Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 5
Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone P-793H User’s Guide Computer Notebook computer DSLAM Firewall Switch Router Document Conventions...
Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. •...
Page 7
Safety Warnings This product is recyclable. Dispose of it properly. P-793H User’s Guide...
About This User's Guide ... 3 Document Conventions... 4 Safety Warnings... 6 Contents Overview ... 9 Table of Contents... 11 List of Figures ... 23 List of Tables... 31 Part I: Introduction, Wizards and Tutorials... 37 Chapter 1 Getting To Know Your ZyXEL Device... 39 1.1 Overview ...
Page 17
16.1.1 How do I know if I'm using UPnP? ... 205 16.1.2 NAT Traversal ... 205 16.1.3 Cautions with UPnP ... 205 16.2 UPnP and ZyXEL ... 206 16.2.1 Configuring UPnP ... 206 16.3 Installing UPnP in Windows Example ... 207 16.4 Using UPnP in Windows XP Example ...
Page 18
Table of Contents 21.2 SMT Menu Items ... 240 21.3 Navigating the SMT Interface ... 242 Chapter 22 General Setup... 245 22.1 Configuring General Setup ... 245 22.1.1 Configuring Dynamic DNS ... 246 Chapter 23 WAN Setup... 249 23.1 WAN Setup ... 249 23.1.1 2wire-2line Service Mode ...
Page 19
Chapter 28 NAT Setup... 279 28.1 Using NAT ... 279 28.1.1 SUA (Single User Account) Versus NAT ... 279 28.1.2 Applying NAT ... 279 28.2 NAT Setup ... 281 28.2.1 Address Mapping Sets ... 281 28.3 Configuring a Server behind NAT ... 284 28.4 General NAT Examples ...
Page 20
Table of Contents 33.1 Introduction to System Status ... 313 33.2 System Status ... 313 33.3 System Information and Console Port Speed ... 315 33.3.1 System Information ... 315 33.3.2 Console Port Speed ... 316 33.4 Log and Trace ... 317 33.4.1 Viewing Error Log ...
Page 21
35.1 Command Interpreter Mode ... 337 35.1.1 Command Syntax ... 337 35.1.2 Command Usage ... 338 35.2 Call Control Support ... 338 35.2.1 Budget Management ... 338 35.3 Time and Date Setting ... 339 35.4 Remote Management ... 341 35.4.1 Remote Management Limitations ... 342 Chapter 36 IP Routing Policy Setup ...
Page 22
Table of Contents Appendix E IP Addresses and Subnetting ... 389 Appendix F IP Address Assignment Conflicts ... 397 Appendix G Common Services ... 401 Appendix H Command Interpreter... 405 Appendix I Log Descriptions... 411 Appendix J NetBIOS Filter Commands ... 427 Appendix K Legal Information ...
List of Figures List of Figures Figure 1 High-speed Internet Access with Your ZyXEL Device ... 39 Figure 2 Point-to-point Connections with Your ZyXEL Device ... 40 Figure 3 Point-to-2points Connections with Your ZyXEL Device ... 40 Figure 4 LEDs ... 41 Figure 5 Login Screen ...
Page 24
List of Figures Figure 39 LAN > IP > Advanced Setup ... 98 Figure 40 LAN > DHCP Setup ... 99 Figure 41 LAN > Client List ... 100 Figure 42 Physical Network & Partitioned Logical Networks ... 101 Figure 43 LAN > IP Alias ... 102 Figure 44 How NAT Works ...
Page 27
List of Figures Figure 168 Menu 15.1.1: Address Mapping Rules ... 282 Figure 169 Menu 15.1.1.1: Address Mapping Rule ... 284 Figure 170 Menu 15.2: NAT Server Sets ... 285 Figure 171 Menu 15.2: NAT Server Setup ... 285 Figure 172 NAT Example 1 ... 286 Figure 173 Menu 4: Internet Access &...
Page 28
List of Figures Figure 211 Menu 24.5: Backup Configuration ... 325 Figure 212 FTP Session Example ... 325 Figure 213 System Maintenance: Backup Configuration ... 328 Figure 214 System Maintenance: Starting Xmodem Download Screen ... 328 Figure 215 Backup Configuration Example ... 328 Figure 216 Successful Backup Confirmation Screen ...
Page 29
List of Figures Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties ... 373 Figure 255 Windows XP: Advanced TCP/IP Properties ... 374 Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties ... 375 Figure 257 Macintosh OS 8/9: Apple Menu ... 376 Figure 258 Macintosh OS 8/9: TCP/IP ...
Page 34
List of Tables Table 125 General Commands for GUI-based FTP Clients ... 326 Table 126 General Commands for GUI-based TFTP Clients ... 327 Table 127 Menu 24.9.1 - Budget Management ... 339 Table 128 Menu 24.10: System Maintenance - Time and Date Setting ... 340 Table 129 Menu 24.11 –...
Introduction, Wizards and Tutorials Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizards (53) Point-to-(2)point Configuration (63)
H A P T E R Getting To Know Your ZyXEL This chapter introduces the main features and applications of your ZyXEL Device. 1.1 Overview This ZyXEL Device is a secure G.SHDSL.bis router with a 4-port switch. Set up your ZyXEL Device for high-speed Internet access or for high-speed point-to-point connections with other ZyXEL Devices of the same type.
Chapter 1 Getting To Know Your ZyXEL Device 1.1.2 High-speed Point-to-point Connections Use two ZyXEL Devices to create a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning. Figure 2 Point-to-point Connections with Your ZyXEL Device The ZyXEL Devices provide a simple, fast point-to-point connection between two geographically-dispersed networks.
1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. See • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers.
Chapter 1 Getting To Know Your ZyXEL Device The following table describes the LEDs. Table 1 LEDs COLOR POWER Green LAN 1~4 Green DSL1/DSL2 Green Note: For Internet access setup or point-to-point connections, the DSL1 and DSL2 LEDs indicate the status of a single connection (act as one LED). For point- to-2point connections, the DSL1 and DSL2 LEDs indicate the status of connection 1 and connection 2 respectively.
H A P T E R This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Chapter 2 Introducing the Web Configurator Figure 5 Login Screen 6 If you entered the user password, the Status screen appears. See If you entered the admin password, the following screen appears. Figure 6 Change Password at Login It is highly recommended you change the default admin password. Enter a new password between 1 and 30 characters, retype it to confirm and click Apply;...
7 Select Go to Wizard setup, and click Apply to display the wizard main screen. Select Go to Advanced setup, and click Apply to display the Status screen. Select Click here to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on and always go to the Status screen.
Chapter 2 Introducing the Web Configurator Figure 8 Web Configurator: Main Screen Click the icon (located in the top right corner of most screens) to view embedded help. Table 2 Web Configurator Screens Summary LINK/ICON SUB-LINK Wizard INTERNET SETUP BANDWIDTH MANAGEMENT SETUP Logout...
Page 47
Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK DHCP Setup Client List IP Alias General Port Forwarding Address Mapping Security Firewall General Rules Anti Probing Threshold Content Filter Keyword Schedule Trusted Setup Monitor VPN Global Setting Advanced Static Route Static Route Bandwidth Summary...
Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK Remote MGMT Telnet SNMP ICMP UPnP General Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Diagnostic General DSL Line 2.4 Status Screen The following summarizes how to navigate the web configurator from the Status screen.
Figure 9 Status The following table describes the labels shown in the Status screen. Table 3 Status LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics.
