGM...

Page 65: ...rtup from a server Leave the DHCP Server check box selected unless your ISP instructs you to do otherwise Clear it to disable the Prestige acting as a DHCP server When configured as a server the Prestige provides TCP IP configuration for the clients If not DHCP service is disabled and you must have another DHCP server on your LAN or else the computers must be manually configured When set as a serv...

Page 66: ...you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select DNS Relay to have the Prestige act as a DNS proxy The Prestige s LAN IP address displays in the field to the right read only The Prestige tells the DHCP clients on the LAN that the Prestige itself is the DNS server When a computer on the LAN sends a DNS query t...

Page 67: ...n all routers on your network must use multicasting also By default RIP direction is set to Both and the Version set to RIP 1 Multicast Select IGMP V 1 or IGMP V 2 or None IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP ve...

Page 68: ...estige s IP Alias settings click LAN then the IP Alias tab The screen appears as shown Figure 5 2 IP Alias The following table describes the labels in this screen Table 5 2 IP Alias LABEL DESCRIPTION IP Alias 1 2 Select the check box to configure another LAN network for the Prestige IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automa...

Page 69: ...and the broadcasting method of the RIP packets that the Prestige sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M...

Page 70: ......

Page 71: ...N designated by the ISP see section 6 6 or a static route see the IP Static Route Setup chapter 2 Traffic Redirect see section 6 9 3 Dial Backup see section 6 10 For example if WAN has a metric of 1 and Traffic Redirect has a metric of 2 and Dial Backup has a metric of 3 the WAN connection acts as the primary default route If the WAN route fails to connect to the Internet the Prestige tries Traffi...

Page 72: ...ia Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You can configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a computer on your LAN Once it is successfully configured the address will be copied to the rom file configuration file It will not chan...

Page 73: ...o choices for an auxiliary connection Traffic Redirect and Dial Backup in the event that your regular WAN connection goes down If Dial Backup is preferred to Traffic Redirect then type 14 in the Dial Backup Priority metric field and leave the Traffic Redirect Priority metric at the default of 15 Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this...

Page 74: ... method RR Toshiba Roadrunner Toshiba authentication method or Telia Login The following fields do not appear with the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type the password again to make sure that you have entered it correctly Login Server IP Address Type the authentication serv...

Page 75: ...ider PPPoE offers an access and authentication method that works with existing access control systems for example Radius PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let you access one of multiple network serv...

Page 76: ...PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the router rather than individual computers the computers on the LAN do not need PPPoE software installed since the router does that part of the task Further with NAT all of the LAN s computers will have access S...

Page 77: ...erver Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh 6 5 3 PPTP Encapsulation Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and vi...

Page 78: ...ransfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet The Prestige supports only one PPTP server connection at any given time To configure a PPTP client you must configure the User Name and Password fields for a PPP co...

Page 79: ...tomatically assigns a subnet mask based on the IP address typed in the previous field Server IP Address Select this option if your ISP gave you an IP address Otherwise select Server Domain Name Type the IP address of the PPTP server as given by your ISP Server Domain Name Select this option if your ISP gave you a domain name for your PPTP server Otherwise select Server IP Address Type the domain n...

Page 80: ...L DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address ...

Page 81: ...have multiple public IP addresses Full Feature mapping types include One to One Many to One SUA PAT Many to Many Overload Many One to One and Server When you select Full Feature you must configure at least one address mapping set For more information about NAT refer to the NAT chapter in this User s Guide Metric PPPoE and PPTP only This field sets this route s priority among the routes the Prestig...

Page 82: ...difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets However if one router uses multicasting then all routers on your network must use multicasting also By default the RIP Version field is set to RIP 1 Multic...

Page 83: ...ck Reset to begin configuring this screen afresh 6 7 Configuring WAN MAC To change your Prestige s WAN MAC settings click WAN then the WAN MAC tab The screen appears as shown Figure 6 6 MAC Setup The MAC address screen allows users to configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a computer on your LAN Choose Factory Default to select the ...

Page 84: ...work topology allows you to avoid triangle route security issues see the Appendices when the backup gateway is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet 2 Configure a LAN to ...

Page 85: ...Gateway IP Address Type the IP address of your backup gateway in dotted decimal notation The Prestige automatically forwards traffic to this IP address if the Prestige s Internet connection terminates Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost of transmission A router determines the best route for transmission by choosing a path w...

Page 86: ...he backup gateway Period seconds Type the number of seconds for the Prestige to wait between checks to see if it can connect to the WAN IP address Check WAN IP Address field or default gateway Allow more time if your destination IP address handles lots of traffic Timeout seconds Type the number of seconds for your Prestige to wait for a ping response from the IP Address in the Check WAN IP Address...

Page 87: ...Prestige 324 User s Guide WAN Screens 6 17 Figure 6 10 Dial Backup Setup ...

Page 88: ...Phone number if available Some areas require dialing the pound sign before the phone number for local calls Include a symbol at the beginning of the phone numbers as required Dial Backup Port Speed Use the drop down list box to select the speed of the connection between the Dial Backup port and the external device Available speeds are 9600 19200 38400 57600 115200 or 230400 bps AT Command Initial ...

Page 89: ... it Type the remote gateway s IP address here if you know it static Remote IP Subnet Mask Leave this field set to 0 0 0 0 default to have the ISP or other remote router dynamically send its subnet mask if you do not know it Type the remote gateway s subnet mask here if you know it static Enable SUA Network Address Translation NAT allows the translation of an Internet protocol address used within o...

Page 90: ...ntrols the sending and receiving of RIP packets Choose Both In Only or Out Only When set to Both or Out Only the Prestige will broadcast its routing table periodically When set to Both or In Only the Prestige will incorporate RIP information that it receives Broadcast Dial Backup Route Select this check box to forward the backup route broadcasts to the WAN Enable Multicast Select this check box to...

Page 91: ...his option applies only when the Prestige initiates the call The dial backup connection never times out if you set this field to 0 it is the same as selecting Always On Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh 6 11 Advanced Modem Setup 6 11 1 AT Command Strings For regular telephone lines the default Dial string tells the...

Page 92: ...nt from the WAN device The response strings have not been standardized please consult the documentation of your WAN device to find the correct tags 6 12 Configuring Advanced Modem Setup Click the Edit button in the Dial Backup screen to display the Advanced Setup screen shown next Consult the manual of your WAN device connected to your dial backup port for specific AT commands ...

Page 93: ...de WAN Screens 6 23 Figure 6 11 Advanced Setup The following table describes the labels in this screen Table 6 10 Advanced Setup LABEL DESCRIPTION EXAMPLE AT Command Strings Dial Type the AT Command string to make a call atdt ...

Page 94: ...he dialed number Speed Type the keyword preceding the connection speed CONNECT Call Control Dial Timeout sec Type a number of seconds for the Prestige to try to set up an outgoing call before timing out stopping 60 Retry Count Type a number of times for the Prestige to retry a busy or no answer phone number before blacklisting the number 0 Retry Interval sec Type a number of seconds for the Presti...

Page 95: ...NAT and Static Route III Part III NAT and Static Route This part covers Network Address Translation and setting up static routes ...

Page 96: ......

Page 97: ... the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside h...

Page 98: ... mapping NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 7 1 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing ...

Page 99: ...AT Works 7 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WAN networks More examples follow at the end of this chapter ...

Page 100: ...e maps one local IP address to one global IP address Many to One In Many to One mode the Prestige maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overload mode the Prestige maps the multiple local IP addresses to shared global IP address...

Page 101: ... to the outside world Port numbers do not change for One to One and Many One to One NAT mapping types The following table summarizes these types Table 7 2 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION One to One ILA1 IGA1 1 1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 M 1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 M M Ov Many One to One ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 M 1 1 Serv...

Page 102: ...ht be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are...

Page 103: ... The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more examples and details on SUA NAT Table 7 3 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text T...

Page 104: ...erver If you do not assign a Default Server IP Address the Prestige discards all packets received for ports that are not specified in this screen or remote management Click SUA NAT to open the SUA Server screen Refer to Table 7 3 for port numbers commonly used for particular services IP address assigned by ISP ...

Page 105: ...P Address the Prestige discards all packets received for ports that are not specified in this screen or remote management Number of an individual SUA server entry Active Select this check box to enable the SUA server entry Clear this checkbox to disallow forwarding of these ports to an inside server without having to delete the entry Name Enter a name to identify this port forwarding rule Start Po...

Page 106: ...onding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the new rule will be rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pu...

