ZyXEL Communications Prestige 314 PLUS, User Manual

Page 1: ...Prestige 314 P314 Broadband Sharing Gateway with 4 Port Switch User s Guide Version 3 20 August 2000 ...

Page 2: ...rwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right t...

Page 3: ...n accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation betw...

Page 4: ...e compliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment F...

Page 5: ...n supply system caused by household appliances and similar electrical equipment Harmonics 1995 EN 61000 3 3 Disturbance in supply system caused by household appliances and similar electrical equipment Voltage fluctuations 1995 EN 61000 4 2 Electrostatic discharge immunity test Basic EMC Publication 1995 EN 61000 4 3 Radiated radio frequency electromagnetic field immunity test 1996 EN 61000 4 4 Ele...

Page 6: ...P314 Broadband Sharing Gateway with 4 Port Switch vi CE Doc ...

Page 7: ...he purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center refer to the separate Warranty Card ...

Page 8: ...4 632 0882 800 255 4101 www zyxel com North America sales zyxel com 1 714 632 0858 ftp zyxel com ZyXEL Communications Inc 1650 Miraloma Avenue Placentia CA 92870 U S A support zyxel dk 45 3955 0700 www zyxel dk Scandinavia sales zyxel dk 45 3955 0707 ftp zyxel dk ZyXEL Communications A S Columbusvej 5 2860 Soeborg Denmark support zyxel at 43 1 4948677 0 0810 1 ZyXEL 0810 1 99935 www zyxel at Austr...

Page 9: ...dware Installation Initial Setup 2 1 2 1 Front Panel LEDs and Back Panel Ports 2 1 2 1 1 Front Panel LEDs 2 1 2 2 Prestige 314 Rear Panel and Connections 2 2 2 3 Additional Installation Requirements 2 3 2 4 Power Up Your Prestige 2 4 2 5 Navigating the SMT Interface 2 4 2 5 1 Main Menu 2 5 2 5 2 System Management Terminal Interface Summary 2 6 2 6 Changing the System Password 2 7 2 6 1 Resetting t...

Page 10: ...ter 4 Remote Node Setup 4 1 4 1 Remote Node Profile 4 1 4 1 1 Ethernet Encapsulation 4 1 4 1 2 PPPoE Encapsulation 4 3 4 2 Editing TCP IP Options 4 4 4 3 Remote Node Filter 4 5 Chapter 5 IP Static Route Setup 5 1 5 1 IP Static Route Setup 5 2 Chapter 6 SUA Server Setup 6 1 6 1 Single User Account SUA 6 1 6 1 1 Single User AccountConfiguration 6 2 6 2 Multiple Servers behind SUA 6 3 6 2 1 Configuri...

Page 11: ... 8 5 8 3 Log and Trace 8 5 8 3 1 Viewing Error Log 8 5 8 3 2 UNIX Syslog 8 6 8 3 3 Call Triggering Packet 8 9 8 4 Diagnostic 8 10 8 4 1 WAN DHCP 8 11 Chapter 9 Transferring Files 9 1 9 1 Filename Conventions 9 1 9 1 1 Firmware Development 9 2 9 2 Backup Configuration 9 2 9 3 Restore Configuration 9 4 9 4 Upload Firmware 9 4 9 4 1 Uploading the Router Firmware 9 5 9 4 2 Uploading Router Configurati...

Page 12: ... Administrator 11 1 11 3 2 System Timeout 11 2 11 3 3 Telnet Blocking 11 2 Troubleshooting Appendices Glossary and Index IV Chapter 12 Troubleshooting 12 1 12 1 Problems Starting Up the Prestige 12 1 12 2 Problems with the LAN Interface 12 2 12 3 Problems with the WAN Interface 12 3 12 4 Problems with Internet Access 12 4 12 5 Problems with Telnet 12 4 Appendix A PPPoE A Appendix B Hardware Specif...

Page 13: ... 3 LAN Setup 10 100 Mbps Ethernet 3 4 Figure 3 2 Menu 3 2 TCP IP and DHCP Ethernet Setup 3 5 Figure 3 3 Menu 4 Internet Access Setup 3 7 Figure 3 4 Menu 4 Using PPPoE 3 9 Figure 4 1 Menu 11 1 Remote Node Profile for Ethernet Encapsulation 4 1 Figure 4 2 Menu 11 1 Remote Node Profile for PPPoE Encapsulation 4 3 Figure 4 3 Remote Node Network Layer Options 4 4 Figure 4 4 Remote Node Filter Ethernet ...

Page 14: ...enu 21 3 7 15 Figure 7 13 Protocol and Device Filter Sets 7 16 Figure 7 14 Filtering LAN Traffic 7 16 Figure 7 15 Filtering Remote Node Traffic 7 17 Figure 8 1 Menu 24 System Maintenance 8 1 Figure 8 2 Menu 24 1 System Maintenance Status 8 2 Figure 8 3 Menu 24 2 System Information and Console Port Speed 8 4 Figure 8 4 Menu 24 2 1 System Maintenance Information 8 4 Figure 8 5 Menu 24 2 2 System Mai...

