Page 1 P-792H v2 G.SHDSL.bis Broadband Gateway Default Login Details IP Address http://192.168.1.1 Admin 1234 Password User user Password Firmware Version 3.70 Edition 1, 04/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the P-792H v2 using the web configurator. Tips for Reading User’s Guides On-Screen When reading a ZyXEL User’s Guide On-Screen, keep the following in mind: •...
Page 4 About This User's Guide The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 30099, Taiwan. Need More Help? More help is available at www.zyxel.com. • Download Library Search for the latest product updates and documentation from this link. Read...
Page 5 Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. P-792H v2 User’s Guide...
Page 6: Document Conventions
Syntax Conventions • The P-792H v2 may be referred to as the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 7 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The P-792H v2 icon is not an exact representation of your device. P-792H v2 Computer Notebook computer Server Firewall Telephone Switch Router P-792H v2 User’s Guide...
Page 8: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-792H v2 User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 23 Getting To Know Your P-792H v2 ....................25 Introducing the Web Configurator ....................29 Status Screens .......................... 37 Internet Setup Wizard ........................ 43 Tutorial ............................53 Technical Reference ......................57 WAN Setup ..........................59 LAN Setup ..........................
Page 10 Contents Overview Firmware and Configuration File Maintenance ................ 369 Menus 24.8 to 24.11 ........................ 385 Schedule Setup ........................393 Troubleshooting ........................397 P-792H v2 User’s Guide...
Page 11: Table Of Contents
1.1.1 High-speed Internet Access with G.SHDSL ............... 25 1.1.2 High-speed Point-to-point Connections ..............26 1.2 Ways to Manage the P-792H v2 ..................26 1.3 Good Habits for Managing the P-792H v2 ................27 1.4 LEDs ............................ 27 1.5 The RESET Button ......................28 1.5.1 Using the RESET Button ....................
Page 12 5.1 Overview ..........................53 5.2 Configuring Point-to-point Connection ................. 53 5.2.1 Set Up the Server ....................... 54 5.2.2 Set Up the Client ......................55 5.2.3 Connect the P-792H v2s .................... 55 Part II: Technical Reference ..............57 Chapter 6 WAN Setup..........................59 6.1 Overview ..........................
Page 13 8.5 The ALG Screen .........................111 8.6 NAT Technical Reference ....................111 8.6.1 NAT Definitions ......................111 8.6.2 What NAT Does ......................112 8.6.3 How NAT Works ......................113 8.6.4 NAT Application ......................114 8.6.5 NAT Mapping Types ....................114 Chapter 9 Firewalls..........................117 P-792H v2 User’s Guide...
Page 14 11.2 The Trusted CAs Screen ....................147 11.2.1 Trusted CA Import ....................149 11.2.2 Trusted CA Details ....................150 11.3 Certificates Technical Reference ..................152 11.3.1 Certificates Overview ..................... 152 11.3.2 Private-Public Certificates ..................152 Chapter 12 VPN............................155 P-792H v2 User’s Guide...
Page 15 14.1.2 What You Need to Know About 802.1Q/1P ............191 14.1.3 802.1Q/1P Example ....................193 14.2 The 802.1Q/1P Group Setting Screen ................197 14.2.1 Editing 802.1Q/1P Group Setting ................198 14.3 The 802.1Q/1P Port Setting Screen ................199 Chapter 15 Quality of Service (QoS)....................... 201 P-792H v2 User’s Guide...
Page 16 Chapter 18 Universal Plug-and-Play (UPnP)..................235 18.1 Overview .......................... 235 18.1.1 What You Can Do in the UPnP Screen ..............235 18.1.2 What You Need to Know About UPnP ..............235 18.2 The UPnP Screen ......................237 P-792H v2 User’s Guide...
Page 17 22.1.1 What You Can Do in the Diagnostic Screens ............281 22.2 The General Diagnostic Screen ..................281 22.3 The DSL Line Diagnostic Screen ..................282 Chapter 23 Introducing the SMT ......................285 23.1 Accessing the SMT ......................285 P-792H v2 User’s Guide...
Page 18 Static Route Setup ........................ 317 29.1 IP Static Route Setup ...................... 317 29.2 Bridge Static Route Setup ....................319 Chapter 30 NAT Setup..........................321 30.1 Using NAT ........................321 30.1.1 SUA (Single User Account) Versus NAT ..............321 P-792H v2 User’s Guide...
Page 19 Chapter 32 Filter Configuration....................... 339 32.1 Introduction to Filters ....................... 339 32.1.1 The Filter Structure of the P-792H v2 ..............340 32.2 Configuring a Filter Set ....................342 32.2.1 Configuring a Filter Rule ..................344 32.2.2 Configuring a TCP/IP Filter Rule ................344 32.2.3 Configuring a Generic Filter Rule ................
Page 20 36.1.1 Command Syntax ....................385 36.1.2 Command Usage ....................386 36.2 Call Control Support ......................386 36.2.1 Budget Management ....................387 36.3 Time and Date Setting ..................... 388 36.4 Remote Management ...................... 391 36.4.1 Remote Management Limitations ................391 P-792H v2 User’s Guide...
Page 21 37.3 Schedule Set Setup ......................394 Chapter 38 Troubleshooting........................397 38.1 Power, Hardware Connections, and LEDs ..............397 38.2 P-792H v2 Access and Login ..................398 38.3 Internet Access ........................ 400 38.4 Network Connections ...................... 401 Appendix A Product Specifications..................403 Appendix B Wall-mounting Instructions................
Page 22 Table of Contents P-792H v2 User’s Guide...
Page 23: User's Guide
User’s Guide...
Page 25: Getting To Know Your P-792H V2
You can set up your P-792H v2 for high-speed Internet access or for high-speed point-to-point connections with another SHDSL model. The P-792H v2 can be used for either IP routing or bridging depending on your network configuration.
Page 26: High-Speed Point-To-Point Connections
P-792H v2 as a router or as a bridge, depending on the desired configuration. 1.1.2 High-speed Point-to-point Connections You can use another P-792H v2 or any SHDSL device with the P-792H v2 to create a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning.
Page 27: Good Habits For Managing The P-792H V2
• SNMP. The device can be monitored and/or managed by an SNMP manager. See Chapter 17 on page 243. • TR-069. This is a standard that defines how your P-792H v2 can be managed by a management server. See Chapter 17 on page 243.
Page 28: The Reset Button
Green The Internet connection is up, and the P-792H v2 has an IP address. (If the P-792H v2 uses RFC 1483 in bridge mode, this light does not turn on, but it does blink when the P-792H v2 is sending/receiving data.) Blinking The P-792H v2 is sending/receiving data.
Page 29: Introducing The Web Configurator
See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the Web Configurator Make sure your P-792H v2 hardware is properly connected (refer to the Quick Start Guide). Launch your web browser.
Page 30 Chapter 2 Introducing the Web Configurator A password screen displays. The P-792H v2 has a dual login system. The default non-readable characters represents the user password (user by default). Clicking Login without entering any password brings you to the system’s status screen.
Page 31: Web Configurator Main Screen
Figure 6 Select a Mode Note: For security reasons, the P-792H v2 automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.3 Web Configurator Main Screen Figure 7 Main Screen P-792H v2 User’s Guide...
Page 32: Title Bar
Logout: Click this icon to log out of the web configurator. 2.3.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure P-792H v2 features. The following tables describe each menu item. Table 3 Navigation Panel Summary...
Page 33 Use this screen to look at the current status of each VPN tunnel. VPN Global Use this screen to allow NetBIOS traffic through VPN Setting tunnels. Certificates Trusted CAs Use this screen to import CA certificates to the P-792H Advanced P-792H v2 User’s Guide...
Page 34 Use this screen to display your P-792H v2’s logs. Log Settings Use this screen to select which logs and/or immediate alerts your P-792H v2 is to record. You can also set it to e-mail the logs to you. P-792H v2 User’s Guide...
Page 35: Main Window
Chapter 2 Introducing the Web Configurator Table 3 Navigation Panel Summary LINK FUNCTION Tools Firmware Use this screen to upload firmware to your P-792H v2. Configuration Use this screen to backup and restore your P-792H v2’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the P-792H v2 without turning the power off.
Page 36 Chapter 2 Introducing the Web Configurator P-792H v2 User’s Guide...
Page 37: Status Screens
(LAN and WAN). The Status screen also provides detailed information of client list, Any IP, VPN and packet statistics. 3.2 The Status Screen Use this screen to view the status of the P-792H v2. Click Status to open this screen. Figure 8 Status Screen...
Page 38 This is the DSL standard that your P-792H v2 is using. IP Address This is the current IP address of the P-792H v2 in the WAN. Click this to go to the screen where you can change it. IP Subnet This is the current subnet mask in the WAN.
Page 39 Click this link to view current DHCP client information. See Section 7.4 on page VPN Status Click this link to view the status of any VPN tunnels the P-792H v2 has negotiated. See Section 3.4 on page AnyIP Table Click this link to view a list of IP addresses and MAC addresses of computers, which are not in the same subnet as the P-792H v2.
Page 40: Client List
3.5 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the P-792H v2 but is in a different subnet than the P-792H v2.
Page 41: Packet Statistics
WAN Port Statistics Link Status This is the status of your WAN link. WAN IP Address This is the IP address of the P-792H v2’s WAN port. Upstream Speed This is the upstream speed of your P-792H v2. Downstream This is the downstream speed of your P-792H v2.
Page 42 Type the time interval for the browser to refresh system statistics. Set Interval Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this to halt the refreshing of the system statistics. P-792H v2 User’s Guide...
Page 43: Internet Setup Wizard
After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to go to the wizards. Figure 11 Select a Mode P-792H v2 User’s Guide...
Page 44 Click INTERNET SETUP to configure the system for Internet access. Figure 12 Wizard Welcome Your P-792H v2 attempts to detect your DSL connection and your connection type. The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard welcome screen.
Page 45 The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 4.2.1 on page 46 on how to manually configure the P-792H v2 for Internet access. Figure 15 Auto Detection: Failed P-792H v2 User’s Guide...
Page 46: Manual Configuration
Chapter 4 Internet Setup Wizard 4.2.1 Manual Configuration If the P-792H v2 fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information.
Page 47 Click this to close the wizard screen without saving. The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. Figure 17 Internet Connection with PPPoE P-792H v2 User’s Guide...
Page 48 Name Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 18 Internet Connection with RFC 1483 P-792H v2 User’s Guide...
Page 49 Click this to return to the previous screen without saving. Next Click this to continue to the next wizard screen. Exit Click this to close the wizard screen without saving. Figure 19 Internet Connection with ENET ENCAP P-792H v2 User’s Guide...
Page 50 As above. Server Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Figure 20 Internet Connection with PPPoA P-792H v2 User’s Guide...
Page 51 Refer to the rest of this guide for more detailed information on the complete range of P-792H v2 features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
Page 52 Chapter 4 Internet Setup Wizard P-792H v2 User’s Guide...
Page 53: Tutorial
DSL ports. The P-792H v2 on A’s side is the server and the P-792H v2 on B’s side is the client. The maximum transfer rate for the DSL connection between A and B is 5696 Kbps and the minimum transfer rate is 3200 Kbps.
Page 54: Set Up The Server
Transfer Mode. Select Bridge as the Mode. Configure the Multiplexing, Encapsulation, VPI, and VCI fields for the point-to-point connection. Select 1 in the Line field as the DSL line you want the P-792H v2 to use as a default for outgoing traffic.
Page 55: Set Up The Client
Select ATM as the Transfer Mode. Select Bridge as the Mode. Set the Multiplexing, Encapsulation, VPI, and VCI to the same values you set in the server. Select 1 in the Line field as the DSL line you want the P-792H v2 to use as a default for outgoing traffic.
Page 56 Chapter 5 Tutorial P-792H v2 User’s Guide...
Page 57: Technical Reference
Technical Reference...
Page 59: Wan Setup
6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your P-792H v2 for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 60: What You Need To Know About Wan
WAN IP Address The WAN IP address is an IP address for the P-792H v2, which makes it accessible from an outside network. It is used by the P-792H v2 to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-792H v2 tries to access the Internet.
Page 61: Before You Begin
Section 6.5 on page 76 for technical background information on WAN. 6.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. P-792H v2 User’s Guide...
Page 62: The Internet Access Setup Screen
Chapter 6 WAN Setup 6.2 The Internet Access Setup Screen Use this screen to change your P-792H v2’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN type and encapsulation you select. Figure 24 Network > WAN >Internet Access Setup...