Page 107: ...r One to One Many to One and Server mapping types Type 1 One to One mode maps one local IP address to one global IP address Note that port numbers do not change for the One to one NAT mapping type 2 Many to One mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers sup...

Page 108: ...L s Single User Account feature 3 Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses 4 Many One to One Many One to one mode maps each local IP address to unique global IP addresses 5 Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP This is the ...

Page 109: ... a single LAN IP address In order to use the same service on a different LAN computer you have to manually replace the LAN computer s IP address in the forwarding port with another LAN computer s IP address Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service The Prestige records the IP address of a LAN computer that sends traffic...

Page 110: ... the connection is closed or times out The Prestige times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol 7 6 2 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data that is going coming from inside the Prestige and going to the outside 2 If an application needs a continuous data stream that port ra...

Page 111: ...ange of ports that a server on the WAN uses when it sends out a particular service The Prestige forwards the traffic with this port or range of ports to the client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or the ending port number in a range of port numbers Trigger The trigger por...

Page 112: ... Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or the ending port number in a range of port numbers Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh ...

Page 113: ...etworks beyond For instance the Prestige knows about network N2 in the following figure through remote node router R1 However the Prestige is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node router R1 via gateway router R2 The static routes are for you to tell the Prestige about the networks beyond the remote nodes Figure 8 1 Example...

Page 114: ...ation Routing is always based on network number Gateway This is the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over the WAN the gateway must be the IP address of one of the remote nodes Edit Select a static route index number and then cli...

Page 115: ...in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over the WAN the gateway must be the ...

Page 116: ...ude this route to a remote node in its RIP broadcasts Select this check box to keep this route private and not included in RIP broadcasts Clear this checkbox to propagate this route to other hosts through RIP broadcasts Apply Click Apply to save your changes back to the Prestige Cancel Click Cancel to return to the previous screen and not save your changes ...

Page 117: ...UPnP and Firewall IV Part IV UPnP and Firewall This part provides information and configuration instructions for configuration of Universal Plug and Play firewall and content filtering ...

Page 118: ...n the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 9 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure netw...

Page 119: ... this is not your intention 9 2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still being tested UPnP broadcasts are on...

Page 120: ...heck box to allow UPnP enabled applications to automatically configure the Prestige so that they can communicate through the Prestige for example by using NAT traversal UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device this eliminates the need to manually configure port forwarding for the UPnP enabled application Allow UPnP to pa...

Page 121: ...ouble click Add Remove Programs Step 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Step 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Step 4 Click OK to go back to the Add Remove Programs Properties window and click Next Step 5 Restart the computer when prompted 9 4 2 Installing ...

Page 122: ...menu and select Optional Networking Components The Windows Optional Networking Components Wizard window displays Step 4 Select Networking Service in the Components selection box and click Details Step 5 In the Networking Services window select the Universal Plug and Play check box Step 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next ...

Page 123: ...n Windows XP and UPnP activated on the ZyXEL device Make sure the computer is connected to a LAN port of the ZyXEL device Turn on your computer and the ZyXEL device 9 5 1 Auto discover Your UPnP enabled Network Device Step 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Gateway Step 2 Right click the icon and select Properties ...

Page 124: ...e UPnP 9 7 Step 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created Step 4 You may edit or delete the port mappings or click Add to manually add port mappings ...

Page 125: ... and click OK An icon displays in the system tray Step 6 Double click the icon to display your current Internet connection status 9 5 2 Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device Follow the steps below to access...

Page 126: ...ouble click Network Connections Step 3 Select My Network Places under Other Places Step 4 An icon with the description for each UPnP enabled device displays under Local Network Step 5 Right click the icon for your ZyXEL device and select Invoke The web configurator login screen displays ...

Page 127: ...Prestige 324 User s Guide 9 10 UPnP Step 6 Right click the icon for your ZyXEL device and select Properties A properties window displays with basic information about the ZyXEL device ...

Page 128: ...y This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the firewall itself Stateful Inspection Firewall Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assur...

Page 129: ...nd the World Wide Web However inbound access is not allowed by default unless the remote host is authorized to use a specific service 10 1 1 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator 2 Think about access control before you connect to the network in any way including attaching a modem to the port 3 Limit who can access your router 4 Don ...

Page 130: ... 324 User s Guide Firewall 10 3 10 2 Firewall Settings Screen From the MAIN MENU click FIREWALL to open the Settings screen Figure 10 1 Firewall Settings The following table describes the labels in this screen ...

Page 131: ... WAN packets to log Choose from No Log Log Blocked blocked LAN to WAN services appear in the Blocked Services textbox in the Services screen with Enable Services Blocking selected Log All log all LAN to WAN packets WAN to LAN To log packets related to firewall rules make sure that Access Control under Log is selected in the Logs Log Settings screen Packets to Log Choose what WAN to LAN and WAN to ...

Page 132: ...ox are LAN to WAN firewall rules that block those services originating from the LAN Blocked LAN to WAN packets are considered alerts Alerts are higher priority logs that include system errors attacks and attempted access to blocked web sites Alerts appear in red in the View Log screen You may choose to have alerts e mailed immediately in the Log Settings screen LAN to LAN Prestige means the LAN to...

Page 133: ...cide what WAN to LAN packets to log you are in fact deciding what WAN to LAN and WAN to WAN Prestige packets to log Allow NetBIOS traffic from the WAN to the LAN using the WAN IP web screen or SMT menu 24 8 commands Forwarded WAN to LAN packets are not considered alerts 10 4 Configuring Content Filtering Content filtering allows you to block web sites by URL keywords that you specify for example y...

Page 134: ...is screen Table 10 2 Firewall Filter LABEL DESCRIPTION Restricted Web Features ActiveX ActiveX is a tool for building dynamic and active Web pages and distributed object applications When you visit an ActiveX Web site ActiveX controls are downloaded to your browser where they remain in case you visit the site again ...

Page 135: ...is field You may use any character up to 64 characters Wildcards are not allowed Keyword List This is a list of keywords that will be inaccessible to computers on your LAN once you enable URL keyword blocking Add Type a keyword in the Keyword field and click then Add to add a keyword to the Keyword List Delete Select a keyword from the Keyword List and then click Delete to remove this keyword from...

Page 136: ... Guide Firewall 10 9 Figure 10 4 Firewall Service The following table describes the labels in this screen Table 10 3 Firewall Service LABEL DESCRIPTION Enable Services Blocking Select this check box to enable this feature ...

Page 137: ......

Page 138: ...For example suppose you want to define the Gnutella service Select TCP type and enter a port range from 6345 6349 Add Select a service from the Available Services drop down list and then click Add to add a service to the Blocked Service Delete Select a service from the Blocked Services List and then click Delete to remove this service from the list Clear All Click Clear All to empty the Blocked Se...

Page 139: ...Remote Management V Part V Remote Management This part provides information and configuration instructions for configuration of remote management ...

Page 140: ......

Page 141: ...r details on configuring firewall rules You may manage your Prestige from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access field You may only have one remote management session...

Page 142: ...nning You may only have one remote management session running at one time 5 There is a firewall rule that blocks it 11 1 2 Remote Management and NAT When NAT is enabled Use the Prestige s WAN IP address when configuring from the WAN Use the Prestige s LAN IP address when configuring from the LAN 11 1 3 System Timeout There is a default system management idle timeout of five minutes three hundred s...

Page 143: ... Server Access Select the interface s through which a computer may access the Prestige using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the Prestige using this service Select All to allow any computer to access the Prestige using this service Choose Selected to just allow the computer with the IP address that you specify to acc...

Page 144: ...figure your Prestige for remote Telnet access as shown next The administrator uses Telnet from a computer on a remote network to access the Prestige Figure 11 2 Telnet Configuration on a TCP IP Network 11 4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown ...

Page 145: ...that is allowed to communicate with the Prestige using this service Select All to allow any computer to access the Prestige using this service Choose Selected to just allow the computer with the IP address that you specify to access the Prestige using this service Apply Click Apply to save your customized settings and exit this screen Reset Click Reset to begin configuring this screen afresh 11 5 ...

Page 146: ...rusted computer that is allowed to communicate with the Prestige using this service Select All to allow any computer to access the Prestige using this service Choose Selected to just allow the computer with the IP address that you specify to access the Prestige using this service Apply Click Apply to save your customized settings and exit this screen Reset Click Reset to begin configuring this scr...

Page 147: ...An agent is a management software module that resides in a managed device the Prestige An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object v...

