manualshive.com logo in svg

ZyXEL Communications Prestige 791R, User Manual

The ZyXEL Communications Prestige 791R is a reliable networking device that ensures high-speed internet connectivity. For detailed instructions on setting up and troubleshooting, download the free User Manual from manualshive.com. Stay connected effortlessly with the help of this comprehensive manual.

Share
Download
background image

Prestige 791R G.SHDSL Router 

12.4  Filter Types and NAT  

There are two classes of filter rules, 

Generic Filter

 Device rules and Protocol Filter (

TCP/IP

) rules. 

Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter

 

rules act on IP packets. 

When NAT  (Network Address Translation) is enabled, the inside IP address and port number are replaced 
on a connection-by-connection basis, which makes it impossible to know the exact address and port on the 
wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before 
NAT for outgoing packets and after NAT for incoming packets. On the other hand, the generic (or device) 
filters are applied to the raw packets that appear on the wire. They are applied at the point where the 
Prestige is receiving and sending the packets; for instance, the interface. The interface can be an Ethernet, 
or any other hardware port. The following figure illustrates this. 

 

Figure 12-14 Protocol and Device Filter Sets 

12.5 Example Filter 

Let’s look at an example to block outside users from Telnetting into the Prestige.  

12-16  

 

Filter Configuration 

Summary of Contents for Prestige 791R

Page 1: ...Prestige 791R G SHDSL Router User s Guide Version 3 40 June 2004...

Page 2: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it c...

Page 3: ...uency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio televis...

Page 4: ...ompliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by...

Page 5: ...the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event b...

Page 6: ...WORLDWIDE sales zyxel com tw 886 3 578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan support zyxel com 1 714 632 0882 800 2...

Page 7: ...ments 2 1 2 2 Front Panel 2 1 2 3 Rear Panel 2 3 2 3 1 DSL Port 2 3 2 3 2 LAN 10 100M 2 3 2 3 3 CON AUX Port 2 3 2 3 4 Reset Button 2 4 2 3 5 Power Port 2 4 2 4 Turning On Your Prestige 2 4 Chapter 3...

Page 8: ...2 Remote Node Profile Backup ISP 5 4 5 2 1 Editing PPP Options 5 7 5 2 2 Editing TCP IP Options 5 8 5 2 3 Remote Node Script Overview 5 9 5 2 4 Editing Remote Node Script 5 10 5 2 5 Editing Filter Set...

Page 9: ...Scenarios 8 2 8 2 2 Outgoing Authentication Protocol 8 5 8 3 Remote Node Network Layer Options 8 5 8 3 1 My WAN Addr Sample IP Addresses 8 8 8 4 Remote Node Filter 8 8 8 4 1 Web Configurator Internet...

Page 10: ...Overview 12 1 12 2 Filter Set Configuration 12 4 12 2 1 Filter Rules Summary Menus 12 8 12 3 Filter Rule Configuration 12 9 12 3 1 TCP IP Filter Rule 12 10 12 3 2 Generic Filter Rule 12 14 12 4 Filter...

Page 11: ...1 15 4 3 FTP File Upload Command from the DOS Prompt Example 15 12 15 4 4 FTP Session Example of Firmware File Upload 15 12 15 4 5 TFTP File Upload 15 12 15 4 6 TFTP Upload Command Example 15 13 15 4...

Page 12: ...20 Universal Plug and Play UPnP 20 1 20 1 Universal Plug and Play Overview 20 1 20 1 1 How do I know if I m using UPnP 20 1 20 1 2 NAT Transversal 20 1 20 1 3 Cautions with UPnP 20 1 20 1 4 UPnP and Z...

Page 13: ...tions 5 8 Figure 5 7 Remote Node Script 5 11 Figure 5 8 Menu 11 5 Remote Node Filter Ethernet 5 12 Figure 6 1 Physical Network 6 5 Figure 6 2 Partitioned Logical Networks 6 5 Figure 6 3 TCP IP Etherne...

Page 14: ...e 11 8 Address Mapping Rules 11 11 Figure 11 9 Editing Configuring an Individual Rule in a Set 11 13 Figure 11 10 NAT Server Sets 11 15 Figure 11 11 NAT Server Setup 11 16 Figure 11 12 Multiple Server...

Page 15: ...Console Port Speed 14 5 Figure 14 6 System Maintenance Log and Trace 14 5 Figure 14 7 Sample Error and Information Messages 14 6 Figure 14 8 System Maintenance Syslog and Accounting 14 6 Figure 14 9 S...

Page 16: ...p 17 2 Figure 17 2 Sample IP Routing Policy Setup 17 3 Figure 17 3 IP Routing Policy 17 4 Figure 17 4 TCP IP and DHCP Ethernet Setup 17 6 Figure 17 5 Remote Node Network Layer Options 17 6 Figure 17 6...

Page 17: ...mote Node Network Layer Options 8 6 Table 9 1 Edit IP Static Route 9 3 Table 10 1 Remote Node Bridging Options 10 2 Table 10 2 Edit Bridge Static Route 10 3 Table 11 1 NAT Definitions 11 1 Table 11 2...