Page 63 General Transfer Mode Select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-792H v2 uses EFM TC layer for data transmission over the DSL port. ATM (Asynchronous Transfer Mode): The P-792H v2 uses ATM TC layer for data transmission over the DSL port.
Page 64 Type the VLAN ID number (from 1 to 4094) for traffic through this VLAN ID connection. Line Select the DSL line you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). IP Address This option is available if you select Routing in the Mode field.
Page 65 Enable Rate This field is enabled if Service Type is Server. Indicate whether or Adaption not the P-792H v2 can adjust the speed of its connection to that of the other device. Transfer Max Rate This field is enabled if Service Type is Server. Set the maximum rate (Kbps) at which the P-792H v2 sends and receives information.
Page 66: Advanced Internet Access Setup
Chapter 6 WAN Setup 6.2.1 Advanced Internet Access Setup Use this screen to edit your P-792H v2's advanced WAN settings. Click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 25 Network > WAN > Internet Access Setup: Advanced Setup The following table describes the labels in this screen.
Page 67 PPPoE This field is available when you select PPPoE encapsulation. Passthrough In addition to the P-792H v2's built-in PPPoE client, you can enable (PPPoE PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE encapsulation...
Page 68: The More Connections Screen
Click this to restore your previously saved settings. 6.3 The More Connections Screen The P-792H v2 allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN >...
Page 69 Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 70: More Connections Edit
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the P-792H v2 will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 71 The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. Line Select the DSL line you want the P-792H v2 to use as a default for outgoing traffic (remote node 1). IP Address This option is available if you select Routing in the Mode field.
Page 72 DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection when you want your connection up all the time. The P-792H v2 will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
Page 73: Configuring More Connections Advanced Setup
Chapter 6 WAN Setup 6.3.2 Configuring More Connections Advanced Setup Use this screen to edit your P-792H v2's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 28 Network > WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen.
Page 74 You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 217 for more details. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 75: The Wan Backup Setup Screen
Chapter 6 WAN Setup 6.4 The WAN Backup Setup Screen Use this screen to configure your P-792H v2’s WAN backup. Click Network > WAN > WAN Backup Setup. This screen is not available if you set the WAN type to Ethernet in the Internet Access Setup screen.
Page 76: Wan Technical Reference
6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The P-792H v2 supports the following methods. P-792H v2 User’s Guide...
Page 77: Enet Encap
By implementing PPPoE directly on the P-792H v2 (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the P-792H v2 does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 78: Multiplexing
If you have a dynamic IP, then the IP Address and Gateway IP Address fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the Gateway IP Address field. P-792H v2 User’s Guide...
Page 79: Nailed-Up Connection (Ppp)
IP Address and Gateway IP Address fields as supplied by your ISP. However for a dynamic IP, the P-792H v2 acts as a DHCP client on the WAN port and so the IP Address and Gateway IP Address fields are not applicable (N/A) as the DHCP server assigns them to the P-792H v2.
Page 80: Traffic Redirect
LAN. Use IP alias to configure the LAN into two or three logical networks with the P-792H v2 itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Page 81: Traffic Shaping
SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. P-792H v2 User’s Guide...
Page 82: Atm Traffic Classes
The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst P-792H v2 User’s Guide...
Page 83 The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-792H v2 User’s Guide...
Page 84 Chapter 6 WAN Setup P-792H v2 User’s Guide...
Page 85: Lan Setup
(Section 7.2 on page 87) to set the LAN IP address and subnet mask of your ZyXEL device. You can also edit your P-792H v2's RIP, multicast, any IP and Windows Networking settings from this screen. • Use the DHCP Setup screen (Section 7.3 on page...
Page 86: What You Need To Know About Lan
You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your P-792H v2 an IP address, subnet mask, DNS and other routing information when it's turned RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
Page 87: Before You Begin
Enter an IP address into the IP Address field. The IP address must be in dotted decimal notation. This will become the IP address of your P-792H v2. Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered.
Page 88: The Advanced Lan Ip Setup Screen
LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your P-792H v2 in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 89 When you disable the Any IP feature, only computers with dynamic IP addresses or static IP addresses in the same subnet as the P-792H v2’s LAN IP address can connect to the P-792H v2 or access the Internet through the P-792H v2.
Page 90: The Dhcp Setup Screen
Click this to restore your previously saved settings. 7.3 The DHCP Setup Screen Use this screen to configure the DNS server information that the P-792H v2 sends to the DHCP client devices on the LAN. Click Network > DHCP Setup to open this screen.
Page 91 IP address displays in the field to the right (read-only). The P-792H v2 tells the DHCP clients on the LAN that the P-792H v2 itself is the DNS server. When a computer on the LAN sends a DNS query to the P-792H v2, the P-792H v2 forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
Page 92: The Client List Screen
00:A0:C5:00:00:02. Use this screen to change your P-792H v2’s static DHCP settings. Click Network > LAN > Client List to open the following screen.
Page 93: The Ip Alias Screen
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The P-792H v2 supports three logical LAN interfaces via its single physical Ethernet interface with the P-792H v2 itself as the gateway for each LAN network.
Page 94: Configuring The Lan Ip Alias Screen
Chapter 7 LAN Setup 7.5.1 Configuring the LAN IP Alias Screen Use this screen to change your P-792H v2’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 38 Network > LAN > IP Alias The following table describes the labels in this screen.
Page 95: Lan Technical Reference
RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the P-792H v2 sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Page 96: Dhcp Setup
P-792H v2 tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the P-792H v2, the P-792H v2 acts as a DNS proxy and forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
Page 97: Lan Tcp/Ip
The subnet mask specifies the network number portion of an IP address. Your P- 792H v2 will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the P-792H v2 unless you are instructed to do otherwise.
Page 98: Rip Setup
• Both - the P-792H v2 will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the P-792H v2 will not send any RIP packets but will accept all RIP packets received.
Page 99 224.0.0.2 is assigned to the multicast routers group. The P-792H v2 supports IGMP version 1 (IGMP-v1), IGMP version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). At start up, the P-792H v2 queries all directly connected networks to gather group membership. After that, the P-792H v2 periodically updates this information.
Page 100 Chapter 7 LAN Setup P-792H v2 User’s Guide...
Page 101: Network Address Translation (Nat)
(NAT) 8.1 Overview This chapter discusses how to configure NAT on the P-792H v2. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 102 Table 30 on page 115. • Choose SUA Only if you have just one public WAN IP address for your P-792H • Choose Full Feature if you have multiple public WAN IP addresses for your P- 792H v2. Finding Out More Section 8.6 on page 111...
Page 103: The Nat General Setup Screen
Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the P-792H v2. Figure 40 Network > NAT > General The following table describes the labels in this screen.
Page 104: The Port Forwarding Screen
A default server receives packets from ports that are not specified in this screen. Note: If you do not assign a Default Server IP address, the P-792H v2 discards all packets received for ports that are not specified here or in the remote management setup.
Page 105: Configuring The Port Forwarding Screen
8.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix F on page 455 for port numbers commonly used for particular services. Figure 42 Network > NAT > Port Forwarding P-792H v2 User’s Guide...
Page 106: The Port Forwarding Rule Edit Screen
A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP address, the P-792H v2 discards all packets received for ports that are not specified here or in the remote management setup.
Page 107: The Address Mapping Screen
Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the P-792H v2 applies the rules in the order that you specify. When a rule matches the current packet, the P-792H v2 takes the corresponding action and the remaining rules are ignored.
Page 108 Chapter 8 Network Address Translation (NAT) To change your P-792H v2’s address mapping settings, click Network > NAT > Address Mapping to open the following screen. Figure 44 Network > NAT > Address Mapping The following table describes the fields in this screen.
Page 109: The Address Mapping Rule Edit Screen
8.4.1 The Address Mapping Rule Edit Screen Use this screen to edit an address mapping rule. Click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 45 Network > NAT > Address Mapping: Edit P-792H v2 User’s Guide...
Page 110 Server Mapping Set field. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 111: The Alg Screen
IP address. You do not need to use STUN or an outbound proxy if your P-792H v2 is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the P-792H v2. To access this screen, click Network > NAT > ALG.
Page 112: What Nat Does
Table 30 on page 115), NAT offers the additional benefit of firewall protection. With no servers defined, your P-792H v2 filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 113: How Nat Works
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The P-792H v2 keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.
Page 114: Nat Application
8.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the P-792H v2 maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the P-792H v2 maps multiple local IP addresses to one global IP address.
Page 115 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-792H v2 User’s Guide...
Page 116 Chapter 8 Network Address Translation (NAT) P-792H v2 User’s Guide...
Page 117: Firewalls
Firewalls 9.1 Overview This chapter shows you how to enable and configure the P-792H v2 firewall. Use these screens to enable and configure the firewall that protects your P-792H v2 and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 118: What You Need To Know About Firewall
Anti-Probing If an outside user attempts to probe an unsupported port on your P-792H v2, an ICMP response packet is automatically returned. This allows the outside user to know the P-792H v2 exists. The P-792H v2 supports anti-probing, which prevents the ICMP response packet from being sent.
Page 119: Firewall Rule Setup Example
Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Edit Custom Port Example Select Any in the Destination Address List box and then click Delete. P-792H v2 User’s Guide...
Page 120 Configure the destination address screen as follows and click Add. Firewall Example: Edit Rule: Destination Address Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. P-792H v2 User’s Guide...
Page 121 Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. P-792H v2 User’s Guide...
Page 122: The Firewall General Screen
10.0.0.15 on the LAN. Firewall Example: Rules: MyService 9.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 50 Security > Firewall > General P-792H v2 User’s Guide...
Page 123 Note: Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the P-792H v2. A better solution is to use IP alias to put the P-792H v2 and the backup gateway on separate subnets. See Section 9.5.4.1...
Page 124: The Firewall Rule Screen
Table 32 Security > Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the P-792H v2's memory for Storage recording firewall rules it is currently using. When you are using 80% or Space in Use less of the storage space, the bar is green.
Page 125 The ordering of your rules is important as they are applied in order of their numbering. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 126: Configuring Firewall Rules
Figure 52 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 33 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. P-792H v2 User’s Guide...
Page 127 Go to the Log Settings page and select the Access Control logs category to have the P-792H v2 record these logs. Alert Send Alert Select the check box to have the P-792H v2 generate an alert when Message to the rule is matched. Administrator...
Page 128: Customized Services
Chapter 9 Firewalls 9.3.2 Customized Services Configure customized services and port numbers not predefined by the P-792H v2. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix F on page 455 for some examples.
Page 129: Configuring A Customized Service
Click this to delete the current rule. 9.4 The Firewall Threshold Screen For DoS attacks, the P-792H v2 uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions.
Page 130: Threshold Values
Tune these parameters when you believe the P-792H v2 has been receiving DoS attacks that are not recorded in the logs or the logs show that the P-792H v2 is classifying normal traffic as DoS attacks.
Page 131: Configuring Firewall Thresholds
• If you often use P2P applications such as file sharing with eMule or eDonkey, it’s recommended that you increase the threshold values since lots of sessions will be established during a small period of time and the P-792H v2 may classify them as DoS attacks.