Page 148: ...the agent to inform the manager of some events 11 6 1 Supported MIBs The Prestige supports MIB II that is defined in RFC 1213 and RFC 1215 The focus of the MIBs is to let administrators collect statistical data and monitor status and performance 11 6 2 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs Table 11 4 SNMP Traps TRAP TRAP NAME DESCRI...

Page 149: ...error A trap is sent with the message of the fatal code if the system reboots because of fatal errors 11 6 3 Configuring SNMP To change your Prestige s SNMP settings click REMOTE MGMT then the SNMP tab The screen appears as shown Figure 11 6 Remote Management SNMP The following table describes the labels in this screen ...

Page 150: ...ice if needed however you must use the same port number in order to use that service for remote management Service Access Select the interface s through which a computer may access the Prestige using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the Prestige using this service Select All to allow any computer to access the Prestig...

Page 151: ...e Secured Client IP Address A secured client is a trusted computer that is allowed to send DNS queries to the Prestige Select All to allow any computer to send DNS queries to the Prestige Choose Selected to just allow the computer with the IP address that you specify to send DNS queries to the Prestige Apply Click Apply to save your customized settings and exit this screen Reset Click Reset to beg...

Page 152: ...owing table describes the labels in this screen Table 11 7 Security LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user Respond to Ping on The Prestige ...

Page 153: ...e on its unused UDP ports and a TCP Reset packet for a port probe on its unused TCP ports Note that the probing packets must first traverse the Prestige s firewall mechanism before reaching this anti probing mechanism Therefore if the firewall mechanism blocks a probing packet the Prestige reacts based on the firewall policy which by default is to send a TCP reset packet for a blocked TCP packet Y...

Page 154: ...Logs and Maintenance VI Part VI Logs and Maintenance This part covers the centralized logs and maintenance screens ...

Page 155: ...een Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see section 12 2 Options include logs about system maintenance system errors access control allowed or blocked web sites blocked web features such as ActiveX controls java and cookies attacks such as DoS and IPSec Log entries in red indicate system error logs The log wraps around and deletes...

Page 156: ...ress Info fields in Log Settings see section 12 2 Refresh Click Refresh to renew the log screen Clear Log Click Clear Log to delete all the logs 12 2 Log Settings You can configure the Prestige s general log settings in one location Click the LOGS in the navigation panel and then the Log Settings tab to open the Log Settings screen Use the Log Settings screen to configure to where the Prestige is ...

Page 157: ...Prestige 324 User s Guide Centralized Logs 12 3 Figure 12 2 Log Settings The following table describes the labels in this screen Table 12 2 Log Settings LABEL DESCRIPTION Address Info ...

Page 158: ...his field is left blank alert messages will not be sent via e mail Unix Syslog The Prestige sends a log to an external syslog server Active Click Active to enable syslog logging Syslog IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the mes...

Page 159: ...our format for example 23 00 equals 11 00 pm to send the logs Clear log after sending mail Select the check box to clear all logs after logs and alert messages are sent via e mail Log Select the categories of logs that you want to record Send Immediate Alert Select log categories for which you want the Prestige to send e mail alerts immediately Apply Click Apply to save your changes Reset Click Re...

Page 160: ......

Page 161: ...cs 13 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your Prestige 13 2 Status Screen Click MAINTENANCE to open the Status screen where you can use to monitor your Prestige Note that these fields are READ ONLY and are meant to be used for diagnostic purposes Figure 13 1 System Status ...

Page 162: ...etwork Operating System design Routing Protocols This shows the routing protocol IP for which the Prestige is configured This field is not configurable in all Prestige router models WAN Port IP Address This is the WAN port IP address IP Subnet Mask This is the WAN port subnet mask DHCP This is the WAN port DHCP role Client or None LAN Port IP Address This is the LAN port IP address IP Subnet Mask ...

Page 163: ...ncapsulation TxPkts This is the number of transmitted packets on this port RxPkts This is the number of received packets on this port Collisions This is the number of collisions on this port Tx B s This displays the transmission speed in bytes per second on this port Rx B s This displays the reception speed in bytes per second on this port Up Time This is the total amount of time the line has been...

Page 164: ...set to None DHCP service will be disabled and you must have another DHCP server on your LAN or else the computer must be manually configured Click MAINTENANCE and then the DHCP Table tab Read only information here relates to your DHCP status The DHCP table shows current DHCP Client information including IP Address Host Name and MAC Address of all network clients using the DHCP server Figure 13 3 D...

Page 165: ...ew the screen 13 4 F W Upload Screen Find firmware at www zyxel com in a file that usually uses the system model name with a bin extension e g Prestige bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP TFTP commands ...

Page 166: ... not turn off the Prestige while firmware upload is in progress After you see the Firmware Upload in Process screen wait two minutes before logging into the Prestige again Figure 13 6 Firmware Upload In Process The Prestige automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 13 7 Network Temporar...

Page 167: ...tion Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information related to factory defaults backup configuration and restoring configuration appears as shown next ...

Page 168: ...functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the Prestige s current configuration to your computer 13 5 2 Restore Configuration Restore configuration allows you to upload a new or previously saved config...

Page 169: ...creen you must then wait one minute before logging into the Prestige again Figure 13 10 Configuration Upload Successful The Prestige automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 13 11 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the...

Page 170: ...e following warning screen will appear Figure 13 13 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your Prestige Refer to the Hardware Installation chapter for more information on the RESET button 13 6 Restart Screen System restart allows you to reboot the Prestige without turning the power off Click MAINTENANCE and then Restart Click R...

Page 171: ...Prestige 324 User s Guide Maintenance 13 11 Figure 13 14 Restart ...

Page 172: ...vers System Management Terminal configuration for general setup WAN setup LAN setup Internet access remote node static route NAT and enabling the firewall See the web configurator parts of this guide for background information on features configurable by web configurator and SMT ...

Page 173: ...y 8 data bits 1 stop bit data flow set to none 9600 bps port speed Press ENTER to display the SMT password screen The default password is 1234 14 1 2 Procedure for SMT Configuration via Telnet The following procedure details how to telnet into your Prestige Step 1 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK Step ...

Page 174: ...ere is no activity for longer than five minutes after you log in your Prestige will automatically log you out Figure 14 1 Login Screen 14 1 4 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige Enter Password ...

Page 175: ...estige 324 User s Guide Introducing the SMT 14 3 Figure 14 2 SMT Menu Overview 14 2 Navigating the SMT Interface The SMT System Management Terminal is the interface that you use to configure your Prestige ...

Page 176: ...o the previous and the next field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with the symbol must be filled in order to be able to save the n...

Page 177: ...mote node as well as apply WAN filters 12 Static Routing Setup Use this menu to set up static routes 15 NAT Setup Use this menu to specify inside servers when NAT is enabled 21 Filter and Firewall Setup Use this menu to configure filters activate deactivate the firewall and view the firewall log 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Password Use this menu ...

Page 178: ...xt Step 1 Enter 23 in the main menu to display Menu 23 System Password as shown next Step 2 Type your existing system password in the Old Password field for example 1234 and press ENTER Figure 14 4 Menu 23 System Password Step 3 Type your new system password in the New Password field up to 30 characters and press ENTER Step 4 Re type your new system password in the Retype to confirm field for conf...

Page 179: ... click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the Prestige System Name In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the Prestige System N...

Page 180: ... underscores _ are accepted Domain Name Enter the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP You can go to menu 24 8 and type sys domain name to see the current domain name used by your router The domain name entered by you is given priority over the ISP assigned domain name If you want to clear this field just press SPACE BAR and then E...

Page 181: ... IP address in the IP Address field If you select User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None after you save your changes If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you save your changes Select None if you do not want to configure DNS servers If you do not configure a system DNS server...

Page 182: ...yns org provide DNS service for a domain name that you already have from a source other than dyndns org DynamicDNS default Host1 3 Enter your host name s in the fields provided You can specify up to two host names separated by a comma in each field me dyndns org USER Enter your user name Password Enter the password assigned to you Enable Wildcard Your Prestige supports DYNDNS Wildcard Press SPACE ...

Page 183: ...n both fields are set to No the Prestige must have a public WAN IP address in order for DDNS to work Use Server Detected IP Press SPACE BAR to select Yes and then press ENTER to have the DDNS server automatically update the IP address of the host name s with the public IP address that the Prestige uses or is behind You can set this field to Yes whether the IP address is public or private static or...

Page 184: ......