Chapter 2 Introducing the Web Configurator Table 3 Status (continued) LABEL VPI/VCI LAN Information IP Address IP Subnet Mask DHCP Security Firewall Content Filter System Status System Uptime Current Date/Time System Mode CPU Usage Memory Usage Interface Status Interface Status Rate Summary Bandwidth Status...
2.4.2 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 10 Status > Packet Statistics The following table describes the fields in this screen.
Chapter 2 Introducing the Web Configurator Table 4 Status > Packet Statistics (continued) LABEL Rx B/s Up Time LAN Port Statistics Interface Status TxPkts RxPkts Collisions Help Poll Interval(s) Set Interval Stop 2.4.3 Status: VPN Status This is the same screen discussed in 2.5 Resetting the ZyXEL Device If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration...
H A P T E R Use these screens to configure Internet access or to configure basic bandwidth management. See the advanced menu chapters for background information on these fields. To access the wizards, click Go to Wizard setup in icon ( ) in the top right corner of the web configurator.
Chapter 3 Wizards 3.1 Internet Setup Wizard Use these screens to configure Internet access settings. To access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection. Figure 12 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
3.1.2 Screen 2 These screens let you enter the rest of the Internet settings, which depend on the encapsulation your Internet connection uses (and the mode you selected, for RFC1483). This screen appears if your Internet connection uses Ethernet encapsulation. Figure 13 Internet Setup Wizard: ISP Parameters (Ethernet) The following table describes the fields in this screen.
Chapter 3 Wizards Figure 14 Internet Setup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen. Table 8 Internet Setup Wizard: ISP Parameters (PPPoE) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Figure 15 Internet Setup Wizard: ISP Parameters (RFC1483) The following table describes the fields in this screen. Table 9 Internet Setup Wizard: ISP Parameters (RFC1483) LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP. Back Click Back to go back to the previous screen. Apply Click Apply to finish manual configuration.
Chapter 3 Wizards The following table describes the fields in this screen. Table 10 Internet Setup Wizard: ISP Parameters (PPPoA) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
Launch your web browser and navigate to www.zyxel.com. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Chapter 3 Wizards Table 12 Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). The World Wide Web (WWW) is an Internet system to distribute graphical, hyper- linked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web.
3.2.2 Screen 2 Use the second wizard screen to select the services that you want to apply bandwidth management, and select the priorities that you want to apply to the services listed. Figure 19 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 14 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION...
Chapter 3 Wizards 3.2.3 Screen 3 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. Figure 20 Bandwidth Management Wizard: Complete P-793H User’s Guide...
H A P T E R Point-to-(2)point Configuration This chapter introduces point-to-point and point-to-2point connections. 4.1 Point-to-point Connection Overview You can set up point-to-point connection between two ZyXEL Devices. These connections offer a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning.
Chapter 4 Point-to-(2)point Configuration To establish a point-to-point connection, one of the ZyXEL Devices becomes the server (instead of the ISP). The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. Otherwise, there is no difference between the server and the client.
3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server. 4 Scroll down to the Service Type section. See 5 In the Service Mode field, select the same type of connection you selected for the server. 6 In the Service Type field, select Client.
Chapter 4 Point-to-(2)point Configuration In a point-to-2points connection, the ZyXEL Device which has a physical connection to both client devices becomes the server. The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. 4.4 Point-to-2point Connection Procedure Follow these directions to set up a point-to-2point connection.
4.4.2 Set up the Clients 1 Log in to one of the ZyXEL Devices that will be the client. (See 2 Click Network > WAN > Internet Connection. 3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server.
H A P T E R This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (DSL Access Multiplexer).
5.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field.
Chapter 5 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route.
5.3.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. 5.3.1.1 Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Chapter 5 WAN Setup Figure 26 WAN > Internet Connection The following table describes the labels in this screen. Table 15 WAN > Internet Connection LABEL General Name Mode Encapsulation User Name DESCRIPTION Enter the name of your Internet Service Provider, for example “MyISP”. This information is for descriptive purposes only.
Page 77
Table 15 WAN > Internet Connection (continued) LABEL DESCRIPTION Password (PPPoA and PPPoE only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC.
Chapter 5 WAN Setup Table 15 WAN > Internet Connection (continued) LABEL Enable Rate Adaption Transfer Max Rate (Kbps) Transfer Min Rate (Kbps) Standard Mode Apply Cancel Advanced Setup 5.4.1 2Wire-2Line Service Mode The Service Mode section of the Internet Connection screen allows you to set up two DSL connections when you select 2wire-2line mode.
The following table describes the labels in this screen. Table 16 2wire-2line Service Mode LABEL DESCRIPTION Service Type Service Mode Select 2wire-2line mode for the DSL connection. This means that the ZyXEL Device is going to be a server connected to two client ZyXEL Devices. Service Type When you select 2wire-2line mode this field automatically changes to Server.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 17 WAN > Internet Connection > Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers.
5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection.
Chapter 5 WAN Setup Figure 30 WAN > More Connections > Edit The following table describes the labels in this screen. Table 19 WAN > More Connections > Edit LABEL General Active Name Mode Encapsulation User Name Password Service Name DESCRIPTION Select the check box to activate or clear the check box to deactivate this connection.
Page 83
Table 19 WAN > More Connections > Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP.
Chapter 5 WAN Setup 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 31 WAN > More Connections > Advanced Setup The following table describes the labels in this screen.
Table 20 WAN > More Connections > Advanced Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here.
Chapter 5 WAN Setup Figure 33 Traffic Redirect LAN Setup 5.7 Dial Backup Interface The Dial Backup port can be used in reserve, as a traditional dial-up connection should the broadband connection to the WAN port fail. To set up the auxiliary port (Dial Backup) for use in the event that the regular WAN connection is dropped, first make sure you have set up the switch and port connection.
Figure 34 WAN > WAN Backup Setup The following table describes the labels in this screen. Table 21 WAN > WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 88
Chapter 5 WAN Setup Table 21 WAN > WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Device’s advanced dial backup settings. Click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. Figure 35 WAN > WAN Backup Setup > Advanced Setup The following table describes the labels in this screen.
Page 90
Chapter 5 WAN Setup Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Advanced Click Edit to change the advanced settings for the modem. Modem Setup TCP/IP Options Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of transmission".
Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Period Enter how often (in hours) the Allocated Budget is reset. For example, if you can call for thirty minutes every hour, set the Allocated Budget to 30, and set this field to 1.
Page 92
Chapter 5 WAN Setup Table 23 WAN > WAN Backup Setup > Advanced Setup > Edit (continued) LABEL DESCRIPTION CLID Enter the keyword that precedes the CLID (Calling Line Identification) in the AT response string. This lets the ZyXEL Device capture the CLID in the AT response string that comes from the WAN device.
H A P T E R This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
• The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. •...
Chapter 6 LAN Setup 6.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
6.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Chapter 6 LAN Setup 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Device's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 39 LAN > IP > Advanced Setup The following table describes the labels in this screen.
Table 25 LAN > IP > Advanced Setup (continued) LABEL DESCRIPTION Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN.
Chapter 6 LAN Setup Table 26 LAN > DHCP Setup (continued) LABEL Primary DNS Server Secondary DNS Server Apply Cancel 6.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address.
Table 27 LAN > Client List (continued) LABEL DESCRIPTION MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory.