Page 132 For example, if you set the one minute high to 100, the P-792H v2 starts deleting half-open sessions when more than 100 session establishment attempts have been detected in the last minute. It stops...
Page 133: Firewall Technical Reference
The P-792H v2 checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the P-792H v2 takes the action specified in the rule.
Page 134: Guidelines For Enhancing Security With Your Firewall
Chapter 9 Firewalls • WAN to WAN/ Router By default the P-792H v2 stops computers on the WAN from managing the P- 792H v2 or using the P-792H v2 as a gateway to communicate with other computers on the WAN. You could configure one of these rules to allow a WAN computer to manage the P-792H v2.
Page 135: Security Considerations
9.5.4 Triangle Route When the firewall is on, your P-792H v2 acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the P-792H v2 to protect your LAN against attacks.
Page 136 (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the P-792H v2’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur. The steps below describe the “triangle route”...
Page 137 The P-792H v2 reroutes the packet to Gateway A, which is in Subnet 2. The reply from the WAN goes to the P-792H v2. The P-792H v2 then sends it to the computer on the LAN in Subnet 1. Figure 59 IP Alias...
Page 138 Chapter 9 Firewalls P-792H v2 User’s Guide...
Page 139: Content Filtering
Internet browser, for example “http://www.zyxel.com”. 10.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 10.4 on page 144) for more information. P-792H v2 User’s Guide...
Page 140: Content Filtering Example
Click Security > Content Filter > Schedule. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (16:00 ~ 17:00 in this example). P-792H v2 User’s Guide...
Page 141 Click Security > Content Filter > Trusted. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-792H v2 User’s Guide...
Page 142: The Keyword Screen
10.2 The Keyword Screen Use this screen to block sites containing certain keywords in the URL. For example, if you enable the keyword "bad", the P-792H v2 blocks all sites containing this keyword including the URL http://www.example.com/bad.html. To have your P-792H v2 block websites containing keywords in their URLs, click Security >...
Page 143: The Schedule Screen
Click this to restore your previously saved settings. 10.3 The Schedule Screen Use this screen to set the days and times for the P-792H v2 to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown.
Page 144: The Trusted Screen
10.4 The Trusted Screen Use this screen to exclude a range of users on the LAN from content filtering on your P-792H v2. Click Security > Content Filter > Trusted. The screen appears as shown. Figure 62 Security > Content Filter: Trusted The following table describes the labels in this screen.
Page 145: Certificates
Figure 63 Certificates Example In the figure above, the P-792H v2 (Z) checks the identity of the notebook (A) using a certificate before granting it access to the network.
Page 146: Verifying A Certificate
This certificate is referred to in the GUI as the factory default certificate. 11.1.2 Verifying a Certificate Before you import a trusted certificate into the P-792H v2, you should verify that you have the correct certificate. You can do this using the certificate’s fingerprint.
Page 147: The Trusted Cas Screen
This screen displays a summary list of certificates of the certification authorities that you have set the P-792H v2 to accept as trusted. The P-792H v2 accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 148 LABEL DESCRIPTION PKI Storage This bar displays the percentage of the P-792H v2’s PKI storage space Space in Use that is currently in use. The bar turns from blue to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
Page 149: Trusted Ca Import
11.2.1 Trusted CA Import Follow the instructions in this screen to save a trusted certification authority’s certificate to the P-792H v2. Click Security > Certificates to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen.
Page 150: Trusted Ca Details
Certification Authority signed the certificate. Self-signed means that the certificate’s owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. P-792H v2 User’s Guide...
Page 151 Apply Click this to save your changes. You can only change the name and/or set whether or not you want the P-792H v2 to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority.
Page 152: Certificates Technical Reference
Advantages of Certificates Certificates offer the following benefits. • The P-792H v2 only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
Page 153 (because they cannot re-sign the message with Tim’s private key). Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message. P-792H v2 User’s Guide...
Page 154 Chapter 11 Certificates P-792H v2 User’s Guide...
Page 155: Vpn
• Use the Monitor screen (Section 12.7 on page 171) to display and manage the current active VPN connections. • Use the VPN Global Setting screen (Section 12.8 on page 172) to allow NetBIOS packets passing through the VPN connection. P-792H v2 User’s Guide...
Page 156: What You Need To Know About Ipsec Vpn
Y established first. My IP Address My IP Address is the WAN IP address of the P-792H v2. The P-792H v2 has to rebuild the VPN tunnel if My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0: •...
Page 157: Before You Begin
Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The P-792H v2 has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP...
Page 158 Local Address Type field in the VPN Setup - Edit screen is configured to Range. A (static) IP address and a subnet mask are displayed when the Local Address Type field in the VPN Setup - Edit screen is configured to Subnet. P-792H v2 User’s Guide...
Page 159 Click the Remove icon to remove an existing VPN configuration. Apply Click this to save your changes and apply them to the P-792H v2. Cancel Click this return your settings to their last saved values. P-792H v2 User’s Guide...
Page 160: The Vpn Edit Screen
Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the P-792H v2 automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
Page 161 VPN by their (private) domain names. Local Specify the IP addresses of the devices behind the P-792H v2 that can use the VPN tunnel. The local IP addresses must correspond to the remote IPSec router's configured remote IP addresses.
Page 162 WAN IP addresses. When you select DNS or E-mail in the Local ID Type field, type a domain name or e-mail address by which to identify this P-792H v2 in the local Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
Page 163 LABEL DESCRIPTION My IP Address Enter the WAN IP address of your P-792H v2. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 164 SHA-1 for maximum security. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the P-792H v2. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management.
Page 165: Configuring Advanced Ike Settings
Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Remote Start Port is left at 0, End will also remain at 0. P-792H v2 User’s Guide...
Page 166 Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number. Phase 2 Active Protocol Use the drop-down list box to choose from ESP or AH. P-792H v2 User’s Guide...
Page 167: Manual Key Setup
Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the P-792H v2 and return to the VPN-IKE screen. Cancel Click Cancel to return to the VPN-IKE screen without saving your changes.
Page 168: Security Parameter Index (Spi)
You only configure VPN manual key when you select Manual in the IPSec Key Mode field on the VPN Setup-Edit screen. This is the VPN Setup - Manual Key screen as shown next. Figure 75 Security > VPN > Setup > Manual Key P-792H v2 User’s Guide...
Page 169 IPSec VPN) address here. The P-792H v2 assigns this additional DNS server to the P-792H v2 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names.
Page 170 IPSec router. Address Information My IP Address Enter the WAN IP address of your P-792H v2. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The P-792H v2 uses the current P-792H v2 WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 171: Viewing Sa Monitor
Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the P-792H v2. Cancel Click Cancel to begin configuring this screen afresh. 12.7 Viewing SA Monitor Click Security > VPN > Monitor to open the screen as shown. Use this screen to display and manage active VPN connections.
Page 172: Configuring Vpn Global Setting
Click Refresh to display the current active VPN connection(s). 12.8 Configuring VPN Global Setting To change your P-792H v2’s global settings, click VPN > VPN Global Setting. The screen appears as shown. Figure 77 Security > VPN > Global Setting...
Page 173: Ipsec Vpn Technical Reference
Traffic Through All connection. IPSec Tunnels Apply Click Apply to save your changes back to the P-792H v2. Cancel Click Cancel to begin configuring this screen afresh. 12.9 IPSec VPN Technical Reference This section provides some technical background information about the topics covered in this chapter.
Page 174: Ipsec And Nat
VPN. 12.9.2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the P-792H NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
Page 175: Vpn, Nat, And Nat Traversal
NAT is not normally compatible with ESP in transport mode either, but the P-792H v2’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers.
Page 176: Encapsulation
Transport Tunnel Transport Tunnel Y* - This is supported in the P-792H v2 if you enable NAT traversal. 12.9.4 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 80 Transport and Tunnel Mode IPSec Encapsulation...
Page 177: Ike Phases
In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). P-792H v2 User’s Guide...
Page 178: Negotiation Mode
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The P-792H v2 automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The P- 792H v2 also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, even if there is no traffic.
Page 179: Remote Dns Server
The following figure depicts an example where three VPN tunnels are created from P-792H v2 A; one to branch office 2, one to branch office 3 and another to headquarters. In order to access computers that use private domain names on the headquarters (HQ) network, the P-792H v2 at branch office 1 uses the Intranet DNS server in headquarters.
Page 180: Id Type And Content
(seeSection 12.9.12 on page 182 for a telecommuter configuration example). Regardless of the ID type and content configuration, the P-792H v2 does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (seeSection 12.9.6 on page...
Page 181: Id Type And Content Examples
The two P-792H v2s in this example cannot complete their negotiation because P- 792H v2 B’s Local ID type is IP, but P-792H v2 A’s Peer ID type is set to E- mail. An “ID mismatched” message displays in the IPSEC LOG.
Page 182: Pre-Shared Key
The following examples show how multiple telecommuters can make VPN connections to a single P-792H v2 at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The P-792H v2 at headquarters has a static public IP address. 12.9.12.1 Telecommuters Sharing One VPN Rule Example...
Page 183: Telecommuters Using Unique Vpn Rules Example
See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a P-792H v2 located at headquarters. The P-792H v2 at headquarters (HQ in the figure) identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the VPN connection.
Page 184 Chapter 12 VPN The P-792H v2 at headquarters can also initiate VPN connections to the telecommuters since it can find the telecommuters by resolving their domain names. Figure 84 Telecommuters Using Unique VPN Rules Example 192.168.2.12 Internet 192.168.1.10 192.168.3.2 192.168.4.15...
Page 185 Chapter 12 VPN Table 56 Telecommuters Using Unique VPN Rules Example (continued) TELECOMMUTERS HEADQUARTERS Telecommuter C Headquarters P-792H v2 Rule 3: (telecommuterc.dydns.org) Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: myVPN@myplace.com Peer ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 Secure Gateway Address: telecommuterc.com...
Page 186 Chapter 12 VPN P-792H v2 User’s Guide...
Page 187: Static Route
13.1 Overview The P-792H v2 usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the P-792H v2 send data to devices not reachable through the default gateway, use static routes.
Page 188: The Static Route Screen
Click the Edit icon to go to the screen where you can set up a static route on the P-792H v2. Click the Remove icon to remove a static route from the P-792H v2. A window displays asking you to confirm that you want to delete the route.
Page 189: Static Route Edit
One example of a remote node is your connection to your ISP. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 190 Chapter 13 Static Route P-792H v2 User’s Guide...
Page 191: Q/1P
Each group can have its own rules about where and how to forward traffic. You can assign any ports on the P-792H v2 to a VLAN group and configure the settings for the group. You may also set the priority level for traffic trasmitted through the ports.
Page 192 802.1Q VLAN-aware device to an 802.1Q VLAN-unaware device, the P-792H v2 first decides where to forward the frame and then strips off the VLAN tag. To forward a frame from an 802.1Q VLAN-unaware device to an 802.1Q VLAN-aware switch, the P-792H v2 first decides where to forward the...
Page 193: Q/1P Example
Chapter 14 802.1Q/1P 14.1.3 802.1Q/1P Example This example shows how to configure the 802.1Q/1P settings on the P-792H v2. 802.1Q/1P Example P-792H v2 VoIP Network Internet - (PPPoE) LAN1 and LAN2 are connected to ATAs (Analogue Telephone Adapters) and used for VoIP traffic.
Page 194 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-792H v2 User’s Guide...
Page 195 Ports 3 and 4 are connected to desktop computers and are used for Internet traffic. You want to create low priority for this type of traffic, so you want to group these ports and PVC2 into one VLAN (VLAN3). PVC2 priority is set to low level of service. P-792H v2 User’s Guide...
