Page 1 P-79X Series G.SHDSL.bis Broadband Gateway Version 1.00 Edition 1, 03/2016 Quick Start Guide User’s Guide Default Login Details IP Address http://192.168.1.1 User Name admin, user www.zyxel.com Password 1234, user Copyright © 2016 ZyXEL Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Page 3: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................12 Getting To Know Your P-79X ........................13 Introducing the Web Configurator ......................19 Status Screens ............................25 Internet Setup Wizard ..........................31 Tutorials ..............................38 Technical Reference ..........................44 WAN Setup .............................45 WWAN ..............................65 LAN Setup ...............................74 Network Address Translation (NAT) ......................87 Firewalls ..............................99 URL Blocking ............................
Page 4: Table Of Contents
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................4 Part I: User’s Guide ..................12 Chapter 1 Getting To Know Your P-79X ......................13 1.1 Overview ............................13 1.1.1 High-speed Internet Access with G.SHDSL ................14 1.1.2 High-speed Point-to-point Connections ...................14 1.1.3 High-speed Point-to-2points Connections ................14 1.2 Ways to Manage the P-79X ......................15 1.3 Good Habits for Managing the P-79X ....................15...
Page 5 Table of Contents Chapter 4 Internet Setup Wizard .........................31 4.1 Overview ............................31 4.2 Internet Access Wizard Setup ......................31 4.2.1 Manual Configuration ......................33 Chapter 5 Tutorials ...............................38 5.1 Overview ............................38 5.2 Configuring Point-to-point Connection ....................38 5.2.1 Set Up the Server ........................38 5.2.2 Set Up the Client ........................39 5.2.3 Connect the P-79Xs ........................40 5.3 Configuring a Point-to-2points Connection ..................40...
Page 6 Table of Contents 6.7 Traffic Redirect ..........................61 6.8 Traffic Shaping ..........................62 6.8.1 ATM Traffic Classes .........................63 Chapter 7 WWAN ..............................65 7.1 Overview ............................65 7.1.1 What You Can Do in this Chapter ....................66 7.1.2 What You Need to Know ......................66 7.1.3 Before You Begin ........................67 7.2 The 3G WAN Setup Screen ......................67 7.3 Technical Reference ..........................69 Chapter 8...
Page 7 Table of Contents 9.4.1 The Address Mapping Rule Edit Screen .................93 9.5 The ALG Screen ..........................94 9.6 NAT Technical Reference ........................95 9.6.1 NAT Definitions ........................95 9.6.2 What NAT Does ........................96 9.6.3 How NAT Works ........................96 9.6.4 NAT Application ........................96 9.6.5 NAT Mapping Types ........................97 Chapter 10 Firewalls ..............................99 10.1 Overview ............................99...
Page 8 Table of Contents 12.2.1 Editing Protocol Filters ......................120 12.2.2 Configuring Protocol Filter Rules ..................121 12.2.3 Editing Generic Filters ......................123 12.2.4 Configuring Generic Packet Rules ..................124 12.3 Packet Filter Technical Reference ....................125 12.3.1 Filter Types and NAT ......................125 12.3.2 Firewall Versus Filters ......................126 Chapter 13 VPN ..............................128 13.1 Overview ............................128...
Page 9 Table of Contents Chapter 15 Static Route ............................157 15.1 Overview ............................157 15.2 The Static Route Screen .......................157 15.2.1 Static Route Edit ........................158 Chapter 16 802.1Q ..............................160 16.1 Overview ............................160 16.1.1 What You Can Do in the 802.1Q Screens ................160 16.1.2 What You Need to Know About 802.1Q ................160 16.1.3 802.1Q Example ........................161 16.2 The 802.1Q Group Setting Screen ....................163 16.2.1 Editing 802.1Q Group Setting ....................165...
Page 10 Table of Contents 19.2.1 Configuring the WWW Screen .....................183 19.3 The Telnet Screen .........................184 19.4 The SSH Screen ...........................184 19.5 The SNMP Screen ........................185 19.5.1 Supported MIBs ........................186 19.5.2 SNMP Traps ........................187 19.5.3 Configuring SNMP .......................187 19.6 The DNS Screen ..........................188 19.7 The ICMP Screen ..........................189 19.8 The CWMP Screen ........................190 Chapter 20...