Chapter 6 LAN Setup Figure 43 LAN > IP Alias The following table describes the labels in this screen. Table 28 LAN > IP Alias LABEL IP Alias 1, 2 IP Address IP Subnet Mask RIP Direction RIP Version Apply Cancel DESCRIPTION Select the check box to configure another LAN network for the ZyXEL Device.
H A P T E R Network Address Translation This chapter discusses how to configure NAT on the ZyXEL Device. 7.1 NAT Overview NAT (Network Address Translation, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 7 Network Address Translation (NAT) Screens 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Figure 45 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. •...
Chapter 7 Network Address Translation (NAT) Screens The following table summarizes these types. Table 30 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 7.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
The following table describes the labels in this screen. Table 31 NAT General LABEL DESCRIPTION Active Select this check box to enable NAT. Network Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Chapter 7 Network Address Translation (NAT) Screens If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 7.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network.
If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. Appendix G on page 401 Figure 48 NAT >...
Chapter 7 Network Address Translation (NAT) Screens Table 32 NAT > Port Forwarding (continued) LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action.
7.6 Address Mapping The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Chapter 7 Network Address Translation (NAT) Screens Table 34 NAT > Address Mapping (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address.
Page 113
Table 35 NAT > Address Mapping > Edit (continued) LABEL DESCRIPTION Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
H A P T E R This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Chapter 8 Firewalls 8.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
8.3.1 Denial of Service Attacks Figure 52 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Chapter 8 Firewalls 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems. • Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification.
Figure 54 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.
Chapter 8 Firewalls 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 36 ICMP Commands That Trigger Alerts 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. Table 37 Legal NetBIOS Commands MESSAGE: REQUEST:...
are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
Chapter 8 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created.
If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Chapter 8 Firewalls 8.6 Guidelines for Enhancing Security with Your Firewall • Change the default password. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk.
• Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 8.7 Packet Filtering vs. Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 8.7.1 Packet Filtering •...
Page 128
Chapter 8 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. •...
H A P T E R Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Chapter 9 Firewall Configuration If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
Chapter 9 Firewall Configuration 9.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Figure 58 “Triangle Route” Problem 9.5.2 Solving the “Triangle Route” Problem You can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the WAN to go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection.
Chapter 9 Firewall Configuration Figure 60 Firewall > General The following table describes the labels in this screen. Table 39 Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Table 39 Firewall > General (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7 Firewall Rules Summary The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 117 Click Security >...
Chapter 9 Firewall Configuration Table 40 Firewall > Rules (continued) LABEL DESCRIPTION Active This field displays whether a firewall is turned on or not. Select the check box to enable the rule. Clear the check box to disable the rule. Source IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies.
Figure 62 Firewall > Rules > Add/Edit The following table describes the labels in this screen. Table 41 Firewall > Rules > Add/Edit LABEL DESCRIPTION Edit Rule # Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select what the firewall is to do with packets that Packet match this rule.
Page 138
Chapter 9 Firewall Configuration Table 41 Firewall > Rules > Add/Edit (continued) LABEL Source/Destination Address Address Type Start IP Address End IP Address Subnet Mask Add >> Edit << Delete Services Available/ Selected Services Edit Customized Services Schedule Day to Apply Time of Day to Apply (24-Hour Format)
9.7.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read page 401.
Figure 65 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Chapter 9 Firewall Configuration Figure 67 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Chapter 9 Firewall Configuration Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Chapter 9 Firewall Configuration Figure 69 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists.
The following table describes the labels in this screen. Table 44 Firewall > Anti Probing LABEL DESCRIPTION Respond to PING The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests.
Chapter 9 Firewall Configuration 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see means that the firewall has detected no return traffic.
Figure 71 Firewall > Threshold The following table describes the labels in this screen. Table 45 Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low Type the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions.
Page 148
Chapter 9 Firewall Configuration Table 45 Firewall > Threshold (continued) LABEL Action taken when TCP Maximum Incomplete reached threshold Delete the Oldest Half Open Session when New Connection Request Comes. Deny New Connection Request Apply Cancel DESCRIPTION Select this to clear the oldest half-open session when a new connection request comes.
H A P T E R This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Chapter 10 Content Filtering The following table describes the labels in this screen. Table 46 Content Filter > Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering.
The following table describes the labels in this screen. Table 47 Content Filter > Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
H A P T E R This chapter explains how to set up and maintain IPSec VPNs in the ZyXEL Device. 11.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing.
Chapter 11 IPSec VPN Figure 76 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
11.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 77 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The ZyXEL Device sends one or more proposals to the remote IPSec router.
Chapter 11 IPSec VPN 11.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Device and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Table 49 VPN Example: Matching ID Type and Content ZYXEL DEVICE Peer ID type: IP Peer ID content: 1.1.1.2 In the following example, the authentication fails, so they cannot establish an IKE SA. Table 50 VPN Example: Mismatching ID Type and Content ZYXEL DEVICE Local ID type: E-mail Local ID content: tom@yourcompany.com...
Chapter 11 IPSec VPN Aggressive mode does not provide as much security as main mode because the identity of the ZyXEL Device and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters).
An IPSec SA stays connected even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA. 11.1.3.1 Local Network and Remote Network In IPSec SA terminology, the local network, the one(s) connected to the ZyXEL Device, may be called the local policy.
Chapter 11 IPSec VPN • Inside header: The inside IP header contains the IP address of the computers behind the ZyXEL Device or remote IPSec router. In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol.
In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs.
Chapter 11 IPSec VPN Figure 82 VPN > Setup The following table describes the fields in this screen. Table 51 VPN > Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not.
Table 51 VPN > Setup (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings.
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 52 VPN > Setup > Edit LABEL IPSec Setup Active Keep Alive NAT Traversal Name IPSec Key Mode Negotiation Mode Encapsulation Mode DNS Server (for IPSec VPN) Local Local Address Type...
Page 165
Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device.
Page 166
Chapter 11 IPSec VPN Table 52 VPN > Setup > Edit (continued) LABEL My IP Address Peer ID Type Content Secure Gateway Address Security Protocol VPN Protocol Pre-Shared Key DESCRIPTION Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes.
Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION Encryption Select DES, 3DES, AES or NULL from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Table 53 VPN > Setup > Edit > Advanced (continued) LABEL DESCRIPTION Key Group You must choose a DH key group for the IKE SA. The longer the key group, the stronger the encryption, but also the more processing is required. DH1 refers to Diffie-Hellman Group 1, a 768-bit random number.
Chapter 11 IPSec VPN Figure 85 VPN > Setup > Edit > Manual The following table describes the fields in this screen. Table 54 VPN > Setup > Edit > Manual LABEL IPSec Setup Active Name IPSec Key Mode Encapsulation Mode DNS Server (for IPSec VPN)
Page 171
Table 54 VPN > Setup > Edit > Manual (continued) LABEL DESCRIPTION Local Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
Chapter 11 IPSec VPN Table 54 VPN > Setup > Edit > Manual (continued) LABEL Security Protocol IPSec Protocol Encryption Algorithm Encryption Key Authentication Algorithm Authentication Key Back Apply Reset 11.6 Viewing SA Monitor Click Security, VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage active VPN connections.
Figure 86 VPN > Monitor The following table describes the fields in this screen. Table 55 VPN > Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 56 VPN > VPN Global Setting LABEL Windows Networking (NetBIOS over TCP/IP) Allow NetBIOS Traffic Through All IPSec Tunnels Apply Cancel 11.8 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters.