Page 196 Chapter 14 802.1Q/1P Follow the same steps as in VLAN2 to configure the settings for VLAN3. The summary screen should then display as follows. Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q/1P setup. P-792H v2 User’s Guide...
Page 197: The 802.1Q/1P Group Setting Screen
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the P-792H v2. Summary This field displays the index number of the VLAN group.
Page 198: Editing 802.1Q/1P Group Setting
Enter a descriptive name for the VLAN group for identification purposes. The text may consist of up to 8 letters, numerals, “-”, “_” and “@”. VLAN ID Assign a VLAN ID for the VLAN group. The valid VID range is between 1 and 4094. P-792H v2 User’s Guide...
Page 199: The 802.1Q/1P Port Setting Screen
Select Tx Tagging if you want the port to tag all outgoing traffic trasmitted through this VLAN. You select this if you want to create VLANs across different devices and not just the P-792H v2. Back Click this to return to the previous screen without saving.
Page 200 This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port. The valid VID range is between 1 and 4094. The P-792H v2 assigns the PVID to untagged frames or priority- tagged frames received on this port. 802.1P Priority Assign a priority for the traffic transmitted through the port.
Page 201: Quality Of Service (Qos)
Quality of Service (QoS) 15.1 Overview Use the QoS screens to set up your P-792H v2 to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the P-792H v2 to group and prioritize application traffic and fine-tune network performance.
Page 202: What You Can Do In The Qos Screens
• Use the Monitor screen (Section 15.5 on page 214) to view the P-792H v2’s QoS-related packet statistics. 15.2.2 What You Need to Know About QoS QoS versus Cos QoS is used to prioritize source-to-destination traffic flows.
Page 203: Qos Class Setup Example
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-792H v2 User’s Guide...
Page 204 Chapter 15 Quality of Service (QoS) these two classes are assigned priority queue based on the internal QoS mapping table on the P-792H v2. Figure 92 QoS Example VoIP: Queue 6 50 Mbps Boss: Queue 5 IP=192.168.1.23 Figure 93 QoS Class Example: VoIP -1...
Page 205 Chapter 15 Quality of Service (QoS) Figure 94 QoS Class Example: VoIP -2 Figure 95 QoS Class Example: Boss -1 P-792H v2 User’s Guide...
Page 206 Chapter 15 Quality of Service (QoS) Figure 96 QoS Class Example: Boss -2 P-792H v2 User’s Guide...
Page 207: The Qos General Screen
Chapter 15 Quality of Service (QoS) 15.3 The QoS General Screen Use this screen to enable or disable QoS and have the P-792H v2 automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length.
Page 208: The Class Setup Screen
If you select ON and traffic does not match a class configured in the assigned by Class Setup screen, the P-792H v2 assigns priority to unmatched traffic based on the IEEE 802.1p priority level, IP precedence and/or packet length. See Section 15.6.4 on page 216...
Page 209 Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 210: The Class Configuration Screen
15.4.1 The Class Configuration Screen Use this screen to configure a classifier. Click the Add button or the Edit icon in the Modify field to display the following screen. Figure 99 Advanced > QoS > Class Setup: Edit P-792H v2 User’s Guide...
Page 211 Routing Policy Select the next hop to which traffic of this class should be forwarded. Select By Routing Table to have the P-792H v2 use the routing table to find a next hop and forward the matched packets automatically. Select To WAN Index to route the matched packets through the specified PVC.
Page 212 Select the check box and enter the port number of the destination. 0 means any source port number. See Appendix F on page 455 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-792H v2 User’s Guide...
Page 213 Select this option to exclude the packets that match the specified criteria from this classifier. Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 214: The Qos Monitor Screen
Chapter 15 Quality of Service (QoS) 15.5 The QoS Monitor Screen Use this screen to view the P-792H v2’s QoS packet statistics. Click Advanced > QoS > Monitor. The screen appears as shown. Figure 100 Advanced > QoS > Monitor The following table describes the labels in this screen.
Page 215: Qos Technical Reference
IP precedence uses three bits of the eight- bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. P-792H v2 User’s Guide...
Page 216: Diffserv
DSCP values and the configured policies. 15.6.4 Automatic Priority Queue Assignment If you enable QoS on the P-792H v2, the P-792H v2 can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 217 TOS (IP IP PACKET QUEUE DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 000000 000000 >1100 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-792H v2 User’s Guide...
Page 218 Chapter 15 Quality of Service (QoS) P-792H v2 User’s Guide...
Page 219: Dynamic Dns Setup
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-792H v2 User’s Guide...
Page 220: The Dynamic Dns Screen
Chapter 16 Dynamic DNS Setup 16.2 The Dynamic DNS Screen Use this screen to change your P-792H v2’s DDNS. Click Advanced > Dynamic DNS. The screen appears as shown. Figure 101 Advanced > Dynamic DNS The following table describes the fields in this screen.
Page 221 Select this option only when there are one or more NAT routers between server auto the P-792H v2 and the DDNS server. This feature has the DDNS server detect IP automatically detect and use the IP address of the NAT router that has a Address public IP address.
Page 222 Chapter 16 Dynamic DNS Setup P-792H v2 User’s Guide...
Page 223: Remote Management
Remote management allows you to determine which services/protocols can access which P-792H v2 interface (if any) from which computers. The following figure shows remote management of the P-792H v2 coming in from the WAN. Figure 102 Remote Management From the WAN...
Page 224: What You Can Do In The Remote Management Screens
IP address(es) users can use FTP to access the P- 792H v2. • Use the SNMP screen (Section 17.5 on page 248) to configure your P-792H v2’s settings for Simple Network Management Protocol management. • Use the DNS screen (Section 17.6 on page...
Page 225: The Www Screen
17.2 The WWW Screen Use this screen to specify how to connect to the P-792H v2 from a web browser, such as Internet Explorer. You can also specify which IP addresses the access can come from.
Page 226: The Telnet Screen
A secured client is a “trusted” computer that is allowed to communicate with the P-792H v2 using this service. Select All to allow any computer to access the P-792H v2 using this service. Choose Selected to just allow the computer with the IP address that you specify to access the P-792H v2 using this service.
Page 227: The Ftp Screen
Click this to restore your previously saved settings. 17.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the P-792H v2’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details. To use this feature, your computer must have an FTP client.
Page 228: The Snmp Screen
A secured client is a “trusted” computer that is allowed to communicate with the P-792H v2 using this service. Select All to allow any computer to access the P-792H v2 using this service. Choose Selected to just allow the computer with the IP address that you specify to access the P-792H v2 using this service.
Page 229 An agent is a management software module that resides in a managed device (the P-792H v2). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
Page 230: Supported Mibs
MIBs is to let administrators collect statistical data and monitor status and performance. 17.5.2 SNMP Traps The P-792H v2 will send traps to the SNMP manager when any one of the following events occurs: Table 72 SNMP Traps...
Page 231: Configuring Snmp
Chapter 17 Remote Management 17.5.3 Configuring SNMP To change your P-792H v2’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 107 Advanced > Remote Management > SNMP The following table describes the labels in this screen.
Page 232: The Dns Screen
Use this screen to set from which IP address the P-792H v2 will accept DNS queries and on which interface it can send them your P-792H v2’s DNS settings. This feature is not available when the P-792H v2 is set to bridge mode. Click Advanced >...
Page 233: The Icmp Screen
To change your P-792H v2’s security settings, click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your P-792H v2, an ICMP response packet is automatically returned. This allows the outside user to know the P-792H v2 exists.
Page 234 Chapter 17 Remote Management Table 75 Advanced > Remote Management > ICMP LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 235: Universal Plug-And-Play (Upnp)
Use the UPnP screen (Section 18.2 on page 237) to enable UPnP on the P-792H v2 and allow UPnP-enabled applications to automatically configure the P-792H v2. 18.1.2 What You Need to Know About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder (Windows XP).
Page 236 When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-792H v2 allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 237: The Upnp Screen
Chapter 18 Universal Plug-and-Play (UPnP) 18.2 The UPnP Screen Use the following screen to configure the UPnP settings on your P-792H v2. Click Advanced > UPnP to display the screen shown next. Section 18.1 on page 235 for more information.
Page 238 Chapter 18 Universal Plug-and-Play (UPnP) Click Start and Control Panel. Double-click Add/Remove Programs. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication P-792H v2 User’s Guide...
Page 239 Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. P-792H v2 User’s Guide...
Page 240 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Network Connections The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Windows Optional Networking Components Wizard P-792H v2 User’s Guide...
Page 241: Using Upnp In Windows Xp Example
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the P-792H v2. Make sure the computer is connected to a LAN port of the P-792H v2. Turn on your computer and the P-792H v2.
Page 242 Chapter 18 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties P-792H v2 User’s Guide...
Page 243 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-792H v2 User’s Guide...
Page 244 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-792H v2 without finding out the IP address of the P-792H v2 first. This comes helpful if you do not know the IP address of the P-792H v2.
Page 245 Chapter 18 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-792H v2 User’s Guide...
Page 246 Chapter 18 Universal Plug-and-Play (UPnP) Right-click on the icon for your P-792H v2 and select Invoke. The web configurator login screen displays. Network Connections: My Network Places Right-click on the icon for your P-792H v2 and select Properties. A properties window displays with basic information about the P-792H v2.
Page 247: System Settings
A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access, printers etc. P-792H v2 User’s Guide...
Page 248: The General Screen
• In Windows XP, click start, My Computer, View system information and then click the Computer Name tab. Note the entry in the Full computer name field and enter it as the P-792H v2 System Name. Click Maintenance > System to open the General screen.
Page 249 After you change the password, use the new password to access the P- 792H v2. Retype to Type the new password again for confirmation. confirm Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 250: The Time Setting Screen
Chapter 19 System Settings 19.3 The Time Setting Screen Use this screen to configure the P-792H v2’s time based on your local time zone. To change your P-792H v2’s time and date, click Maintenance > System > Time Setting. The screen appears as shown.
Page 251 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the P-792H v2 get the time and date Server from the time server you specified below.
Page 252 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-792H v2 User’s Guide...
Page 253: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the P-792H v2 log and then display the logs or have the P-792H v2 send them to an administrator (as e-mail) or to a syslog server.
Page 254: The View Log Screen
This field is a sequential value and is not associated with a specific entry. Time This field displays the time the log was recorded. Message This field states the reason for the log. Source This field lists the source IP address and the port number of the incoming packet. P-792H v2 User’s Guide...
Page 255: The Log Settings Screen
Use the Log Settings screen to configure the mail server, the syslog server, when to send logs and what logs to send. To change your P-792H v2’s log settings, click Maintenance > Logs > Log Settings. The screen appears as shown.
Page 256 Enter the time of the day in 24-hour format (for example 23:00 equals Sending Log 11:00 pm) to send the logs. Clear log after Select the checkbox to delete all the logs after the P-792H v2 sends an E- sending mail mail of the logs. Syslog The P-792H v2 sends a log to an external syslog server.
Page 257: Smtp Error Messages
Chapter 20 Logs Table 80 Maintenance > Logs > Log Settings LABEL DESCRIPTION Send Select log categories for which you want the P-792H v2 to send E-mail Immediate alerts immediately. Alert Apply Click this to save your customized settings and exit this screen.
Page 258: Log Descriptions
Someone has logged on to the router via telnet. Successful TELNET login Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login P-792H v2 User’s Guide...
Page 259 The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. P-792H v2 User’s Guide...
Page 260 Firewall session time firewall session timed out.Default timeout values:ICMP out, sent TCP RST idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 P-792H v2 User’s Guide...
Page 261 The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. P-792H v2 User’s Guide...
Page 262 UPnP packets can pass through the firewall. UPnP pass through Firewall Table 91 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: block keyword keyword. The system forwarded web content. P-792H v2 User’s Guide...