Page 11 Table of Contents 23.1.2 What You Need To Know About Tools .................218 23.1.3 Before You Begin .........................219 23.1.4 Tool Examples ........................219 23.2 The Firmware Screen ........................224 23.3 The Configuration Screen ......................225 23.4 The Restart Screen ........................228 Chapter 24 Diagnostic ............................229 24.1 Overview ............................229 24.1.1 What You Can Do in the Diagnostic Screens ..............229 24.2 The General Diagnostic Screen ....................229...
Page 12: User's Guide
User’s Guide...
Page 13: Getting To Know Your P-79X
You can set up your P-793H v3 for high-speed Internet access or for high-speed point-to-point or point-to-2 points connections with other SHDSL models. The P-793H v3 can be used for either IP routing or bridging depending on your network configuration.
Page 14: High-Speed Internet Access With G.shdsl
Chapter 1 Getting To Know Your P-79X 1.1.1 High-speed Internet Access with G.SHDSL The P-79X provides high-speed G.SHDSL Internet access. The G.SHDSL (Single-pair High-speed Digital Subscriber Line) is a symmetrical, bi-directional DSL service that uses your telephone line to provide data rates up to 2.3 Mbits/sec. (The “G.” in “G.SHDSL” is defined by the G.991.2 ITU (International Telecommunication Union) state-of-the-art industry standard).
Page 15: Ways To Manage The P-79X
Chapter 1 Getting To Know Your P-79X Figure 3 Point-to-2points Connections with Your P-79X Note: See Chapter 5 on page 38 for more information on setting up point-to-point and point-to-2points connections. 1.2 Ways to Manage the P-79X Use any of the following methods to manage the P-79X. •...
Page 16: Leds
Green The P-793H v3 recognizes a USB connection through the USB slot. Blinking The P-793H v3 is sending/receiving data to /from the USB device connected to it. The P-793H v3 does not detect a USB connection through the USB slot.
Page 17 DESCRIPTION INTERNET Green The Internet connection is up, and the P-793H v3 has an IP address. (If the P-793H v3 uses RFC 1483 in bridge mode, this light does not turn on, but it does blink when the P- 793H v3 is sending/receiving data.) Blinking The P-793H v3 is sending/receiving data.
Page 18: The Reset Button
Chapter 1 Getting To Know Your P-79X Figure 6 P-791R v3 LEDs The following table describes the LEDs. Table 4 P-791R v3 LEDs COLOR STATUS DESCRIPTION POWER Green The P-791R v3 is receiving power and functioning properly. Blinking The P-791R v3 is rebooting or performing diagnostics. Power to the P-791R v3 is too low.
Page 19: Introducing The Web Configurator
See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. Note: This guide uses the P-793H v3 screens as an example. The screens may vary slightly for different models. 2.2 Accessing the Web Configurator Make sure your P-79X hardware is properly connected (refer to the Quick Start Guide).
Page 20 Chapter 2 Introducing the Web Configurator Figure 7 Login Screen The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply;...
Page 21: Web Configurator Main Screen
Chapter 2 Introducing the Web Configurator Figure 9 Select a Mode Note: For security reasons, the P-79X automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.3 Web Configurator Main Screen Figure 10 Main Screen As illustrated above, the main screen is divided into these parts: P-79X Series User’s Guide...
Page 22: Title Bar
Chapter 2 Introducing the Web Configurator • A - title bar • B - navigation panel • C - main window • D - status bar 2.3.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions.
Page 23 Chapter 2 Introducing the Web Configurator Table 6 Navigation Panel Summary LINK FUNCTION Address Use this screen to configure network address translation mapping rules. Mapping This screen appears when you choose Full Feature from the NAT > General screen. Use this screen to enable or disable SIP ALG. Security Firewall General...
Page 24: Main Window
Chapter 2 Introducing the Web Configurator Table 6 Navigation Panel Summary LINK FUNCTION Remote Use this screen to configure through which interface(s) and MGMT from which IP address(es) users can use HTTPS or HTTP to manage the P-79X. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the P-79X.
Page 25: Status Screens
H A PT ER Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information of client list, Any IP, VPN and packet statistics. 3.2 The Status Screen Use this screen to view the status of the P-79X.