Table 57 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address Address: Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 192.168.1.10 Address:...
Chapter 11 IPSec VPN Table 58 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS All Telecommuter Rules: My IP Address 0.0.0.0 Secure Gateway Address: bigcompanyhq.com Remote IP Address: 192.168.1.10 Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Local ID Type: IP Local ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Telecommuter B (telecommuterb.dydns.org)
H A P T E R This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 12 Static Route Figure 91 Static Route > Static Route The following table describes the labels in this screen. Table 59 Static Route > Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route.
Figure 92 Static Route > Static Route > Edit The following table describes the labels in this screen. Table 60 Static Route > Static Route > Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
H A P T E R Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet.
Chapter 13 Bandwidth Management Figure 93 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see to divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth.
Chapter 13 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth.
13.6.3 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent.
Chapter 13 Bandwidth Management Figure 94 Bandwidth MGMT > Summary The following table describes the labels in this screen. Table 67 Bandwidth MGMT > Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
13.8 Bandwidth Management Rule Setup Section 13.1 on page 181 Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 95 Bandwidth MGMT >...
Chapter 13 Bandwidth Management 13.8.1 Rule Configuration Section 13.1 on page 181 bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. To open this screen, click the Edit icon or select User define in the Service field Figure 96 Bandwidth MGMT >...
Table 69 Bandwidth MGMT > Rule Setup > Add/Edit (continued) LABEL DESCRIPTION Service This field simplifies bandwidth class configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the bandwidth filter fields (other than enabling or disabling the filter).
Chapter 13 Bandwidth Management Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules. Figure 97 Bandwidth MGMT > Monitor P-793H User’s Guide...
H A P T E R This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Chapter 14 Dynamic DNS Setup Figure 98 Dynamic DNS > Dynamic DNS The following table describes the fields in this screen. Table 70 Dynamic DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 193
Table 70 Dynamic DNS > Dynamic DNS (continued) LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Page 194
Chapter 14 Dynamic DNS Setup P-793H User’s Guide...
H A P T E R This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 15 Remote Management Configuration 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.
Table 71 Remote MGMT > WWW (continued) LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 72 Remote MGMT > Telnet LABEL Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Table 73 Remote MGMT > FTP (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 15.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices.
Chapter 15 Remote Management Configuration The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects.
Chapter 15 Remote Management Configuration 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. Section 15.1 on page 195 MGMT >...
Figure 106 Remote MGMT > ICMP The following table describes the labels in this screen. Table 78 Remote MGMT > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Chapter 15 Remote Management Configuration In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 79 on page Figure 107 Enabling TR-069 ras>...
H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Table 80 UPnP > General (continued) LABEL Apply Cancel 16.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 110 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel.
Figure 112 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 113 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-793H User’s Guide Chapter 16 Universal Plug-and-Play (UPnP)
Chapter 16 Universal Plug-and-Play (UPnP) 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 115 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 116 Internet Connection Properties: Advanced Settings P-793H User’s Guide...
Chapter 16 Universal Plug-and-Play (UPnP) Figure 117 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Figure 119 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 120 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-793H User’s Guide...
Chapter 16 Universal Plug-and-Play (UPnP) Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 122 Network Connections: My Network Places: Properties: Example P-793H User’s Guide...
H A P T E R This chapter explains how to configure the ZyXEL Device’s system name, domain name, password, and time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes.
Chapter 17 System Figure 123 System > General The following table describes the labels in this screen. Table 81 System > General LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Table 81 System > General (continued) LABEL DESCRIPTION New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation.
Page 222
Chapter 17 System Table 82 System > Time Setting (continued) LABEL Time and Date Setup Manual New Time (hh:mm:ss) New Date (yyyy/mm/dd) Get from Time Server Time Protocol Time Server Address Time Zone Setup Time Zone Enable Daylight Saving Start Date DESCRIPTION Select this radio button to enter the time and date manually.
Page 223
Table 82 System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
H A P T E R This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Chapter 18 Logs Figure 125 Logs > View Log The following table describes the fields in this screen. Table 83 Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box.
Figure 126 Logs > Log Settings The following table describes the fields in this screen. Table 84 Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 228
Chapter 18 Logs Table 84 Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: Daily Weekly Hourly When Log is Full None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent.
H A P T E R This chapter covers uploading new firmware, managing configuration and restarting your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Chapter 19 Tools Table 85 Tools > Firmware (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes.
Figure 130 Error Message 19.2 Configuration Use this screen to back up or restore the configuration of the ZyXEL Device. You can also use this screen to reset the ZyXEL Device to the factory default settings. To access this screen, click Maintenance >...
Chapter 19 Tools Table 86 Tools > Configuration (continued) LABEL DESCRIPTION Upload Click this to restore the selected configuration file. See below for more information about this. Note: Do not turn off the device while configuration file upload is in Reset to Factory Default Settings Reset...
Figure 134 Configuration Upload Error Click Return to go back to the previous screen. 19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
H A P T E R These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a computer on the network. Click Maintenance > Diagnostic to open the screen shown next. Figure 136 Diagnostic >...
Chapter 20 Diagnostic Figure 137 Diagnostic > DSL Line The following table describes the fields in this screen. Table 88 Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. Capture All Logs Click this button to display all logs generated by the DSL line. DSL Line Status Click this button to view the DSL port’s line operating values and line bit allocation.
H A P T E R The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT.
Table 89 Main Menu Summary MENU 15 NAT Setup 21 Filter and Firewall Setup 22 SNMP Configuration 23 System Password 24 System Maintenance 25 IP Routing Policy Setup 26 Schedule Setup 99 Exit The following table gives you an overview of the various SMT menus. Table 90 SMT Menus Overview MENUS SUB MENUS...
Chapter 21 Introducing the SMT Table 90 SMT Menus Overview (continued) MENUS SUB MENUS 23 System Password 24 System Maintenance 24.1 System Maintenance - Status 24.2 System Information and Console Port Speed 24.3 System Maintenance - Log and Trace 24.4 System Maintenance - Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration...
Page 243
Table 91 Main Menu Commands OPERATION KEYSTROKE Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Entering Type in or press information [SPACE BAR], then press [ENTER]. Required fields < N/A fields <N/A> Save your [ENTER] configuration Exit the SMT Type 99, then press [ENTER].
Page 244
Chapter 21 Introducing the SMT P-793H User’s Guide...
H A P T E R Use this menu to set up device mode, dynamic DNS and administrative information. 22.1 Configuring General Setup 1 Enter 1 in the main menu to open Menu 1 - General Setup. 2 The Menu 1 - General Setup screen appears, as shown next. Fill in the required fields. Figure 140 Menu 1: General Setup The following table describes the fields in this menu.
Chapter 22 General Setup Table 92 Menu 1: General Setup (continued) FIELD DESCRIPTION Route IP Select Yes to enable IP-based routing in the ZyXEL Device. This is not effective for a specific remote node unless you enable IP-based routing in the remote node too. You should enable Route IP, Bridge, or both in this screen.
Follow the instructions in the next table to configure Dynamic DNS parameters. Table 93 Menu 1.1: Configure Dynamic DNS FIELD DESCRIPTION Service This is the name of your Dynamic DNS service provider. Provider Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active.
Page 248
Chapter 22 General Setup P-793H User’s Guide...
