Prestige 2302RL Support Notes
All contents copyright (c) 2007 ZyXEL Communications Corporation.
129
with another value chosen out of a local pool. It then recomputed the appropriate header checksums and
forwards the packet to the Internet as if it originated from the Prestige using the WAN IP address assigned by
the ISP. When reply packets from the Internet are received by the Prestige, the original IP source address and
TCP/UDP source port numbers are written back into the destination fields of the packet (since it is now moving
in the opposite direction), the checksums are recomputed, and the packet is delivered to its intended destination.
This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.
What is the difference between NAT and SUA?
NAT is a generic name defined in RFC 1631 'The IP Network Address Translator (NAT)'. SUA (Internet
Single User Account) is ZyXEL's proprietary implementation and trade name for the PAT feature which is a
specific type of NAT. SUA (or PAT for NAT) translates address into port mapping.
The primary motivation for RFC 1631 is that there is not enough IP address to go around. In addition, many
corporations simply did not bother to obtain legal (globally unique) IP addresses for their networks and now
finding themselves unable to connect to the Internet.
Basically, NAT is the process of translating one address to another. A NAT implementation can be as simple as
substituting an IP address with another. This allows a network to solve the illegal address problem mentioned
above without going through each and every host.
The goal of ZyXEL's SUA is to minimize the Internet access cost in a small office environment by using a
single IP address to represent multiple hosts on the LAN. It does more than IP address translation, so that
multiple hosts on the LAN can access the Internet at the same time.
How many network users does SUA/NAT support?
The Prestige does not limit the number of the users but the number of the sessions for Internet access. The
Prestige supports 1024 sessions. You can view the current active sessions using the 'ip nat iface enif0 disp'
command in SMT menu 24.8.
What are Device and Protocol filters?
In ZyNOS, there are two filter groups: device filter and protocol filter. Generic filters belong to the device filter
group while TCP/IP and IPX filters belong to the protocol filter group.
Why can't I configure device or protocol filters?
In ZyNOS, you cannot configure device filters and protocol filters in the same filter set.