Page 26 Chapter 3 Status Screens Table 7 Status Screen LABEL DESCRIPTION Host Name This field displays the P-79X system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field. Model Number This is the model name of your device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your P- 79X.
Page 27: Client List
Chapter 3 Status Screens Table 7 Status Screen LABEL DESCRIPTION CPU Usage This field displays what percentage of the P-79X’s processing ability is currently used. When this percentage is close to 100%, the P-79X is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using QoS;...
Page 28: Any Ip Table
Chapter 3 Status Screens 3.5 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the P-79X but is in a different subnet than the P-79X. Figure 12 Any IP Table Each field is described in the following table.
Page 29 Chapter 3 Status Screens Figure 13 Packet Statistics The following table describes the fields in this screen. Table 9 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your P-79X’s present date and time.
Page 30 Chapter 3 Status Screens Table 9 Packet Statistics (continued) LABEL DESCRIPTION Rx Errors This field displays the number of error packets received on this port. Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second.
Page 31: Internet Setup Wizard
H A PT ER Internet Setup Wizard 4.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 4.2 Internet Access Wizard Setup After you enter the password to access the web configurator, select Go to Wizard setup and click Apply.
Page 32 Chapter 4 Internet Setup Wizard Figure 15 Wizard Welcome Your P-79X attempts to detect your DSL connection and your connection type. The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard welcome screen. If you still cannot connect, click Manually configure your Internet connection.
Page 33: Manual Configuration
Chapter 4 Internet Setup Wizard Figure 17 Auto-Detection: PPPoE The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 4.2.1 on page 33 on how to manually configure the P-79X for Internet access.
Page 34 Chapter 4 Internet Setup Wizard Figure 19 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Transfer Mode Select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-79X uses the SHDSL technology for data transmission over the DSL port.
Page 35 Chapter 4 Internet Setup Wizard Table 10 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop-down list box either VC-based or LLC-based. Virtual Circuit VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
Page 36 Chapter 4 Internet Setup Wizard Internet Connection with PPPoE (continued) Table 11 LABEL DESCRIPTION Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Internet Connection with RFC 1483 Figure 21 The following table describes the fields in this screen.
Page 37 Chapter 4 Internet Setup Wizard Table 12 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION First DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Second DNS As above.
Page 38: Tutorials
H A PT ER Tutorials 5.1 Overview This chapter describes: • Configuring Point-to-point Connection, see page 38 • Configuring a Point-to-2points Connection, see page 40 Note: The tutorials featured in this chapter require a basic understanding of connecting to and using the Web Configurator on your P-79X. For details, see the included Quick Start Guide.
Page 39: Set Up The Client
Chapter 5 Tutorials Click Network > WAN > Internet Access Setup. Configure the Internet Access Setup screen as the following. Select ATM as the Transfer Mode. Select Bridge as the Mode. Configure the Multiplexing, Encapsulation, VPI, and VCI fields for the point-to-point connection.
Page 40: Connect The P-79Xs
Chapter 5 Tutorials Scroll down to the Service Type section. In the Service Mode field, select 2 wire, the same type of connection you selected for the server. In the Service Type field, select Client. The rest of the fields will be negotiated with the server. Click Apply. 5.2.3 Connect the P-79Xs Connect the DSL ports on the P-79Xs together, and wait while the P-79Xs automatically establish the connection.
Page 41: Set Up The Server
Chapter 5 Tutorials 5696/3200 Kpbs 2560/1280 Kpbs To set up the point-to-2 point connection between A, B and C you need to: Set up the Server. Set up the Clients. Connect the P-79Xs. 5.3.1 Set up the Server Log in to the server P-79X of Company A. Click Network >...
Page 42: Set Up The Clients
Chapter 5 Tutorials Figure 24 WAN > Internet Access Setup 5.3.2 Set up the Clients Log in to the client P-79X of branch office B. Click Network > WAN > Internet Access Setup. Select ATM as the Transfer Mode. Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server.
Page 43: Connect The P-79Xs
Chapter 5 Tutorials Figure 26 WAN > Internet Connection > Service Type of C 5.3.3 Connect the P-79Xs Connect the DSL ports on the P-79Xs together, and wait while the P-79Xs automatically establish the connection. Make sure that the Y-cable is connected to the proper DSL outlets. The Y-cable connector marked DSL1 must be connected to the outgoing DSL 1 telephone jack and the Y-cable connector marked DSL2 must be connected to the outgoing DSL 2 telephone jack.