Page 185: ...s screen Table 16 1 MAC Address Cloning in WAN Setup FIELD DESCRIPTION EXAMPLE MAC Address Assigned By Press SPACE BAR and then ENTER to choose one of two methods to assign a MAC Address Choose Factory Default to select the factory assigned default MAC Address Choose IP address attached on LAN to use the MAC Address of that workstation whose IP you give in the following field IP address attached o...

Page 186: ...adband connection to the WAN port fail To set up the auxiliary port Dial Backup for use in the event that the regular WAN connection is dropped first make sure you have set up the switch and port connection see the Quick Start Guide then configure 1 Menu 2 WAN Setup 2 Menu 2 1 Advanced WAN Setup and 3 Menu 11 1 Remote Node Profile Backup ISP as shown next Refer also to the traffic redirect section...

Page 187: ...T Command String Init Enter the AT command string to initialize the WAN device Consult the manual of your WAN device connected to your Dial Backup port for specific AT commands at fs0 0 Edit Advanced Setup To edit the advanced setup for the Dial Backup port move the cursor to this field press the SPACE BAR to select Yes and then press ENTER to go to Menu 2 1 Advanced Setup Yes When you have comple...

Page 188: ... the DTR Data Terminal Ready signal is dropped after the AT Command String Drop is sent out YES AT Response Strings CLID Calling Line Identification Enter the keyword that precedes the CLID Calling Line Identification in the AT response string This lets the Prestige capture the CLID in the AT response string that comes from the WAN device CLID is required for CLID authentication NMBR Called Id Ent...

Page 189: ...the blacklist control Retry Interval sec Enter a number of seconds for the Prestige to wait before trying another call after a call has failed This applies before a phone number is blacklisted Drop Timeout sec Enter a number of seconds for the Prestige to wait before dropping the DTR signal if it does not receive a positive disconnect confirmation 20 seconds Call Back Delay sec Enter a number of s...

Page 190: ...ssword assigned by your ISP for this remote node Retype to Confirm Enter your password again to make sure that you have entered is correctly Authen This field sets the authentication protocol used for outgoing calls Options for this field are CHAP PAP Your Prestige will accept either CHAP or PAP when requested by this remote node CHAP accept CHAP only PAP accept PAP only CHAP PAP Menu 11 1 Remote ...

Page 191: ...rk Layer Options See section 16 7 for more information No default Edit Script Options Press SPACE BAR to select Yes and press ENTER to edit the AT script for the dial backup remote node Menu 11 4 Remote Node Script See section 16 8 for more information No default Telco Option Allocated Budget Enter the maximum number of minutes that this remote node may be called within the time period configured ...

Page 192: ... in Menu 11 1 Remote Node Profile and use the space bar to select Yes Press Enter to open Menu 11 2 as shown next Figure 16 5 Menu 11 2 Remote Node PPP Options This table describes the Remote Node PPP Options Menu and contains instructions on how to configure the PPP options fields Figure 16 6 Menu 11 2 Remote Node PPP Options FIELD DESCRIPTION EXAMPLE Encapsulation Press SPACE BAR and then ENTER ...

Page 193: ... here if you know it static 0 0 0 0 default Rem Subnet Mask Leave this field set to 0 0 0 0 to have the ISP or other remote router dynamically send its subnet mask if you do not know it Enter the remote gateway s subnet mask here if you know it static 0 0 0 0 default My WAN Addr Leave the field set to 0 0 0 0 to have the ISP or other remote router dynamically automatically assign your WAN IP addre...

Page 194: ...fault Metric Enter a number from 1 to 15 to set this route s priority among the Prestige s routes The smaller the number the higher priority the route has 15 default Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broadcasts If No the route to this remote node will be...

Page 195: ...n the remote node when the Prestige sees them in a Send string Please note that both variables must been entered exactly as shown No other characters may appear before or after either i e they must be used alone in response to login and password prompts Please note that the ordering of the sets is significant i e starting from set 1 the Prestige will wait until the Expect string is matched before ...

Page 196: ...e Filter Move the cursor to the field Edit Filter Sets in menu 11 1 and then press SPACE BAR to set the value to Yes Press ENTER to open Menu 11 5 Remote Node Filter Use menu 11 5 to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige to prevent certain packets from triggering calls You can specify up to four filter sets separated by com...

Page 197: ...9 Menu 11 5 Dial Backup Remote Node Filter Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL ...

Page 198: ......

Page 199: ... to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 17 2 Menu 3 1 LAN Port Filter Setup If you need to define filters please read the Filter Set Configuration chapter first then return to this menu to define the filter sets Menu 3 1 LAN Port Filter Setup Input Filter S...

Page 200: ...HCP Ethernet Setup Fields FIELD DESCRIPTION EXAMPLE DHCP This field enables disables the DHCP server If set to Server your Prestige will act as a DHCP server If set to None the DHCP server will be disabled If set to Relay the Prestige acts as a surrogate DHCP server and relays requests and responses between the remote server and the clients When set to Server the following items need to be set Ser...

Page 201: ...ve your changes If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you save your changes Select DNS Relay to have the Prestige act as a DNS proxy The Prestige s LAN IP address displays in the IP Address field below read only The Prestige tells the DHCP clients on the LAN that the Prestige itself is the DNS server When a computer o...

Page 202: ...MP v1 and version 2 IGMP v2 Press SPACE BAR and then ENTER to enable IP Multicasting or select None default to disable it None Edit IP Alias The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network Press SPACE BAR to select Yes and then press ENTER to display menu 3 2 1 No When you have completed this...

Page 203: ...ction Press SPACE BAR and then ENTER to select the RIP direction Options are Both In Only Out Only or None None Version Press SPACE BAR and then ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traffic between this node and the Prestige 1 Outgoing Protocol Filters Enter the filter set s you w...

Page 204: ...7 6 Menu 3 LAN Setup Table 17 3 Menu 3 2 1 IP Alias Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel ...

Page 205: ...determine what encapsulation type you should use 18 2 Ethernet Encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup If you choose Ethernet in menu 4 you will see the next menu Figure 18 1 Menu 4 Internet Access Setup The following table describes the fields in this menu Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation Ethernet Service Type Standard My Login N ...

Page 206: ...ssword Type your password again for confirmation Retype to Confirm Enter your password again to make sure that you have entered is correctly Login Server The Prestige will find the RoadRunner Server IP if this field is left blank If it does not then you must enter the authentication server IP address Relogin Every min This field is available when you select Telia Login in the Service Type field Th...

Page 207: ...clude One to One Many to One SUA PAT Many to Many Overload Many One to One and Server When you select Full Feature you must configure at least one address mapping set Please see the NAT chapter for a more detailed discussion on the Network Address Translation feature When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any ti...

Page 208: ...s field PPTP Idle Timeout This value specifies the time in seconds that elapses before the Prestige automatically disconnects from the PPTP server 100 default 18 4 Configuring the PPPoE Client If you enable PPPoE in menu 4 you will see the next screen For more information on PPPoE please see the appendix Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation PPTP Service Type N A My Login ...

Page 209: ... Prestige automatically disconnects from the PPPoE server 100 default If you need a PPPoE service name to identify and reach the PPPoE server please go to menu 11 and enter the PPPoE service name provided to you in the Service Name field 18 5 Basic Setup Complete Well done You have successfully connected installed and set up your Prestige to operate on your network as well as access the Internet M...

Page 210: ...from the LAN and blocks all traffic to the LAN that originates from the Internet You may deactivate the firewall in menu 21 2 or via the Prestige embedded web configurator You may also define additional firewall rules or modify existing ones but please exercise extreme caution in doing so See the chapters on firewall for more information on the firewall ...

Page 211: ...escribes how to configure Menu 11 1 Remote Node Profile Menu 11 3 Remote Node Network Layer Options Menu 11 5 Remote Node Filter and Menu 11 6 Traffic Redirect Setup 19 2 Remote Node Profile Setup From the main menu select menu option 11 to open Menu 11 Remote Node Profile shown below The following explains how to configure the remote node profile menu 19 2 1 Ethernet Encapsulation There are two v...

Page 212: ...R to select from Standard RR Toshiba RoadRunner Toshiba authentication method RR Manager RoadRunner Manager authentication method RR Telstra or Telia Login Choose one of the RoadRunner methods if your ISP is Time Warner s RoadRunner otherwise choose Standard Standard Outgoing My Login This field is applicable for PPPoE encapsulation only Enter the login name assigned by your ISP when the Prestige ...