Page 15: ... 9 5 Figure 9 6 Menu 24 7 1 System Maintenance Upload Router Firmware 9 5 Figure 9 7 Menu 24 7 2 System Maintenance Upload Router Configuration File 9 6 Figure 9 8 Telnet into Menu 24 7 1 9 8 Figure 9 9 Telnet into Menu 24 7 2 System Maintenance 9 9 Figure 9 10 FTP Session Example 9 10 Figure 10 1 Command Mode in Menu 24 10 1 Figure 10 2 Valid Commands 10 1 Figure 10 3 Call Control 10 2 Figure 10 ...

Page 16: ......

Page 17: ... Menu 11 1 PPPoE Encapsulation Specific Only 4 3 Table 4 3 Remote Node Network Layer Options Menu Fields 4 4 Table 5 1 IP Static Route Menu Fields 5 3 Table 6 1 Single User Account Menu Fields 6 2 Table 6 2 Services vs Port number 6 5 Table 7 1 Abbreviations Used in the Filter Rules Summary Menu 7 6 Table 7 2 Abbreviations Used If Filter Type Is IP 7 7 Table 7 3 Abbreviations Used If Filter Type I...

Page 18: ...le 9 3 Third Party FTP Clients General fields 9 10 Table 10 1 Budget Management 10 3 Table 10 2 Call History Fields 10 4 Table 12 1 Troubleshooting the Start Up of your Prestige 12 1 Table 12 2 Troubleshooting the LAN Interface 12 2 Table 12 3 Troubleshooting the WAN Interface 12 3 Table 12 4 Troubleshooting Internet Access 12 4 ...

Page 19: ...r a telnet connection About This User s Manual This manual is designed to guide you through the SMT configuration of your Prestige 314 for its various applications Structure of this Manual This manual is structured as follows Part I Getting Started Chapters 1 3 is structured as a step by step guide to help you connect install and setup your Prestige to operate on your network and access the Intern...

Page 20: ... should have come with your Prestige ZyXEL Web and FTP Server Sites You can access release notes for firmware upgrades and other information at ZyXEL web and FTP server sites Refer to the Customer Support page in this User s Guide for more information Syntax Conventions Enter means for you to type one or more characters and press the carriage return Select or Choose means for you to select one fro...

Page 21: ...Getting Started I Part I Getting Started Chapters 1 3 are structured as a step by step guide to help you connect install and setup your Prestige to operate on your network and access the Internet ...

Page 22: ......

Page 23: ...ith Integrated Four Port Switch The P314 sports a 10 Mbps Ethernet port for a cable or DSL modem connection as well as an integrated 4 Port Switch allowing up to 4 computers on your network to enjoy super fast Internet access without the need for an additional hub Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more...

Page 24: ...FC 2132 The Prestige s DHCP server capability allows you to automatically assign TCP IP settings to a workstation on your LAN The Prestige s DHCP client capability allows it to get automatically its IP address from the ISP on the WAN RoadRunner Support In addition to standard cable modem services the Prestige supports Time Warner s RoadRunner Service Logging and Tracing The Prestige has the follow...

Page 25: ...P314 Broadband Sharing Gateway with 4 Port Switch Getting to Know Your Prestige 1 3 Figure 1 1 Internet Access ...

Page 26: ......

Page 27: ... functions Table 2 1 LED Functions LEDs Function Indicator Status Active Description PWR Power Green On The power adapter is connected to the Prestige Off The system is not ready or failed On The system is ready and running SYS System Flashing The system is rebooting Green Off The 10M LAN is not connected On The Prestige is connected to a 10M LAN 10M LAN LAN Flashing The 10M LAN is sending receivi...

Page 28: ...must connect the coaxial cable from your cable service to the threaded coaxial cable connector on the back of the cable modem Connect a DSL Modem to the DSL Wall Jack Please also see the Appendices for important safety instructions on making connections to the Prestige Step 1 Connecting the Console Port For the initial configuration of your Prestige you need to use terminal emulator software on a ...

Page 29: ...sing a straight through Ethernet cable white tag and press the Uplink button If you do not press the Uplink button LAN port 4 or use LAN ports 1 to 3 to daisy chain the Prestige to an external hub then you must use a crossover cable red tag Step 4 Grounding the Prestige If you want to ground the Prestige then connect a grounded wire to the F G Frame Ground of the Prestige Step 5 Connecting the Pow...

Page 30: ...ssword The login screen appears after you press Enter prompting you to enter the password as shown below For your first login enter the default password 1234 As you type the password the screen displays an X for each character you type Please note that if there is no activity for longer than 5 minutes after you log in your Prestige will automatically log you out and will display a blank screen If ...

Page 31: ...o the previous and the next field respectively Enter information Fill in or Press the SPACE BAR to toggle You need to fill in two types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing the SPACE BAR Required fields All fields with the symbol must be filled in order be able to save the new configuration ...

Page 32: ...to set up static route 15 SUA Server Setup Use this menu to specify inside servers when SUA is enabled 21 Filter Set Configuration Use this menu to set up filters to provide security 23 System Password Use this menu to set up a new password 24 System Maintenance This menu provides system status diagnostics firmware upload etc 99 Exit To exit from SMT and return to the blank screen Copyright c 1994...