Page 18: ...le 17 1 IP Routing Policy Setup Abbreviations 17 3 Table 17 2 IP Routing Policy 17 4 Table 18 1 Schedule Set Setup 18 2 Table 19 1 Remote Management Control 19 2 Table 20 1 Configuring UPnP 20 3 Table...

Page 19: ...sy to install and configure All functions are configurable via the SMT System Management Terminal and web configurator Advanced users may configure the Prestige using CLI Command Line Interface comman...

Page 20: ...in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar For brevity s sake we will use e g as a shorthand for for instance and i e fo...

Page 21: ...e downstream capacity is higher than the upstream capacity Asymmetrical services ADSL are suitable for Internet users because more information is usually downloaded than uploaded For example a simple...

Page 22: ......

Page 23: ...Getting Started I P Pa ar rt t I I GETTING STARTED This part covers Getting to Know Your Prestige Hardware Installation Initial Setup WAN Dial Backup LAN and Internet Access...

Page 24: ......

Page 25: ...distance limitations without changing your ISP or purchasing new equipment G SHDSL s high symmetrical speeds are ideal for applications like web hosting and videoconferencing as well as the two way da...

Page 26: ...coming transmissions and adjust appropriately providing a faster data transfer on the Ethernet network as required It enables fast data transfer of either 10 Mbps or 100 Mbps in either half duplex or...

Page 27: ...dynamically join a network obtain an IP address and convey its capabilities to other devices on the network Full Network Management Menu driven SMT System Management Terminal management SNMP manageab...

Page 28: ...can be used 1 2 1 Internet Access Figure 1 1 Internet Access Application Your Prestige can act as either of the following A bridge for multi computer MAC bridging RFC 1483 bridged Ethernet 802 3 1 2...

Page 29: ...Prestige 791R G SHDSL Router Getting to Know Your G SHDSL Router 1 5 Figure 1 2 LAN to LAN Application...

Page 30: ...In addition to your Prestige package your computer should include the following hardware and software An Ethernet 10 100Base T NIC Network Interface Card Communications software configured as follows...

Page 31: ...receiving data 10 100M LAN Orange Off The Prestige does not have 100Mb Ethernet connection On The CON AUX switch is set to CON and the CON AUX port is connected to a management computer Green Off The...

Page 32: ...CON AUX port as a regular console port for local device configuration and management Connect the 9 pin male end of the console cable to the console port of the Prestige and the other end choice of 9...

Page 33: ...oad the default configuration file by holding this button in for more than 3 seconds Refer to section 3 2 for information on the resetting your Prestige 2 3 5 Power Port Connect the power adapter to t...

Page 34: ...al emulation no parity 8 data bits 1 stop bit data flow set to none 9600 bps port speed Press ENTER to display the SMT password screen The default password is 1234 3 1 2 Procedure For SMT Configuratio...

Page 35: ...prompting you to enter the password as shown next For your first login enter the default password 1234 As you type the password the screen displays an asterisk for each character you type Please note...

Page 36: ...s Guide for more information on this the web configurator to restore defaults see the web configurator HTML help 2 Use the Reset button on the rear panel of the Prestige to upload the default configu...

Page 37: ...Menu 25 IP Routing Policy Setup Menu 25 1 IP Routing Policy Setup Menu 25 1 1 IP Routing Policy Menu 24 1 System Maintenance Status Menu 24 3 System Maintenance Log and Trace Menu 24 4 System Maintena...

Page 38: ...Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available c...

Page 39: ...AN to LAN connection including Internet connection 12 Static Routing Setup Use this menu to set up static routes 15 NAT Setup Use this menu to specify inside servers when NAT is enabled 21 Filter Set...

Page 40: ...to open Menu 23 System Password as shown next Step 2 Type your existing system password 1234 is the default in the Old Passoword field and press ENTER Initial Setup 3 7 Menu 23 System Password Old Pa...

Page 41: ...Prestige System Name In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the Prestige Sys...

Page 42: ...and still reach your hostname 3 5 2 Procedure To Configure Menu 1 Step 1 Enter 1 in the Main Menu to open Menu 1 General Setup shown next Figure 3 5 General Setup Step 2 Fill in the required fields R...

Page 43: ...isable IP routing You must enable IP routing for Internet access Yes Bridge Turn on off bridging for protocols not supported for example SNA or not turned on in the previous Route IP field Select Yes...

Page 44: ...e assigned to your Prestige by your Dynamic DNS provider me dyndns org EMAIL Enter your e mail address mail mailserver USER Enter your user name Password Enter the password assigned to you Enable Wild...

Page 45: ......

Page 46: ...Ns and WANs A LAN Local Area Network is a computer network limited to the immediate area usually the same building or floor of a building A WAN Wide Area Network on the other hand is an outside connec...

Page 47: ...eck with your telephone company 4 2 1 Service Type Is your Prestige acting as a Server or Client 1 The Prestige is a server if it is acting as a COE Central Office Equipment It will determine transfer...

Page 48: ...as Dynamic Bandwidth Allocation 4 2 4 Standard Mode If your Prestige is a server then select the mode that applies to your region ANSI American National Standards Institute and ETSI European Telecommu...

Page 49: ...Max Rate 2312 Kbps Press SPACE BAR to select a Transfer Max Rate greater than or equal to the Transfer Min Rate and press ENTER to continue Transfer Min Rate 2312 Kbps Press SPACE BAR to select a Tran...