Page 213: ...Prestige does not log in periodically Type the number of minutes from 1 to 59 30 recommended for the Prestige to wait between logins Route This field refers to the protocol that will be routed by your Prestige IP is the only option for the Prestige IP Edit IP This field leads to a hidden menu Press SPACE BAR to select Yes and press ENTER to go to Menu 11 3 Remote Node Network Layer Options No defa...

Page 214: ...erent from that in the user profile even when the negotiated protocol is stronger than specified If you encounter a case where the peer disconnects right after a successful authentication please make sure that you specify the correct authentication protocol when connecting to such an implementation Nailed Up Connection A nailed up connection is a dial up line where the connection is always up rega...

Page 215: ...y this remote node CHAP accept CHAP only PAP accept PAP only CHAP PAP Telco Option Allocated Budget The field sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no budget control 0 default Period hr This field is the time period that the budget should be reset For example if we are allowed to call this remote node for a maximum of 10 minutes every ho...

Page 216: ...he IP address of the WAN Ethernet port 10 0 0 140 My IP Mask Enter the subnet mask of the WAN Ethernet port 255 255 255 0 Server IP Addr Enter the IP address of the ANT modem 10 0 0 138 Connection ID Name Enter the connection ID or connection name in the ANT It must follow the c id and n name format This field is optional and depends on the requirements of your DSL modem N My ISP Menu 11 1 Remote ...

Page 217: ...assign you an explicit IP address press SPACE BAR and then ENTER to select Dynamic otherwise select Static and enter the IP address subnet mask in the following fields Dynamic default Rem IP Address If you have a static IP Assignment enter the IP address assigned to you by your ISP Rem IP Subnet Mask If you have a static IP Assignment enter the subnet mask assigned to you Gateway IP Addr This fiel...

Page 218: ...ose Full Feature if you have multiple public IP addresses Full Feature mapping types include One to One Many to One SUA PAT Many to Many Overload Many One to One and Server When you select Full Feature you must configure at least one address mapping set See the NAT chapter for a full discussion on this feature SUA Only default Metric Enter a number from 1 to 15 to set this route s priority among t...

Page 219: ... Filter Move the cursor to the field Edit Filter Sets in menu 11 1 and then press SPACE BAR to set the value to Yes Press ENTER to open Menu 11 5 Remote Node Filter Use menu 11 5 to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige to prevent certain packets from triggering calls You can specify up to 4 filter sets separated by commas ...

Page 220: ...19 5 Menu 11 6 Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR and select Yes to enable or No to disable traffic redirect setup The default is No Yes Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 ...

Page 221: ...you are using PPTP or PPPoE Encapsulation enter 0 0 0 0 to configure the Prestige to check the PVC Permanent Virtual Circuit or PPTP tunnel 0 0 0 0 Fail Tolerance Enter the number of times your Prestige may attempt and fail to connect to the Internet before traffic is forwarded to the backup gateway Two to five is usually a good number 2 Period sec Enter the time interval in seconds between WAN co...

Page 222: ......

Page 223: ...ute Setup Step 1 To configure an IP static route use Menu 12 Static Routing Setup shown next Figure 20 1 Menu 12 IP Static Route Setup Step 3 Now type the route number of a static route you want to configure Menu 12 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7 ________ 8 ________ Enter selection number ...

Page 224: ...identical to the host ID IP Subnet Mask Type the subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over WAN the gateway must be t...

Page 225: ... remote node in its RIP broadcasts If set to Yes this route is kept private and is not included in RIP broadcasts If No the route to this remote node will be propagated to other hosts through RIP broadcasts When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen ...

Page 226: ......

Page 227: ...pping Many to One and Server See section 21 3 1 for a detailed description of the NAT set for SUA The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types 1 Choose SUA Only if you have just one public WAN IP address for your Prestige 2 Choose Full Feature if you have multiple public WAN IP address...

Page 228: ... configure Step 3 Move the cursor to the Edit IP Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation Ethernet Service Type Standard My Login N A My Password N A Retype to Confirm N A Login Server N A Relogin Every min N A IP Address Assignment Dynamic IP Address N A IP Su...

Page 229: ...public WAN IP address for your Prestige SUA Only 21 3 NAT Setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN Set 255 is used for SUA When you select Full Feature in menu 4 or 11 3 the SMT will use Set 1 When you select SUA Only the SMT will use the pre configured Set 255 read only The server set is a list of LAN...

Page 230: ... Sets Enter 1 to bring up Menu 15 1 Address Mapping Sets Figure 21 4 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen see also section 21 1 1 The fields in this menu cannot be changed Menu 15 NAT Setup 1 Address Mapping Sets 2 Port Forwarding Setup 3 Trigger Port Setup Enter Menu Selection Number Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only ...

Page 231: ...local IP address ILA If the rule is for all local IPs then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA Type These are the mapping types Server allows us to specify multiple servers of di...

Page 232: ...in the Set Name field means that this is a required field and you must enter a name for the set Figure 21 6 Menu 15 1 1 First Set If the Set Name field is left blank the entire set will be deleted The Type Local and Global Start End IPs are configured in menu 15 1 1 1 described later and the values are displayed here Ordering Your Rules Ordering your rules is important because the Prestige applies...

Page 233: ...d Insert Before means to insert a rule before the rule selected The rules after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule None disables the Select Rule item Edit Select Rule When you choose Edit Insert Before or Delete in the previous field the cursor jumps to this field to ...

Page 234: ...LA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to One and Server types N A Global IP Start This is the starting inside global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global IP Start Note that Global IP Start can be set to 0 0 0 0 only if the typ...

Page 235: ...s of the server in the IP Address field In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel You assign the private network IP addresses The NAT network appears as a single host on th...

Page 236: ... The following are some examples of NAT configuration 21 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where the ILAs Inside Local Addresses of computers A through D map to one dynamic IGA Inside Global Address assigned by your ISP Figure 21 10 NAT Example 1 ...

Page 237: ... Server The dynamic Inside Global Address is assigned by the ISP Figure 21 12 NAT Example 2 In this case you do exactly as above use the convenient pre configured SUA Only set and also go to menu 15 2 to specify the Inside Server behind the NAT as shown in the next figure Menu 4 Internet Access Setup ISP s Name MyISP Encapsulation Ethernet Service Type Standard My Login N A My Password N A Retype ...

Page 238: ... to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 2 Map the second IGA to our second inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping Rule 4 You also map your third IGA to the web server and mail serve...

Page 239: ...re the Address Mapping Sets Step 4 Enter 1 to begin configuring this new set Enter a Set Name choose the Edit Action and then enter 1 for the Select Rule field Press ENTER to confirm Step 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 21 16...

Page 240: ...ne Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Feature Metric 1 Private N A RIP Direction None Version N A Multicast None Enter here to CONFIRM o...

Page 241: ...tup Step 10 Enter 1 in Menu 15 2 NAT Server Sets to see the following menu Configure it as shown Menu 15 1 1 Address Mapping Rules Set Name NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 132 50 3 M 1 4 10 132 50 3 Server 5 6 7 8 9 10 Action None Select Rule N A Press ENTER to Conf...

Page 242: ... as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 21 18 NAT Example 4 Menu 15 2 1 NAT Server Setup Rule Start Port No End Port No IP Address 1 Default Default 0 0 0 0 2 80 80 192 168 1 21 3 25 25 192 168 1 20 4 0 0 0 0 0 0 5 0 0 0 0 0 0 6 0 0 0 0 0 0 7 0 0 0 0 0 0 8 0 0 0 0 0 0 9 0 0 0 0 0 0 10 0 0 0 0 0 0 11 0...

Page 243: ...le After you ve configured your rule you should be able to check the settings in menu 15 1 1 as shown next Figure 21 20 Example 4 Menu 15 1 1 Address Mapping Rules Menu 15 1 1 1 Address Mapping Rule Type Many One to One Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Press ENTER to Confirm or ESC to Cancel Menu 15 1 1 Address Mapping Rules Set Name Example4...

Page 244: ...ular service The Prestige forwards the traffic with this port or range of ports to the client computer on the LAN that requested the service Start Port Enter a port number or the starting port number in a range of port numbers 6970 End Port Enter a port number or the ending port number in a range of port numbers 7170 Trigger The trigger port is a port or a range of ports that causes or triggers th...

Page 245: ...nu 15 3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE End Port Enter a port number or the ending port number in a range of port numbers 7070 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel ...

Page 246: ......