H A P T E R Use this menu to configure the DSL connection, traffic redirect, and dial-backup interface. 23.1 WAN Setup From the main menu, enter 2 to open menu 2. Figure 142 Menu 2: WAN Setup Service Mode= 2wire Service Type= Server Rate Adaption= Disable Transfer Max Rate(Kbps)= 5696...
Page 250
Chapter 23 WAN Setup Table 94 Menu 2: WAN Setup (continued) FIELD DESCRIPTION Transfer Max This field is enabled if Service Type is Server. Press [SPACE BAR] to set the Rate(Kbps) maximum rate at which the ZyXEL Device sends and receives information. If you enable Rate Adaption, the ZyXEL Device adjusts to the speed of the other device and may exceed this rate.
23.1.1 2wire-2line Service Mode From the main menu, enter 2 to open menu 2, then select 2wire-2line in the Service Mode field to see the screen as shown below. Figure 143 Menu 2: 2wire-2line Service Mode Service Mode= 2wire-2line Service Type= N/A Rate Adaption= Disable Transfer Max Rate(Kbps)= 4480 Transfer Min Rate(Kbps)= 4480...
Chapter 23 WAN Setup Table 95 Menu 2: 2wire-2line Service Mode (continued) FIELD DESCRIPTION Check Select the method that the ZyXEL Device uses to check the DSL connection. Mechanism Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
The following table describes the fields in this menu. Table 96 Menu 2.1: Traffic Redirect Setup FIELD DESCRIPTION Active Use this field to turn the traffic redirect feature on (Yes) or off (No). Configuration Backup Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Gateway IP Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet Address...
Chapter 23 WAN Setup The following table describes the fields in this menu. Table 97 Menu 2.2: Dial Backup Setup FIELD DESCRIPTION Dial-Backup: Active Use this field to turn the dial-backup feature on (Yes) or off (No). Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the connection between the Dial Backup port and the external device.
The following table describes fields in this menu. Table 98 Menu 2.2.1: Advanced Dial Backup Setup FIELD DESCRIPTION AT Command Strings: Dial Enter the AT Command string to make a call. Drop Enter the AT Command string to drop a call. “~” represents a one second wait, for example “~~~+++~~ath”...
Page 256
Chapter 23 WAN Setup P-793H User’s Guide...
H A P T E R Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup. Figure 147 Menu 3: LAN Setup 24.2 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic.
Chapter 24 LAN Setup 24.3 TCP/IP and DHCP Setup Menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1155) and DHCP setup. From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ENTER].
Table 99 Menu 3.2: TCP/IP and DHCP Ethernet Setup (continued) FIELD DESCRIPTION Primary DNS The ZyXEL Device passes a DNS (Domain Name System) server IP address (in Server the order you specify here) to the DHCP clients. Secondary DNS Select From ISP if your ISP dynamically assigns DNS server information (and the Server ZyXEL Device's WAN IP address).
Chapter 24 LAN Setup Figure 150 Menu 3.2.1: IP Alias Setup Use the instructions in the following table to configure IP alias parameters. Table 100 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION IP Alias 1, 2 Choose Yes to configure the LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.
Figure 151 Menu 3.6: Port Based VLAN Setup Press [SPACE BAR] to select Yes or No to allow or block layer-2 traffic between each pair of ports. P-793H User’s Guide Menu 3.6 - Port Based VLAN Setup Chapter 24 LAN Setup...
Page 262
Chapter 24 LAN Setup P-793H User’s Guide...
H A P T E R Internet Access Setup Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you should use. 25.1 Internet Access Setup Enter 4 in the main menu.
Page 264
Chapter 25 Internet Access Setup Table 101 Menu 4: Internet Access Setup (continued) FIELD DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
H A P T E R Use this menu to configure detailed remote node settings (for example, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Chapter 26 Remote Node Setup Figure 154 Menu 11.1: Remote Node Profile (nodes 1-7) Rem Node Name= MyISP Active= Yes Encapsulation= PPPoE Multiplexing= LLC-based Service Name= Incoming: Rem Login= Rem Password= ******** Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Line=1 The following table describes the labels in this menu.
Page 267
Table 102 Menu 11.1: Remote Node Profile (nodes 1-7) (continued) FIELD Bridge Edit IP/Bridge Edit ATM Options Edit Advance Options This field is displayed if you are editing remote node 1, and it is only enabled Telco Option Allocated Budget(min) Period(hr) Schedule Sets Nailed-Up...
Chapter 26 Remote Node Setup Figure 155 Menu 11.1: Remote Node Profile (node 8) Rem Node Name= ? Active= Yes Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Pri Phone #= ? Sec Phone #= The following table describes the labels in this menu. Table 103 Menu 11.1: Remote Node Profile (node 8) FIELD Rem Node Name...
Table 103 Menu 11.1: Remote Node Profile (node 8) (continued) FIELD Allocated Budget(min) Period(hr) Schedule Sets Nailed-Up Connection Session Options Edit Filter Sets Idle Timeout(sec) 26.4 Remote Node Network Layer Options Move the cursor to the Edit IP/Bridge field in menu 11.1, then press [SPACE BAR] to select Yes.
Chapter 26 Remote Node Setup The following table describes the fields in this menu. Table 104 Menu 11.3: Remote Node Network Layer Options FIELD IP Address Assignment IP Address IP Subnet Mask Gateway IP Addr Rem IP Addr Rem Subnet Mask My WAN Addr Address Mapping Set This field is enabled if NAT is Full Feature.
Table 104 Menu 11.3: Remote Node Network Layer Options (continued) FIELD Version Multicast IP Policies Bridge Options Ethernet Addr Timeout(min) Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration and return to menu 11.1, or press [ESC] at any time to cancel. 26.5 Remote Node Filter Move the cursor to the field Edit Filter Sets in menu 11.1, and then press [SPACE BAR] to set the value to Yes.
Chapter 26 Remote Node Setup 26.7 Advance Setup Options Move the cursor to the Edit Advance Options field in menu 11.1 (only for remote node 1), then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.8 - Advanced Setup Options.
H A P T E R Use this menu to configure IP and bridge (MAC) static routes. 27.1 IP Static Route Setup Enter 1 from the menu 12. Select one of the IP static routes as shown next to configure IP static routes in menu 12.1.
Chapter 27 Static Route Setup Figure 161 Menu 12.1.1: Edit IP Static Route The following table describes the fields in this screen. Table 108 Menu 12.1.1: Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12. Route Name Enter a descriptive name for this route.
Figure 162 Menu 12.3: Bridge Static Route Setup Now, enter the index number of the static route that you want to configure. Figure 163 Menu 12.3.1: Edit Bridge Static Route The following table describes the fields in this screen. Table 109 Menu 12.3.1: Edit Bridge Static Route FIELD DESCRIPTION Route #...
H A P T E R Use this menu to configure Network Address Translation (NAT) on the ZyXEL Device. 28.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. 28.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Chapter 28 NAT Setup Figure 164 Menu 4: Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11.3. 1 Enter 11 from the main menu. 2 Enter 1 to open Menu 11.1 - Remote Node Profile. 3 Move the cursor to the Edit IP/Bridge field, press [SPACE BAR] to select Yes and then press [ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options.
The following table describes the fields in this menu. Table 110 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION Network When you select this option the SMT will use the specified address Address mapping set (menu 15.1 - see Translation discussion).
Chapter 28 NAT Setup Figure 167 Menu 15.1: Address Mapping Sets Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only. 28.2.1.1 User-Defined Address Mapping Sets The entire set will be deleted if you leave the Set Name field blank and press [ENTER] at the bottom of the screen.