Page 50: ...d first make sure you have set up the switch and port connection see the Hardware Installation chapter then configure 1 Menu 2 WAN Setup 2 Menu 2 1 Advanced WAN Setup and 3 Menu 11 1 Remote Node Profi...

Page 51: ...device connected to your Dial Backup port for specific AT commands at fs0 0 Edit Advanced Setup To edit the advanced setup for the Dial Backup port move the cursor to this field press the SPACE BAR to...

Page 52: ...nal is dropped after the AT Command String Drop is sent out Yes AT Response String CLID Calling Line Identification Enter the keyword that precedes the CLID Calling Line Identification in the AT respo...

Page 53: ...seconds Retry Count Enter a number of times for the Prestige to retry a busy or no answer phone number before blacklisting the number 0 to disable the blacklist control Retry Interval sec Enter a num...

Page 54: ...name assigned by your ISP for this remote node jim My Password Enter the password assigned by your ISP for this remote node Authen This field sets the authentication protocol used for outgoing calls O...

Page 55: ...ode Network Layer Options See section 5 2 2 for more information No default Edit Script Options Press SPACE BAR to select Yes and press ENTER to edit the AT script for the dial backup remote node Menu...

Page 56: ...Options move the cursor to the Edit PPP Options field in Menu 11 1 Remote Node Profile and use the space bar to select Yes Press Enter to open menu 11 2 as shown next Figure 5 4 Menu 11 2 Remote Node...

Page 57: ...k here if you know it static 0 0 0 0 default My WAN Addr Leave the field set to 0 0 0 0 to have the ISP or other remote router dynamically automatically assign your WAN IP address if you do not know i...

Page 58: ...disable it See the LAN Setup chapter for more information on this feature None default Once you have completed filling in Menu 11 3 Remote Node Network Layer Options press ENTER at the message Press...

Page 59: ...e Send fields of the current set are empty the Prestige will terminate the script processing and start PPP negotiation This implies two things first the sets must be contiguous the sets after an empty...

Page 60: ...stige returns the string in the Send field Set 1 6 Send Enter a string to send out after the Expect string is matched 0 0 0 0 5 2 5 Editing Filter Sets Move the cursor to the field Edit Filter Sets in...

Page 61: ...u 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Figure 5 8 Menu 11 5 Remote Node F...

Page 62: ...will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 ignoring the trailing...

Page 63: ...ch larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the gu...

Page 64: ...o Windows 95 Windows NT and other systems that support the DHCP client The Prestige can also act as a surrogate DHCP server where it relays IP address assignment from the actual DHCP server to the cli...

Page 65: ...sses in the DHCP Setup menu This way the Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly without the Prestige s intervention 6 1 6 IP Multicast T...

Page 66: ...anism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator Policy based routing is applied to incoming packets on a per int...

Page 67: ...ou seldom need to filter Ethernet traffic however the filter sets may be useful for blocking certain packets reducing traffic and preventing security breaches Menu 3 1 LAN Port Filter Setup Input Filt...

Page 68: ...Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction None Version N A Multicast None IP Policies Edit IP Alias No Press ENTER to confirm or ESC to Canc...

Page 69: ...RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traffic between this node and the Prestige Outgoing Protocol Filters Enter the filter set s you wish to apply...

Page 70: ...et Setup FIELD DESCRIPTION EXAMPLE DHCP Setup Menu 3 2 TCP IP and DHCP Ethernet Setup DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of Client IP Pool 32 Primary DNS Server 0...

Page 71: ...Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Remote DHCP Server If Relay is selected in the DHCP field above...

Page 72: ...them on the Prestige LAN interface here You can apply up to four IP Policy sets from twelve by entering their numbers separated by commas 2 4 7 9 Edit IP Alias The Prestige supports three logical LAN...

Page 73: ......

Page 74: ...interface and the WAN interface and then formatted so that they can be understood in a bridged environment for instance it encapsulates routed Ethernet frames into bridged ATM cells ENET ENCAP requir...

Page 75: ...you a different one each time The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices fo...

Page 76: ...y prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large nu...

Page 77: ...be sent at the peak rate and a parameter for burst type traffic SCR may not be greater than the PCR the system default is 0 cells sec Maximum Burst Size MBS is the maximum number of cells that can be...

Page 78: ...apsulation Table 7 1 Internet Account Information FIELD DESCRIPTION YOUR INFO System Name Name of the Prestige optional Service Name PPPoE Encapsulation Enter the PPPoE service name if the ISP supplie...

Page 79: ...etup as shown next Figure 7 2 Internet Access Setup Table 7 2 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP s Name Enter the name of your Internet Service Provider This information is for identi...

Page 80: ...the maximum rate at which the sender can send cells Type the PCR 0 Sustain Cell Rate SCR 0 Sustained Cell Rate is the mean cell rate of a bursty on off traffic source that can be sent at the peak rat...

Page 81: ...er for more details on the SUA Single User Account feature SUA Only Address Mapping Set Type the numbers of mapping sets 1 8 to use with NAT See the NAT chapter for details N A When you have completed...

Page 82: ...Advanced Applications II P Pa ar rt t I II I ADVANCED APPLICATIONS This part shows how to configure Remote Nodes Static Routes Bridging and NAT...