Page 33: ...onfiguration file you will lose all configurations that you had before and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity and 1 stop bit 8n1 The password will be reset to the default of 1234 also Turn off the Prestige and begin a Terminal session with the current console port settings Turn on the Prestige again When you see the message Press Any key...

Page 34: ...ld This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Billy Domain Name Enter the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP You can go to Menu 24 8 and type sys domainname to see the current domain name used by your router If you want to clear this field just press the...

Page 35: ...e aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname 2 7 2 Configuring Dynamic DNS To configure Dynamic DNS go to Menu 1 General Setup and press select Yes in the Configure Dynamic DNS field Pressing Enter takes you to Menu 1 1 Configure Dynamic DNS as shown next Figure 2 8 Con...

Page 36: ...ur ISP requires MAC address authentication Figure 2 9 Menu 2 WAN Setup This menu allows you to configure the WAN port s MAC Address by using either the factory default or cloning the MAC address from a workstation on your LAN Once it is successfully configured the address will be copied to the rom file ZyNOS configuration file It will not change unless you change the setting in Menu 2 or upload a ...

Page 37: ...enter 3 to open Menu 3 Figure 2 10 Menu 3 LAN Setup 2 9 1 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic You seldom need to filter the LAN traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 2 11 Menu 3 1 LAN Port Filter Setup Menu 3 2 is discussed in the next cha...

Page 38: ......

Page 39: ...ork number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP ad...

Page 40: ... always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 1 4 RIP Setup RIP Routing Information Protocol RFC 1058 and RFC 1389 allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving...

Page 41: ...addresses usually in the form of an information sheet when you sign up If your ISP does give you the DNS server addresses enter them in the DNS Server fields in DHCP Setup The second is to leave this field blank i e 0 0 0 0 in this case the Prestige acts as a DNS proxy Example Of Network Properties For LAN Servers With Fixed IP Choose an IP 192 168 1 2 192 168 1 32 192 168 1 65 192 168 1 254 Netma...

Page 42: ...cally updates this information IP Multicasting can be enabled disabled on the Prestige LAN and or WAN interfaces using menus 3 2 LAN and 11 3 WAN Select None to disable IP Multicasting on these interfaces 3 2 TCP IP and DHCP Ethernet Setup From the Main Menu enter 3 to open Menu 3 LAN Setup 10 100 Mbps Ethernet to configure TCP IP RFC 1155 and DHCP Ethernet setup Figure 3 1 Menu 3 LAN Setup 10 100...

Page 43: ...rst of the contiguous addresses in the IP address pool 192 168 1 33 Size of Client IP Pool This field specifies the size or count of the IP address pool 32 Primary DNS Server Secondary DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Leave these entries at 0 0 0 0 if they are provided by a WAN DHCP ser...

Page 44: ...IP 1 RIP 2B RIP 2M RIP 1 default Multicast IGMP Internet Group Multicast Protocol is a session layer protocol used to establish membership in a Multicast group The Prestige supports both IGMP version 1 IGMP v1 and IGMP v2 Press the SPACE BAR to enable IP Multicasting or select None default to disable it None When you have completed this menu press Enter at the prompt Press ENTER to Confirm to save...

Page 45: ...se choose Standard Note DSL users must choose the Standard option only The Server IP My Login IP and My Password fields are not applicable in this case My Login Name Enter the login name given to you by your ISP My Password Enter the password associated with the login name above Login Server IP The Prestige will find the RoadRunner Server IP if this field is left blank If it does not then you must...

Page 46: ...trol systems e g Radius For the user PPPoE provides a login authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a function known as dynamic service selection This enables the service provid...

Page 47: ...ally disconnects from the PPPoE server 100 default 3 4 Internet Setup Test After configuring the Menu 4 fields when you press ENTER to confirm you will see the message Do you wish to perform the Internet Setup Test y n if you have chosen PPPoE as your encapsulation method Enter Y to test your setup 3 5 Basic Setup Complete Well done You have successfully connected installed and set up your Prestig...

Page 48: ......

Page 49: ...Advanced Applications II Part II Advanced Applications Advanced Applications Chapters 4 6 describe the advanced applications of your Prestige such as Remote Node Setup IP Static Routes and SUA ...

Page 50: ...lter 4 1 Remote Node Profile From the Main Menu select menu option 11 to open Menu 11 1 Remote Node Profile There are two variations of this menu depending on whether you choose Ethernet Encapsulation or PPPoE Encapsulation 4 1 1 Ethernet Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet The first Menu 11 1 screen you see is for Ethernet encapsulatio...

Page 51: ...going My Login This field is applicable for PPPoE encapsulation only Enter the login name assigned by your ISP when the Prestige calls this remote node Some ISPs append this field to the Service Name field above e g jim poellc to access the PPPoE server jim Outgoing My Password Enter the password assigned by your ISP when the Prestige calls this remote node Valid for PPPoE encapsulation only Serve...