Page 247: ...e most comprehensive firewall configuration tool your Prestige has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following chapters for instructions SMT screens allow you to activate the firewall and view firewall logs 22 3 Enabling the Firewall From the main menu enter 21 to go to Menu 21 Filter Set and Firewall Configuration to dis...

Page 248: ...s against Denial of Service DoS attacks when it is active Your network is vulnerable to attacks when the firewall is turned off Refer to the User s Guide for details about the firewall default policies You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active No You can use the Web Configurator to configure the firewall Press ENTER to Con...

Page 249: ...ring setup SNMP system security system information and diagnosis firmware and configuration file maintenance system maintenance remote management and call scheduling See the web configurator parts of this guide for background information on features configurable by web configurator and SMT ...

Page 250: ...tocol filters which are discussed later Data filtering screens the data to determine if the packet should be allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call filtering is used to determine if a packet should be allowed to trigger a call Re...

Page 251: ...ur filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnet sessions A summary of their filter rules is shown in the figures that follow...

Page 252: ...tch First Filter Rule Active Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure 23 2 Filter Rule Process ...

Page 253: ...enu to open menu 21 Figure 23 4 Menu 21 Filter and Firewall Setup Step 2 Enter 1 to bring up the following menu Figure 23 5 Menu 21 1 Filter Set Configuration Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 _______________ 5 _______________ 11 ...

Page 254: ...Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be taken i e forward the packet drop the packet or check the next rule F...

Page 255: ...or the rule To speed up filtering all rules in a filter set must be of the same class i e protocol filters or generic filters The class of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the Prestige w...

Page 256: ...d 255 A value of 0 matches ANY protocol 0 255 IP Source Route Press SPACE BAR and then ENTER to select Yes to apply the rule to packets with an IP source route option Otherwise the packets must not have a source route option The majority of IP packets do not have source route Yes No Destination IP Address Enter the destination IP Address of the packet you wish to filter This field is ignored if it...

Page 257: ...pply to the Source IP Addr 0 0 0 0 Port Enter the source port of the packets that you wish to filter The range of this field is 0 to 65535 This field is ignored if it is 0 0 65535 Port Comp Press SPACE BAR and then ENTER to select the comparison to apply to the source port in the packet against the value given in Source Port None Less Greater Equal Not Equal TCP Estab This field is applicable only...

Page 258: ...ll be logged None Action Matched Action Not Matched Both Action Matched Press SPACE BAR and then ENTER to select the action for a matching packet Check Next Rule Forward Drop Action Not Matched Press SPACE BAR and then ENTER to select the action for a packet not matching the rule Check Next Rule Forward Drop When you have Menu 21 1 1 1 TCP IP Filter Rule configured press ENTER at the message Press...

Page 259: ...tive Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Dest IP Addr Apply DestAddrMask to Dest Addr Not Matched Not Matched Check Src Dest Port Matched Not Matched Figure 23 7 Executing an IP Filter ...

Page 260: ...umbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFFFFFF To configure a generic rule select Generic Filter Rule in the Filter Type field in menu 21 1 4 1 and press ENTER to open Generic Filter Rule as shown below Figure 23 8 Menu 21 1 4 1 Generic Filter Rule The following table describes the fields ...

Page 261: ...value in Hexadecimal notation to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken else the packet is disposed of according to the action fields If More is Yes then Action Matched and Action Not Matched will be No Yes No Log Select the logging option from the following None No packets will be logged Action Matched Only packets t...

Page 262: ... 1 Enter 21 from the main menu to open Menu 21 Filter and Firewall Setup Step 2 Enter 1 to open Menu 21 1 Filter Set Configuration Step 3 Enter the index of the filter set you wish to configure say 3 and press ENTER Step 4 Enter a descriptive name or comment in the Edit Comments field and press ENTER Step 5 Press ENTER at the message Press ENTER to confirm to open Menu 21 1 3 Filter Rules Summary ...

Page 263: ...k 0 0 0 0 Port 0 Port Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Forward Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Press SPACE BAR and then ENTER to choose this filter rule type The first filter rule type determines all subsequent filter types within a set Select Yes to make the rule active 6 is the TCP protocol The port number for the te...

Page 264: ...s of filter rules Generic Filter Device rules and protocol filter TCP IP rules Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on the IP packets Menu 21 1 3 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 23 N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure This shows you that you have configured and activ...

Page 265: ...or device filters are applied to the raw packets that appear on the wire They are applied at the point when the Prestige is receiving and sending the packets i e the interface The interface can be an Ethernet port or any other hardware port The following diagram illustrates this Figure 23 12 Protocol and Device Filter Sets 23 5 Firewall Versus Filters Firewall configuration is discussed in the fir...

Page 266: ...ter outgoing traffic from the Prestige For PPPoE or PPTP encapsulation you have the additional option of specifying remote node call filter sets Figure 23 13 Filtering LAN Traffic 23 6 2 Applying Remote Node Filters Go to menu 11 5 shown below note that call filter sets are only present for PPPoE encapsulation and enter the number s of the filter set s as appropriate You can cascade up to four fil...

Page 267: ... Filter Configuration Figure 23 14 Filtering Remote Node Traffic Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL ...

Page 268: ...MP is a member of the TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 24 1 SNMP Management Model An SNMP mana...

Page 269: ...nse protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it...

Page 270: ...estige will only respond to SNMP messages from this address A blank default field means your Prestige will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type the trap community which is the password sent with each trap to the SNMP manager public Destination Type the IP address of the station to send your SNMP traps to 0 0 0 0 When you have completed this menu...

Page 271: ... in RFC 1215 A trap is sent with the port number 5 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP gets or sets requirements with wrong community password 6 whyReboot defined in ZYXEL MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message ...

Page 272: ... is a tool that can be used to monitor your Prestige Specifically it gives you information on your ADSL telephone line status number of packets sent and received To get to System Status type 24 to go to Menu 24 System Maintenance From this menu type 1 System Status There are two commands in Menu 24 1 System Maintenance Status Entering 1 resets the counters ESC takes you back to the previous screen...

Page 273: ...ansmitted packets on this port RxPkts The number of received packets on this port Cols The number of collisions on this port Tx B s Shows the transmission speed in Bytes per second on this port Rx B s Shows the reception speed in Bytes per second on this port Up Time Total amount of time the line has been up Ethernet Address The Ethernet address of the port listed on the left IP Address The IP add...

Page 274: ...sed ZyNOS F W Version The ZyNOS Firmware version and the date created You may enter 1 to drop the WAN connection 9 to reset the counters or ESC to return to menu 24 25 2 System Information To get to the System Information Step 1 Enter 24 to display Menu 24 System Information and Console Port Speed Step 2 Enter 2 to display Menu 24 2 System Information Step 3 From this menu you have two choices as ...

Page 275: ...rnet MAC Media Access Control of your Prestige IP Address This is the IP address of the Prestige in dotted decimal notation IP Mask This shows the subnet mask of the Prestige DHCP This field shows the DHCP setting None Relay or Server of the Prestige 25 2 2 Console Port Speed You can set up different port speeds for the console port through Menu 24 2 2 System Maintenance Console Port Speed Your Pr...

Page 276: ...figured in Menu 24 3 2 System Maintenance Syslog Logging as shown next Figure 25 6 Menu 24 3 2 System Maintenance Syslog Logging You need to configure the syslog parameters described in the following table to activate syslog then choose what you want to log Table 25 3 Menu 24 3 2 System Maintenance Syslog and Accounting PARAMETER DESCRIPTION Syslog Active Press SPACE BAR and then ENTER to turn sys...

Page 277: ...ew call str C01 Outgoing Call dev xx ch xx dev device No ch channel No L02 Tunnel Connected L2TP C02 OutCall Connected xxxx means connected speed xxxxx means Remote Call Number L02 Call Terminated C02 Call Terminated Jul 19 11 19 27 192 168 102 2 ZyXEL board 0 line 0 channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZyXEL board 0 line 0 channel 0 call 1 C02 OutCall ...

Page 278: ...10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 R01mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 S05 R01mF Mar 03 12 00 52 202 132 155 97 ZyXEL GEN ffffffffffff0080 S05 R01mF Mar 03 12 00 57 202 132 155 97 ZyXEL GEN 00a0c5f502010080 S05 R01mF Mar 03 12 01 06 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 S04 R01...

Page 279: ...ng N block B forward F 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 172 21 1 80 137 172 21 1 80 137 UDP default permit 2 0 B 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 192 168 77 88 520 192 168 77 88 520 UDP default permit 2 0 B 08 01 2000 11 48 39 Local1 Notice 192 168 10 10 RAS FW 172 21 1 50 172 21 1 50 IGMP 2 default permit 2 0 B 08 01 2000 11 48 39 Local1 Notice 192 168 ...