Page 83: ......

Page 84: ...n you use Menu 4 to set up Internet access you are configuring one of the remote nodes You first choose a remote node in Menu 11 Remote Node Setup You can then edit that node s profile in menu 11 1 as...

Page 85: ...plication Scenario 1 One VC Multiple Protocols PPPoA RFC 2364 encapsulation with VC based multiplexing is the best combination because no extra protocol identifying headers are needed The PPP protocol...

Page 86: ...NCAP Multiplexing Press SPACE BAR and then ENTER to select the method of multiplexing that your ISP uses either VC based or LLC based LLC based Service Name When using PPPoE encapsulation type the nam...

Page 87: ...Route This field determines the protocol used in routing Options are IP and None IP Bridge When bridging is enabled your Prestige will forward any packet that it does not route to this remote node ot...

Page 88: ...g to the remote node before the Prestige automatically disconnects the remote node 0 means that the session will not timeout When you have completed this menu press ENTER at the prompt Press ENTER to...

Page 89: ...tic Dynamic Rem IP Addr This is the IP address you entered in the previous menu Rem Subnet Mask Type the subnet mask assigned to the remote node My WAN Addr Some implementations especially UNIX deriva...

Page 90: ...number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number 2 Private This determines if the Prestige will include the route to this remote node in its RIP...

Page 91: ...11 1 then press SPACE BAR to select Yes Press ENTER to display Menu 11 5 Remote Node Filter Use Menu 11 5 Remote Node Filter to specify the filter set s to apply to the incoming and outgoing traffic...

Page 92: ...net Security screen as shown next Select the predefined filter rules and click Apply Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 12 11 device filters Output Filter Sets protocol fi...

Page 93: ...protocol filter set numbers that were previously applied are erased after you apply the Internet Security filter rules in the web configurator To reapply them or apply new filter sets you need to ent...

Page 94: ..._____________ 12 WebSet2 Enter Filter Set Number to Configure 0 Edit Comments N A Press ENTER to Confirm or ESC to Cancel Menu 21 11 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 17 SA 0 0...

Page 95: ...VC based or LLC based multiplexing and PPP either PPPoA or PPPoE encapsulation in menu 11 1 8 5 1 VC based Multiplexing non PPP Encapsulation For VC based multiplexing by prior agreement a protocol i...

Page 96: ...ing or PPP Encapsulation In this case only one set of VPI and VCI numbers need be specified for all protocols The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 1 to 31 is reserved...

Page 97: ......

Page 98: ...connected to a remote node Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige kn...

Page 99: ...IP Static Route Setup as shown next Figure 9 3 IP Static Route Setup Now type the index number of one of the static routes you want to configure Menu 12 Static Route Setup 1 IP Static Route 3 Bridge S...

Page 100: ...the LAN the gateway must be a router on the same segment as your Prestige over WAN the gateway must be the IP address of one of the remote nodes Metric Metric represents the cost of transmission for r...

Page 101: ......

Page 102: ...on bridging unless you need to support protocols other than IP on your network For IP enable the routing if you need it do not bridge what the Prestige can route 10 2 Bridge Ethernet Setup Basically...

Page 103: ...k up When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 10 2 2 Bri...

Page 104: ...ndicates whether the static route is active Yes or not No Ether Address Type the MAC address of the destination computer that you want to bridge the packets to IP Address If available type the IP addr...

Page 105: ...er 10 4 Bridging Setup FIELD DESCRIPTION When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go ba...

Page 106: ...address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note...

Page 107: ...you do not define any servers for Many to One and Many to Many Overload mapping see Table 11 2 NAT offers the additional benefit of firewall protection With no servers defined your Prestige filters o...

Page 108: ...Works 11 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three distinct WAN...

Page 109: ...lobal IP address 2 Many to One In Many to One mode the Prestige maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Si...

Page 110: ...commended that you use the DMZ port for these servers instead Port numbers do not change for One to One and Many to Many No Overload NAT mapping types The following table summarizes these types Table...

Page 111: ...r Prestige 11 2 Applying NAT You apply NAT via menus 4 or 11 3 as displayed next The next figure shows you how to apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Int...

Page 112: ...o the Remote Node Table 11 3 Applying NAT to the Remote Node FIELD DESCRIPTION EXAMPLE Press SPACE BAR and then ENTER to select Full Feature if you have multiple public WAN IP addresses for your Prest...

Page 113: ...e configured Set 255 read only The Server Set is a list of LAN side servers mapped to external ports To use this set one set for the Prestige 10 a server rule must be set up inside the NAT Address Map...

Page 114: ...his menu cannot be changed Figure 11 7 Address Mapping Rules SUA Table 11 4 Address Mapping Rules SUA FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in menu 15 1 or enter...

Page 115: ...g global IP address IGA Type These are the mapping types discussed above see Table 11 2 Server allows us to specify multiple servers of different types behind NAT to this machine See later for some ex...

Page 116: ...configured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary scre...

Page 117: ...None disables the Select Rule item Edit Select Rule When you choose Edit Insert Before or Delete in the previous field the cursor jumps to this field to allow you to select the rule to apply the actio...

Page 118: ...End IP as 255 255 255 255 This field is N A for One to One and Server types N A Global IP Start This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global IP Start...