Page 263 A user was not authenticated by the RADIUS RADIUS rejects user. Pls check Server. Please check the RADIUS Server. RADIUS Server. The router logged out a user whose session User logout because of session expired. timeout expired. P-792H v2 User’s Guide...
Page 264 (L to L/P-792H v2) LAN to LAN/P- ACL set for packets traveling from the LAN to the 792H v2 LAN or the P-792H v2. (W to W/P-792H WAN to WAN/P- ACL set for packets traveling from the WAN to the 792H v2 WAN or the P-792H v2.
Page 265 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. P-792H v2 User’s Guide...
Page 266 Please refer to RFC 2408 for detailed information on each type. Table 97 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-792H v2 User’s Guide...
Page 267: Tools
ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your P-792H v2. 21.1.1 What You Can Do in the Tool Screens • Use the Firmware Upgrade screen (Section 21.2 on page...
Page 268: What You Need To Know About Tools
P-792H v2 and the external filename refers to the filename not on the P-792H v2, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the Status screen to confirm that you have uploaded the correct firmware version.
Page 269: Before You Begin
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-792H v2 User’s Guide...
Page 270 “rom-0”. Likewise “get rom-0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-792H v2 User’s Guide...
Page 271 Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For P-792H v2 User’s Guide...
Page 272 Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “get” to transfer files from the P-792H v2 to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the P-792H v2 to your computer and renames it “config.rom”.
Page 273 Specify the default local directory (path). Backup Configuration Using TFTP The P-792H v2 supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended.
Page 274 Enter the IP address of the P-792H v2. 192.168.1.1 is the P-792H v2’s default IP address when shipped. Send/ Use “Send” to upload the file to the P-792H v2 and “Fetch” to back up the file Fetch on your computer.
Page 275: The Firmware Screen
21.2 The Firmware Screen Click Maintenance > Tools to open the Firmware screen. Follow the instructions in this screen to upload firmware to your P-792H v2. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Page 276 After you see the Firmware Upload in Progress screen, wait two minutes before logging into the P-792H v2 again. Figure 120 Firmware Upload In Progress The P-792H v2 automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 277: The Configuration Screen
Backup Configuration Backup Configuration allows you to back up (save) the P-792H v2’s current configuration to a file on your computer. Once your P-792H v2 is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 278 Chapter 21 Tools Do not turn off the P-792H v2 while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the P-792H v2 again. Figure 124 Configuration Upload Successful The P-792H v2 automatically restarts in this time causing a temporary network disconnect.
Page 279: The Restart Screen
System restart allows you to reboot the P-792H v2 remotely without turning the power off. You may need to do this if the P-792H v2 hangs, for example. Click Maintenance > Tools > Restart. Click Restart to have the P-792H v2 reboot.
Page 280 Chapter 21 Tools P-792H v2 User’s Guide...
Page 281: Diagnostic
ADSL line. 22.2 The General Diagnostic Screen Use this screen to ping an IP address. Click Maintenance > Diagnostic to open the screen shown next. Figure 130 Maintenance > Diagnostic > General P-792H v2 User’s Guide...
Page 282: The Dsl Line Diagnostic Screen
22.3 The DSL Line Diagnostic Screen Use this screen to view the DSL line statistics and reset the ADSL line. Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 131 Maintenance > Diagnostic > DSL Line P-792H v2 User’s Guide...
Page 283 PVC with proper VPIs/VCIs before you begin this test. The P- 792H v2 sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the P-792H v2. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network.
Page 284 Status noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the P-792H v2 from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
Page 285: Introducing The Smt
H A P T E R Introducing the SMT The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the P-792H v2. This chapter describes how to access the SMT and then provides an overview of its menus. 23.1 Accessing the SMT Use Telnet to access the SMT.
Page 286: Smt Menu Items
P-792H v2 will automatically log you out. You will then have to telnet into the P-792H v2 again. You can use the web configurator or the CI commands (menu 24.8) to change the inactivity timeout period.
Page 287 12.1 IP Static Route Setup 12.1.1 Edit IP Static Setup Route 12.3 Bridge Static Route 12.3.1 Edit Bridge Static Setup Route 15 NAT Setup 15.1 Address Mapping Sets 15.1.x Address Mapping 15.1.x.x Address Rules Mapping Rule 15.2 NAT Server Sets 15.2.x NAT Server Setup P-792H v2 User’s Guide...
Page 288 Maintenance - Upload System Configuration File 24.8 Command Interpreter Mode 24.9 System Maintenance - 24.9.1 Budget Call Control23 Management 24.10 System Maintenance - Time and Date Setting 24.11 Remote Management Control 26 Schedule Setup 26.1 Schedule Set Setup P-792H v2 User’s Guide...
Page 289: Navigating The Smt Interface
Saving the data on the screen will take you, in most cases to the previous menu. Exit the SMT Type 99, then Type 99 at the main menu prompt and press press [ENTER]. [ENTER] to exit the SMT interface. P-792H v2 User’s Guide...
Page 290 Chapter 23 Introducing the SMT P-792H v2 User’s Guide...
Page 291: General Setup
“-” and underscores "_" are accepted. Location Enter a descriptive name for the place where the P-792H v2 is located. You can enter up to 31 characters, or you can leave this field blank. P-792H v2 User’s Guide...
Page 292: Configuring Dynamic Dns
Confirm…” to save your configuration, or press [ESC] at any time to cancel. 24.1.1 Configuring Dynamic DNS To configure Dynamic DNS, set the P-792H v2 to router mode in menu 1 or in the MAINTENANCE Device Mode screen and go to Menu 1 - General Setup and...
Page 293 Enter your user name. Password Enter the password assigned to you. Enable Your P-792H v2 supports DYNDNS Wildcard. Press [SPACE BAR] and then Wildcard [ENTER] to select Yes or No. This field is N/A when you choose DDNS Option client as your service provider.
Page 294 IP address of the host name(s) with the P-792H v2’s WAN IP address. DDNS does not work with a private IP address. When both fields are set to No, the P-792H v2 must have a public WAN IP address in order for DDNS to work.
Page 295: Wan Setup
DSL Mode Press [SPACE BAR] to select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-792H v2 uses EFM TC layer for data transmission over the DSL port. ATM (Asynchronous Transfer Mode): The P-792H v2 uses ATM TC layer for data transmission over the DSL port.
Page 296 67.) Otherwise, select Client. Rate Adaption This field is configurable if Service Type is Server. Press [SPACE BAR] to let the P-792H v2 adjust the speed of its connection to that of the other device. Transfer Max This field is enabled if Service Type is Server. Press [SPACE BAR] to set...
Page 297: Configuring Traffic Redirect
FIELD DESCRIPTION ICMP Type the number of seconds (3 recommended) for your P-792H v2 to wait Timeout(sec) for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down"...
Page 298 Chapter 25 WAN Setup P-792H v2 User’s Guide...
Page 299: Lan Setup
Figure 139 Menu 3.1: LAN Port Filter Setup Menu 3.1 - LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= P-792H v2 User’s Guide...
Page 300: Tcp/Ip And Dhcp Setup Menu
DHCP Setup DHCP This field enables/disables the DHCP server. If set to Server, your P-792H v2 will act as a DHCP server. You should configure the rest of the fields in this section except for Remote DHCP Server. If set to Relay, the P-792H v2 acts as a surrogate DHCP server and relays requests and responses between the remote server and the clients.
Page 301 User-Defined, and enter the same IP address, the second User-Defined changes to None after you save your changes. Select DNS Relay to have the P-792H v2 act as a DNS proxy. The P- 792H v2's LAN IP address displays in the IP Address field below (read- only).
Page 302: Lan Ip Alias
IP Alias 1, 2 Choose Yes to configure the LAN network for the P-792H v2. IP Address Enter the IP address of your P-792H v2 in dotted decimal notation. IP Subnet Your P-792H v2 will automatically calculate the subnet mask based on Mask the IP address that you assign.
Page 303: Internet Access Setup
Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your P-792H v2 to access the Internet. Contact your ISP to determine what encapsulation type you should use.
Page 304 IP address and subnet mask in the following fields. IP Address This field is enabled if the IP Address Assignment is Static. Enter the (fixed) IP address assigned to you by your ISP (static IP address assignment is selected in the previous field). P-792H v2 User’s Guide...
Page 305 Enter the number of the address mapping set you want to use for your Internet connection. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. P-792H v2 User’s Guide...
Page 306 Chapter 27 Internet Access Setup P-792H v2 User’s Guide...
Page 307: Remote Node Setup
Menu 11 - Remote Node Setup 1. MyISP (ISP, SUA) 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ Enter Node # to Edit: Type the node number you want to configure and press [ENTER]. P-792H v2 User’s Guide...
Page 308: Remote Node Profile
792H v2. The login name and the Rem Password will be used to authenticate this node. Rem Password Type the password used when this remote node calls your P-792H Outgoing This section is only enabled for PPPoA or PPPoE connections.
Page 309 Enter 0 if there is no limit. With Period, you can set a limit on the total outgoing call time of the P-792H v2 within a certain period of time. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Page 310: Remote Node Network Layer Options
[SPACE BAR] to select Yes and press [ENTER]. Menu 11.5 appears. Idle Timeout(sec) Enter the number of seconds the P-792H v2 should wait while there is no Internet traffic before it automatically disconnects from the ISP. Enter a time interval between 10 and 9999 seconds.
Page 311 WAN IP address for your P-792H v2. Select Full Feature if you want to use one or more of these features and have more than one public WAN IP address for your P-792H v2. Address Mapping This field is enabled if NAT is Full Feature.
Page 312: Remote Node Filter
1-7). Type the time (in minutes) for the P-792H v2 to retain the Ethernet address information in its internal tables while the line is down. If this information is retained, your P-792H v2 will not have to recompile the tables when the line comes back up.
Page 313 Enter up to four filter sets. If you enter more than one, separate each one with a comma ( , ). device filters Enter up to four filter sets. If you enter more than one, separate each one with a comma ( , ). P-792H v2 User’s Guide...
Page 314: Remote Node Atm Layer Options
Type the MBS, which is less than 65535. Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration and return to menu 11.1, or press [ESC] at any time to cancel. P-792H v2 User’s Guide...
Page 315: Advance Setup Options
ISP. Once you have completed filling in this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration and return to menu 11.1, or press [ESC] at any time to cancel. P-792H v2 User’s Guide...
Page 316 Chapter 28 Remote Node Setup P-792H v2 User’s Guide...
Page 317: Static Route Setup
Menu 12.1 - IP Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. ________ 10. ________ 11. ________ 12. ________ 13. ________ 14. ________ 15. ________ 16. ________ P-792H v2 User’s Guide...
Page 318 P-792H v2 that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your P-792H v2; over the WAN, the gateway must be the IP address of one of the remote nodes.
Page 319: Bridge Static Route Setup
P-792H v2 that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your P-792H v2; over the WAN, the gateway must be the IP address of one of the remote nodes.
Page 320 Chapter 29 Static Route Setup P-792H v2 User’s Guide...
Page 321: Nat Setup
LAN IP addresses of clients or servers using mapping types. Choose SUA Only if you have just one public WAN IP address for your P-792H v2. Note: Choose Full Feature if you have multiple public WAN IP addresses for your P- 792H v2.
Page 322: Applying Nat
Network Address Translation= SUA Only Address Mapping Set= N/A The following figure shows how you apply NAT to the remote node in menu 11.3. Enter 11 from the main menu. Enter 1 to open Menu 11.1 - Remote Node Profile. P-792H v2 User’s Guide...
Page 323: Nat Setup
SUA. When you select Full Feature in menu 4 or menu 11.3, the SMT will use the address mapping set that you specify. When you select SUA Only, the SMT will use the pre-configured Set 255 (read only). P-792H v2 User’s Guide...
Page 324: Address Mapping Sets
Figure 156 Menu 15.1: Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. ACL Default Set 255. SUA (read only) Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only. P-792H v2 User’s Guide...
Page 325 NAT to this machine. See later for some examples. Once you have finished configuring a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel. P-792H v2 User’s Guide...
Page 326 Chapter 30 NAT Setup Ordering your rules is important because the P-792H v2 applies the rules in the order that you specify. When a rule matches the current packet, the P-792H v2 takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules.
Page 327: Configuring A Server Behind Nat
“Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel. 30.3 Configuring a Server behind NAT Note: If you do not assign a Default Server IP address, the P-792H v2 discards all packets received for ports that are not specified here or in the remote management setup.
Page 328: General Nat Examples
Rule This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The P-792H v2 checks each active rule in order, and it only follows the first one that applies. Start Port This field displays the beginning of the range of port numbers forwarded by this rule.
Page 329: Internet Access Only