Page 280: ... IP Frame ENET0 RECV Size 44 44 Time 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum 0xFB20 64288 Source IP 0xC0A80101 192 168 1 1 Destination IP 0x00000000 0 0 0 0 TCP Header Source Port 0x0401 1025 Destination Port 0x000D 13...

Page 281: ... menu 4 or menu 11 is Ethernet or None when you have a static IP The WAN Release and Renewal fields in menu 24 4 conveniently allow you to release and or renew the assigned WAN IP address subnet mask and default gateway in a fashion similar to winipcfg Figure 25 9 LAN WAN DHCP The following table describes the diagnostic tests available in menu 24 4 for your Prestige and associated connections Men...

Page 282: ...to renew your WAN DHCP settings Internet Setup Test Enter 4 to test the Internet setup You can also test the Internet setup in Menu 4 Internet Access Please refer to the Internet Access chapter for more details This feature is only available for dial up connections using PPPoE or PPTP encapsulation Reboot System Enter 11 to reboot the Prestige Host IP Address If you entered 1 in Ping Host then ent...

Page 283: ......

Page 284: ...to the label on the bottom of your Prestige ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Prestige ftp get rom 0 config cfg This is a sample FTP session saving the current configuration to the computer file config cfg If your T FTP client does not allow you to have a destination filename different than the source you will need t...

Page 285: ...e trace log rom Firmware Ras This is the generic name for the ZyNOS firmware on the Prestige bin 26 2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuration to your computer Backup is highly recommended once your Prestige is functioning properly FTP is the preferred methods for backing up your current configuration to your computer sin...

Page 286: ...n file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 26 2 3 Example of FTP Commands from the Command Line Menu 24 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP client on your wor...

Page 287: ...res a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Configuration and firmware files should be transferred in binary mode Initial Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path 26 2 5 TFTP and FTP Management Limitations TFTP FTP and Telnet over WAN wi...

Page 288: ...dio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between th...

Page 289: ...for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 26 2 5 to read about configurations that disallow TFTP and FTP over WAN 26 3 Restore Configuration This section shows you how to restore a previously saved configuration Note that this function erases the current configuration before restoring a p...

Page 290: ...this chapter for more information on filename conventions Step 8 Enter quit to exit the ftp prompt The Prestige will automatically restart after a successful restore process Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of yo...

Page 291: ...y following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File WARNING DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE 26 4 1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you telnet into the Prestige you will see th...

Page 292: ... the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Menu 24 7 1 System Maintenance Upload System Firmware To upload the system firmware...

Page 293: ...configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt The Prestige automatically restarts after a successful file upload 26 4 4 FTP Session Example of Firmware File Upload Figure 26 7 FTP Session Example of Firmware File Upload More commands found in GUI based F...

Page 294: ...he transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the Prestige and the computer The file name for the firmware is ras Note that the telnet connection must be active and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of yo...

Page 295: ......

Page 296: ... A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Figure 27 1 Command Mode in Menu 24 27 1 1 Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are ...

Page 297: ...ly applicable when Encapsulation is set to PPPoE in menu 4 or menu 11 1 The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times When the total outgoing call time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Men...

Page 298: ...te the screen The budget and the reset period can be configured in menu 11 1 for the remote node Table 27 1 Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connection Time Total Budget This is the total connection time that has gone by within the allocated budget that you set in menu 11 1 5 10 means that 5 ...

Page 299: ... is the transfer rate of the call call This is the number of calls made to or received from that telephone number Max This is the length of time of the longest telephone call Min This is the length of time of the shortest telephone call Total This is the total length of time of all the telephone calls to from that telephone number You may enter an entry number to delete it or 0 to exit 27 3 Time a...

Page 300: ...stem Maintenance Time and Date Setting The following table describes the fields in this screen Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Restore Configuration 7 Upload Firmware 8 Command Interpreter Mode 9 Call Control 10 Time and Date Setting 11 Remote Management Setup Enter Menu Selection Number Me...

Page 301: ... when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays an updated date only when you reenter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean Time GMT Daylight Saving Daylight Saving Time is a period from ...

Page 302: ...Prestige 324 User s Guide System Maintenance 27 7 ii When the Prestige starts up if there is a timeserver configured in menu 24 10 iii 24 hour intervals after starting ...

Page 303: ......

Page 304: ...u still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to bring up Menu 24 11 Remote Management Control Figure 28 1 Menu 24 11 Remote Management Control Menu 24 11 Remote Management Control TELNET Server Port 23 Access ALL Secure Client IP 0 0 0 0 FTP Server Port 21 Access ALL...

Page 305: ...access the Prestige Enter an IP address to restrict access to a client with a matching IP address 0 0 0 0 Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to save your configuration or press ESC to cancel 28 1 1 Remote Management Limitations Remote management over LAN or WAN will not work when 1 A filter in menu 3 1 LAN or in menu 11 5 WAN is app...

Page 306: ...hown next Figure 29 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4 as the Prestige by default applies the lowest numbered set first Set 2 will take precedence over set 3 and 4 and so on You can design up t...

Page 307: ... and press ENTER to activate the schedule set Yes Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 2036 February 5 2000 01 01 How Often Should this schedule set recur weekly or be used just once only Press the SPACE BAR and then ENTER to select Once or Weekly Both these options are mutually exclusive If Once is selec...

Page 308: ...connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means that this schedule prevents a demand call on th...

Page 309: ...enu 11 1 Remote Node Profile Rem Node Name MyISP Route IP Active Yes Encapsulation PPPoE Edit IP No Service Type Standard Telco Option Service Name Allocated Budget min 0 Outgoing Period hr 0 My Login Schedules 1 2 3 4 My Password Nailed Up Connection No Retype to Confirm Authen CHAP PAP Session Options Edit Filter Sets No Idle Timeout sec 100 Edit Traffic Redirect No Press ENTER to Confirm or ESC...

Page 310: ...IX Part IX Appendices and Index This section provides some Appendices and an Index ...

Page 311: ......

Page 312: ...r similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN ISDN the switching fabric is already in place 3 It allows the ISP to use the exi...

Page 313: ...mes to the Access Concentrator AC Between the AC and an ISP the AC is acting as a L2TP Layer 2 Tunneling Protocol LAC L2TP Access Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as opposed to all the way to the ISP However the...

Page 314: ...PPoE Client When using the Prestige as a PPPoE client the PCs on the LAN see only Ethernet and are not aware of PPPoE This alleviates the administrator from having to manage the PPPoE clients on the individual PCs Diagram A 2 The Prestige as a PPPoE Client ...

Page 315: ......

Page 316: ... used only over the short haul between the PC and the modem over Ethernet For the rest of the connection the PPP frames are transported with PPP over AAL5 RFC 2364 The PPP connection however is still between the PC and the ISP The various connections in this setup are depicted in the following diagram The drawback of this solution is that it requires one separate ATM VC per destination Diagram B 1...

Page 317: ...2F Cisco s Layer 2 Forwarding Conceptually there are three parties in PPTP namely the PNS PPTP Network Server the PAC PPTP Access Concentrator and the PPTP user The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel The PAC is the box that dials answers the phone calls and relays the PPP frames to the PNS The PPTP user is not necessarily a PPP client ca...

Page 318: ...nection supports multiple call sessions The following diagram depicts the message exchange of a successful call setup between a PC and an ANT Diagram B 3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE General Routing Encapsulation RFC 1701 1702 The individual calls within a tunnel are distinguished using the Call ID f...

Page 319: ......

Page 320: ...ls You can configure NetBIOS filters to Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or deny NetBIOS packets to be sent through VPN connections Block or forward NetBIOS packets from initiating calls Display NetBIOS Filter Settings Syntax sys filter netbios disp This command displays the current NetBIOS filter settings Diagram C 1 NetBIO...

Page 321: ...tax sys filter netbios config type on off where type Identify which NetBIOS filter numbered 0 3 to configure 0 LAN to WAN and WAN to LAN 3 IPSec Packets 4 Trigger dial on off For type 0 use on to enable the filter and block NetBIOS packets Use off to disable the filter and forward NetBIOS packets For type 3 use on to block NetBIOS packets from being sent through a VPN connection Use off to allow N...

Page 322: ...Prestige 324 User s Guide NetBIOS Filter Commands C 3 Command sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls ...