Page 119: ...r to specify a range of port numbers In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwa...

Page 120: ...ver behind NAT Follow these steps to configure a server behind NAT Step 3 Enter 15 in the main menu to go to Menu 15 NAT Setup Step 4 Enter 2 to display Menu 15 2 NAT Server Sets as shown next Figure...

Page 121: ...following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 8 Press ENTER at the Press ENTER to confirm prompt to save your configuration afte...

Page 122: ...ral NAT Examples This section provides some examples with Network Address Translation 11 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where your I...

Page 123: ...etup ISP s Name ChangeMe Encapsulation RFC 1483 Multiplexing LLC based VPI 1 VCI 1 ATM QoS Type UBR Peak Cell Rate PCR 5500 Sustained Cell Rate SCR 0 Maximum Burst Size MBS 0 My Login N A My Password...

Page 124: ...ead only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case 11 5 2 Example 2 Internet Access with an Inside Server Figure 11 15 NA...

Page 125: ...he first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 2 Map the second IGA to our second inside FTP server for FTP traffic in both di...

Page 126: ...slation field in menu 4 or menu 11 3 See the figure below Figure 11 18 Example 3 Menu 11 3 Menu 11 3 Remote Node Network Layer Options IP Options Bridge Options IP Address Assignment Static Ethernet A...

Page 127: ...g for packets going both ways and set the local Start IP as 192 168 1 10 the IP address of FTP Server 1 and the global Start IP as 10 132 50 1 our first IGA See the figure below Figure 11 19 Example 3...

Page 128: ...p 10 Enter 1 in Menu 15 2 NAT Server Sets and enter 1 again to see the following menu Configure it as shown Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global S...

Page 129: ...mapping as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Figure 11 22 NAT Example 4 Menu 15 2 NAT Server Setup Rule Sta...

Page 130: ...erload mapping types Follow the steps outlined in example 3 to configure these two menus as follows Figure 11 23 Example 4 Menu 15 1 1 1 After you ve configured your rule you should be able to check t...

Page 131: ...1 1 Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1 12 10 132 50 1 10 132 50 3 M M NO OV 2 3 4 5 6 7 8...

Page 132: ...Advanced Management III P Pa ar rt t I II II I ADVANCED MANAGEMENT This part discusses Filter Configuration SNMP System Maintenance and IP Policy Routing Call Scheduling and Remote Management...

Page 133: ......

Page 134: ...rs are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering i...

Page 135: ...nd packet but do not reset Idle Timer Send packet but do not reset Idle Timer Match Match Match No match No match No match Call Filtering Figure 12 1 Outgoing Packet Filtering Process Two sets of fact...

Page 136: ...ilter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Filter Set Forward Drop No Check Next Rule Yes Figure 12 2 Filter Rule Process You can apply up to four filter sets to...

Page 137: ...o a particular port to block multiple types of packets Because each filter set can have up to 6 rules you can have a maximum of 24 rules active for a single port 12 2 Filter Set Configuration To confi...

Page 138: ...s Summary A Type Filter Rules M m n 1 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 2 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 3 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D N 4 Y IP Pr 17 SA 0 0 0 0...

Page 139: ...Filter Rule Number 1 6 to Configure Figure 12 6 Telnet_WAN Filter Rules Summary Menu 21 4 Filter Rules Summary A Type Filter Rules M m n 1 Y Gen Off 12 Len 2 Mask ffff Value 8863 N F N 2 Y Gen Off 12...

Page 140: ...Filter Rule Number 1 6 to Configure Figure 12 8 FTP_WAN Filter Rules Summary Menu 21 11 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 161 N D N 2 Y IP Pr 17 SA 0...

Page 141: ...rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be taken for instance forward the packet drop the packet or check...

Page 142: ...Filter Rules Summary and press ENTER to open menu 21 1 1 for the rule There are two types of filter rules TCP IP and Generic Depending on the type of rule the parameters for each type will be differe...

Page 143: ...he second filter set and the third filter rule of that set 1 1 Filter Type Use SPACE BAR and then ENTER to choose a rule Parameters displayed for each type will be different Choices are TCP IP Filter...

Page 144: ...t Comp Select the comparison to apply to the destination port in the packet against the value given in Destination Port Choices are None Less Greater Equal or Not Equal None Source IP Addr Type the so...

Page 145: ...Both All packets will be logged None Action Matched Select the action for a matching packet Choices are Check Next Rule Forward or Drop Check Next Rule default Action Not Matched Select the action fo...

Page 146: ...Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Dest IP Addr Apply Dest...

Page 147: ...match The Mask and Value fields are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits fo...

Page 148: ...the data portion before comparison Value Type the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken or els...

Page 149: ...he wire Therefore the Prestige applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On the other hand the generic or...

Page 150: ...on Step 2 Enter the index number of the filter set you want to configure in this case 3 Step 3 Type a descriptive name or comment in the Edit Comments field for example TELNET_WAN and press ENTER Step...

Page 151: ...means an action can be taken immediately The action is to drop the packet m D if the action is matched and to forward the packet immediately n F if the action is not matched no matter whether there ar...

Page 152: ...PACE BAR to choose this filter rule type The first filter rule type determines all subsequent filter types within a set Menu 21 3 1 TCP IP Filter Rule Filter 3 1 Filter Type TCP IP Filter Rule Active...