The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Table 111 Menu 15.1.1: Address Mapping Rules FIELD DESCRIPTION Set Name This is the name of the set you selected in menu 15.1 or enter the name of a new set you want to create.
Chapter 28 NAT Setup Figure 169 Menu 15.1.1.1: Address Mapping Rule The following table describes the fields in this menu. Table 112 Menu 15.1.1.1: Address Mapping Rule FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in servers of different types behind NAT to this computer.
Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to open menu 15.2 (and configure the address mapping rules for the WAN port on a ZyXEL Device with a single WAN port).
Chapter 28 NAT Setup The first entry is for the Default Server. The following table describes the labels in this menu. Table 113 Menu 15.2: NAT Server Setup FIELD Rule Start Port End Port IP Address 28.4 General NAT Examples The following are some examples of NAT configuration.
Figure 173 Menu 4: Internet Access & NAT Example From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case.
Chapter 28 NAT Setup Figure 175 Menu 15.2: Specifying an Inside Server Rule --------------------------------------------------- 28.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server.
1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in 2 Then enter 15 from the main menu.
Chapter 28 NAT Setup Figure 179 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Local Start IP --------------- 192.168.1.10 192.168.1.11 0.0.0.0 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu.
28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One) NAT mapping types. The following figure illustrates this.
Chapter 28 NAT Setup Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP --------------- 1. 192.168.1.10 Local End IP Global Start IP --------------- --------------- 192.168.1.12 10.132.50.1 Action= None Select Rule= N/A Global End IP Type...
H A P T E R Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next.
Chapter 29 Firewall Setup Figure 185 Menu 21.2: Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2. deny all sessions originating from the WAN to the LAN You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so Active: Yes...
H A P T E R This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Chapter 30 Filter Configuration 30.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, for example all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
Figure 187 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Chapter 30 Filter Configuration 1 Enter 21 in the main menu to open menu 21. Figure 188 Menu 21: Filter and Firewall Setup 2 Enter 1 to bring up the following menu. Figure 189 Menu 21.1: Filter Set Configuration Filter Set # Comments ------...
The following table describes the labels in this screen. Table 114 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION This is an index number. Active: “Y” means the rule is active. “N” means the rule is inactive. Type The type of filter rule: “GEN”...
Chapter 30 Filter Configuration 30.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers.
Page 301
Table 116 Menu 21.1.1.1: TCP/IP Filter Rule FIELD DESCRIPTION IP Addr Enter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr. Port # Enter the source port of the packets that you wish to filter.
Chapter 30 Filter Configuration Figure 192 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. P-793H User’s Guide...
For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match.
Chapter 30 Filter Configuration Table 117 Menu 21.1.1.1: Generic Filter Rule (continued) FIELD DESCRIPTION Action Select the action for a packet matching the rule. Matched Options are Check Next Rule, Forward and Drop. Action Not Select the action for a packet not matching the rule. Matched Options are Check Next Rule, Forward and Drop.
Figure 195 Example Filter: Menu 21.1.3.1 The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. When you press [ENTER] to confirm, you will see the following screen. Note that there is only one filter rule in this set.
Chapter 30 Filter Configuration 5 Press [ENTER] to confirm after you enter the set numbers and to leave menu 11.1.4. 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/ IP) rules.
30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, for example 3, 4, 6, 11.
H A P T E R Use this menu to configure SNMP. See SNMP. 31.1 SNMP Configuration To configure SNMP, enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password.
H A P T E R Use this menu to change your password. This is the same password used to access the web configurator. To open this menu, enter 23 in the main menu. Figure 201 Menu 23: System Password The following table describes the labels in this menu.
Page 312
Chapter 32 System Password P-793H User’s Guide...
H A P T E R System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. 33.1 Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your ZyXEL Device. These tools include updates on system status, port status and log and trace capabilities. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below.
Chapter 33 System Information & Diagnosis Figure 203 Menu 24.1: System Maintenance - Status Node-Lnk Status 1-ENET My WAN IP (from ISP): 0.0.0.0 Ethernet: Status: 100M/Full Duplex Tx Pkts: 4210 Collisions: 0 CPU Load = The following table describes the fields present in Menu 24.1 - System Maintenance - Status.
Table 120 Menu 24.1: System Maintenance - Status (continued) FIELD DESCRIPTION This section displays information about the WAN port. Note: In a point-to-2points connection this field only displays line 1 Line Status This field displays the port speed and duplex setting if you’re using Ethernet encapsulation and Down (line is down or not connected), Idle (line (ppp) idle), Dial (starting to trigger a call) or Drop (dropping a call) if you’re using PPPoE encapsulation.
Chapter 33 System Information & Diagnosis Figure 205 Menu 24.2.1: System Maintenance - Information The following table describes the fields in this screen. Table 121 Menu 24.2.1: System Maintenance - Information FIELD Name Routing ZyNOS F/W Version SHDSL Chipset Vendor Standard Ethernet Address IP Address...
33.4 Log and Trace There are two logging facilities in the ZyXEL Device. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging. 33.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error/trace log.
Chapter 33 System Information & Diagnosis 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging, as shown next.
Page 319
2 Packet triggered Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c02000100616263646566676869 6a6b6c6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,...
Figure 210 Menu 24.4: System Maintenance - Diagnostic xDSL Reset xDSL TCP/IP 12. Ping Host The following table describes the labels in this screen. Table 123 Menu 24.4: System Maintenance - Diagnostic FIELD Reset xDSL Ping Host Reboot System Command Mode Host IP Address Enter the number of the selection you would like to perform or press [ESC] to cancel.
Page 322
Chapter 33 System Information & Diagnosis P-793H User’s Guide...
H A P T E R Firmware and Configuration File This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 34.1 Introduction Use the instructions in this chapter to change the ZyXEL Device’s configuration file or upgrade its firmware.
Chapter 34 Firmware and Configuration File Maintenance The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
Figure 211 Menu 24.5: Backup Configuration To transfer the configuration file to your computer, follow the procedure below: 1. Launch the FTP client on your computer. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Chapter 34 Firmware and Configuration File Maintenance 34.3.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 125 General Commands for GUI-based FTP Clients COMMAND Host Address Login Type Transfer Type Initial Remote Directory Initial Local Directory...
4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is “rom-0” (rom-zero, not capital o).
Chapter 34 Firmware and Configuration File Maintenance Figure 213 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 214 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time.
Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. When the Restore Configuration process is complete, the ZyXEL Device will automatically restart. 34.4.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter.
Chapter 34 Firmware and Configuration File Maintenance 34.4.2 Restore Using FTP Session Example Figure 218 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec.
Figure 222 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 34.5 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in instructions in Menu 24.7.2 - System Maintenance - Upload System Configuration File (for console port).
Chapter 34 Firmware and Configuration File Maintenance Figure 224 Menu 24.7.2: System Maintenance - Upload System Configuration File Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
34.5.4 FTP Session Example of Firmware File Upload Figure 225 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Chapter 34 Firmware and Configuration File Maintenance 34.5.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin –...
Figure 227 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File.
Chapter 34 Firmware and Configuration File Maintenance Figure 229 Example Xmodem Upload After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”. P-793H User’s Guide...
H A P T E R This chapter leads you through SMT menus 24.8 to 24.11. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Figure 231 Valid Commands Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P-793H> ? Valid commands are:...
Figure 233 Menu 24.9.1 - Budget Management Remote Node 1.MyISP 2.-------- 3.-------- 4.-------- 5.-------- 6.-------- 7.-------- 8.-------- The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Chapter 35 Menus 24.8 to 24.11 Figure 234 Menu 24: System Maintenance Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the time and date settings of your ZyXEL Device as shown in the following screen. Figure 235 Menu 24.10: System Maintenance - Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= None...
Table 128 Menu 24.10: System Maintenance - Time and Date Setting (continued) FIELD DESCRIPTION Current Time This field displays an updated time only when you reenter this menu. New Time Enter the new time in hour, minute and second format. This field is available when (hh:mm:ss) you select None in the Time Protocol field.
Chapter 35 Menus 24.8 to 24.11 Figure 236 Menu 24.11 – Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 The following table describes the fields in this screen.
H A P T E R IP Routing Policy Setup Use this menu to look at and configure policy routes. 36.1 Policy Route Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Chapter 36 IP Routing Policy Setup IPPR follows the existing packet filtering facility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy routes. To open this menu, enter 25 in the main menu.
Figure 238 Menu 25.1: IP Routing Policy Setup - - ---------------------------------------------------------------------- 1 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5 SP=20-25 DP=20-25 P=6 T=NM PR=0 2 N ______________________________________________________________________ ______________________________________________________________________ 3 N ______________________________________________________________________ ______________________________________________________________________ 4 N ______________________________________________________________________ ______________________________________________________________________ 5 N ______________________________________________________________________ ______________________________________________________________________ 6 N ______________________________________________________________________ ______________________________________________________________________ The following table describes the labels in this menu.
Chapter 36 IP Routing Policy Setup 36.6 IP Routing Policy Use this menu to configure policy routes. To open this menu, select Edit and enter the appropriate rule number in menu 25. Figure 239 Menu 25.1.1: IP Routing Policy Policy Set Name= ex1 Active= No Criteria: IP Protocol...
Table 132 Menu 25.1.1: IP Routing Policy (continued) FIELD Action Gateway addr Type of Service Precedence 36.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Chapter 36 IP Routing Policy Setup Figure 241 IP Routing Policy Example 1 Policy Set Name= example1 Active= Yes Criteria: IP Protocol Type of Service= Don't Care Precedence Source: addr start= 192.168.1.33 port start= 0 Destination: addr start= 0.0.0.0 port start= 80 Action= Matched Gateway addr Type of Service= Max Thruput...
H A P T E R Use this menu to look at and configure the schedule sets in the ZyXEL Device. 37.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) allows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler that lets you specify a time period to record a television program in a VCR or TiVo.
Chapter 37 Schedule Setup The following table describes the labels in this menu. Table 133 Menu 26: Schedule Setup FIELD 1-12 Enter Schedule Set Number to Configure Edit Name 37.3 Schedule Set Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device.
The following table describes the labels in this menu. Table 134 Menu 26.1: Schedule Set Setup FIELD Active Start Date How Often Once Date Weekdays Start Time Duration Action P-793H User’s Guide DESCRIPTION Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to activate the schedule set.
H A P T E R This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access •...
Chapter 38 Troubleshooting 38.2 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyXEL Device. 3 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer.
Page 355
6 If the problem continues, contact the network administrator or vendor, or try the advanced suggestion. Advanced Suggestion • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings, firewall rules, and SMT filters to find out why the ZyXEL Device does not respond to HTTP.
Chapter 38 Troubleshooting I cannot use the console port to access the ZyXEL Device. Make sure that you are using the included console cable and that the CON/AUX switch on the ZyXEL Device is set to CON. See the Quick Start Guide. 38.3 Internet Access I cannot access the Internet.
• Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. See on page 181. I cannot access a web site (on Mondays). Check your content filtering settings and make sure you do not block yourself access to any web sites.
Page 358
Chapter 38 Troubleshooting ress and hold the RESET button for ten seconds. Release the RESET button when the POWER LED begins to blink. The default settings have been restored. If the ZyXEL Device restarts automatically, wait for the ZyXEL Device to finish restarting, and log in to the web configurator.
Appendices and Index Product Specifications (361) Wall-mounting Instructions (365) Setting up Your Computer’s IP Address (367) Pop-up Windows, JavaScripts and Java Permissions (383) IP Addresses and Subnetting (389) IP Address Assignment Conflicts (397) Common Services (401) Command Interpreter (405) Log Descriptions (411) NetBIOS Filter Commands (427) Legal Information (429) Customer Support (433)
P P E N D I X Product Specifications Table 135 Device Default IP Address Default Subnet Mask Default Password DHCP Pool Dimensions (W x D x H) Power Specification Built-in Switch G.SHDSL Port Operation Temperature Storage Temperature Operation Humidity Storage Humidity Distance between the centers of the holes on...
Page 362
Appendix A Product Specifications Table 136 Firmware (continued) ATM Support Internet Access Sharing Security Network Management Diagnostics Capabilities (for the following circuitry) Others Multiple protocols over AAL5 (RFC1483) PPP over ATM (RFC 2364) PPP over Ethernet (RFC2516) ATM AAL5 supported Support 8 PVCs ATM Forum UNI3.0/4.0 PVC UBR CBR, and VBR traffic shaping...
Table 137 Firmware Features FEATURE Firmware Upgrade Configuration Backup & Restoration Network Address Translation (NAT) Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias Time and Date Logging and Tracing PPPoE PPTP Encapsulation Universal Plug and Play (UPnP) Firewall Content Filter...
Appendix A Product Specifications Table 137 Firmware Features FEATURE Bandwidth Management Remote Management Figure 245 Y-Cable Connector Configuration DESCRIPTION You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and/or to particular computers.
P P E N D I X Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on a wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws.
Page 366
Appendix B Wall-mounting Instructions P-793H User’s Guide...
P P E N D I X Setting up Your Computer’s IP All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Appendix C Setting up Your Computer’s IP Address Figure 247 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Appendix C Setting up Your Computer’s IP Address Figure 249 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
Figure 250 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 251 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-793H User’s Guide Appendix C Setting up Your Computer’s IP Address...
Appendix C Setting up Your Computer’s IP Address Figure 252 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 253 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Appendix C Setting up Your Computer’s IP Address Figure 255 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Appendix C Setting up Your Computer’s IP Address Figure 257 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 258 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: •...
• Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
Appendix C Setting up Your Computer’s IP Address Figure 260 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Appendix C Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
Figure 265 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter = followed by the IP address (in dotted decimal notation) and type IPADDR followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Appendix C Setting up Your Computer’s IP Address Verifying Settings Enter in a terminal screen to check your TCP/IP properties. ifconfig Figure 269 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet inet addr:172.23.19.129 UP BROADCAST RUNNING MULTICAST RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100...
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Internet Explorer 6 screens are used here.
Appendix D Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 271 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
Figure 272 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 273 Pop-up Blocker Settings P-793H User’s Guide Appendix D Pop-up Windows, JavaScripts and Java Permissions...
Appendix D Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Figure 275 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Appendix D Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 277 Java (Sun) P-793H User’s Guide...
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix E IP Addresses and Subnetting Figure 278 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 139 Subnet Masks BINARY OCTET 8-bit mask 11111111 16-bit mask 11111111 24-bit mask 11111111...
Appendix E IP Addresses and Subnetting Table 141 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Figure 280 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Table 146 Eight Subnets (continued) SUBNET SUBNET ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 147 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS The following table is a summary for subnet planning on a network with a 16-bit network number.