Address Translation field. This is the Many-to-One mapping discussed in Section 30.4 on page 328. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-configured to handle this case. P-792H v2 User’s Guide...
Page 330: Example 2: Internet Access With A Default Server
IGA. Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA. Map the third IGA to an inside web server and mail server. Four rules need to be configured, two bi-directional and two uni- directional as follows. P-792H v2 User’s Guide...
Page 331 Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Start IP as 10.132.50.1 (our first IGA). (See Figure 167 on page 333). Repeat the previous step for rules 2 to 4 as outlined above. P-792H v2 User’s Guide...
Page 332 Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= N/A NAT= SUA Only Address Mapping Set= N/A Metric= 2 Private= No RIP Direction= None Version= RIP-1 Multicast= None IP Policies= P-792H v2 User’s Guide...
Page 333 10.132.50.3 Serve+ Action= None Select Rule= N/A Now configure the IGA3 to map to our web server and mail server on the LAN. Enter 15 from the main menu. Enter 2 to go to menu 15.2. P-792H v2 User’s Guide...
Page 334: Example 4: Nat Unfriendly Application Programs
Chapter 30 NAT Setup (Enter 1 or 2 from menu 15.2 on a P-792H v2 with multiple WAN ports) configure the menu as shown in Figure 169 on page 334. Figure 169 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No.
Page 335 Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- -- 1. 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M-M N+ Action= None Select Rule= N/A P-792H v2 User’s Guide...
Page 336 Chapter 30 P-792H v2 User’s Guide...
Page 337: Firewall Setup
H A P T E R Firewall Setup Use this menu to activate or deactivate the firewall. 31.1 Using P-792H v2 SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next.
Page 338 Active: Yes LAN-to-WAN Set Name: ACL Default Set WAN-to-LAN Set Name: ACL Default Set Please configure the Firewall function through Web Configurator Note: It is recommended to configure the firewall rules using the web configurator. P-792H v2 User’s Guide...
Page 339: Filter Configuration
This chapter shows you how to create and apply filters. 32.1 Introduction to Filters Your P-792H v2 uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
Page 340: The Filter Structure Of The P-792H V2
NetBIOS, into a single set and give it a descriptive name. The P-792H v2 allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter rules and protocol filter rules within the same set.
Page 341 You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. P-792H v2 User’s Guide...
Page 342: Configuring A Filter Set
Chapter 32 Filter Configuration 32.2 Configuring a Filter Set The P-792H v2 includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. Enter 21 in the main menu to open menu 21.
Page 343 “N“ means to check the next rule. Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule. P-792H v2 User’s Guide...
Page 344: Configuring A Filter Rule
When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filter field or vice versa, the P-792H v2 will warn you and will not allow you to save.
Page 345 Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the destination port in the packet against the value given in Destination: Port #. Options are None, Equal, Not Equal, Less and Greater. Source P-792H v2 User’s Guide...
Page 346 When you have Menu 21.1.1.1 - TCP/IP Filter Rule configured, press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1.1 - Filter Rules Summary. P-792H v2 User’s Guide...
Page 347 Chapter 32 Filter Configuration The following figure illustrates the logic flow of an IP filter. Figure 180 Executing an IP Filter P-792H v2 User’s Guide...
Page 348: Configuring A Generic Filter Rule
For IP, it is generally easier to use the IP rules directly. For generic rules, the P-792H v2 treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Page 349: Example Filter
This data will now be displayed on Menu 21.1.1 - Filter Rules Summary. 32.3 Example Filter Let’s look at an example to block outside users from accessing the P-792H v2 via telnet. Please see our included disk for more example filters.
Page 350 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services. P-792H v2 User’s Guide...
Page 351: Filter Types And Nat
(TCP/IP) rules. Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP packets. Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address P-792H v2 User’s Guide...
Page 352: Firewall Versus Filters
They are applied at the point when the P-792H v2 is receiving and sending the packets; in other words the interface. The interface can be an Ethernet port or any other hardware port. The following diagram illustrates this.
Page 353: Applying Remote Node Filters
Chapter 32 Filter Configuration example 3, 4, 6, 11. Input filter sets filter incoming traffic to the P-792H v2 and output filter sets filter outgoing traffic from the P-792H v2. Figure 186 Filtering LAN Traffic Menu 3.1 - LAN Port Filter Setup...
Page 354 Chapter 32 Filter Configuration P-792H v2 User’s Guide...
Page 355: System Password
The following table describes the labels in this menu. Table 130 Menu 23: System Password FIELD DESCRIPTION Old Password Enter the current administrator password for the P-792H v2. New Password Enter the new administrator password for the P-792H v2. Retype to confirm Enter the new administrator password again.
Page 356 Chapter 33 System Password P-792H v2 User’s Guide...
Page 357: System Information & Diagnosis
System Status is a tool that can be used to mon23itor your P-792H v2. Specifically, it gives you information on your system firmware version, number of packets sent and number of packets received.
Page 358 Drop (dropping a call) if you're using PPPoE encapsulation. It displays N/A if the port is not connected. TxPkts This is the number of packets transmitted from the P-792H v2 to the remote node. RxPkts This is the number of packets received by the P-792H v2 from the remote node.
Page 359: System Information And Console Port Speed
From this menu you have two choices as shown in the next figure: Figure 191 Menu 24.2: System Information and Console Port Speed Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed P-792H v2 User’s Guide...
Page 360: System Information
Refers to the Ethernet MAC (Media Access Control) address of your P- 792H v2. IP Address This is the IP address of the P-792H v2 in dotted decimal notation. IP Mask This shows the IP mask of the P-792H v2.
Page 361: Console Port Speed
Console Port Speed: 9600 34.4 Log and Trace There are two logging facilities in the P-792H v2. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
Page 362: Syslog Logging
Clear Error Log (y/n): 34.4.2 Syslog Logging The P-792H v2 uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging, as shown next.
Page 363 When finished configuring this screen, press [ENTER] to confirm or [ESC] to cancel. Your P-792H v2 sends five types of syslog messages. Some examples (not all P- 792H v2 specific) of these syslog messages with their message formats are shown...
Page 364 Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c0200010061626364 65666768696a6b6c6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000 600220008cd40000020405b4 Jul 19 11:29:06 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d143013 5004000077600000 Filter log P-792H v2 User’s Guide...
Page 365 Mar 03 10:41:34 202.132.155.97 ZyXEL: IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF Mar 03 11:59:20 202.132.155.97 ZyXEL: GEN[00a0c5f502fnord010080] }S05>R01mF Mar 03 12:00:52 202.132.155.97 ZyXEL: GEN[ffffffffffff0080] }S05>R01mF Mar 03 12:00:57 202.132.155.97 ZyXEL: GEN[00a0c5f502010080] }S05>R01mF Mar 03 12:01:06 202.132.155.97 ZyXEL: IP[Src=192.168.2.33 Dst=202.132.155.93 TCP spo=01170 dpo=00021]}S04>R01mF P-792H v2 User’s Guide...
Page 366: Diagnostic
08-01-200011:48:39Local1.Notice192.168.10.10RAS: FW 172.21.1.25 >172.21.1.25 |IGMP<2>|default permit:<2,0>|B 34.5 Diagnostic The diagnostic facility allows you to test the different aspects of your P-792H v2 to determine if it is working properly. Menu 24.4 allows you to choose among various P-792H v2 User’s Guide...
Page 367 Enter 12 to ping any machine (with an IP address) on your LAN or WAN. Enter its IP address in the Host IP Address field below. Reboot System Enter 11 to reboot the P-792H v2. Command Mode Enter 22 to go to the Command Interpreter (CI) for further diagnosis.
Page 368 Chapter 34 System Information & Diagnosis P-792H v2 User’s Guide...
Page 369: Firmware And Configuration File Maintenance
35.1 Introduction Use the instructions in this chapter to change the P-792H v2’s configuration file or upgrade its firmware. After you configure your P-792H v2, you can backup the configuration file to a computer. That way if you later misconfigure the P-792H v2, you can upload the backed up configuration file to return to your previous settings.
Page 370: Backup Configuration
P-792H v2 and the external filename refers to the filename not on the P-792H v2, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.1 - System Maintenance -...
Page 371: Backup Configuration
Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “get” to transfer files from the P-792H v2 to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the P-792H v2 to your computer and renames it “config.rom”.
Page 372: Example Of Ftp Commands From The Command Line
TFTP, FTP and Telnet over the WAN will not work when: The firewall is active (turn the firewall off in menu 21.2 or create a firewall rule to allow access from the WAN). You have disabled Telnet service in menu 24.11. P-792H v2 User’s Guide...
Page 373: Backup Configuration Using Tftp
The IP you entered in the Secured Client IP field in menu 24.11 does not match the client IP. If it does not match, the P-792H v2 will disconnect the Telnet session immediately. You have an SMT console session running.
Page 374: Gui-Based Tftp Clients
Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the P-792H v2 IP address, “get” transfers the file source on the P-792H v2 (rom-0, name of the configuration file on the P-792H v2) to the file destination on the computer and renames it config.rom.
Page 375: Restore Configuration
FTP is the preferred method for restoring your current computer configuration to your P-792H v2 since FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete.
Page 376: Restore Using Ftp
Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Find the “rom” file (on your computer) that you want to restore to your P-792H Use “put” to transfer files from the P-792H v2 to the computer, for example, “put config.rom rom-0”...
Page 377: Restore Using Ftp Session Example
Chapter 35 Firmware and Configuration File Maintenance Enter “quit” to exit the ftp prompt. The P-792H v2 will automatically restart after a successful restore process. 35.4.2 Restore Using FTP Session Example Figure 205 Restore Using FTP Session Example ftp> put config.rom rom-0...
Page 378: Uploading Firmware And Configuration Files
Choose the Xmodem protocol. Then click Send. After a successful restoration you will see the following screen. Press any key to restart the P-792H v2 and return to the SMT menu. Figure 209 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot.
Page 379: Configuration File Upload
Chapter 35 Firmware and Configuration File Maintenance When you telnet into the P-792H v2, you will see the following screens for uploading firmware and the configuration file using FTP. Figure 210 Menu 24.7.1: System Maintenance - Upload System Firmware Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1.
Page 380: Ftp File Upload Command From The Dos Prompt Example
Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “put” to transfer files from the computer to the P-792H v2, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the P-792H v2 and renames it “ras”.
Page 381: Tftp File Upload
(firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the P-792H v2). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter.
Page 382: Uploading Via Console Port
However, in the event of your network being down, uploading files is only possible with a direct connection to your P-792H v2 via the console port. Uploading files via the console port under normal conditions is not recommended since FTP or TFTP is faster.
Page 383: Example Xmodem Firmware Upload Using Hyperterminal
HyperTerminal Click Transfer, then Send File to display the following screen. Figure 214 Example Xmodem Upload After the firmware upload process has completed, the P-792H v2 will automatically restart. 35.5.10 Uploading Configuration File Via Console Port Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File.
Page 384: Example Xmodem Configuration Upload Using Hyperterminal
35.5.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 216 Example Xmodem Upload After the configuration upload process has completed, restart the P-792H v2 by entering “atgo”. P-792H v2 User’s Guide...
Page 385: Menus 24.8 To 24.11
Upload Firmware Command Interpreter Mode Call Control 10. Time and Date Setting 11. Remote Management 36.1.1 Command Syntax The command keywords are in courier new font. Enter the command keywords exactly as shown, do not abbreviate. P-792H v2 User’s Guide...
Page 386: Command Usage
The budget management function allows you to set a limit on the total outgoing call time of the P-792H v2 within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Page 387: Budget Management
This is the total connection time that has 5/10 means that 5 Total Budget gone by (within the allocated budget that minutes out of a total you set in menu 11.1). allocation of 10 minutes have lapsed. P-792H v2 User’s Guide...
Page 388: Time And Date Setting
Enter “0” to update the screen or press [ESC] to return to the previous screen. 36.3 Time and Date Setting The P-792H v2’s Real Time Chip (RTC) keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your P-792H v2.
Page 389 Chapter 36 Menus 24.8 to 24.11 Enter 10 to go to Menu 24.10 - System Maintenance - Time and Date Setting to update the time and date settings of your P-792H v2 as shown in the following screen. Figure 222 Menu 24.10: System Maintenance - Time and Date Setting Menu 24.10 - System Maintenance - Time and Date Setting...