Page 153: ...configured in menu 21 but have not been applied to filter traffic Table 12 5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets Apply filters for incoming traffic You may apply protocol or d...

Page 154: ...1 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas The factory default filter set NetBIOS_WAN is...

Page 155: ......

Page 156: ...tocol used for exchanging management information between network devices SNMP is a member of TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to man...

Page 157: ...manager issues a request and the agent returns responses using the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retr...

Page 158: ...rap Community Type the trap community which is the password sent with each trap to the SNMP manager public Destination Type the IP address of the station to send your SNMP traps to 0 0 0 0 When you ha...

Page 159: ...1215 A trap is sent with the port number 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 link...

Page 160: ...4 Diagnostic 5 Backup Configuration 6 Restore Configuration 7 Upload Firmware 8 Command Interpreter Mode 9 Call Control 10 Time and Date Setting 11 Remote Management Enter Menu Selection Number Figure...

Page 161: ...n bytes per second Rx B s Shows the receiving rate in bytes per second Up Time Time this channel has been connected to the current remote node My WAN IP from ISP The IP address of the ISP remote node...

Page 162: ...ws the upstream transfer rate in kbps Downstream Speed Shows the downstream transfer rate in kbps CPU Load Specifies the percentage of CPU utilization 14 3 System Information To get to the System Info...

Page 163: ...fers to the operational protocol the Prestige and the DSLAM Digital Subscriber Line Access Multiplexer are using LAN Ethernet Address Refers to the Ethernet MAC Media Access Control of your Prestige I...

Page 164: ...set the speed parameter for the communication software you are using to connect to the Prestige 14 4 Log and Trace There are two logging facilities in the Prestige The first is the error logs and trac...

Page 165: ...shown next 59 Thu Jan 01 00 00 03 1970 PP0f INFO LAN promiscuous mode 0 60 Thu Jan 01 00 00 03 1970 PP00 WARN SNMP TRAP 0 cold start 61 Thu Jan 01 00 00 03 1970 PP00 INFO main init completed 62 Thu Ja...

Page 166: ...ing board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel ID within the WAN call the call reference number which starts from 1 and increments b...

Page 167: ...Src 192 168 102 20 Dst 202 132 154 1 UDP spo 05d4 dpo 0035 S03 R01mF 4 PPP Log SdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto Closing ppp Pro...

Page 168: ...c FIELD DESCRIPTION Reset xDSL Re initialize the xDSL link to the telephone company Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working Reboot System Reboot the...

Page 169: ......

Page 170: ...irmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Prestige ftp get rom 0 config cfg This is a sample FTP session saving the current configurati...

Page 171: ...oad files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuration...

Page 172: ...p using TFTP please see your Prestige manual Press ENTER to Exit Figure 15 1 System Maintenance Backup Configuration 15 2 2 Using the FTP Command from the Command Line Step 1 Launch the FTP client on...

Page 173: ...onymous access Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer fil...

Page 174: ...t when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client...

Page 175: ...ile in binary mode Abort Stop transfer of the file Refer to section 15 2 5 to read about configurations that disallow TFTP and FTP over WAN 15 2 9 Backup Via Console Port Back up configuration via con...

Page 176: ...click Browse to look for one Figure 15 6 Successful Backup Confirmation Screen 15 3 Restore Configuration This section shows you how to restore a previously saved configuration Note that this functio...

Page 177: ...system This restores the configuration to your system 4 The system reboots automatically after a successful file transfer For details on FTP commands please consult the documentation of your FTP clien...

Page 178: ...r WAN 15 3 3 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next Procedures using other serial communications programs should be similar...

Page 179: ...to upload firmware and configuration files You can upload configuration files by following the procedure in the previous Restore Configuration section or by following the instructions in Menu 24 7 2...

Page 180: ...You will see the following screen when you telnet into menu 24 7 2 Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below 1...

Page 181: ...r and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt The Prestige automatically restarts after a successful fil...

Page 182: ...e and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to tr...

Page 183: ...ad Using HyperTerminal Click Transfer then Send File to display the following screen Type the firmware file s location or click Browse to look for it Then click Send Choose the Xmodem protocol Menu 24...

Page 184: ...will erase the current configuration file 2 The system s console port speed Menu 24 2 2 may change when it is restarted please adjust your terminal s speed accordingly The password may change menu 23...

Page 185: ...em protocol Type the configuration file s location or click Browse to search for it Figure 15 19 Example Xmodem Upload After the configuration upload process has completed restart the Prestige by ente...

Page 186: ...SMT by selecting menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found b...

Page 187: ...s will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Menu 24 9 System Maintenance Call Control 1 B...

Page 188: ...f a remote node Enter 0 to update the screen The budget and the reset period can be configured in menu 11 1 for the remote node when PPPoE encapsulation is selected Table 16 1 Budget Management FIELD...

Page 189: ...the time and date settings of your Prestige as shown in the following screen Menu 24 10 System Maintenance Time and Date Setting Use Time Server when Bootup None Time Server Address N A Current Time 0...

Page 190: ...of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays an up...

Page 191: ......

Page 192: ...f the network to enable the backbone to prioritize traffic Cost Savings IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for bat...