Appendix E IP Addresses and Subnetting Table 148 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
P P E N D I X IP Address Assignment This appendix describes situations where IP address conflicts may occur. Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyXEL Device is using the same LAN and WAN IP addresses The following figure shows an example where the ZyXEL Device is using a WAN IP address that is the same as the IP address of a computer on the LAN.
Appendix F IP Address Assignment Conflicts Figure 282 IP Address Conflicts: Case B To solve this problem, make sure the ZyXEL Device LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the same as the IP address of a network device not attached to the ZyXEL Device.
Appendix F IP Address Assignment Conflicts Figure 284 IP Address Conflicts: Case D This problem can be solved by adding a VLAN-enabled switch or set the computers to obtain IP addresses dynamically. P-793H User’s Guide...
Page 400
Appendix F IP Address Assignment Conflicts P-793H User’s Guide...
P P E N D I X The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. •...
Page 402
Appendix G Common Services Table 149 Commonly Used Services (continued) NAME H.323 HTTP HTTPS ICMP IGMP (MULTICAST) User-Defined MSN Messenger NEW-ICQ NEWS NNTP PING POP3 PPTP PPTP_TUNNEL (GRE) RCMD REAL_AUDIO REXEC RLOGIN PROTOCOL PORT(S) DESCRIPTION File Transfer Program, a program to enable fast transfer of files, including large files that may not be possible by e-mail.
Page 403
Table 149 Commonly Used Services (continued) NAME PROTOCOL RTELNET RTSP TCP/UDP SFTP SMTP SNMP TCP/UDP SNMP-TRAPS TCP/UDP SQL-NET TCP/UDP STRM WORKS SYSLOG TACACS TELNET TFTP VDOLIVE P-793H User’s Guide Appendix G Common Services PORT(S) DESCRIPTION Remote Telnet. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet.
Page 404
Appendix G Common Services P-793H User’s Guide...
P P E N D I X The following describes how to use the command interpreter. See for how to access the command interpreter from SMT. See www.zyxel.com for more detailed information on these commands. Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Appendix H Command Interpreter Configuring What You Want the ZyXEL Device to Log 1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 285 Displaying Log Categories Example ras> sys logs category 8021x error javablocked...
Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access .time message 0|06/08/2004 05:58:21 |172.21.4.154...
Page 408
Appendix H Command Interpreter ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply information if the ZyXEL Device did not send out a corresponding request. This helps prevent the ZyXEL Device from updating its ARP table with an incorrect IP address to MAC address mapping due to a spoofed ARP.
Figure 288 Backup Gateway Updating the ARP entries could increase the danger of spoofing attacks. It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup gateway example. Turning on the force updates option is more dangerous than leaving it off because the ZyXEL Device updates the ARP table even when there is an existing entry.
P P E N D I X This appendix provides descriptions of example log messages. Table 150 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP:%s DHCP client IP expired DHCP server assigns%s Successful WEB login WEB login failed Successful TELNET login...
Table 153 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 154 Packet Filter Logs...
Table 159 Content Filtering Logs LOG MESSAGE %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site The web site is in the forbidden web site list. %s: Contains ActiveX %s: Contains Java applet %s: Contains cookie %s: Proxy mode detected %s:%s...
Table 162 IKE Logs LOG MESSAGE Active connection allowed exceeded Start Phase 2: Quick Mode Verifying Remote ID failed: Verifying Local ID failed: IKE Packet Retransmit Failed to send IKE Packet Too many errors! Deleting SA Phase 1 IKE SA process done Duplicate requests with the same cookie IKE Negotiation is in...
Page 418
Appendix I Log Descriptions Table 162 IKE Logs (continued) LOG MESSAGE Remote IP <Remote IP> / <Remote IP> conflicts Phase 1 ID type mismatch Phase 1 ID content mismatch No known phase 1 ID type found ID type mismatch. Local / Peer: <Local ID type/Peer ID type>...
Appendix I Log Descriptions Table 163 PKI Logs (continued) LOG MESSAGE Enrollment failed Failed to resolve <CMP CA server url> Rcvd ca cert: <subject name> Rcvd user cert: <subject name> Rcvd CRL <size>: <issuer name> Rcvd ARL <size>: <issuer name> Failed to decode the received ca cert Failed to decode the...
Table 164 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Certificate was revoked by a CRL. Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled.
Appendix I Log Descriptions Table 165 802.1X Logs (continued) LOG MESSAGE User logout because of no authentication response from user. User logout because of idle timeout expired. User logout because of user request. Local User Database does not support authentication mothed. No response from RADIUS.
Page 423
Table 167 ICMP Notes (continued) TYPE CODE DESCRIPTION A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network. Redirect Redirect datagrams for the Network Redirect datagrams for the Host...
Appendix I Log Descriptions Table 169 RFC-2408 ISAKMP Payload Types (continued) LOG DISPLAY TRANS CER_REQ HASH NONCE NOTFY Log Commands This section provides some general examples of how to use the log commands. The items that display with your device may vary but the basic function should be the same. Go to the command interpreter interface.
Figure 291 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category.
Appendix I Log Descriptions Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras>...
P P E N D I X NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. See for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 428
Appendix J NetBIOS Filter Commands The filter types and their default settings are as follows. Table 170 NetBIOS Filter Default Settings NAME DESCRIPTION Between LAN This field displays whether NetBIOS packets are blocked or forwarded and WAN between the LAN and the WAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 430
Appendix K Legal Information If this device does cause harmful interference to radio/television reception, which can be determined by turning the device off and on, the user is encouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna.
Page 431
Appendix K Legal Information ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 432
Appendix K Legal Information P-793H User’s Guide...
active protocol and encapsulation address mapping and transport mode alert alternative subnet mask notation anti-probing applications high-speed Internet access point-to-point connections ATM traffic class. See traffic class. authentication algorithms 155, 168, 169 and active protocol Authentication Header. See AH. bandwidth management and IP alias and traffic redirect by application...
Page 438
Index Domain Name System. See DNS. DoS attack brute-force 119, 121 IP spoofing ping of death SYN flood teardrop threshold. See DoS threshold. types of using ICMP using illegal NetBIOS commands using traceroute DoS threshold half-open sessions max-incomplete-high max-incomplete-low one-minute high one-minute low TCP maximum incomplete dynamic DNS...
Page 439
main mode 154, 157 NAT traversal negotiation mode peer identity pre-shared key proposal IKE SA. See also VPN. installation wall-mounting Internet Assigned Numbers Authority See IANA Internet Control Message Protocol. See ICMP. Internet Group Multicast Protocol. See IGMP. Internet Protocol Security. See IPSec. IP address and ENET ENCAP and PPPoA/PPPoE...
Page 440
Index and filter set and IP alias and remote management and VPN examples global how it works inside local many-to-many no overload many-to-many overload many-to-one one-to-one outside port forwarding. See port forwarding. server 104, 105 SUA. See SUA. types of mapping what it does when to enable NAT traversal...
Page 441
safety warnings schedule set Select Mode screen Simple Network Management Protocol. See SNMP. Single User Account. See SUA. 41, 239 accessing menu items navigation SNMP 41, 199 agent GetNext manager operations remote management Trap traps specifications static route subnet subnet mask 95, 390 subnetting Sustained Cell Rate (SCR)
Page 442
Index minimum requirements Wide Area Network. See WAN. wizards remote management www.dyndns.org P-793H User’s Guide...