Page 52: ...te node The default is 0 meaning no budget control 10 Period hr This field is the time period that the budget should be reset For example if we are allowed to call this remote node for a maximum of 10 minutes every hour then the Allocated Budget is 10 minutes and the Period hr is 1 hour 1 Idle Timeout This value specifies the idle time i e the length of time there is no traffic from the Prestige t...

Page 53: ... Mask If you have a Static IP Assignment enter the subnet mask assigned to you My WAN Addr If you have a Static IP Assignment enter the gateway IP address assigned to you Single User Account Use the SPACE BAR to toggle Yes and No See the chapter on SUA for a full discussion of this feature Yes Metric This field is valid only for PPPoE encapsulation The metric represents the cost of transmission fo...

Page 54: ...The Prestige supports both IGMP version 1 IGMP v1 and IGMP v2 Press SPACE BAR to enable IP Multicasting or select None to disable it Please see Part 1 for more information on these two fields None Once you have completed filling in the Network Layer Options Menu press ENTER to return to Menu 11 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to...

Page 55: ...Remote Node Filter Input Filter Sets protocol filters 3 device filters Output Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 3 device filters Output Filter Sets protocol filters 1 device filters Call Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL ...

Page 56: ... remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the following diagram through remote node Router 1 However the Prestige is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gatewa...

Page 57: ... enter the index number of one of the static routes you want to configure Figure 5 3 Menu 12 1 Edit IP Static Route The following table describes the IP Static Route Menu fields Menu 12 IP Static Route Setup 1 ________ 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7 ________ 8 ________ Enter selection number Menu 12 1 Edit IP Static Route Route 1 Route Name Active No Destination IP Addres...

Page 58: ...is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over the WAN the gateway must be the IP address of one of the Remote Nodes Metric Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly c...

Page 59: ......

Page 60: ... you to have one legal IP address and many local LAN IP addresses that can be used in other domains also thus conserving the number of global IP addresses The Single User Account feature may also be used on connections to remote networks other than the ISP For example this feature can be used to simplify the allocation of IP addresses when connecting branch offices to the corporate network The IP ...

Page 61: ...s in the previous chapter with the exception that you need to fill in two extra fields in Menu 4 Internet Access Setup as shown in the following figure SUA here is applied solely to the output interface and is valid only for LAN WAN connections and not for connections between LANs Figure 6 2 Menu 4 Internet Access Setup for Single User Account Follow the instructions on how to configure the SUA fi...

Page 62: ... an FTP server 192 168 1 3 then you need to specify for port 80 web the server at IP address 192 168 1 2 and for port 21 FTP another at IP address 192 168 1 3 Please note that a server can support more than one service e g a server can provide both FTP and DNS service while another provides only web service Also since you need to specify the IP address of a server in the Prestige a server must hav...

Page 63: ... Server Configuration Step 2 Enter the service port number in the Port field and the inside IP address of the server in the IP Address field Step 3 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel The most often used port numbers are Menu 15 Multiple Server Configuration Port 1 Default 2 0 3 0 4 0 5 0 6 ...

Page 64: ... Services vs Port number Services Port Number FTP File Transfer Protocol 21 Telnet 23 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office Protocol version 3 110 PPTP Point to Point Tunneling Protocol 1723 ...

Page 65: ......

Page 66: ...Advanced Management III Part III Advanced Management Chapters 7 11 provide information on Prestige Filtering System Information and Diagnosis Transferring Files and Telnet ...

Page 67: ......

Page 68: ...the LAN side Call filtering is used to determine if a packet should be allowed to trigger a call Remote node call filtering is only applicable when using PPPoE encapsulation Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following figure Figure 7 1 Outgoing Packet Filtering Process For incoming packets your Prestige applies data filters only Packe...

Page 69: ...ules in the system You cannot mix device filter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Three sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic f...

Page 70: ...le Available Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule Figure 7 2 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port ...

Page 71: ... Step 3 Enter a descriptive name or comment in the Edit Comments field and press ENTER Step 4 Press ENTER at the message Press ENTER to confirm to open Menu 21 1 Filter Rules Summary Menu 21 Filter Set Configuration Filter Filter Set Comments Set Comments 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______________ 3 Tel_FTP_Web_WAN 9 _______________ 4 _______________ 10 _______________ 5 _____...

Page 72: ...0 0 0 DA 0 0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Rule Number 1 6 to Configure Press ENTER to Confirm or ESC to Cancel Menu 21 2 Filter Rules Summary A Type Filter Rules M m n 1 Y IP Pr 17 SA 0 0 0 0 SP 137 DA 0 0 0 0 DP 53 N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number 1 6 to Configure Menu 21 3 Filter Ru...

Page 73: ...es in it are matched Y means an action can not yet be taken as there are more rules to check which are concatenated with the present rule to form a rule chain When the rule chain is complete an action can be taken N means you can now specify an action to be taken i e forward the packet drop the packet or check the next rule For the latter the next rule is independent of the rule just checked If Mo...

Page 74: ...le type its number in Menu 21 1 Filter Rules Summary and press ENTER to open Menu 21 1 1 for the rule To speed up filtering all rules in a filter set must be of the same class i e protocol filters or generic filters The class of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets ...

Page 75: ...f the packet you wish to filter This field is disregarded if it is 0 0 0 0 IP address Destination IP Mask Enter the IP mask to apply to the Destination IP Addr IP mask Destination Port Enter the destination port of the packets that you wish to filter The range of this field is 0 to 65535 This field is disregarded if it is 0 0 65535 Destination Port Comp Select the comparison to apply to the destin...

Page 76: ...packet is passed to the next filter rule before an action is taken else the packet is disposed of according to the action fields If More is Yes then Action Matched and Action Not Matched will be N A Yes No Log Select the logging option from the following z None No packets will be logged z Action Matched Only packets that match the rule parameters will be logged z Action Not Matched Only packets th...

Page 77: ...No Filter Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Dest IP Addr Apply DestAddrMask to Dest Addr Not Matched Not Matched Check Src Dest Port Matched Not Matched Figure 7 8 Executing an IP Filter ...

Page 78: ...he data portion before comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits e g FFFFFFFF To configure a generic rule select Generic Filter Rule in the Filter Type field in Menu 21 4 1 and press ENTER to open ...

Page 79: ...t that you wish to compare The range for this field is 0 to 8 Default 0 Mask Enter the mask in Hexadecimal to apply to the data portion before comparison Value Enter the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action is taken else the packet is disposed of according to the action fields If More is Yes then Acti...

Page 80: ...sk for more example filters This filter is designed to block outside users telnetting into the Prestige Figure 7 10 Telnet Filter Example Step 1 Enter 21 from the Main Menu to open Menu 21 Filter Set Configuration Step 2 Enter the index of the filter set you wish to configure in this case 3 and press ENTER Step 3 Enter a descriptive name or comment in the Edit Comments field in this case TELNET_FT...

Page 81: ...hed Drop Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Press the SPACE BAR to choose this filter rule type The first filter rule type determines all subsequent filter types within a set Select Yes to make the rule active 6 is the TCP protocol The port number for the telnet service TCP protocol is 23 See RFC 1060 for port numbers of well known ...

Page 82: ...AN Protocol Filter rules act on the IP packets Generic and TCP IP filter rules are discussed in more detail in the next section When SUA Single User Account is enabled the inside IP address and port number are replaced on a connection by connection basis which makes it impossible to know the exact address and port on the wire Therefore the Prestige applies the protocol filters to the native IP add...

Page 83: ...oming telnet FTP and HTTP connections 7 5 1 LAN Traffic LAN traffic filter sets may be useful to block certain packets reduce traffic and prevent security breaches Go to Menu 3 1 shown next and enter the number s of the filter set s that you want to apply as appropriate You can choose up to four filter sets from twelve by entering their numbers separated by commas e g 3 4 6 11 Input filter sets fi...

Page 84: ...hen using PPPoE encapsulation and in protocol filters under Output Filter Sets protocol filters when using Ethernet encapsulation Filter set 3 Telnet_WAN blocks telnet connections from the WAN Port to help prevent security breaches Filter set 4 FTP_WAN blocks FTP connections from the WAN Port Apply them as shown in the following figure Figure 7 15 Filtering Remote Node Traffic Menu 11 5 Remote Nod...

Page 85: ......

Page 86: ...atus port status log and trace capabilities and upgrades for the system software This chapter describes how to use these tools in detail Select menu 24 in the main menu to open Menu 24 System Maintenance as shown below Figure 8 1 Menu 24 System Maintenance Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Re...

Page 87: ... the PPPoE connection 9 resets the counters and Esc takes you back to the previous screen The table below describes the fields present in Menu 24 1 System Maintenance Status It should be noted that these fields are READ ONLY and are meant to be used for diagnostic purposes The upper right corner of the screen shows the time and date according to the format you set in Menu 24 10 Figure 8 2 Menu 24 ...

Page 88: ...s port Cols The number of collisions on this port Tx B s Shows the transmission speed in Bytes per second on this port Rx B s Shows the reception speed in Bytes per second on this port Up Time Total amount of time the line has been up LAN Ethernet Address The LAN port Ethernet address IP Address The LAN port IP address IP Mask The LAN port IP mask DHCP The LAN port DHCP role WAN Ethernet Address T...

Page 89: ...Figure 8 3 Menu 24 2 System Information and Console Port Speed 8 2 1 System Information System Information gives you information about your system as shown below More specifically it gives you information on your routing protocol Ethernet address IP address etc Figure 8 4 Menu 24 2 1 System Maintenance Information Menu 24 2 1 System Maintenance Information Name xxx baboo mickey com Routing IP ZyNO...

Page 90: ...the Prestige 8 2 2 Console Port Speed You can change the speed of the console port through Menu 24 2 2 Console Port Speed Your Prestige supports 9600 default 19200 38400 57600 and 115200 bps for the console port Use the SPACE BAR to select the desired speed in Menu 24 2 2 as shown below Figure 8 5 Menu 24 2 2 System Maintenance Change Console Port Speed 8 3 Log and Trace There are two logging faci...

Page 91: ...ation messages are presented in the figure below Figure 8 7 Examples of Error and Information Messages 8 3 2 UNIX Syslog The Prestige uses the UNIX syslog facility to log the CDR Call Detail Record and system messages to a syslog server Syslog and accounting can be configured in Menu 24 3 2 System Maintenance UNIX Syslog as shown next Menu 24 3 System Maintenance Log and Trace 1 View Error Log 2 U...

Page 92: ...server Please refer to your UNIX manual for more detail Types CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog server when this field is set to Yes Filter log No filters are logged when this field is set to No Filters with the individual filter Log Filter fi...

Page 93: ...Packet triggered Packet triggered Message Format sdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Packet trigger Protocol xx Data xxxxxxxxxx x Protocol 1 IP 2 IPX 3 IPXHC 4 BPDU 5 ATALK 6 IPNG Data We will send forty eight Hex characters to the server Jul 19 11 28 39 192 168 102 2 ZyXEL Packet Trigger Protocol 1 Data 4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768...

Page 94: ... 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 S04 R01mF Mar 03 12 01 06 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 S04 R01mF 4 PPP log PPP log Message Format sdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto Closing ppp Proto Shutdown Proto LCP ATCP BACP BCP CBCP CCP CHAP PAP ...

Page 95: ...th 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum 0xFB20 64288 Source IP 0xC0A80101 192 168 1 1 Destination IP 0x00000000 0 0 0 0 TCP Header Source Port 0x0401 1025 Destination Port 0x000D 13 Sequence Number 0x05B8D000 95997952 Ack Number 0x00000000 0 Header Length 24 Flags 0x02 S Wind...

Page 96: ...AN as shown in Figure 8 11 LAN DHCP has already been discussed previously The Prestige can act either as a WAN DHCP client IP Address Assignment field in Menu 4 or Menu 11 3 is Dynamic and the Encapsulation field in Menu 4 or Menu 11 is Ethernet or none i e you have a static IP The WAN Release and Renewal fields in Menu 24 4 conveniently allow you to release and renew the assigned WAN IP address s...

Page 97: ...address on your LAN or WAN Enter its IP address in the Host IP Address field mentioned in the last row of this table 2 WAN DHCP Release Enter 2 to release your WAN DHCP settings 3 WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings The renewal timeout is 32 seconds 4 Internet Setup Test Enter 4 to test your Internet Setup You can also test this after configuring Menu 4 Internet Access Setup 1...

Page 98: ...our choice With many ftp and tftp clients they are as well as seen next ftp put P314 bin ras This is a sample ftp session showing the transfer of the PC file P314 bin to the Prestige ftp get rom 0 MyP314 cfg This is a sample ftp session saving the current configuration to the PC file MyP314 cfg If your t ftp client does not allow you have a destination filename different than the source you will n...

Page 99: ...e default configuration file is needed also If the problem still exists e mail or call tech support 9 2 Backup Configuration Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuration to your workstation Backup is highly recommended once your Prestige is functioning properly FTP and TFTP are the preferred methods for backing up your current workstation configu...

Page 100: ... 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Locate the rom 0 file 4 Type get rom 0 to back up the current router configuration to your workstation For details on FTP commands please ...

Page 101: ...llows you to upgrade the firmware and the configuration file via the console port There are two components in the system the router firmware and the configuration file as shown below Ready to restore Configuration via Xmodem Do you want to continue y n Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file follow the procedure below 1 Launch the FTP clie...

Page 102: ... see Figure 9 8 is the same except for the following additional message For details on FTP commands please consult the documentation of your FTP client program For details on uploading router firmware using TFTP note that you must remain on this menu to upload router firmware using TFTP please see your router manual Menu 24 7 System Maintenance Upload Firmware 1 Upload Router Firmware 2 Upload Rou...

Page 103: ... XMODEM upload message before activating Xmodem upload on your terminal Step 4 After successful firmware upload enter atgo to restart the Prestige Figure 9 7 Menu 24 7 2 System Maintenance Upload Router Configuration File The screen for Menu 24 7 2 when you telnet into the Prestige see Figure 9 9 is the same except for the following additional message For details on FTP commands please consult the...

Page 104: ... client see the example below to transfer files between the Prestige and the workstation The file name for the firmware is ras and for the configuration file is rom 0 rom zero not capital o Note If you upload the firmware to the Prestige it will reboot automatically when the file transfer is completed the SYS LED will flash Note that the telnet connection must be active and the SMT in CI mode befo...

Page 105: ...workstation must have an FTP client When you telnet into the Prestige you will see the following screens for uploading firmware and the configuration file using FTP Figure 9 8 Telnet into Menu 24 7 1 You see the following screen when you telnet into Menu 24 7 2 Menu 24 7 1 System Maintenance Upload Router Firmware To upload the router firmware follow the procedure below 1 Launch the FTP client on ...

Page 106: ...mputer p314 rom to the Prestige and renames it rom 0 See section 9 1 for more information on filename conventions Step 7 Type quit to exit the ftp prompt Menu 24 7 2 System Maintenance Upload Router Configuration File To upload the router configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT pa...

Page 107: ...this option Normal The server requires a unique User ID and Password to login Normal Transfer Type Transfer files in either ASCII plain text format or in binary mode Binary Initial Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path Please note that FTP over WAN will not work if you have applied a filter in Menu 11 5 to block ...

Page 108: ... ZyXEL web site at www zyxel com for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Figure 10 1 Command Mode in Menu 24 Figure 10 2 Valid Commands Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed...

Page 109: ... shown in the next table Figure 10 3 Call Control 10 2 1 Budget Management Menu 24 9 1 shows the budget management statistics for outgoing calls Enter 1 from Menu 24 9 System Maintenance Call Control to bring up the following menu Figure 10 4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node When this limit is reached the call will be ...

Page 110: ...11 1 5 10 means that 5 minutes out of a total allocation of 10 minutes have gone by Elapsed Time Total Period The period is the time cycle in hours that the allocation budget is reset see Menu 11 1 The elapsed time is the time used up within this period 0 5 1 means that 30 minutes out of the 1 hour time period has gone by 10 2 2 Call History This is the second option in Menu 24 9 System Maintenanc...

Page 111: ...mple ATUR for uploading firmware and ATLC for uploading the configuration file already discussed in Chapter 9 Figure 10 6 Option to Enter Debug Mode Enter ATHE to view all available Prestige boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the colon in the list of...

Page 112: ...w x y z RAM test level w from address x to y z iterations ATWEa b c d write MAC addr Country code EngDbgFlag FeatureBit to flash ROM ATCUx write Country code to flash ROM ATCB copy from FLASH ROM to working buffer ATCL clear working buffer ATSB save working buffer to FLASH ROM ATBU dump manufacturer related data in working buffer ATSH dump manufacturer related data in ROM ATWMx set MAC address in ...

Page 113: ......

Page 114: ...inside server is specified telnet connections from the outside will be forwarded to the inside server So to configure the Prestige via telnet from the outside you must first telnet to the inside server and then telnet from the server to the Prestige using its inside LAN IP address If no inside server is specified telnetting to the SUA s IP address will connect to the Prestige directly 11 3 Telnet ...

Page 115: ...lnet Your Prestige will automatically log you out if you do nothing in this timeout period except when it is continuously updating the status in Menu 24 1 or when sys stdio has been changed on the command line 11 3 3 Telnet Blocking Telnet over the WAN doesn t work when 1 You have applied a filter in Menu 3 1 LAN or in Menu 11 5 WAN to block Telnet service 2 You have an SMT console session running...

Page 116: ......

Page 117: ...ing Appendices Glossary and Index IV Part IV Troubleshooting Appendices Glossary and Index Chapter 12 provides information about solving common problems followed by some Appendices a Glossary of Terms and an Index ...

Page 118: ...e Action None of the LEDs are on when you power on the Prestige Check the connection between the AC adapter and the Prestige If the error persists you may have a hardware problem In this case you should contact technical support 1 Check to see if the Prestige is connected to your computer s serial port VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds i...

Page 119: ...hernet cable white tag to connect each computer to the 10 100M LAN ports on the Prestige If you have more than four computers you must use an external hub Connect LAN port 4 on the Prestige to a port on the external hub using a straight through Ethernet cable white tag and press the Uplink button If you do not press the Uplink button LAN port 4 or use LAN ports 1 to 3 to daisy chain the Prestige t...

Page 120: ...MAC can be obtained from Menu 24 1 In case the ISP does not allow you to use a new MAC you can clone the MAC from the LAN as the WAN MAC and send it to the ISP using Menu 2 WAN Setup recommended If the ISP checks the Host Name enter host name in the system field in Menu 1 General Setup when you connect the Prestige to a cable xDSL modem Cannot get WAN IP from the ISP If the ISP checks the User ID ...

Page 121: ...manufacturer of your cable xDSL modem about the cable requirement because for some modems you may require crossover cable and for others regular patch cable Cannot access the Internet Verify your settings in Menu 3 2 and Menu 4 12 5 Problems with Telnet Problem Corrective Action Telnet doesn t work if 1 You have applied a filter in Menu 3 1 LAN or in Menu 11 5 WAN to block Telnet service Cannot Te...

Page 122: ...l up services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN ISDN the switching fabric is already in place 3 It allows the ISP to use the existing dial up mo...

Page 123: ...nnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as opposed to all the way to the ISP However the PPP negotiation is between the PC and the ISP Prestige as a PPPoE Client When using the Prestige as a PPPoE client the PCs on the LAN see only Ether...

Page 124: ...WAN 10 Mbit Half Duplex Ethernet Specification for 4 Port LAN 10 100 Mbit Half Full Auto negotiation Console Port RS 232 Pin 1 NON Pin 2 DTE RXD Pin 3 DTE TXD Pin 4 DTE DTR Pin 5 GND Pin 6 DTE DSR Pin 7 DTE RTS Pin 8 DTE CTS Pin 9 NON See Figure below WAN LAN Cable Pin Layout Straight Through Crossover Switch 1 IRD Adapter 1 OTD Switch 1 IRD Switch 1 IRD 2 IRD 2 OTD 2 IRD 2 IRD 3 OTD 3 IRD 3 OTD 3...

Page 125: ......