Page 323: ......

Page 324: ...ion is successful The router has adjusted its time based on information from the time server Time calibration failed The router failed to get information from the time server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Succe...

Page 325: ...match the local s peer ID type Phase 1 ID content mismatch The ID content of an incoming packet does not match the local s peer ID content No known phase 1 ID type found The ID type of an incoming packet does not match any known ID type Chart 3 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall Chart 4 Content Filtering Logs CATEGORY LOG MESSAGE...

Page 326: ...chable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network 5 Redi...

Page 327: ...11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message ...

Page 328: ...res the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your com...

Page 329: ...works If you need the adapter a In the Network window click Add b Select Adapter and then click Add c Select the manufacturer and model of your network adapter and then click OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need C...

Page 330: ...changes you made take effect In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 1 Click the IP Address tab To have your computer assigned a dynamic IP address select Obtain an IP address automatically To give your computer a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields ...

Page 331: ...u know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in 3 Click the Gateway tab If you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 4 Click OK to save and close the TCP IP Properties window ...

Page 332: ...to open the IP Configuration window 3 Select your network adapter You should see your computer s static IP address subnet mask and default gateway in this screen Verify that your computer s static IP address is in the correct subnet 192 168 1 2 to 192 168 1 254 if using the default Prestige LAN IP address Alternatively to have the Prestige assign your computer a new IP address from the IP pool mak...

Page 333: ...indows 2000 NT XP 1 In Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 In Windows XP click Network Connections In Windows 2000 NT click Network and Dial up Connections 3 Right click Local Area Connection and then click Properties ...

Page 334: ...Prestige 324 User s Guide Brute Force Password Guessing Protection E 7 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties ...

Page 335: ... the General tab in Windows XP To have your computer assigned a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced to go to the Advanced TCP IP Settings screen shown next ...

Page 336: ...address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Autom...

Page 337: ...e the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10 Turn on your Prestige and restart your computer if prompted Checking Modifying Your Computer s IP Address 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER to verify that your computer s static IP address ...

Page 338: ... s Guide Brute Force Password Guessing Protection E 11 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from the Connect via list ...

Page 339: ...ddress box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your Prestige and restart your computer if prompted Verifying Your Computer s IP Address Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click...

Page 340: ...DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Click Apply Now and close the window 6 Turn on your Prestige and restart your computer if prompted Verifying Your Computer s IP...

Page 341: ......

Page 342: ...DESCRIPTION sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing The brute force password guessing protection is turned off by default sys pwderrtm N This command sets the password protection to block all access attempts for N a number from 1 to 60 minutes after the third t...

Page 343: ......

Page 344: ...kets between two Ethernet devices Some companies have more than one alternate route to one or more ISPs If the LAN and ISP s are in the same subnet the triangle route problem may occur The steps below describe the triangle route problem Step 1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN Step 2 The Prestige reroutes the SYN packet throug...

Page 345: ...ogical LAN interfaces with the Prestige being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the Prestige to your LAN The following steps describe such a scenario Step 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN Step 2 The Prestige reroutes the pa...

Page 346: ...ll of your network gateways on the WAN side as the following figure shows This ensures that all incoming network traffic passes through your Prestige to your LAN Therefore your LAN is protected Diagram G 4 Gateways on the WAN Side How To Configure Triangle Route Step 1 From the SMT main menu enter 24 Step 2 Enter 8 in menu 24 to enter CI command mode ...

Page 347: ...4 Triangle Route Step 3 Use the following commands to allow disallow triangle route sys firewall ignore triangle all off This command allows triangle route sys firewall ignore triangle all on This command disallows triangle route ...

Page 348: ...rd 25 5 CHAP 16 6 19 5 Command Interpreter Mode 27 1 Community 24 2 Computer Name 15 1 Computer s IP Address E 1 Conditions that prevent TFTP and FTP from working over WAN 26 4 Configuration 5 1 13 4 Connection ID Name 19 6 Content Filtering 1 2 Copyright ii Cost Of Transmission 20 2 Customer Support vi D DDNS Type 15 4 Default 13 10 Denial of Service 22 1 DHCP 3 1 3 9 4 3 5 1 5 3 13 4 17 2 25 4 D...

Page 349: ...2 FTP Server 1 4 21 13 Full Network Management 1 4 G Gateway 20 2 Gateway IP Addr 19 7 Gateway IP Address 18 2 General Setup 3 1 4 1 15 1 Global 7 1 H Hidden Menus 14 4 Hop Count 20 2 Host 4 5 15 4 How PPPoE Works A 2 HTTP 7 7 I i e See Syntax Conventions Idle Timeout 16 7 16 8 19 4 19 5 IGMP 5 2 Incoming Protocol Filters 17 5 Industry Canada iv Inside 7 1 Inside Global Address 7 1 Inside Local Ad...

Page 350: ... 10 19 8 23 16 Applying NAT in the SMT Menus 21 1 Configuring 21 3 Definitions 7 1 Examples 21 10 How NAT Works 7 2 Mapping Types 7 4 Non NAT Friendly Application Programs21 16 Ordering Rules 21 6 Server Sets 7 6 What NAT does 7 2 NAT Traversal 9 1 9 2 9 3 Navigation Panel 2 3 Network Address Translation 18 3 Network Address Translation NAT 1 3 21 1 Network Management 7 7 NNTP 7 7 Notice iii O Off...

Page 351: ...P 5 2 16 10 17 4 17 5 19 8 Direction 17 5 Version 17 5 19 8 RoadRunner Support 1 4 Route 19 3 RTC See Real Time Chip S Schedule Sets Duration 29 2 Schedules 19 5 Select See Syntax Conventions Server 4 6 7 5 18 2 19 3 21 3 21 4 21 5 21 8 21 9 21 11 21 12 27 6 Server IP 19 3 Service v Service Name 19 5 Service Type 18 2 19 2 Services 7 6 7 7 10 8 setup a schedule 29 2 SMT Menu Overview 14 2 SMTP 7 7...

Page 352: ...6 4 28 2 Time and Date 1 2 Time and Date Setting 27 5 27 6 Time Zone 4 5 27 6 Timeout 16 7 16 8 18 4 18 5 19 5 Trace Records 25 5 Tracing 1 4 Trademarks ii Traffic Redirect 1 3 6 15 Setup 19 10 Triangle G 1 Triangle Route Solutions G 2 Trigger Port Forwarding 21 18 Process 7 13 U Universal Plug and Play UPnP 9 1 9 3 UNIX Syslog 25 5 UNIX syslog parameters 25 5 Upload Firmware 26 8 UPnP Examples 9 ...

Reviews:

No comments

Related manuals for P-324

ABB COM600 series Product Manual preview
COM600 series
Brand: ABB Pages: 20
ABB COM600 series Configuration Manual preview
COM600 series
Brand: ABB Pages: 66
ABB ARM600 Product Manual preview
ARM600
Brand: ABB Pages: 16
ABB AWIN GW120 Quick Setup Manual preview
AWIN GW120
Brand: ABB Pages: 2
ABB COM600 series Owner'S/Operator'S Manual preview
COM600 series
Brand: ABB Pages: 44
BAB TECHNOLOGIE 12000 Documentation preview
12000
Brand: BAB TECHNOLOGIE Pages: 39
Patton 1000 Getting Started Manual preview
1000
Brand: Patton Pages: 181
Ubisys G1 Assembly And Commissioning Instructions preview
G1
Brand: Ubisys Pages: 51
Karel GT20 Technical Reference And User'S Manual preview
GT20
Brand: Karel Pages: 17
Patton electronics 1400 Series Specification Sheet preview
1400 Series
Brand: Patton electronics Pages: 2
Yeastar Technology TA Series How To Connect preview
TA Series
Brand: Yeastar Technology Pages: 14
Yeastar Technology TA Series Installation Manual preview
TA Series
Brand: Yeastar Technology Pages: 17
ICP DAS USA GT-541 User Manual preview
GT-541
Brand: ICP DAS USA Pages: 33
Safeline GL1 Quick Manual preview
GL1
Brand: Safeline Pages: 76
D-Link DG-102S Quick Install Manual preview
DG-102S
Brand: D-Link Pages: 12
D-Link DG-102S Quick Start Manual preview
DG-102S
Brand: D-Link Pages: 8
D-Link DVG?6001G Quick Manual preview
DVG?6001G
Brand: D-Link Pages: 2
D-Link DG-104S User Manual preview
DG-104S
Brand: D-Link Pages: 59

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands