ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H User Manual

G.shdsl.bis 4-port security gateway

Table of Contents

Quick Links

Download this manual

P-793H

G.SHDSL.bis 4-port Security Gateway

User's Guide

Version 3.40

1/2007

Edition 2

www.zyxel.com

Table of Contents

Troubleshooting

Summary of Contents for ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H

Page 1 P-793H G.SHDSL.bis 4-port Security Gateway User’s Guide Version 3.40 1/2007 Edition 2 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Page 4: Document Conventions
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone P-793H User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...
Page 6: Safety Warnings
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7 Safety Warnings This product is recyclable. Dispose of it properly. P-793H User’s Guide...
Page 8 Safety Warnings P-793H User’s Guide...
Page 9: Table Of Contents
Introduction, Wizards and Tutorials ... 37 Getting To Know Your ZyXEL Device ... 39 Introducing the Web Configurator ... 43 Wizards ... 53 Point-to-(2)point Configuration ... 63 Network Setup ... 69 WAN Setup ... 71 LAN Setup ... 93 Network Address Translation (NAT) Screens ... 103 Security and Advanced Setup ...
Page 10 Contents Overview Firewall Setup ... 293 Filter Configuration ... 295 SNMP Configuration ... 309 System Password ...311 System Information & Diagnosis ... 313 Firmware and Configuration File Maintenance ... 323 Menus 24.8 to 24.11 ... 337 IP Routing Policy Setup ... 343 Schedule Setup ...
Page 11: Table Of Contents
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 23 List of Tables... 31 Part I: Introduction, Wizards and Tutorials... 37 Chapter 1 Getting To Know Your ZyXEL Device... 39 1.1 Overview ...
Page 12 Table of Contents 3.1 Internet Setup Wizard ... 54 3.1.1 Screen 1 ... 54 3.1.2 Screen 2 ... 55 3.1.3 Screen 3 ... 58 3.2 Bandwidth Management Wizard ... 59 3.2.1 Screen 1 ... 60 3.2.2 Screen 2 ... 61 3.2.3 Screen 3 ...
Page 13 5.5.2 Configuring More Connections Advanced Setup ... 84 5.6 Traffic Redirect ... 85 5.7 Dial Backup Interface ... 86 5.8 Configuring WAN Backup Setup ... 86 5.8.1 Advanced Backup Setup ... 89 5.8.2 Advanced Modem Settings for Dial Backup ... 91 Chapter 6 LAN Setup...
Page 14 Table of Contents Part III: Security and Advanced Setup ...115 Chapter 8 Firewalls... 117 8.1 Firewall Overview ...117 8.2 Types of Firewalls ...117 8.2.1 Packet Filtering Firewalls ...117 8.2.2 Application-level Firewalls ...118 8.2.3 Stateful Inspection Firewalls ...118 8.3 Introduction to ZyXEL’s Firewall ...118 8.3.1 Denial of Service Attacks ...119 8.4 Denial of Service ...119 8.4.1 Basics ...119...
Page 15 9.7.2 Customized Services ... 139 9.7.3 Configuring A Customized Service ... 139 9.8 Example Firewall Rule ... 140 9.9 Anti-Probing ... 144 9.10 DoS Thresholds ... 145 9.10.1 Threshold Values ... 145 9.10.2 Half-Open Sessions ... 146 9.10.3 Configuring Firewall Thresholds ... 146 Chapter 10 Content Filtering ...
Page 16 Table of Contents 13.2 Application-based Bandwidth Management ... 181 13.3 Subnet-based Bandwidth Management ... 181 13.4 Application and Subnet-based Bandwidth Management ... 182 13.5 Scheduler ... 182 13.5.1 Priority-based Scheduler ... 182 13.5.2 Fairness-based Scheduler ... 183 13.6 Maximize Bandwidth Usage ... 183 13.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic ...
Page 17 16.1.1 How do I know if I'm using UPnP? ... 205 16.1.2 NAT Traversal ... 205 16.1.3 Cautions with UPnP ... 205 16.2 UPnP and ZyXEL ... 206 16.2.1 Configuring UPnP ... 206 16.3 Installing UPnP in Windows Example ... 207 16.4 Using UPnP in Windows XP Example ...
Page 18 Table of Contents 21.2 SMT Menu Items ... 240 21.3 Navigating the SMT Interface ... 242 Chapter 22 General Setup... 245 22.1 Configuring General Setup ... 245 22.1.1 Configuring Dynamic DNS ... 246 Chapter 23 WAN Setup... 249 23.1 WAN Setup ... 249 23.1.1 2wire-2line Service Mode ...
Page 19 Chapter 28 NAT Setup... 279 28.1 Using NAT ... 279 28.1.1 SUA (Single User Account) Versus NAT ... 279 28.1.2 Applying NAT ... 279 28.2 NAT Setup ... 281 28.2.1 Address Mapping Sets ... 281 28.3 Configuring a Server behind NAT ... 284 28.4 General NAT Examples ...
Page 20 Table of Contents 33.1 Introduction to System Status ... 313 33.2 System Status ... 313 33.3 System Information and Console Port Speed ... 315 33.3.1 System Information ... 315 33.3.2 Console Port Speed ... 316 33.4 Log and Trace ... 317 33.4.1 Viewing Error Log ...
Page 21 35.1 Command Interpreter Mode ... 337 35.1.1 Command Syntax ... 337 35.1.2 Command Usage ... 338 35.2 Call Control Support ... 338 35.2.1 Budget Management ... 338 35.3 Time and Date Setting ... 339 35.4 Remote Management ... 341 35.4.1 Remote Management Limitations ... 342 Chapter 36 IP Routing Policy Setup ...
Page 22 Table of Contents Appendix E IP Addresses and Subnetting ... 389 Appendix F IP Address Assignment Conflicts ... 397 Appendix G Common Services ... 401 Appendix H Command Interpreter... 405 Appendix I Log Descriptions... 411 Appendix J NetBIOS Filter Commands ... 427 Appendix K Legal Information ...
Page 23: List Of Figures
List of Figures List of Figures Figure 1 High-speed Internet Access with Your ZyXEL Device ... 39 Figure 2 Point-to-point Connections with Your ZyXEL Device ... 40 Figure 3 Point-to-2points Connections with Your ZyXEL Device ... 40 Figure 4 LEDs ... 41 Figure 5 Login Screen ...
Page 24 List of Figures Figure 39 LAN > IP > Advanced Setup ... 98 Figure 40 LAN > DHCP Setup ... 99 Figure 41 LAN > Client List ... 100 Figure 42 Physical Network & Partitioned Logical Networks ... 101 Figure 43 LAN > IP Alias ... 102 Figure 44 How NAT Works ...
Page 25 List of Figures Figure 82 VPN > Setup ... 162 Figure 83 VPN > Setup > Edit ... 163 Figure 84 VPN > Setup > Edit > Advanced ... 167 Figure 85 VPN > Setup > Edit > Manual ... 170 Figure 86 VPN >...
Page 26 List of Figures Figure 125 Logs > View Log ... 226 Figure 126 Logs > Log Settings ... 227 Figure 127 Tools > Firmware ... 229 Figure 128 Firmware Upload In Progress ... 230 Figure 129 Network Temporarily Disconnected ... 230 Figure 130 Error Message ...
Page 27 List of Figures Figure 168 Menu 15.1.1: Address Mapping Rules ... 282 Figure 169 Menu 15.1.1.1: Address Mapping Rule ... 284 Figure 170 Menu 15.2: NAT Server Sets ... 285 Figure 171 Menu 15.2: NAT Server Setup ... 285 Figure 172 NAT Example 1 ... 286 Figure 173 Menu 4: Internet Access &...
Page 28 List of Figures Figure 211 Menu 24.5: Backup Configuration ... 325 Figure 212 FTP Session Example ... 325 Figure 213 System Maintenance: Backup Configuration ... 328 Figure 214 System Maintenance: Starting Xmodem Download Screen ... 328 Figure 215 Backup Configuration Example ... 328 Figure 216 Successful Backup Confirmation Screen ...
Page 29 List of Figures Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties ... 373 Figure 255 Windows XP: Advanced TCP/IP Properties ... 374 Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties ... 375 Figure 257 Macintosh OS 8/9: Apple Menu ... 376 Figure 258 Macintosh OS 8/9: TCP/IP ...
Page 30 List of Figures P-793H User’s Guide...
Page 31: List Of Tables
List of Tables List of Tables Table 1 LEDs ... 42 Table 2 Web Configurator Screens Summary ... 46 Table 3 Status ... 49 Table 4 Status > Packet Statistics ... 51 Table 5 Wizard Main Screen ... 53 Table 6 Internet Setup Wizard: ISP Parameters ... 54 Table 7 Internet Setup Wizard: ISP Parameters (Ethernet) ...
Page 32 List of Tables Table 39 Firewall > General ... 134 Table 40 Firewall > Rules ... 135 Table 41 Firewall > Rules > Add/Edit ... 137 Table 42 Firewall > Rules > Add/Edit > Edit Customized Services ... 139 Table 43 Firewall > Rules > Add/Edit > Edit Customized Services > Edit ... 140 Table 44 Firewall >...
Page 33 List of Tables Table 82 System > Time Setting ... 221 Table 83 Logs > View Log ... 226 Table 84 Logs > Log Settings ... 227 Table 85 Tools > Firmware ... 229 Table 86 Tools > Configuration ... 231 Table 87 Diagnostic >...
Page 34 List of Tables Table 125 General Commands for GUI-based FTP Clients ... 326 Table 126 General Commands for GUI-based TFTP Clients ... 327 Table 127 Menu 24.9.1 - Budget Management ... 339 Table 128 Menu 24.10: System Maintenance - Time and Date Setting ... 340 Table 129 Menu 24.11 –...
Page 35 List of Tables Table 168 Syslog Logs ... 423 Table 169 RFC-2408 ISAKMP Payload Types ... 423 Table 170 NetBIOS Filter Default Settings ... 428 P-793H User’s Guide...
Page 36 List of Tables P-793H User’s Guide...
Page 37: Introduction, Wizards And Tutorials
Introduction, Wizards and Tutorials Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizards (53) Point-to-(2)point Configuration (63)
Page 39: Getting To Know Your Zyxel Device
H A P T E R Getting To Know Your ZyXEL This chapter introduces the main features and applications of your ZyXEL Device. 1.1 Overview This ZyXEL Device is a secure G.SHDSL.bis router with a 4-port switch. Set up your ZyXEL Device for high-speed Internet access or for high-speed point-to-point connections with other ZyXEL Devices of the same type.
Page 40: High-Speed Point-To-Point Connections
Chapter 1 Getting To Know Your ZyXEL Device 1.1.2 High-speed Point-to-point Connections Use two ZyXEL Devices to create a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning. Figure 2 Point-to-point Connections with Your ZyXEL Device The ZyXEL Devices provide a simple, fast point-to-point connection between two geographically-dispersed networks.
Page 41: Ways To Manage The Zyxel Device
1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. See • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Page 42: Table 1 Leds
Chapter 1 Getting To Know Your ZyXEL Device The following table describes the LEDs. Table 1 LEDs COLOR POWER Green LAN 1~4 Green DSL1/DSL2 Green Note: For Internet access setup or point-to-point connections, the DSL1 and DSL2 LEDs indicate the status of a single connection (act as one LED). For point- to-2point connections, the DSL1 and DSL2 LEDs indicate the status of connection 1 and connection 2 respectively.
Page 43: Introducing The Web Configurator
H A P T E R This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 44: Figure 5 Login Screen
Chapter 2 Introducing the Web Configurator Figure 5 Login Screen 6 If you entered the user password, the Status screen appears. See If you entered the admin password, the following screen appears. Figure 6 Change Password at Login It is highly recommended you change the default admin password. Enter a new password between 1 and 30 characters, retype it to confirm and click Apply;...
Page 45: Navigating The Web Configurator
7 Select Go to Wizard setup, and click Apply to display the wizard main screen. Select Go to Advanced setup, and click Apply to display the Status screen. Select Click here to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on and always go to the Status screen.
Page 46: Figure 8 Web Configurator: Main Screen
Chapter 2 Introducing the Web Configurator Figure 8 Web Configurator: Main Screen Click the icon (located in the top right corner of most screens) to view embedded help. Table 2 Web Configurator Screens Summary LINK/ICON SUB-LINK Wizard INTERNET SETUP BANDWIDTH MANAGEMENT SETUP Logout...
Page 47 Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK DHCP Setup Client List IP Alias General Port Forwarding Address Mapping Security Firewall General Rules Anti Probing Threshold Content Filter Keyword Schedule Trusted Setup Monitor VPN Global Setting Advanced Static Route Static Route Bandwidth Summary...
Page 48: Status Screen
Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK Remote MGMT Telnet SNMP ICMP UPnP General Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Diagnostic General DSL Line 2.4 Status Screen The following summarizes how to navigate the web configurator from the Status screen.
Page 49: Figure 9 Status
Figure 9 Status The following table describes the labels shown in the Status screen. Table 3 Status LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Page 50: Status: Bandwidth Status
Chapter 2 Introducing the Web Configurator Table 3 Status (continued) LABEL VPI/VCI LAN Information IP Address IP Subnet Mask DHCP Security Firewall Content Filter System Status System Uptime Current Date/Time System Mode CPU Usage Memory Usage Interface Status Interface Status Rate Summary Bandwidth Status...
Page 51: Status: Packet Statistics
2.4.2 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 10 Status > Packet Statistics The following table describes the fields in this screen.
Page 52: Status: Vpn Status
Chapter 2 Introducing the Web Configurator Table 4 Status > Packet Statistics (continued) LABEL Rx B/s Up Time LAN Port Statistics Interface Status TxPkts RxPkts Collisions Help Poll Interval(s) Set Interval Stop 2.4.3 Status: VPN Status This is the same screen discussed in 2.5 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration...
Page 53: Wizards
H A P T E R Use these screens to configure Internet access or to configure basic bandwidth management. See the advanced menu chapters for background information on these fields. To access the wizards, click Go to Wizard setup in icon ( ) in the top right corner of the web configurator.
Page 54: Internet Setup Wizard
Chapter 3 Wizards 3.1 Internet Setup Wizard Use these screens to configure Internet access settings. To access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection. Figure 12 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
Page 55: Screen 2
3.1.2 Screen 2 These screens let you enter the rest of the Internet settings, which depend on the encapsulation your Internet connection uses (and the mode you selected, for RFC1483). This screen appears if your Internet connection uses Ethernet encapsulation. Figure 13 Internet Setup Wizard: ISP Parameters (Ethernet) The following table describes the fields in this screen.
Page 56: Figure 14 Internet Setup Wizard: Isp Parameters (Pppoe)
Chapter 3 Wizards Figure 14 Internet Setup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen. Table 8 Internet Setup Wizard: ISP Parameters (PPPoE) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 57: Figure 15 Internet Setup Wizard: Isp Parameters (Rfc1483)
Figure 15 Internet Setup Wizard: ISP Parameters (RFC1483) The following table describes the fields in this screen. Table 9 Internet Setup Wizard: ISP Parameters (RFC1483) LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP. Back Click Back to go back to the previous screen. Apply Click Apply to finish manual configuration.
Page 58: Figure 17 Internet Setup Wizard: Summary Screen
Chapter 3 Wizards The following table describes the fields in this screen. Table 10 Internet Setup Wizard: ISP Parameters (PPPoA) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Page 59: Bandwidth Management Wizard
Launch your web browser and navigate to www.zyxel.com. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 60: Screen 1
Chapter 3 Wizards Table 12 Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). The World Wide Web (WWW) is an Internet system to distribute graphical, hyper- linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web.
Page 61: Screen 2
3.2.2 Screen 2 Use the second wizard screen to select the services that you want to apply bandwidth management, and select the priorities that you want to apply to the services listed. Figure 19 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 14 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION...
Page 62: Screen 3
Chapter 3 Wizards 3.2.3 Screen 3 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. Figure 20 Bandwidth Management Wizard: Complete P-793H User’s Guide...
Page 63: Point-To-(2)Point Configuration
H A P T E R Point-to-(2)point Configuration This chapter introduces point-to-point and point-to-2point connections. 4.1 Point-to-point Connection Overview You can set up point-to-point connection between two ZyXEL Devices. These connections offer a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning.
Page 64: Point-To-Point Connection Procedure
Chapter 4 Point-to-(2)point Configuration To establish a point-to-point connection, one of the ZyXEL Devices becomes the server (instead of the ISP). The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. Otherwise, there is no difference between the server and the client.
Page 65: Connect The Zyxel Devices
3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server. 4 Scroll down to the Service Type section. See 5 In the Service Mode field, select the same type of connection you selected for the server. 6 In the Service Type field, select Client.
Page 66: Point-To-2Point Connection Procedure
Chapter 4 Point-to-(2)point Configuration In a point-to-2points connection, the ZyXEL Device which has a physical connection to both client devices becomes the server. The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. 4.4 Point-to-2point Connection Procedure Follow these directions to set up a point-to-2point connection.
Page 67: Set Up The Clients
4.4.2 Set up the Clients 1 Log in to one of the ZyXEL Devices that will be the client. (See 2 Click Network > WAN > Internet Connection. 3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server.
Page 68 Chapter 4 Point-to-(2)point Configuration P-793H User’s Guide...
Page 69: Network Setup
Network Setup WAN Setup (71) LAN Setup (93) Network Address Translation (NAT) Screens (103)
Page 71: Wan Setup
H A P T E R This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Page 72: Multiplexing
Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (DSL Access Multiplexer).
Page 73: Nailed-Up Connection (Ppp)
5.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.
Page 74: Traffic Shaping
Chapter 5 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
Page 75: Atm Traffic Classes
5.3.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. 5.3.1.1 Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 76: Figure 26 Wan > Internet Connection
Chapter 5 WAN Setup Figure 26 WAN > Internet Connection The following table describes the labels in this screen. Table 15 WAN > Internet Connection LABEL General Name Mode Encapsulation User Name DESCRIPTION Enter the name of your Internet Service Provider, for example “MyISP”. This information is for descriptive purposes only.
Page 77 Table 15 WAN > Internet Connection (continued) LABEL DESCRIPTION Password (PPPoA and PPPoE only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC.
Page 78: 2Wire-2Line Service Mode
Chapter 5 WAN Setup Table 15 WAN > Internet Connection (continued) LABEL Enable Rate Adaption Transfer Max Rate (Kbps) Transfer Min Rate (Kbps) Standard Mode Apply Cancel Advanced Setup 5.4.1 2Wire-2Line Service Mode The Service Mode section of the Internet Connection screen allows you to set up two DSL connections when you select 2wire-2line mode.
Page 79: Configuring Advanced Internet Connection
The following table describes the labels in this screen. Table 16 2wire-2line Service Mode LABEL DESCRIPTION Service Type Service Mode Select 2wire-2line mode for the DSL connection. This means that the ZyXEL Device is going to be a server connected to two client ZyXEL Devices. Service Type When you select 2wire-2line mode this field automatically changes to Server.
Page 80: Table 17 Wan > Internet Connection > Advanced Setup
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 17 WAN > Internet Connection > Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
Page 81: Configuring More Connections
5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection.
Page 82: Figure 30 Wan > More Connections > Edit
Chapter 5 WAN Setup Figure 30 WAN > More Connections > Edit The following table describes the labels in this screen. Table 19 WAN > More Connections > Edit LABEL General Active Name Mode Encapsulation User Name Password Service Name DESCRIPTION Select the check box to activate or clear the check box to deactivate this connection.
Page 83 Table 19 WAN > More Connections > Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.
Page 84: Configuring More Connections Advanced Setup
Chapter 5 WAN Setup 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 31 WAN > More Connections > Advanced Setup The following table describes the labels in this screen.
Page 85: Traffic Redirect
Table 20 WAN > More Connections > Advanced Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here.
Page 86: Dial Backup Interface
Chapter 5 WAN Setup Figure 33 Traffic Redirect LAN Setup 5.7 Dial Backup Interface The Dial Backup port can be used in reserve, as a traditional dial-up connection should the broadband connection to the WAN port fail. To set up the auxiliary port (Dial Backup) for use in the event that the regular WAN connection is dropped, first make sure you have set up the switch and port connection.
Page 87: Figure 34 Wan > Wan Backup Setup
Figure 34 WAN > WAN Backup Setup The following table describes the labels in this screen. Table 21 WAN > WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 88 Chapter 5 WAN Setup Table 21 WAN > WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 89: Advanced Backup Setup
5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Device’s advanced dial backup settings. Click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. Figure 35 WAN > WAN Backup Setup > Advanced Setup The following table describes the labels in this screen.
Page 90 Chapter 5 WAN Setup Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Advanced Click Edit to change the advanced settings for the modem. Modem Setup TCP/IP Options Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of transmission".
Page 91: Advanced Modem Settings For Dial Backup
Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Period Enter how often (in hours) the Allocated Budget is reset. For example, if you can call for thirty minutes every hour, set the Allocated Budget to 30, and set this field to 1.
Page 92 Chapter 5 WAN Setup Table 23 WAN > WAN Backup Setup > Advanced Setup > Edit (continued) LABEL DESCRIPTION CLID Enter the keyword that precedes the CLID (Calling Line Identification) in the AT response string. This lets the ZyXEL Device capture the CLID in the AT response string that comes from the WAN device.
Page 93: Lan Setup
H A P T E R This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 94: Dhcp Setup
Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 95: Lan Tcp/Ip
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. •...
Page 96: Rip Setup
Chapter 6 LAN Setup 6.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 97: Multicast
6.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 98: Configuring Advanced Lan Setup
Chapter 6 LAN Setup 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Device's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 39 LAN > IP > Advanced Setup The following table describes the labels in this screen.
Page 99: Dhcp Setup
Table 25 LAN > IP > Advanced Setup (continued) LABEL DESCRIPTION Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN.
Page 100: Lan Client List
Chapter 6 LAN Setup Table 26 LAN > DHCP Setup (continued) LABEL Primary DNS Server Secondary DNS Server Apply Cancel 6.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 101: Lan Ip Alias
Table 27 LAN > Client List (continued) LABEL DESCRIPTION MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory.
Page 102: Figure 43 Lan > Ip Alias
Chapter 6 LAN Setup Figure 43 LAN > IP Alias The following table describes the labels in this screen. Table 28 LAN > IP Alias LABEL IP Alias 1, 2 IP Address IP Subnet Mask RIP Direction RIP Version Apply Cancel DESCRIPTION Select the check box to configure another LAN network for the ZyXEL Device.
Page 103: Network Address Translation (Nat) Screens
H A P T E R Network Address Translation This chapter discusses how to configure NAT on the ZyXEL Device. 7.1 NAT Overview NAT (Network Address Translation, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 104: What Nat Does
Chapter 7 Network Address Translation (NAT) Screens 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 105: Nat Mapping Types
Figure 45 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. •...
Page 106: Sua (Single User Account) Versus Nat
Chapter 7 Network Address Translation (NAT) Screens The following table summarizes these types. Table 30 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 107: Port Forwarding
The following table describes the labels in this screen. Table 31 NAT General LABEL DESCRIPTION Active Select this check box to enable NAT. Network Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Page 108: Port Forwarding: Services And Port Numbers
Chapter 7 Network Address Translation (NAT) Screens If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 7.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network.
Page 109: Figure 48 Nat > Port Forwarding
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. Appendix G on page 401 Figure 48 NAT >...
Page 110: Port Forwarding Rule Edit
Chapter 7 Network Address Translation (NAT) Screens Table 32 NAT > Port Forwarding (continued) LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action.
Page 111: Address Mapping
7.6 Address Mapping The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Page 112: Address Mapping Rule Edit
Chapter 7 Network Address Translation (NAT) Screens Table 34 NAT > Address Mapping (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 113 Table 35 NAT > Address Mapping > Edit (continued) LABEL DESCRIPTION Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
Page 114 Chapter 7 Network Address Translation (NAT) Screens P-793H User’s Guide...
Page 115: Security And Advanced Setup
Security and Advanced Setup Firewalls (117) Firewall Configuration (129) Content Filtering (149) IPSec VPN (153) Static Route (177) Bandwidth Management (181) Dynamic DNS Setup (191) Remote Management Configuration (195) Universal Plug-and-Play (UPnP) (205)
Page 117: Firewalls
H A P T E R This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 118: Application-Level Firewalls
Chapter 8 Firewalls 8.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Page 119: Denial Of Service Attacks
8.3.1 Denial of Service Attacks Figure 52 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 120: Figure 53 Three-Way Handshake
Chapter 8 Firewalls 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems. • Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification.
Page 121: Figure 54 Syn Flood
Figure 54 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Page 122: Stateful Inspection
Chapter 8 Firewalls 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 36 ICMP Commands That Trigger Alerts 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. Table 37 Legal NetBIOS Commands MESSAGE: REQUEST:...
Page 123: Stateful Inspection Process
are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Page 124: Stateful Inspection And The Zyxel Device
Chapter 8 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.
Page 125: Udp/Icmp Security
If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Page 126: Guidelines For Enhancing Security With Your Firewall
Chapter 8 Firewalls 8.6 Guidelines for Enhancing Security with Your Firewall • Change the default password. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.
Page 127: Packet Filtering Vs. Firewall
• Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 8.7 Packet Filtering vs. Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 8.7.1 Packet Filtering •...
Page 128 Chapter 8 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...
Page 129: Firewall Configuration
H A P T E R Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 130: Rule Logic Overview
Chapter 9 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 131: Key Fields For Configuring Rules
3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
Page 132: Lan To Wan Rules
Chapter 9 Firewall Configuration 9.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 133: Solving The "Triangle Route" Problem
Figure 58 “Triangle Route” Problem 9.5.2 Solving the “Triangle Route” Problem You can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the WAN to go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection.
Page 134: Figure 60 Firewall > General
Chapter 9 Firewall Configuration Figure 60 Firewall > General The following table describes the labels in this screen. Table 39 Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 135: Firewall Rules Summary
Table 39 Firewall > General (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7 Firewall Rules Summary The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 117 Click Security >...
Page 136: Configuring Firewall Rules
Chapter 9 Firewall Configuration Table 40 Firewall > Rules (continued) LABEL DESCRIPTION Active This field displays whether a firewall is turned on or not. Select the check box to enable the rule. Clear the check box to disable the rule. Source IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies.
Page 137: Figure 62 Firewall > Rules > Add/Edit
Figure 62 Firewall > Rules > Add/Edit The following table describes the labels in this screen. Table 41 Firewall > Rules > Add/Edit LABEL DESCRIPTION Edit Rule # Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
Page 138 Chapter 9 Firewall Configuration Table 41 Firewall > Rules > Add/Edit (continued) LABEL Source/Destination Address Address Type Start IP Address End IP Address Subnet Mask Add >> Edit << Delete Services Available/ Selected Services Edit Customized Services Schedule Day to Apply Time of Day to Apply (24-Hour Format)
Page 139: Customized Services
9.7.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read page 401.
Page 140: Example Firewall Rule
Chapter 9 Firewall Configuration Figure 64 Firewall > Rules > Add/Edit > Edit Customized Services > Edit The following table describes the labels in this screen. Table 43 Firewall > Rules > Add/Edit > Edit Customized Services > Edit LABEL DESCRIPTION Config Service Name...
Page 141: Figure 65 Firewall Example: Rules
Figure 65 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 142: Figure 67 Firewall Example: Edit Rule: Destination Address
Chapter 9 Firewall Configuration Figure 67 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 143: Figure 68 Firewall Example: Edit Rule: Select Customized Services
Chapter 9 Firewall Configuration Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 144: Anti-Probing
Chapter 9 Firewall Configuration Figure 69 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists.
Page 145: Dos Thresholds
The following table describes the labels in this screen. Table 44 Firewall > Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
Page 146: Half-Open Sessions
Chapter 9 Firewall Configuration 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see means that the firewall has detected no return traffic.
Page 147: Figure 71 Firewall > Threshold
Figure 71 Firewall > Threshold The following table describes the labels in this screen. Table 45 Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low Type the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions.
Page 148 Chapter 9 Firewall Configuration Table 45 Firewall > Threshold (continued) LABEL Action taken when TCP Maximum Incomplete reached threshold Delete the Oldest Half Open Session when New Connection Request Comes. Deny New Connection Request Apply Cancel DESCRIPTION Select this to clear the oldest half-open session when a new connection request comes.
Page 149: Content Filtering
H A P T E R This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 150: Configuring The Schedule
Chapter 10 Content Filtering The following table describes the labels in this screen. Table 46 Content Filter > Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering.
Page 151: Configuring Trusted Computers
The following table describes the labels in this screen. Table 47 Content Filter > Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 152 Chapter 10 Content Filtering P-793H User’s Guide...
Page 153: Ipsec Vpn
H A P T E R This chapter explains how to set up and maintain IPSec VPNs in the ZyXEL Device. 11.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing.
Page 154: Ike Sa Overview
Chapter 11 IPSec VPN Figure 76 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Page 155: Figure 77 Ike Sa: Main Negotiation Mode, Steps 1 - 2: Ike Sa Proposal
11.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 77 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The ZyXEL Device sends one or more proposals to the remote IPSec router.
Page 156: Figure 79 Ike Sa: Main Negotiation Mode, Steps 5 - 6: Authentication
Chapter 11 IPSec VPN 11.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Device and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Page 157: Additional Topics For Ike Sa
Table 49 VPN Example: Matching ID Type and Content ZYXEL DEVICE Peer ID type: IP Peer ID content: 1.1.1.2 In the following example, the authentication fails, so they cannot establish an IKE SA. Table 50 VPN Example: Mismatching ID Type and Content ZYXEL DEVICE Local ID type: E-mail Local ID content: tom@yourcompany.com...
Page 158: Ipsec Sa Overview
Chapter 11 IPSec VPN Aggressive mode does not provide as much security as main mode because the identity of the ZyXEL Device and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters).
Page 159: Figure 81 Vpn: Transport And Tunnel Mode Encapsulation
An IPSec SA stays connected even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA. 11.1.3.1 Local Network and Remote Network In IPSec SA terminology, the local network, the one(s) connected to the ZyXEL Device, may be called the local policy.
Page 160: Additional Topics For Ipsec Sa
Chapter 11 IPSec VPN • Inside header: The inside IP header contains the IP address of the computers behind the ZyXEL Device or remote IPSec router. In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol.
Page 161: Vpn Setup Screen
In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs.
Page 162: Figure 82 Vpn > Setup
Chapter 11 IPSec VPN Figure 82 VPN > Setup The following table describes the fields in this screen. Table 51 VPN > Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not.
Page 163: Editing Vpn Policies
Table 51 VPN > Setup (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings.
Page 164: Table 52 Vpn > Setup > Edit
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 52 VPN > Setup > Edit LABEL IPSec Setup Active Keep Alive NAT Traversal Name IPSec Key Mode Negotiation Mode Encapsulation Mode DNS Server (for IPSec VPN) Local Local Address Type...
Page 165 Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device.
Page 166 Chapter 11 IPSec VPN Table 52 VPN > Setup > Edit (continued) LABEL My IP Address Peer ID Type Content Secure Gateway Address Security Protocol VPN Protocol Pre-Shared Key DESCRIPTION Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes.
Page 167: Configuring Advanced Ike Settings
Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION Encryption Select DES, 3DES, AES or NULL from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 168: Table 53 Vpn > Setup > Edit > Advanced
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 53 VPN > Setup > Edit > Advanced LABEL VPN - IKE - Advanced Setup Protocol Enable Replay Detection Local Start Port Remote Start Port Phase 1 Negotiation Mode Pre-Shared Key Encryption...
Page 169: Configuring Manual Key
Table 53 VPN > Setup > Edit > Advanced (continued) LABEL DESCRIPTION Key Group You must choose a DH key group for the IKE SA. The longer the key group, the stronger the encryption, but also the more processing is required. DH1 refers to Diffie-Hellman Group 1, a 768-bit random number.
Page 170: Figure 85 Vpn > Setup > Edit > Manual
Chapter 11 IPSec VPN Figure 85 VPN > Setup > Edit > Manual The following table describes the fields in this screen. Table 54 VPN > Setup > Edit > Manual LABEL IPSec Setup Active Name IPSec Key Mode Encapsulation Mode DNS Server (for IPSec VPN)
Page 171 Table 54 VPN > Setup > Edit > Manual (continued) LABEL DESCRIPTION Local Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
Page 172: Viewing Sa Monitor
Chapter 11 IPSec VPN Table 54 VPN > Setup > Edit > Manual (continued) LABEL Security Protocol IPSec Protocol Encryption Algorithm Encryption Key Authentication Algorithm Authentication Key Back Apply Reset 11.6 Viewing SA Monitor Click Security, VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections.
Page 173: Configuring Global Setting
Figure 86 VPN > Monitor The following table describes the fields in this screen. Table 55 VPN > Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 174: Telecommuter Vpn/Ipsec Examples
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 56 VPN > VPN Global Setting LABEL Windows Networking (NetBIOS over TCP/IP) Allow NetBIOS Traffic Through All IPSec Tunnels Apply Cancel 11.8 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters.
Page 175: Telecommuters Using Unique Vpn Rules Example
Table 57 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address Address: Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 192.168.1.10 Address:...
Page 176: Vpn And Remote Management
Chapter 11 IPSec VPN Table 58 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS All Telecommuter Rules: My IP Address 0.0.0.0 Secure Gateway Address: bigcompanyhq.com Remote IP Address: 192.168.1.10 Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Local ID Type: IP Local ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Telecommuter B (telecommuterb.dydns.org)
Page 177: Static Route
H A P T E R This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Page 178: Static Route Edit
Chapter 12 Static Route Figure 91 Static Route > Static Route The following table describes the labels in this screen. Table 59 Static Route > Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route.
Page 179: Figure 92 Static Route > Static Route > Edit
Figure 92 Static Route > Static Route > Edit The following table describes the labels in this screen. Table 60 Static Route > Static Route > Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
Page 180 Chapter 12 Static Route P-793H User’s Guide...
Page 181: Bandwidth Management
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Page 182: Application And Subnet-Based Bandwidth Management
Chapter 13 Bandwidth Management Figure 93 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Page 183: Fairness-Based Scheduler
13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see to divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth.
Page 184: Table 63 Priority-Based Allotment Of Unused And Unbudgeted Bandwidth Example
Chapter 13 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.
Page 185: Over Allotment Of Bandwidth
13.6.3 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent.
Page 186: Figure 94 Bandwidth Mgmt > Summary
Chapter 13 Bandwidth Management Figure 94 Bandwidth MGMT > Summary The following table describes the labels in this screen. Table 67 Bandwidth MGMT > Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Page 187: Bandwidth Management Rule Setup
13.8 Bandwidth Management Rule Setup Section 13.1 on page 181 Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 95 Bandwidth MGMT >...
Page 188: Rule Configuration
Chapter 13 Bandwidth Management 13.8.1 Rule Configuration Section 13.1 on page 181 bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. To open this screen, click the Edit icon or select User define in the Service field Figure 96 Bandwidth MGMT >...
Page 189: Bandwidth Monitor
Table 69 Bandwidth MGMT > Rule Setup > Add/Edit (continued) LABEL DESCRIPTION Service This field simplifies bandwidth class configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the bandwidth filter fields (other than enabling or disabling the filter).
Page 190: Figure 97 Bandwidth Mgmt > Monitor
Chapter 13 Bandwidth Management Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules. Figure 97 Bandwidth MGMT > Monitor P-793H User’s Guide...
Page 191: Dynamic Dns Setup
H A P T E R This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 192: Figure 98 Dynamic Dns > Dynamic Dns
Chapter 14 Dynamic DNS Setup Figure 98 Dynamic DNS > Dynamic DNS The following table describes the fields in this screen. Table 70 Dynamic DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 193 Table 70 Dynamic DNS > Dynamic DNS (continued) LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Page 194 Chapter 14 Dynamic DNS Setup P-793H User’s Guide...
Page 195: Remote Management Configuration
H A P T E R This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 196: Remote Management Limitations
Chapter 15 Remote Management Configuration 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.
Page 197: Telnet
Table 71 Remote MGMT > WWW (continued) LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Page 198: Configuring Ftp
Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 72 Remote MGMT > Telnet LABEL Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 199: Snmp
Table 73 Remote MGMT > FTP (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 15.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices.
Page 200: Supported Mibs
Chapter 15 Remote Management Configuration The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Page 201: Configuring Snmp
15.6.3 Configuring SNMP Section 15.1 on page 195 ZyXEL Device’s SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 104 Remote MGMT > SNMP The following table describes the labels in this screen. Table 76 Remote MGMT > SNMP LABEL DESCRIPTION SNMP...
Page 202: Configuring Dns
Chapter 15 Remote Management Configuration 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. Section 15.1 on page 195 MGMT >...
Page 203: 203
Figure 106 Remote MGMT > ICMP The following table describes the labels in this screen. Table 78 Remote MGMT > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Page 204: Figure 107 Enabling Tr-069
Chapter 15 Remote Management Configuration In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 79 on page Figure 107 Enabling TR-069 ras>...
Page 205: Universal Plug-And-Play (Upnp)
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 206: Upnp And Zyxel
Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 207: Installing Upnp In Windows Example
Table 80 UPnP > General (continued) LABEL Apply Cancel 16.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
Page 208: Figure 110 Add/Remove Programs: Windows Setup: Communication: Components
Chapter 16 Universal Plug-and-Play (UPnP) Figure 110 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Page 209: Figure 112 Windows Optional Networking Components Wizard
Figure 112 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 113 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-793H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP)
Page 210: Using Upnp In Windows Xp Example
Chapter 16 Universal Plug-and-Play (UPnP) 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Page 211: Figure 115 Internet Connection Properties
Chapter 16 Universal Plug-and-Play (UPnP) Figure 115 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 116 Internet Connection Properties: Advanced Settings P-793H User’s Guide...
Page 212: Figure 117 Internet Connection Properties: Advanced Settings: Add
Chapter 16 Universal Plug-and-Play (UPnP) Figure 117 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 213: Figure 119 Internet Connection Status
Figure 119 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 214: Figure 120 Network Connections
Chapter 16 Universal Plug-and-Play (UPnP) Figure 120 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-793H User’s Guide...
Page 215: Figure 121 Network Connections: My Network Places
Chapter 16 Universal Plug-and-Play (UPnP) Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 122 Network Connections: My Network Places: Properties: Example P-793H User’s Guide...
Page 216 Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide...
Page 217: Maintenance
Maintenance System (219) Logs (225) Tools (229) Diagnostic (235)
Page 219: System
H A P T E R This chapter explains how to configure the ZyXEL Device’s system name, domain name, password, and time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes.
Page 220: Figure 123 System > General
Chapter 17 System Figure 123 System > General The following table describes the labels in this screen. Table 81 System > General LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Page 221: Time Setting
Table 81 System > General (continued) LABEL DESCRIPTION New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation.
Page 222 Chapter 17 System Table 82 System > Time Setting (continued) LABEL Time and Date Setup Manual New Time (hh:mm:ss) New Date (yyyy/mm/dd) Get from Time Server Time Protocol Time Server Address Time Zone Setup Time Zone Enable Daylight Saving Start Date DESCRIPTION Select this radio button to enter the time and date manually.
Page 223 Table 82 System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 224 Chapter 17 System P-793H User’s Guide...
Page 225: Logs
H A P T E R This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 226: Configuring Log Settings
Chapter 18 Logs Figure 125 Logs > View Log The following table describes the fields in this screen. Table 83 Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box.
Page 227: Figure 126 Logs > Log Settings
Figure 126 Logs > Log Settings The following table describes the fields in this screen. Table 84 Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 228 Chapter 18 Logs Table 84 Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: Daily Weekly Hourly When Log is Full None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent.
Page 229: Tools
H A P T E R This chapter covers uploading new firmware, managing configuration and restarting your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Page 230: Figure 128 Firmware Upload In Progress
Chapter 19 Tools Table 85 Tools > Firmware (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Page 231: Configuration
Figure 130 Error Message 19.2 Configuration Use this screen to back up or restore the configuration of the ZyXEL Device. You can also use this screen to reset the ZyXEL Device to the factory default settings. To access this screen, click Maintenance >...
Page 232: Figure 132 Configuration Upload Successful
Chapter 19 Tools Table 86 Tools > Configuration (continued) LABEL DESCRIPTION Upload Click this to restore the selected configuration file. See below for more information about this. Note: Do not turn off the device while configuration file upload is in Reset to Factory Default Settings Reset...
Page 233: Restart
Figure 134 Configuration Upload Error Click Return to go back to the previous screen. 19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Page 234 Chapter 19 Tools P-793H User’s Guide...
Page 235: Diagnostic
H A P T E R These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a computer on the network. Click Maintenance > Diagnostic to open the screen shown next. Figure 136 Diagnostic >...
Page 236: Figure 137 Diagnostic > Dsl Line
Chapter 20 Diagnostic Figure 137 Diagnostic > DSL Line The following table describes the fields in this screen. Table 88 Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. Capture All Logs Click this button to display all logs generated by the DSL line. DSL Line Status Click this button to view the DSL port’s line operating values and line bit allocation.
Page 237: Smt And Troubleshooting
SMT and Troubleshooting Introducing the SMT (239) General Setup (245) WAN Setup (249) LAN Setup (257) Internet Access Setup (263) Remote Node Setup (265) Static Route Setup (275) NAT Setup (279) Firewall Setup (293) Filter Configuration (295) SNMP Configuration (309) System Password (311) System Information &...
Page 239: Introducing The Smt
H A P T E R The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT.
Page 240: Smt Menu Items
2 WAN Setup 3 LAN Setup 4 Internet Access Setup 11 Remote Node Setup 12 Static Routing Setup Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P-793H Main Menu Advanced Management 21. Filter and Firewall Setup 22. SNMP Configuration 23. System Password 24.
Page 241: Table 90 Smt Menus Overview
Table 89 Main Menu Summary MENU 15 NAT Setup 21 Filter and Firewall Setup 22 SNMP Configuration 23 System Password 24 System Maintenance 25 IP Routing Policy Setup 26 Schedule Setup 99 Exit The following table gives you an overview of the various SMT menus. Table 90 SMT Menus Overview MENUS SUB MENUS...
Page 242: Navigating The Smt Interface
Chapter 21 Introducing the SMT Table 90 SMT Menus Overview (continued) MENUS SUB MENUS 23 System Password 24 System Maintenance 24.1 System Maintenance - Status 24.2 System Information and Console Port Speed 24.3 System Maintenance - Log and Trace 24.4 System Maintenance - Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration...
Page 243 Table 91 Main Menu Commands OPERATION KEYSTROKE Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Entering Type in or press information [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then press [ENTER].
Page 244 Chapter 21 Introducing the SMT P-793H User’s Guide...
Page 245: General Setup
H A P T E R Use this menu to set up device mode, dynamic DNS and administrative information. 22.1 Configuring General Setup 1 Enter 1 in the main menu to open Menu 1 - General Setup. 2 The Menu 1 - General Setup screen appears, as shown next. Fill in the required fields. Figure 140 Menu 1: General Setup The following table describes the fields in this menu.
Page 246: Configuring Dynamic Dns
Chapter 22 General Setup Table 92 Menu 1: General Setup (continued) FIELD DESCRIPTION Route IP Select Yes to enable IP-based routing in the ZyXEL Device. This is not effective for a specific remote node unless you enable IP-based routing in the remote node too. You should enable Route IP, Bridge, or both in this screen.
Page 247: Table 93 Menu 1.1: Configure Dynamic Dns
Follow the instructions in the next table to configure Dynamic DNS parameters. Table 93 Menu 1.1: Configure Dynamic DNS FIELD DESCRIPTION Service This is the name of your Dynamic DNS service provider. Provider Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 248 Chapter 22 General Setup P-793H User’s Guide...
Page 249: Wan Setup
H A P T E R Use this menu to configure the DSL connection, traffic redirect, and dial-backup interface. 23.1 WAN Setup From the main menu, enter 2 to open menu 2. Figure 142 Menu 2: WAN Setup Service Mode= 2wire Service Type= Server Rate Adaption= Disable Transfer Max Rate(Kbps)= 5696...
Page 250 Chapter 23 WAN Setup Table 94 Menu 2: WAN Setup (continued) FIELD DESCRIPTION Transfer Max This field is enabled if Service Type is Server. Press [SPACE BAR] to set the Rate(Kbps) maximum rate at which the ZyXEL Device sends and receives information. If you enable Rate Adaption, the ZyXEL Device adjusts to the speed of the other device and may exceed this rate.
Page 251: 2Wire-2Line Service Mode
23.1.1 2wire-2line Service Mode From the main menu, enter 2 to open menu 2, then select 2wire-2line in the Service Mode field to see the screen as shown below. Figure 143 Menu 2: 2wire-2line Service Mode Service Mode= 2wire-2line Service Type= N/A Rate Adaption= Disable Transfer Max Rate(Kbps)= 4480 Transfer Min Rate(Kbps)= 4480...
Page 252: Configuring Traffic Redirect
Chapter 23 WAN Setup Table 95 Menu 2: 2wire-2line Service Mode (continued) FIELD DESCRIPTION Check Select the method that the ZyXEL Device uses to check the DSL connection. Mechanism Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 253: Dial Backup Interface
The following table describes the fields in this menu. Table 96 Menu 2.1: Traffic Redirect Setup FIELD DESCRIPTION Active Use this field to turn the traffic redirect feature on (Yes) or off (No). Configuration Backup Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Gateway IP Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet Address...
Page 254: Advanced Dial Backup Setup
Chapter 23 WAN Setup The following table describes the fields in this menu. Table 97 Menu 2.2: Dial Backup Setup FIELD DESCRIPTION Dial-Backup: Active Use this field to turn the dial-backup feature on (Yes) or off (No). Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the connection between the Dial Backup port and the external device.
Page 255: Table 98 Menu 2.2.1: Advanced Dial Backup Setup
The following table describes fields in this menu. Table 98 Menu 2.2.1: Advanced Dial Backup Setup FIELD DESCRIPTION AT Command Strings: Dial Enter the AT Command string to make a call. Drop Enter the AT Command string to drop a call. “~” represents a one second wait, for example “~~~+++~~ath”...
Page 256 Chapter 23 WAN Setup P-793H User’s Guide...
Page 257: Lan Setup
H A P T E R Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup. Figure 147 Menu 3: LAN Setup 24.2 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic.
Page 258: Tcp/Ip And Dhcp Setup Menu
Chapter 24 LAN Setup 24.3 TCP/IP and DHCP Setup Menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1155) and DHCP setup. From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ENTER].
Page 259: Lan Ip Alias
Table 99 Menu 3.2: TCP/IP and DHCP Ethernet Setup (continued) FIELD DESCRIPTION Primary DNS The ZyXEL Device passes a DNS (Domain Name System) server IP address (in Server the order you specify here) to the DHCP clients. Secondary DNS Select From ISP if your ISP dynamically assigns DNS server information (and the Server ZyXEL Device's WAN IP address).
Page 260: Port-Based Vlan Setup
Chapter 24 LAN Setup Figure 150 Menu 3.2.1: IP Alias Setup Use the instructions in the following table to configure IP alias parameters. Table 100 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Alias 1, 2 Choose Yes to configure the LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
Page 261: Figure 151 Menu 3.6: Port Based Vlan Setup
Figure 151 Menu 3.6: Port Based VLAN Setup Press [SPACE BAR] to select Yes or No to allow or block layer-2 traffic between each pair of ports. P-793H User’s Guide Menu 3.6 - Port Based VLAN Setup Chapter 24 LAN Setup...
Page 262 Chapter 24 LAN Setup P-793H User’s Guide...
Page 263: Internet Access Setup
H A P T E R Internet Access Setup Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you should use. 25.1 Internet Access Setup Enter 4 in the main menu.
Page 264 Chapter 25 Internet Access Setup Table 101 Menu 4: Internet Access Setup (continued) FIELD DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
Page 265: Remote Node Setup
H A P T E R Use this menu to configure detailed remote node settings (for example, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 266: Figure 154 Menu 11.1: Remote Node Profile (Nodes 1-7)
Chapter 26 Remote Node Setup Figure 154 Menu 11.1: Remote Node Profile (nodes 1-7) Rem Node Name= MyISP Active= Yes Encapsulation= PPPoE Multiplexing= LLC-based Service Name= Incoming: Rem Login= Rem Password= ******** Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Line=1 The following table describes the labels in this menu.
Page 267 Table 102 Menu 11.1: Remote Node Profile (nodes 1-7) (continued) FIELD Bridge Edit IP/Bridge Edit ATM Options Edit Advance Options This field is displayed if you are editing remote node 1, and it is only enabled Telco Option Allocated Budget(min) Period(hr) Schedule Sets Nailed-Up...
Page 268: Figure 155 Menu 11.1: Remote Node Profile (Node 8)
Chapter 26 Remote Node Setup Figure 155 Menu 11.1: Remote Node Profile (node 8) Rem Node Name= ? Active= Yes Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Pri Phone #= ? Sec Phone #= The following table describes the labels in this menu. Table 103 Menu 11.1: Remote Node Profile (node 8) FIELD Rem Node Name...
Page 269: Remote Node Network Layer Options
Table 103 Menu 11.1: Remote Node Profile (node 8) (continued) FIELD Allocated Budget(min) Period(hr) Schedule Sets Nailed-Up Connection Session Options Edit Filter Sets Idle Timeout(sec) 26.4 Remote Node Network Layer Options Move the cursor to the Edit IP/Bridge field in menu 11.1, then press [SPACE BAR] to select Yes.
Page 270: Table 104 Menu 11.3: Remote Node Network Layer Options
Chapter 26 Remote Node Setup The following table describes the fields in this menu. Table 104 Menu 11.3: Remote Node Network Layer Options FIELD IP Address Assignment IP Address IP Subnet Mask Gateway IP Addr Rem IP Addr Rem Subnet Mask My WAN Addr Address Mapping Set This field is enabled if NAT is Full Feature.
Page 271: Remote Node Filter
Table 104 Menu 11.3: Remote Node Network Layer Options (continued) FIELD Version Multicast IP Policies Bridge Options Ethernet Addr Timeout(min) Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration and return to menu 11.1, or press [ESC] at any time to cancel. 26.5 Remote Node Filter Move the cursor to the field Edit Filter Sets in menu 11.1, and then press [SPACE BAR] to set the value to Yes.
Page 272: Remote Node Atm Layer Options
Chapter 26 Remote Node Setup Figure 157 Menu 11.5: Remote Node Filter The following table describes the labels in this menu. Table 105 Menu 11.5: Remote Node Filter FIELD Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters...
Page 273: Table 106 Menu 11.6: Remote Node Atm Layer Options
Figure 158 Menu 11.6: Remote Node ATM Layer Options VC Options for IP: VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 VPI/VCI (LLC-Multiplexing or PPP-Encapsulation) The following table describes the fields in this menu.
Page 274: Advance Setup Options
Chapter 26 Remote Node Setup 26.7 Advance Setup Options Move the cursor to the Edit Advance Options field in menu 11.1 (only for remote node 1), then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.8 - Advanced Setup Options.
Page 275: Static Route Setup
H A P T E R Use this menu to configure IP and bridge (MAC) static routes. 27.1 IP Static Route Setup Enter 1 from the menu 12. Select one of the IP static routes as shown next to configure IP static routes in menu 12.1.
Page 276: Bridge Static Route Setup
Chapter 27 Static Route Setup Figure 161 Menu 12.1.1: Edit IP Static Route The following table describes the fields in this screen. Table 108 Menu 12.1.1: Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12. Route Name Enter a descriptive name for this route.
Page 277: Figure 162 Menu 12.3: Bridge Static Route Setup
Figure 162 Menu 12.3: Bridge Static Route Setup Now, enter the index number of the static route that you want to configure. Figure 163 Menu 12.3.1: Edit Bridge Static Route The following table describes the fields in this screen. Table 109 Menu 12.3.1: Edit Bridge Static Route FIELD DESCRIPTION Route #...
Page 278 Chapter 27 Static Route Setup P-793H User’s Guide...
Page 279: Nat Setup
H A P T E R Use this menu to configure Network Address Translation (NAT) on the ZyXEL Device. 28.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. 28.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 280: Figure 164 Menu 4: Applying Nat For Internet Access
Chapter 28 NAT Setup Figure 164 Menu 4: Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11.3. 1 Enter 11 from the main menu. 2 Enter 1 to open Menu 11.1 - Remote Node Profile. 3 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes and then press [ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options.
Page 281: Nat Setup
The following table describes the fields in this menu. Table 110 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Network When you select this option the SMT will use the specified address Address mapping set (menu 15.1 - see Translation discussion).
Page 282: Figure 167 Menu 15.1: Address Mapping Sets
Chapter 28 NAT Setup Figure 167 Menu 15.1: Address Mapping Sets Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only. 28.2.1.1 User-Defined Address Mapping Sets The entire set will be deleted if you leave the Set Name field blank and press [ENTER] at the bottom of the screen.
Page 283: Table 111 Menu 15.1.1: Address Mapping Rules
The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Table 111 Menu 15.1.1: Address Mapping Rules FIELD DESCRIPTION Set Name This is the name of the set you selected in menu 15.1 or enter the name of a new set you want to create.
Page 284: Configuring A Server Behind Nat
Chapter 28 NAT Setup Figure 169 Menu 15.1.1.1: Address Mapping Rule The following table describes the fields in this menu. Table 112 Menu 15.1.1.1: Address Mapping Rule FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in servers of different types behind NAT to this computer.
Page 285: Figure 170 Menu 15.2: Nat Server Sets
Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to open menu 15.2 (and configure the address mapping rules for the WAN port on a ZyXEL Device with a single WAN port).
Page 286: General Nat Examples
Chapter 28 NAT Setup The first entry is for the Default Server. The following table describes the labels in this menu. Table 113 Menu 15.2: NAT Server Setup FIELD Rule Start Port End Port IP Address 28.4 General NAT Examples The following are some examples of NAT configuration.
Page 287: Example 2: Internet Access With A Default Server
Figure 173 Menu 4: Internet Access & NAT Example From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Page 288: Example 3: Multiple Public Ip Addresses With Inside Servers
Chapter 28 NAT Setup Figure 175 Menu 15.2: Specifying an Inside Server Rule --------------------------------------------------- 28.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server.
Page 289: Figure 177 Example 3: Menu 11.3
1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in 2 Then enter 15 from the main menu.
Page 290: Figure 179 Example 3: Final Menu 15.1.1
Chapter 28 NAT Setup Figure 179 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP --------------- 192.168.1.10 192.168.1.11 0.0.0.0 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu.
Page 291: Example 4: Nat Unfriendly Application Programs
28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One) NAT mapping types. The following figure illustrates this.
Page 292: Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules
Chapter 28 NAT Setup Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP --------------- 1. 192.168.1.10 Local End IP Global Start IP --------------- --------------- 192.168.1.12 10.132.50.1 Action= None Select Rule= N/A Global End IP Type...
Page 293: Firewall Setup
H A P T E R Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next.
Page 294: Figure 185 Menu 21.2: Firewall Setup
Chapter 29 Firewall Setup Figure 185 Menu 21.2: Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active: Yes...
Page 295: Filter Configuration
H A P T E R This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Page 296: The Filter Structure Of The Zyxel Device
Chapter 30 Filter Configuration 30.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, for example all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Page 297: Configuring A Filter Set
Figure 187 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Page 298: Figure 188 Menu 21: Filter And Firewall Setup
Chapter 30 Filter Configuration 1 Enter 21 in the main menu to open menu 21. Figure 188 Menu 21: Filter and Firewall Setup 2 Enter 1 to bring up the following menu. Figure 189 Menu 21.1: Filter Set Configuration Filter Set # Comments ------...
Page 299: Configuring A Filter Rule
The following table describes the labels in this screen. Table 114 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION This is an index number. Active: “Y” means the rule is active. “N” means the rule is inactive. Type The type of filter rule: “GEN”...
Page 300: Configuring A Tcp/Ip Filter Rule
Chapter 30 Filter Configuration 30.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 301 Table 116 Menu 21.1.1.1: TCP/IP Filter Rule FIELD DESCRIPTION IP Addr Enter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr. Port # Enter the source port of the packets that you wish to filter.
Page 302: Configuring A Generic Filter Rule
Chapter 30 Filter Configuration Figure 192 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. P-793H User’s Guide...
Page 303: Figure 193 Menu 21.1.1.1: Generic Filter Rule
For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match.
Page 304: Example Filter
Chapter 30 Filter Configuration Table 117 Menu 21.1.1.1: Generic Filter Rule (continued) FIELD DESCRIPTION Action Select the action for a packet matching the rule. Matched Options are Check Next Rule, Forward and Drop. Action Not Select the action for a packet not matching the rule. Matched Options are Check Next Rule, Forward and Drop.
Page 305: Figure 195 Example Filter: Menu 21.1.3.1
Figure 195 Example Filter: Menu 21.1.3.1 The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. When you press [ENTER] to confirm, you will see the following screen. Note that there is only one filter rule in this set.
Page 306: Filter Types And Nat
Chapter 30 Filter Configuration 5 Press [ENTER] to confirm after you enter the set numbers and to leave menu 11.1.4. 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/ IP) rules.
Page 307: Applying Lan Filters
30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, for example 3, 4, 6, 11.
Page 308 Chapter 30 Filter Configuration P-793H User’s Guide...
Page 309: Snmp Configuration
H A P T E R Use this menu to configure SNMP. See SNMP. 31.1 SNMP Configuration To configure SNMP, enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
Page 310 Chapter 31 SNMP Configuration P-793H User’s Guide...
Page 311: System Password
H A P T E R Use this menu to change your password. This is the same password used to access the web configurator. To open this menu, enter 23 in the main menu. Figure 201 Menu 23: System Password The following table describes the labels in this menu.
Page 312 Chapter 32 System Password P-793H User’s Guide...
Page 313: System Information & Diagnosis
H A P T E R System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. 33.1 Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your ZyXEL Device. These tools include updates on system status, port status and log and trace capabilities. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below.
Page 314: Figure 203 Menu 24.1: System Maintenance - Status
Chapter 33 System Information & Diagnosis Figure 203 Menu 24.1: System Maintenance - Status Node-Lnk Status 1-ENET My WAN IP (from ISP): 0.0.0.0 Ethernet: Status: 100M/Full Duplex Tx Pkts: 4210 Collisions: 0 CPU Load = The following table describes the fields present in Menu 24.1 - System Maintenance - Status.
Page 315: System Information And Console Port Speed
Table 120 Menu 24.1: System Maintenance - Status (continued) FIELD DESCRIPTION This section displays information about the WAN port. Note: In a point-to-2points connection this field only displays line 1 Line Status This field displays the port speed and duplex setting if you’re using Ethernet encapsulation and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation.
Page 316: Console Port Speed
Chapter 33 System Information & Diagnosis Figure 205 Menu 24.2.1: System Maintenance - Information The following table describes the fields in this screen. Table 121 Menu 24.2.1: System Maintenance - Information FIELD Name Routing ZyNOS F/W Version SHDSL Chipset Vendor Standard Ethernet Address IP Address...
Page 317: Log And Trace
33.4 Log and Trace There are two logging facilities in the ZyXEL Device. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging. 33.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error/trace log.
Page 318: Syslog Logging
Chapter 33 System Information & Diagnosis 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging, as shown next.
Page 319 2 Packet triggered Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c02000100616263646566676869 6a6b6c6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,...
Page 320: Diagnostic
Chapter 33 System Information & Diagnosis 4 PPP log PPP Log Message Format SdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / IPXCP Jul 19 11:42:44 192.168.102.2 ZyXEL: ppp:LCP Closing Jul 19 11:42:49 192.168.102.2 ZyXEL: ppp:IPCP Closing...
Page 321: Figure 210 Menu 24.4: System Maintenance - Diagnostic
Figure 210 Menu 24.4: System Maintenance - Diagnostic xDSL Reset xDSL TCP/IP 12. Ping Host The following table describes the labels in this screen. Table 123 Menu 24.4: System Maintenance - Diagnostic FIELD Reset xDSL Ping Host Reboot System Command Mode Host IP Address Enter the number of the selection you would like to perform or press [ESC] to cancel.
Page 322 Chapter 33 System Information & Diagnosis P-793H User’s Guide...
Page 323: Firmware And Configuration File Maintenance
H A P T E R Firmware and Configuration File This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 34.1 Introduction Use the instructions in this chapter to change the ZyXEL Device’s configuration file or upgrade its firmware.
Page 324: Backup Configuration
Chapter 34 Firmware and Configuration File Maintenance The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
Page 325: Using The Ftp Command From The Command Line
Figure 211 Menu 24.5: Backup Configuration To transfer the configuration file to your computer, follow the procedure below: 1. Launch the FTP client on your computer. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 326: Gui-Based Ftp Clients
Chapter 34 Firmware and Configuration File Maintenance 34.3.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 125 General Commands for GUI-based FTP Clients COMMAND Host Address Login Type Transfer Type Initial Remote Directory Initial Local Directory...
Page 327: Tftp Command Example
4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is “rom-0” (rom-zero, not capital o).
Page 328: Restore Configuration
Chapter 34 Firmware and Configuration File Maintenance Figure 213 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 214 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
Page 329: Restore Using Ftp
Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. When the Restore Configuration process is complete, the ZyXEL Device will automatically restart. 34.4.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.
Page 330: Restore Using Ftp Session Example
Chapter 34 Firmware and Configuration File Maintenance 34.4.2 Restore Using FTP Session Example Figure 218 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Page 331: Uploading Firmware And Configuration Files
Figure 222 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 34.5 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in instructions in Menu 24.7.2 - System Maintenance - Upload System Configuration File (for console port).
Page 332: Ftp File Upload Command From The Dos Prompt Example
Chapter 34 Firmware and Configuration File Maintenance Figure 224 Menu 24.7.2: System Maintenance - Upload System Configuration File Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 333: Ftp Session Example Of Firmware File Upload
34.5.4 FTP Session Example of Firmware File Upload Figure 225 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 334: Tftp Upload Command Example
Chapter 34 Firmware and Configuration File Maintenance 34.5.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin –...
Page 335: Uploading Configuration File Via Console Port
Figure 227 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File.
Page 336: Figure 229 Example Xmodem Upload
Chapter 34 Firmware and Configuration File Maintenance Figure 229 Example Xmodem Upload After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”. P-793H User’s Guide...
Page 337: Menus 24.8 To 24.11
H A P T E R This chapter leads you through SMT menus 24.8 to 24.11. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 338: Command Usage
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 231 Valid Commands Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P-793H> ? Valid commands are:...
Page 339: Time And Date Setting
Figure 233 Menu 24.9.1 - Budget Management Remote Node 1.MyISP 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 340: Figure 234 Menu 24: System Maintenance
Chapter 35 Menus 24.8 to 24.11 Figure 234 Menu 24: System Maintenance Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the time and date settings of your ZyXEL Device as shown in the following screen. Figure 235 Menu 24.10: System Maintenance - Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= None...
Page 341: Remote Management
Table 128 Menu 24.10: System Maintenance - Time and Date Setting (continued) FIELD DESCRIPTION Current Time This field displays an updated time only when you reenter this menu. New Time Enter the new time in hour, minute and second format. This field is available when (hh:mm:ss) you select None in the Time Protocol field.
Page 342: Remote Management Limitations
Chapter 35 Menus 24.8 to 24.11 Figure 236 Menu 24.11 – Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 The following table describes the fields in this screen.
Page 343: Ip Routing Policy Setup
H A P T E R IP Routing Policy Setup Use this menu to look at and configure policy routes. 36.1 Policy Route Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 344: Ip Routing Policy Setup
Chapter 36 IP Routing Policy Setup IPPR follows the existing packet filtering facility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy routes. To open this menu, enter 25 in the main menu.
Page 345: Figure 238 Menu 25.1: Ip Routing Policy Setup
Figure 238 Menu 25.1: IP Routing Policy Setup - - ---------------------------------------------------------------------- 1 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5 SP=20-25 DP=20-25 P=6 T=NM PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________ ______________________________________________________________________ 4 N ______________________________________________________________________ ______________________________________________________________________ 5 N ______________________________________________________________________ ______________________________________________________________________ 6 N ______________________________________________________________________ ______________________________________________________________________ The following table describes the labels in this menu.
Page 346: Ip Routing Policy
Chapter 36 IP Routing Policy Setup 36.6 IP Routing Policy Use this menu to configure policy routes. To open this menu, select Edit and enter the appropriate rule number in menu 25. Figure 239 Menu 25.1.1: IP Routing Policy Policy Set Name= ex1 Active= No Criteria: IP Protocol...
Page 347: Ip Policy Routing Example
Table 132 Menu 25.1.1: IP Routing Policy (continued) FIELD Action Gateway addr Type of Service Precedence 36.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Page 348: Figure 241 Ip Routing Policy Example 1
Chapter 36 IP Routing Policy Setup Figure 241 IP Routing Policy Example 1 Policy Set Name= example1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Precedence Source: addr start= 192.168.1.33 port start= 0 Destination: addr start= 0.0.0.0 port start= 80 Action= Matched Gateway addr Type of Service= Max Thruput...
Page 349: Schedule Setup
H A P T E R Use this menu to look at and configure the schedule sets in the ZyXEL Device. 37.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) allows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler that lets you specify a time period to record a television program in a VCR or TiVo.
Page 350: Schedule Set Setup
Chapter 37 Schedule Setup The following table describes the labels in this menu. Table 133 Menu 26: Schedule Setup FIELD 1-12 Enter Schedule Set Number to Configure Edit Name 37.3 Schedule Set Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device.
Page 351: Table 134 Menu 26.1: Schedule Set Setup
The following table describes the labels in this menu. Table 134 Menu 26.1: Schedule Set Setup FIELD Active Start Date How Often Once Date Weekdays Start Time Duration Action P-793H User’s Guide DESCRIPTION Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to activate the schedule set.
Page 352 Chapter 37 Schedule Setup P-793H User’s Guide...
Page 353: Troubleshooting
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access •...
Page 354: Zyxel Device Access And Login
Chapter 38 Troubleshooting 38.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyXEL Device. 3 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.
Page 355 6 If the problem continues, contact the network administrator or vendor, or try the advanced suggestion. Advanced Suggestion • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings, firewall rules, and SMT filters to find out why the ZyXEL Device does not respond to HTTP.
Page 356: Internet Access
Chapter 38 Troubleshooting I cannot use the console port to access the ZyXEL Device. Make sure that you are using the included console cable and that the CON/AUX switch on the ZyXEL Device is set to CON. See the Quick Start Guide. 38.3 Internet Access I cannot access the Internet.
Page 357: Advanced Features
• Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. See on page 181. I cannot access a web site (on Mondays). Check your content filtering settings and make sure you do not block yourself access to any web sites.
Page 358 Chapter 38 Troubleshooting ress and hold the RESET button for ten seconds. Release the RESET button when the POWER LED begins to blink. The default settings have been restored. If the ZyXEL Device restarts automatically, wait for the ZyXEL Device to finish restarting, and log in to the web configurator.
Page 359: Appendices And Index
Appendices and Index Product Specifications (361) Wall-mounting Instructions (365) Setting up Your Computer’s IP Address (367) Pop-up Windows, JavaScripts and Java Permissions (383) IP Addresses and Subnetting (389) IP Address Assignment Conflicts (397) Common Services (401) Command Interpreter (405) Log Descriptions (411) NetBIOS Filter Commands (427) Legal Information (429) Customer Support (433)
Page 361: Appendix A Product Specifications
P P E N D I X Product Specifications Table 135 Device Default IP Address Default Subnet Mask Default Password DHCP Pool Dimensions (W x D x H) Power Specification Built-in Switch G.SHDSL Port Operation Temperature Storage Temperature Operation Humidity Storage Humidity Distance between the centers of the holes on...
Page 362 Appendix A Product Specifications Table 136 Firmware (continued) ATM Support Internet Access Sharing Security Network Management Diagnostics Capabilities (for the following circuitry) Others Multiple protocols over AAL5 (RFC1483) PPP over ATM (RFC 2364) PPP over Ethernet (RFC2516) ATM AAL5 supported Support 8 PVCs ATM Forum UNI3.0/4.0 PVC UBR CBR, and VBR traffic shaping...
Page 363: Table 137 Firmware Features
Table 137 Firmware Features FEATURE Firmware Upgrade Configuration Backup & Restoration Network Address Translation (NAT) Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias Time and Date Logging and Tracing PPPoE PPTP Encapsulation Universal Plug and Play (UPnP) Firewall Content Filter...
Page 364: Figure 245 Y-Cable Configuration
Appendix A Product Specifications Table 137 Firmware Features FEATURE Bandwidth Management Remote Management Figure 245 Y-Cable Connector Configuration DESCRIPTION You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and/or to particular computers.
Page 365: Appendix B Wall-Mounting Instructions
P P E N D I X Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on a wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws.
Page 366 Appendix B Wall-mounting Instructions P-793H User’s Guide...
Page 367: Appendix C Setting Up Your Computer's Ip Address
P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 368: Figure 247 Windows 95/98/Me: Network: Configuration
Appendix C Setting up Your Computer’s IP Address Figure 247 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 369: Figure 248 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 370: Figure 249 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
Appendix C Setting up Your Computer’s IP Address Figure 249 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Page 371: Figure 250 Windows Xp: Start Menu
Figure 250 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 251 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-793H User’s Guide Appendix C Setting up Your Computer’s IP Address...
Page 372: Figure 252 Windows Xp: Control Panel: Network Connections: Properties
Appendix C Setting up Your Computer’s IP Address Figure 252 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 253 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 373: Figure 254 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 374: Figure 255 Windows Xp: Advanced Tcp/Ip Properties
Appendix C Setting up Your Computer’s IP Address Figure 255 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 375: Figure 256 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 376: Figure 257 Macintosh Os 8/9: Apple Menu
Appendix C Setting up Your Computer’s IP Address Figure 257 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 258 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
Page 377: Figure 259 Macintosh Os X: Apple Menu
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
Page 378: Figure 260 Macintosh Os X: Network
Appendix C Setting up Your Computer’s IP Address Figure 260 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 379: Figure 261 Red Hat 9.0: Kde: Network Configuration: Devices
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 380: Figure 263 Red Hat 9.0: Kde: Network Configuration: Dns
Appendix C Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Page 381: Figure 265 Red Hat 9.0: Dynamic Ip Address Setting In Ifconfig-Eth0
Figure 265 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter = followed by the IP address (in dotted decimal notation) and type IPADDR followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 382: Figure 269 Red Hat 9.0: Checking Tcp/Ip Properties
Appendix C Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 269 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet inet addr:172.23.19.129 UP BROADCAST RUNNING MULTICAST RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100...
Page 383: Appendix D Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Page 384: Figure 271 Internet Options: Privacy
Appendix D Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 271 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Page 385: Figure 272 Internet Options: Privacy
Figure 272 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 273 Pop-up Blocker Settings P-793H User’s Guide Appendix D Pop-up Windows, JavaScripts and Java Permissions...
Page 386: Figure 274 Internet Options: Security
Appendix D Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 387: Figure 275 Security Settings - Java Scripting
Figure 275 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 388: Figure 277 Java (Sun)
Appendix D Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 277 Java (Sun) P-793H User’s Guide...
Page 389: Appendix E Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 390: Figure 278 Network Number And Host Id
Appendix E IP Addresses and Subnetting Figure 278 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 391: Table 139 Subnet Masks
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 139 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Page 392: Figure 279 Subnetting Example: Before Subnetting
Appendix E IP Addresses and Subnetting Table 141 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 393: Figure 280 Subnetting Example: After Subnetting
Figure 280 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 394: Table 143 Subnet 2
Appendix E IP Addresses and Subnetting Table 143 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 144 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address:...
Page 395: Table 147 24-Bit Network Number Subnet Planning
Table 146 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 147 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Page 396: Configuring Ip Addresses
Appendix E IP Addresses and Subnetting Table 148 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
Page 397: Appendix F Ip Address Assignment Conflicts
P P E N D I X IP Address Assignment This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyXEL Device is using the same LAN and WAN IP addresses The following figure shows an example where the ZyXEL Device is using a WAN IP address that is the same as the IP address of a computer on the LAN.
Page 398: Figure 282 Ip Address Conflicts: Case B
Appendix F IP Address Assignment Conflicts Figure 282 IP Address Conflicts: Case B To solve this problem, make sure the ZyXEL Device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the ZyXEL Device.
Page 399: Figure 284 Ip Address Conflicts: Case D
Appendix F IP Address Assignment Conflicts Figure 284 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. P-793H User’s Guide...
Page 400 Appendix F IP Address Assignment Conflicts P-793H User’s Guide...
Page 401: Appendix G Common Services
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 402 Appendix G Common Services Table 149 Commonly Used Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined MSN Messenger NEW-ICQ NEWS NNTP PING POP3 PPTP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
Page 403 Table 149 Commonly Used Services (continued) NAME PROTOCOL RTELNET RTSP TCP/UDP SFTP SMTP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP/UDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE P-793H User’s Guide Appendix G Common Services PORT(S) DESCRIPTION Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
Page 404 Appendix G Common Services P-793H User’s Guide...
Page 405: Appendix H Command Interpreter
P P E N D I X The following describes how to use the command interpreter. See for how to access the command interpreter from SMT. See www.zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 406: Figure 285 Displaying Log Categories Example
Appendix H Command Interpreter Configuring What You Want the ZyXEL Device to Log 1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 285 Displaying Log Categories Example ras> sys logs category 8021x error javablocked...
Page 407: Figure 287 Routing Command Example
Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access .time message 0|06/08/2004 05:58:21 |172.21.4.154...
Page 408 Appendix H Command Interpreter ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply information if the ZyXEL Device did not send out a corresponding request. This helps prevent the ZyXEL Device from updating its ARP table with an incorrect IP address to MAC address mapping due to a spoofed ARP.
Page 409: Figure 288 Backup Gateway
Figure 288 Backup Gateway Updating the ARP entries could increase the danger of spoofing attacks. It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup gateway example. Turning on the force updates option is more dangerous than leaving it off because the ZyXEL Device updates the ARP table even when there is an existing entry.
Page 410: Figure 289 Routing Command Example
Appendix H Command Interpreter Figure 289 Routing Command Example ras> ipsec ipsecEdit 1 ras> ipsec ipsecConfig encryKeyLen 1 ras> ipsec ipsecDisplay ---------- IPSec Setup ---------- Index #= 1 Active= No Bound IKE 9999 ControlPing = No Local: Addr Type= SINGLE IP Addr Start= 0.0.0.0 Remote: Addr Type= SINGLE IP Addr Start= 0.0.0.0...
Page 411: Appendix I Log Descriptions
P P E N D I X This appendix provides descriptions of example log messages. Table 150 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login...
Page 412: Table 151 System Error Logs
Appendix I Log Descriptions Table 150 System Maintenance Logs (continued) LOG MESSAGE Successful SSH login SSH login failed Successful HTTPS login HTTPS login failed Table 151 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc...
Page 413: Table 153 Tcp Reset Logs
Table 153 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 154 Packet Filter Logs...
Page 414: Table 156 Cdr Logs
Appendix I Log Descriptions Table 155 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 156 CDR Logs LOG MESSAGE board%d line%d channel%d, call%d,%s C01 Outgoing Call dev=%x ch=%x%s board%d line%d channel%d,...
Page 415: Table 159 Content Filtering Logs
Table 159 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet %s: Contains cookie %s: Proxy mode detected %s:%s...
Page 416: Table 161 Ipsec Logs
Appendix I Log Descriptions Table 160 Attack Logs (continued) LOG MESSAGE ip spoofing - WAN [TCP | UDP | IGMP | ESP | GRE | OSPF] ip spoofing - WAN ICMP (type:%d, code:%d) icmp echo: ICMP (type:%d, code:%d) syn flood TCP ports scan TCP teardrop TCP teardrop UDP...
Page 417: Table 162 Ike Logs
Table 162 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed: Verifying Local ID failed: IKE Packet Retransmit Failed to send IKE Packet Too many errors! Deleting SA Phase 1 IKE SA process done Duplicate requests with the same cookie IKE Negotiation is in...
Page 418 Appendix I Log Descriptions Table 162 IKE Logs (continued) LOG MESSAGE Remote IP <Remote IP> / <Remote IP> conflicts Phase 1 ID type mismatch Phase 1 ID content mismatch No known phase 1 ID type found ID type mismatch. Local / Peer: <Local ID type/Peer ID type>...
Page 419: Table 163 Pki Logs
Table 162 IKE Logs (continued) LOG MESSAGE Rule [%d] Phase 2 authentication algorithm mismatch Rule [%d] Phase 2 encapsulation mismatch Rule [%d]> Phase 2 pfs mismatch Rule [%d] Phase 1 ID mismatch The listed rule’s IKE phase 1 ID did not match between the Rule [%d] Phase 1 hash mismatch Rule [%d] Phase 1 preshared...
Page 420: Table 164 Certificate Path Verification Failure Reason Codes
Appendix I Log Descriptions Table 163 PKI Logs (continued) LOG MESSAGE Enrollment failed Failed to resolve <CMP CA server url> Rcvd ca cert: <subject name> Rcvd user cert: <subject name> Rcvd CRL <size>: <issuer name> Rcvd ARL <size>: <issuer name> Failed to decode the received ca cert Failed to decode the...
Page 421: Table 165 802.1X Logs
Table 164 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Certificate was revoked by a CRL. Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled.
Page 422: Table 166 Acl Setting Notes
Appendix I Log Descriptions Table 165 802.1X Logs (continued) LOG MESSAGE User logout because of no authentication response from user. User logout because of idle timeout expired. User logout because of user request. Local User Database does not support authentication mothed. No response from RADIUS.
Page 423 Table 167 ICMP Notes (continued) TYPE CODE DESCRIPTION A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. Redirect Redirect datagrams for the Network Redirect datagrams for the Host...
Page 424: Figure 290 Displaying Log Categories Example
Appendix I Log Descriptions Table 169 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY TRANS CER_REQ HASH NONCE NOTFY Log Commands This section provides some general examples of how to use the log commands. The items that display with your device may vary but the basic function should be the same. Go to the command interpreter interface.
Page 425: Figure 291 Displaying Log Parameters Example
Figure 291 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
Page 426: Log Command Example
Appendix I Log Descriptions Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras>...
Page 427: Appendix J Netbios Filter Commands
P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 428 Appendix J NetBIOS Filter Commands The filter types and their default settings are as follows. Table 170 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
Page 430 Appendix K Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 431 Appendix K Legal Information ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 432 Appendix K Legal Information P-793H User’s Guide...
Page 433: Appendix L Customer Support
José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika P-793H User’s Guide Customer Support...
Page 434 • Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 435 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 436 Appendix L Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 437: Index
active protocol and encapsulation address mapping and transport mode alert alternative subnet mask notation anti-probing applications high-speed Internet access point-to-point connections ATM traffic class. See traffic class. authentication algorithms 155, 168, 169 and active protocol Authentication Header. See AH. bandwidth management and IP alias and traffic redirect by application...
Page 438 Index Domain Name System. See DNS. DoS attack brute-force 119, 121 IP spoofing ping of death SYN flood teardrop threshold. See DoS threshold. types of using ICMP using illegal NetBIOS commands using traceroute DoS threshold half-open sessions max-incomplete-high max-incomplete-low one-minute high one-minute low TCP maximum incomplete dynamic DNS...
Page 439 main mode 154, 157 NAT traversal negotiation mode peer identity pre-shared key proposal IKE SA. See also VPN. installation wall-mounting Internet Assigned Numbers Authority See IANA Internet Control Message Protocol. See ICMP. Internet Group Multicast Protocol. See IGMP. Internet Protocol Security. See IPSec. IP address and ENET ENCAP and PPPoA/PPPoE...
Page 440 Index and filter set and IP alias and remote management and VPN examples global how it works inside local many-to-many no overload many-to-many overload many-to-one one-to-one outside port forwarding. See port forwarding. server 104, 105 SUA. See SUA. types of mapping what it does when to enable NAT traversal...
Page 441 safety warnings schedule set Select Mode screen Simple Network Management Protocol. See SNMP. Single User Account. See SUA. 41, 239 accessing menu items navigation SNMP 41, 199 agent GetNext manager operations remote management Trap traps specifications static route subnet subnet mask 95, 390 subnetting Sustained Cell Rate (SCR)
Page 442 Index minimum requirements Wide Area Network. See WAN. wizards remote management www.dyndns.org P-793H User’s Guide...
Page 443 Index P-793H User’s Guide...
Page 444 Index P-793H User’s Guide...

This manual is also suitable for:

P-793h

ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H User Manual

Chapter 1 Getting to Know Your Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizards

Chapter 4 Point-To-(2)Point Configuration

Chapter 5 WAN Setup

Chapter 6 LAN Setup

Chapter 7 Network Address Translation (NAT) Screens

Chapter 8 Firewalls

Chapter 9 Firewall Configuration

Chapter 10 Content Filtering

Chapter 11 Ipsec VPN

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H

Summary of Contents for ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H