Page 390 02 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Once you have filled in this menu, press [ENTER] at the message “Press ENTER to Confirm or ESC to Cancel“ to save your configuration, or press [ESC] to cancel. P-792H v2 User’s Guide...
Page 391: Remote Management
Secured Client The default 0.0.0.0 allows any client to use this service to remotely manage the P-792H v2. Enter an IP address to restrict access to a client with a matching IP address. Once you have filled in this menu, press [ENTER] at the message "Press ENTER to Confirm or ESC to Cancel"...
Page 392 You have disabled that service in menu 24.11. The IP address in the Secure Client IP field (menu 24.11) does not match the client IP address. If it does not match, the P-792H v2 will disconnect the session immediately. There is an SMT console session running.
Page 393: Schedule Setup
37.2 Schedule Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to look at the schedule sets in the P-792H v2. To open this menu, enter 26 in the main menu. Figure 224 Menu 26: Schedule Setup...
Page 394: Schedule Set Setup
This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to configure the schedule sets in the P-792H v2. To open this menu, enter the number of the schedule set in the Enter Schedule Set Number to Configure field, enter the name of the schedule set in the Edit Name field, and press [ENTER] in menu 26.
Page 395 Forced Down means that the connection is blocked whether or not there is a demand call on the line. Enable Dial-On-Demand means that this schedule permits a demand call on the line. Disable Dial-On-Demand means that this schedule prevents a demand call on the line. P-792H v2 User’s Guide...
Page 396 Chapter 37 Schedule Setup P-792H v2 User’s Guide...
Page 397: Troubleshooting
The P-792H v2 does not turn on. None of the LEDs turn on. Make sure the P-792H v2 is turned on. Make sure you are using the power adaptor or cord included with the P-792H v2. Make sure the power adaptor or cord is connected to the P-792H v2 and plugged in to an appropriate power source.
Page 398: P-792H V2 Access And Login
If you changed the IP address and have forgotten it, you might get the IP address of the P-792H v2 by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Page 399 [Caps Lock] is not on. You cannot log in to the web configurator while someone is using Telnet to access the P-792H v2. Log out of the P-792H v2 in the other session, or ask the person who is logged in to log out.
Page 400: Internet Access
Chapter 38 Troubleshooting I cannot Telnet to the P-792H v2. See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator. Ignore the suggestions about your browser. I cannot use FTP to upload / download the configuration file. / I cannot use FTP to upload new firmware.
Page 401: Network Connections
• If the DSL LED is off, there is no DSL connection. Check if your cables are connected properly to the P-792H v2. • If the DSL LED is blinking fast, the P-792H v2 is initializing the DSL line. If it keeps blinking for a long time, please reboot the device.
Page 402 Chapter 38 Troubleshooting P-792H v2 User’s Guide...
Page 403: Appendix A Product Specifications
Line Code: TC-PAM modulation Line Impedance: 135 W Connection Loops: 1 pair (2-wire) Operation 0º C ~ 40º C Temperature Storage Temperature -20º ~ 60º C Operation Humidity 20% ~ 90% RH Storage Humidity 20% ~ 95% RH P-792H v2 User’s Guide...
Page 404 PPP over Ethernet (RFC2516) VLAN base QoS (802.1P/Q) Internet Access NAT (includes multi-to-multi NAT) / SUA, 2048 NAT sessions Sharing Port restricted cone NAT SIP ALG pass-through NAT server (Port forwarding) Multi-NAT Dynamic DNS (www.dyndns.org) DHCP server/client/relay P-792H v2 User’s Guide...
Page 405 IKE/ Manual Key DES/3DES/AES Encryption (software) MD5/ SHA1 Authentication FQDN NETBIOS pass-through for IPSec IPSec VPN keep-alive IPSec NAT Traversal Diagnostics FLASH memory Capabilities (for the SDSL circuitry following circuitry) LAN port Others DNS Proxy UNIX syslog P-792H v2 User’s Guide...
Page 406 Configuration Backup & Make a copy of the P-792H v2’s configuration. You can put it Restoration back on the P-792H v2 later if you decide to revert back to an earlier configuration. Network Address Each computer on your network must have its own unique IP Translation (NAT) address.
Page 407 FEATURE DESCRIPTION Content Filter The P-792H v2 blocks or allows access to web sites that you specify and blocks access to web sites with URLs that contain keywords that you specify. You can define time periods and days during which content filtering is enabled. You can also include or exclude particular computers on your network from content filtering.
Page 408 Appendix A Product Specifications P-792H v2 User’s Guide...
Page 409: Appendix B Wall-Mounting Instructions
Make sure the screws are snugly fastened to the wall. They need to hold the weight of the P-792H v2 with the connection cables. Align the holes on the back of the P-792H v2 with the screws on the wall. Hang the P-792H v2 on the screws.
Page 410 Appendix B Wall-mounting Instructions P-792H v2 User’s Guide...
Page 411: Appendix C Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the P-792H v2’s LAN port. P-792H v2 User’s Guide...
Page 412 In the Network window, click Add. Select Adapter and then click Add. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: In the Network window, click Add. Select Protocol and then click Add. P-792H v2 User’s Guide...
Page 413 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 229 Windows 95/98/Me: TCP/IP Properties: IP Address P-792H v2 User’s Guide...
Page 414 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your P-792H v2 and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 415 Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 231 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT). Figure 232 Windows XP: Control Panel P-792H v2 User’s Guide...
Page 416 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 234 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). P-792H v2 User’s Guide...
Page 417 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-792H v2 User’s Guide...
Page 418 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-792H v2 User’s Guide...
Page 419: Windows Vista
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your P-792H v2 and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 420 Click the Start icon, Control Panel. Figure 238 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 239 Windows Vista: Control Panel Click Network and Sharing Center. Figure 240 Windows Vista: Network And Internet P-792H v2 User’s Guide...
Page 421 Figure 241 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 242 Windows Vista: Network and Sharing Center P-792H v2 User’s Guide...
Page 422 • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. P-792H v2 User’s Guide...
Page 423 Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. P-792H v2 User’s Guide...
Page 424 • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-792H v2 User’s Guide...
Page 425 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your P-792H v2 and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 426 Appendix C Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 247 Macintosh OS 8/9: Apple Menu P-792H v2 User’s Guide...
Page 427 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-792H v2 in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 428: Macintosh Os X
• Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 250 Macintosh OS X: Network For statically assigned settings, do the following: P-792H v2 User’s Guide...
Page 429 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-792H v2 in the Router address box. Click Apply Now and close the window.
Page 430 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 253 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab. P-792H v2 User’s Guide...
Page 431 • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The following figure shows an example. Figure 255 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet P-792H v2 User’s Guide...
Page 432 Figure 258 Red Hat 9.0: Restart Ethernet Card [root@localhost init.d]# network restart Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] P-792H v2 User’s Guide...
Page 433: Verifying Settings
Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# P-792H v2 User’s Guide...
Page 434 Appendix C Setting up Your Computer’s IP Address P-792H v2 User’s Guide...
Page 435: Appendix D Pop-Up Windows, Javascripts And Java Permissions
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 260 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-792H v2 User’s Guide...
Page 436 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-792H v2 User’s Guide...
Page 437 Select Settings…to open the Pop-up Blocker Settings screen. Figure 262 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-792H v2 User’s Guide...
Page 438 Figure 263 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-792H v2 User’s Guide...
Page 439 Figure 264 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-792H v2 User’s Guide...
Page 440: Java Permissions
Figure 265 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-792H v2 User’s Guide...
Page 441 Click OK to close the window. Figure 266 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-792H v2 User’s Guide...
Page 442 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 268 Mozilla Firefox: Tools > Options P-792H v2 User’s Guide...
Page 443 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 269 Mozilla Firefox Content Security P-792H v2 User’s Guide...
Page 444 Appendix D Pop-up Windows, JavaScripts and Java Permissions P-792H v2 User’s Guide...
Page 445: Appendix E Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-792H v2 User’s Guide...
Page 446 ID of an IP address (192.168.1.2 in decimal). Table 146 Subnet Masks OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-792H v2 User’s Guide...
Page 447 SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.2 3 bits – 2 P-792H v2 User’s Guide...
Page 448 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-792H v2 User’s Guide...
Page 449 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub-networks, A and B. Figure 272 Subnetting Example: After Subnetting P-792H v2 User’s Guide...
Page 450 Table 151 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 P-792H v2 User’s Guide...
Page 451 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 154 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS P-792H v2 User’s Guide...
Page 452 255.255.255.248 (/29) 8192 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP P-792H v2 User’s Guide...
Page 453 The subnet mask specifies the network number portion of an IP address. Your P- 792H v2 will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the P-792H v2 unless you are instructed to do otherwise.
Page 454 Appendix E IP Addresses and Subnetting P-792H v2 User’s Guide...
Page 455: Appendix F Services
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. P-792H v2 User’s Guide...
Page 456 IMAP4 The Internet Message Access Protocol is used for e-mail. IMAP4S This is a more secure version of IMAP4 that runs over SSL. TCP/UDP 6667 This is another popular Internet chat program. P-792H v2 User’s Guide...
Page 457 ROADRUNNER TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. RTELNET Remote Telnet. RTSP TCP/UDP The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. P-792H v2 User’s Guide...
Page 458 Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the user- application. defined P-792H v2 User’s Guide...
Page 459: Appendix G Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 460 • To comply with FCC RF exposure compliance requirements, a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons. 注意 ! 依據低功率電波輻射性電機管理辦法第十二條經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信規定作業之無線電信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 P-792H v2 User’s Guide...
Page 461: Zyxel Limited Warranty
This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser. P-792H v2 User’s Guide...
Page 462 To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http:// www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. P-792H v2 User’s Guide...
Page 463: Index
109, 110, 114 trusted 147, 150 administrator password call control call history alerts 67, 73, 82 firewalls certificates 145, 152 algorithm, certificates advantages MD5 fingerprint algorithm SHA1 fingerprint algorithms trusted 147, 150 alternative subnet mask notation example anti-probing P-792H v2 User’s Guide...
Page 464 DiffServ Code Point, see DSCP static route disclaimer wizard 64, 86, 91, 96, 232 configuration file DNS Server back up for VPN host back up using FTP Domain Name System, see DNS backing up using console port P-792H v2 User’s Guide...
Page 465 TCP/IP filter rule 27, 227 filters backing up configuration content for backing up configuration file activation for restoring configuration file example for upgrading firmware keywords limitations P-792H v2 User’s Guide...
Page 466 Internet Protocol Security, see IPSec alerts IP address e-mail 60, 64, 71, 78, 86, 97 default server error messages 104, 106 ping example private firewalls IP alias schedules and traffic redirect settings configuration NAT applications IP precedence IPSec P-792H v2 User’s Guide...
Page 467 64, 72, 79 72, 101, 102, 111, 112, 453 67, 74 activation packet statistics address mapping rules Packet Transfer Mode types passthrough, PPPoE 109, 110, 114 and filter set passwords applications P-792H v2 User’s Guide...
Page 468 DiffServ schedules DSCP 211, 213, 216 content filtering example firewalls logs IP precedence monitor 67, 74, 81 priority queue secure gateway address P-792H v2 User’s Guide...
Page 469 32, 37, 39 118, 129, 130, 131 Any IP time DSL connections TR-069 firewalls trademarks firmware version traffic priority 191, 200 traffic redirect packet statistics 76, 80 and IP alias and triangle route 102, 103 traffic shaping subnet P-792H v2 User’s Guide...
Page 470 26, 29 Virtual Local Area Network, see VLAN accessing Virtual Path Identifier, see VPI minimum requirements Virtual Private Network, see VPN passwords VLAN Wide Area Network, see WAN 802.1P priority 191, 200 wizard activation configuration example P-792H v2 User’s Guide...
Page 471 Index P-792H v2 User’s Guide...
Page 472 Index P-792H v2 User’s Guide...