Page 193: ...______ 11 _______________ 6 _______________ 12 _______________ Enter Policy Set Number to Configure 0 Edit Name N A Press ENTER to Confirm or ESC to Cancel Figure 17 1 IP Routing Policy Setup To setup...

Page 194: ...168 1 1 T MT PR 0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N ________________________...

Page 195: ...Min Delay Max Thruput Min Cost or Max Reliable Precedence Precedence value of the incoming packet Press SPACE BAR and then ENTER to select a value from 0 to 7 or Don t Care Packet Length Type the leng...

Page 196: ...st be the IP address of a remote node The default gateway is specified as 0 0 0 0 Type of Service Set the new TOS value of the outgoing packet Prioritize incoming network traffic by choosing No Change...

Page 197: ...0 NAT Full Feature Address Mapping Set 2 Metric 2 Private No RIP Direction Both Version RIP 2B Multicast IGMP v2 IP Policies 2 4 7 9 Press ENTER to Confirm or ESC to Cancel Menu 3 2 TCP IP and DHCP E...

Page 198: ...k using another policy See the next figure Figure 17 6 Example of IP Policy Routing To force Web packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1 64 to be routed to the Inter...

Page 199: ...on Matched Gateway addr 192 168 1 1 Log No Type of Service No Change Precedence No Change Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 17 7 IP Routing Policy Example Step 3...

Page 200: ...sk 255 255 255 0 RIP Direction Both Version RIP 1 Multicast None IP Policies 1 2 Edit IP Alias No Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Menu 25 1 1 IP Routing Policy Policy...

Page 201: ......

Page 202: ...ule Setup as shown next Menu 26 Schedule Setup Schedule Set 1 2 3 4 5 6 Name ______________ ______________ ______________ ______________ ______________ ______________ Schedule Set 7 8 9 10 11 12 Name...

Page 203: ...be triggered up until the end of the Duration Table 18 1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR to select Yes or No Choose Yes and press ENTER to activate the schedule se...

Page 204: ...ect in hour minute format 09 00 Duration Enter the maximum length of time this connection is allowed in hour minute format 08 00 Action Forced On means that the connection is maintained whether or not...

Page 205: ...min 0 Rem Login Period hr 0 Rem Password Schedules 1 2 3 4 Outgoing Nailed Up Connection No My Login My Password Session Options Authen CHAP PAP Edit Filter Sets No Idle Timeout sec 100 Press ENTER t...

Page 206: ...ernet WAN only the LAN only All LAN and WAN or Disable neither WAN only Internet ALL LAN and WAN LAN only Disable Neither If you enable remote management of a service but have applied a filter to bloc...

Page 207: ...e read only labels denotes a service that you may use to remotely manage the Prestige Server Port This field shows the port number for the remote management service You may change the port number for...

Page 208: ...atch the client IP address If it does not match the Prestige will disconnect the session immediately 4 There is already another remote management session of the same type Telnet FTP or Web running You...

Page 209: ......

Page 210: ...Additional Information IV P Pa ar rt t I IV V ADDITIONAL INFORMATION This part contains UPnP Troubleshooting the Appendices and the Index...

Page 211: ......

Page 212: ...a UPnP device will allow you to access the information and properties of that device 20 1 2 NAT Transversal UPnP NAT Traversal automates the process of allowing an application to operate through NAT U...

Page 213: ...allowed on the LAN See later sections for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows 20 2 Accessing the Prestige Web Configurator to Config...

Page 214: ...UPnP enabled applications to automatically configure the Prestige so that they can communicate through the Prestige for example by using NAT Transversal UPnP applications automatically reserve a NAT...

Page 215: ...up tab and select Communication in the Components selection box Click Details Step 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Step 4 Cl...

Page 216: ...window click Advanced in the main menu and select Optional Networking Components The Windows Optional Networking Components Wizard window displays Step 4 Select Networking Service in the Components se...

Page 217: ...n Windows XP and UPnP activated on the Prestige Make sure the computer is connected to a LAN port of the Prestige Turn on your computer and the Prestige Auto discover Your UPnP enabled Network Device...

Page 218: ...ally created Step 4 You may edit or delete the port mappings or click Add to manually add port mappings When the UPnP enabled device is disconnected from your computer all port mappings will be delete...

Page 219: ...the web based configurator on the Prestige without finding out the IP address of the Prestige first This comes helpful if you do not know the IP address of the Prestige Follow the steps below to acces...

Page 220: ...e displays under Local Network Step 5 Right click on the icon for your Prestige and select Invoke The web configurator login screen displays Step 6 Right click on the icon for your Prestige and select...

Page 221: ......

Page 222: ...nal emulation 9600 bps is the default speed on leaving the factory Try other speeds in case the speed has been changed I cannot access the Prestige via the console port 2 Make sure the communications...

Page 223: ...ssword field in Menu 4 Internet Access Setup I cannot connect to a remote node or ISP Check menu 4 or menu 11 1 to verify the Encapsulation for the remote node 21 4 Problems with Internet Access Table...

Page 224: ...n the User s Guide for details 21 6 Problems with Telnet Table 21 6 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION Refer to the Remote Management Limitations section for scenarios when remote manage...

Page 225: ......

Page 226: ...using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtual...

Page 227: ...to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as opposed to all...