Page 126: ...ional Electrical Code ANSI NFPA 70 8 Do not allow anything to rest on the power cord of the AC adapter and do not locate the product where anyone can walk on the power cord 9 Do not service the product by yourself Opening or removing covers can expose you to dangerous high voltage points or other risks Refer all servicing to qualified service personnel 10 Generally when installed after the final c...

Page 127: ...er consumption 9 W Plug North American standards Safety standards UL CUL UL1950 CSA C22 2 NO 234 M90 European Union AC Power Adapter model AD 1201200DV Input power AC230Volts 50Hz Output power DC12Volts 1 2A Power consumption 9 W Plug European Union standards Safety standards TUV CE EN 60950 AC Power Adapter model JAD 121200E Input power AC230Volts 50Hz Output power DC12Volts 1 2A Power consumptio...

Page 128: ... AC100Volts 50 60Hz 27VA Output power DC12Volts 1 2A Power consumption 9 W Plug Japan standards Safety standards T Mark Australia and New Zealand AC Power Adapter model AD 1201200DS Input power AC240Volts 50Hz 0 2A Output power DC12Volts 1 2A Power consumption 9 W Plug Australia and New Zealand standards Safety standards NATA AS 3260 ...

Page 129: ...er Each Client program is designed to work with one or more specific kinds of Server programs and each Server requires a specific kind of Client A Web Browser is a specific kind of Client Crossover Ethernet cable A cable that wires a pin to its opposite pin for example RX is wired to TX This cable connects two similar devices for example two data terminal equipment DTE or data communications equip...

Page 130: ... Line connections and puts the signals on a high speed backbone line using multiplexing techniques Depending on the product DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM frame relay or IP networks DTE Originally the DTE data terminal equipment meant a dumb terminal or printer but today it is a computer or a bridge or router that interconnects local ar...

Page 131: ...ication user Integrity Proof that the data is the same as originally intended Unauthorized software or people have not altered the original information internet Lower case i Any time you connect 2 or more networks together you have an internet Internet Upper case I The vast collection of inter connected networks that all use the TCP IP protocols and that evolved from the ARPANET of the late 60 s a...

Page 132: ...computer system Also called an adapter Node Any single computer connected to a network Packet Filter A filter that scans packets and decides whether to let them through PAP Password Authentication Protocol PAP is a security protocol that requires users to enter a password before accessing a secure system The user s name and password are sent over the wire to a server where they are compared with a...

Page 133: ...o the Internet yet without revealing any information about the system that originally requested the information Proxy servers are an ideal way to also have all users on a corporate network channel through one point for all external communications Proxy servers can be configured to block certain kinds of connections and stop some hacks PSTN Public Switched Telephone Network was put into place many ...

Page 134: ...n insulator Two wires are twisted together to form a pair and the pair form a balanced circuit The twisting prevents interference problems STP shielded twisted pair provides protection against external crosstalk Straight through Ethernet cable A cable that wires a pin to its equivalent pin This cable connects two dissimilar devices for example a data terminal equipment DTE device and a data commun...

Page 135: ... field of a Web browser The URL is basically a pointer to the location of an object VPN Virtual Private Network These networks use public connections such as the Internet to transfer information That information is usually encrypted for security purposes WAN Wide Area Networks link geographically dispersed offices in other cities or around the globe Just about any long distance communication mediu...

Page 136: ...t ii Customer Support viii D DDNS Configuration 2 9 Declaration of Conformity v DHCP Dynamic Host Configuration Protocol 1 2 3 3 Diagnostic 8 10 DNS 3 3 3 5 Domain Name 2 8 3 3 8 3 8 5 I Dynamic 4 4 Dynamic DNS 2 8 DYNDNS Wildcard 2 9 E Embedded Web Configurator xix Encapsulation PPP over Ethernet A Ethernet Encapsulation 3 6 4 1 4 6 F Factory Default 2 10 Federal Communications Commission FCC iii...

Page 137: ...g Facility 8 7 Login Server 3 7 M MAC Address 2 10 12 3 Main Menu 2 5 Metric 4 4 5 3 Multicast 3 6 4 5 N N A fields 2 5 Network Address Translator NAT 6 2 P Packet Triggered 8 7 Packing List Card xx Password 2 4 2 7 Ping 8 12 Plug Aus and NZ standards G European standards F Japan standards G North American standards F UK standards F PNC Disk xx Port Numbers common 6 4 Power Adapter 2 3 Power Adapt...

Page 138: ... 6 9 7 9 9 10 1 10 2 10 3 Backup 9 3 Information 8 4 9 1 Restore 9 4 Upload Firmware 9 5 System Management Terminal SMT 2 6 System Name 2 8 System Status 8 2 System Timeout 11 2 T TCP IP1 2 3 1 3 3 3 4 3 5 3 6 4 4 7 6 7 7 7 8 7 9 7 12 7 15 11 1 I J K M TCP IP filter rule 7 7 Telnet Blocking 11 2 Telnet Configuration 11 1 Telnet Under SUA 11 1 TFTP 9 1 9 7 TFTP File Transfer 9 7 Timeout 3 9 4 3 Tra...