This manual is also suitable for:

P-792h v2

ZyXEL Communications P-792H User Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Getting to Know Your P-792H V2

Chapter 2 Introducing the Web Configurator

Chapter 3 Status Screens

Chapter 4 Internet Setup Wizard

Chapter 5 Tutorial

Technical Reference

Part II: Technical Reference

Chapter 6 WAN Setup

Chapter 7 LAN Setup

Chapter 8 Network Address Translation (NAT)

Chapter 9 Firewalls

Chapter 10 Content Filtering

Chapter 11 Certificates

Chapter 12 VPN

Chapter 13 Static Route

Chapter 14 Q/1P

Chapter 15 Quality of Service (Qos)

Chapter 16 Dynamic DNS Setup

Chapter 17 Remote Management

Chapter 18 Universal Plug-And-Play (Upnp)

Chapter 19 System Settings

Chapter 20 Logs

Chapter 21 Tools

Chapter 22 Diagnostic

Chapter 23 Introducing the SMT

Chapter 24 General Setup

Chapter 25 WAN Setup

Chapter 26 LAN Setup

Chapter 27 Internet Access Setup

Chapter 28 Remote Node Setup

Chapter 29 Static Route Setup

Chapter 30 NAT Setup

Quick Links

Related Manuals for ZyXEL Communications P-792H

Summary of Contents for ZyXEL Communications P-792H