Page 228: ...een circuit end points Diagram 3 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires The cable connects two points and wires within the cable provide individual...

Page 229: ...Adapter Model AA 121A Input Power AC120Volts 60Hz 18W max Output Power AC12Volts 1 0A Power Consumption 8 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 UNITED KINGDOM PLUG STANDARDS AC Power Adap...

Page 230: ...wer AC12Volts 1 0A Power Consumption 8 W Safety Standards ITS GS CE EN 60950 UNITED KINGDOM PLUG STANDARDS AC Power Adapter Model AA 121A3D Input Power AC230Volts 50Hz 140mA Output Power AC12Volts 1 3...

Page 231: ...Prestige 791R G SHDSL Router F Power Adapter Specifications Power Consumption 8 W Safety Standards CCEE GB8898...

Page 232: ...4 Call Filtering 12 1 Call Filters Built In 12 1 User Defined 12 1 Call Scheduling 18 1 Maximum Number of Schedule Sets 18 1 PPPoE 18 3 Precedence 18 1 Precedence Example See precedence CDR 14 7 CDR...

Page 233: ...ulation 11 14 Ethernet Traffic 12 21 Ethernet 802 3 bridged 1 4 Features 1 1 Filename Conventions 15 1 Filter 5 11 12 1 Applying Filters 12 20 Ethernet Setup 6 6 Ethernet traffic 12 21 Ethernet Traffi...

Page 234: ...1 Internet Access 1 1 3 6 4 1 5 1 6 1 7 5 7 6 Internet Access Application 1 4 Internet Access Setup 11 6 Internet Assigned Numbers Authority See IANA IP address 5 6 5 8 IP Address 6 10 9 3 10 3 12 11...

Page 235: ...5 Metric 5 8 8 7 9 3 Multicast 5 9 8 7 Multiple Protocol over ATM 1 2 Multiplexing LLC based 7 3 VC based 7 3 Multiplexing 7 3 7 7 8 2 Multiprotocol Encapsulation 7 2 My Login 5 5 My Password 5 5 My W...

Page 236: ...2 Transmission 14 2 Rear Panel 2 3 Rem IP Address 5 8 Rem Node Name 5 5 5 7 Remote DHCP Server 6 10 Remote Management Limitations 19 3 Remote Management Setup 19 2 Remote Node 8 1 14 2 Remote Node Se...

Page 237: ...c 14 8 Log and Trace 14 5 Syslog and Accounting 14 6 System Information 14 3 System Status 14 1 System Information 14 3 System Maintenance 14 1 14 3 15 2 15 5 15 13 15 14 16 1 16 2 16 4 System Managem...

Page 238: ...ersal Plug and Play Forum 20 2 UNIX Syslog 14 5 14 7 UNIX syslog parameters 14 6 Upload Firmware 15 10 UPnP See Universal Plug and Play VC based Multiplexing 8 2 8 12 VPI VCI 7 3 WAN Setup 4 2 4 4 Web...

Reviews:

No comments

Related manuals for Prestige 791R

Panasonic BB-HGW700A - Network Camera Router Installation/Troubleshooting Manual preview
BB-HGW700A - Network Camera Router
Brand: Panasonic Pages: 10
ICP DAS USA ZT-2510 Series Quick Start Manual preview
ZT-2510 Series
Brand: ICP DAS USA Pages: 8
Salto Node Installation Manual preview
Node
Brand: Salto Pages: 2
Paradyne Adapter Bracket Notice preview
Adapter Bracket
Brand: Paradyne Pages: 1
H3C S10500 Series Mpls Configuration Manual preview
S10500 Series
Brand: H3C Pages: 400
Kasda LinkSmart KW6515 User Manual preview
LinkSmart KW6515
Brand: Kasda Pages: 31
Kohler Mira Pixel User Manual preview
Mira Pixel
Brand: Kohler Pages: 32
StarTech.com ST1000SMPEX Instruction Manual preview
ST1000SMPEX
Brand: StarTech.com Pages: 9
Patton 13243D4-001 User Manual preview
13243D4-001
Brand: Patton Pages: 62
Allied Telesis AR440S Hardware Reference Manual preview
AR440S
Brand: Allied Telesis Pages: 44
AEG BOF18B2 Original Instructions Manual preview
BOF18B2
Brand: AEG Pages: 24
IDT 89HPES12T3G2 Preliminary User'S Manual preview
89HPES12T3G2
Brand: IDT Pages: 146
KYLAND Technology SICOM6000 Series User Manual preview
SICOM6000 Series
Brand: KYLAND Technology Pages: 48
KYLAND Technology SICOM3010G Hardware Installation Manual preview
SICOM3010G
Brand: KYLAND Technology Pages: 32
KYLAND Technology KIEN1008G Hardware Installation Manual preview
KIEN1008G
Brand: KYLAND Technology Pages: 19
KYLAND Aquam8012A Series Hardware Installation Manual preview
Aquam8012A Series
Brand: KYLAND Pages: 28
Utah Sandar UTAH-100 User Manual & Installation Manual preview
UTAH-100
Brand: Utah Sandar Pages: 80
Belkin F5D7010F User Manual preview
F5D7010F
Brand: Belkin Pages: 40

Brands by name

Popular brands

Load more brands