Page 44: Technical Reference
Technical Reference...
Page 45: Wan Setup
H A PT ER WAN Setup 6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your P-79X for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Page 46: Before You Begin
Chapter 6 WAN Setup WAN IP Address The WAN IP address is an IP address for the P-79X, which makes it accessible from an outside network. It is used by the P-79X to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-79X tries to access the Internet.
Page 47 Chapter 6 WAN Setup Figure 28 Network > WAN >Internet Access Setup The following table describes the labels in this screen. Table 13 Network > WAN > Internet Access Setup LABEL DESCRIPTION General Transfer Mode Select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-79X uses the SHDSL technology for data transmission over the DSL port.
Page 48 Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Page 49 Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Subnet Mask This option is available if you select ENET ENCAP in the Encapsulation field. Enter a subnet mask in dotted decimal notation. Gateway IP This option is available if you select ENET ENCAP in the Encapsulation field.
Page 50: 2Wire-2Line Service Mode
Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Transfer Min Rate This field is enabled if Service Type is Server. Set the minimum rate at which (Kbps) the P-79X sends and receives information. The actual transfer rate will be between this value and the maximum transfer rate you configure.
Page 51: Advanced Internet Access Setup
Chapter 6 WAN Setup Table 14 2wire-2line Service Mode (continued) LABEL DESCRIPTION Enable Rate Indicate whether or not the P-79X can adjust the speed of its connection to Adaption that of the other device. Transfer Max Rate This field is enabled if Service Type is Server. Set the maximum rate at which (Kbps) the P-79X sends and receives information.
Page 52 Chapter 6 WAN Setup The following table describes the labels in this screen. Table 15 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast This section is not available when you configure the P-79X to be in bridge Setup mode.
Page 53: The More Connections Screen
Chapter 6 WAN Setup 6.3 The More Connections Screen The P-79X allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN > Internet Access Setup screen to set up Internet access, you are configuring the first WAN connection.
Page 54 Chapter 6 WAN Setup Figure 32 Network > WAN > More Connections: Edit The following table describes the labels in this screen. Table 17 Network > WAN > More Connections: Edit LABEL DESCRIPTION This is the index number of the WAN connections. General Active Select the check box to activate or clear the check box to deactivate this...
Page 55: Configuring More Connections Advanced Setup
Chapter 6 WAN Setup Table 17 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION Enter 802.1Q VLAN Specify a VLAN ID number. ID[1-4094] IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 56 Chapter 6 WAN Setup Figure 33 Network > WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen. Table 18 Network > WAN > More Connections: Edit: Advanced Setup LABEL DESCRIPTION RIP Setup This section is not available when you configure the P-79X to be in bridge mode.
Page 57: The Wan Backup Setup Screen
Chapter 6 WAN Setup Table 18 Network > WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION Generic Filter Select the generic filter(s) to control outgoing traffic. You may choose up to 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 119 for more details.
Page 58 Chapter 6 WAN Setup The following table describes the labels in this screen. Table 19 Network > Internet (WAN) > WAN Backup LABEL DESCRIPTION Backup Type Select the method that the P-79X uses to check the DSL connection. Select DSL Link to have the P-79X check if the connection to the DSLAM is up.
Page 59: Wan Technical Reference
Chapter 6 WAN Setup 6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The P-79X supports the following methods.
Page 60: Multiplexing
Chapter 6 WAN Setup 6.5.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc.
Page 61: Nailed-Up Connection (Ppp)
Chapter 6 WAN Setup 6.5.5 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The P-79X does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.
Page 62: Traffic Shaping
Chapter 6 WAN Setup Figure 35 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the P-79X itself as the gateway for each LAN network.
Page 63: Atm Traffic Classes
Chapter 6 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Page 64 Chapter 6 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers.
Page 65: Wwan
H A PT ER WWAN 7.1 Overview This chapter discusses the P-79X’s WWAN screens. Use these screens to configure your P-79X for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 66: What You Can Do In This Chapter
Chapter 7 WWAN 7.1.1 What You Can Do in this Chapter • Use the 3G WAN Setup screen to configure 3G WAN connection (Section 7.2 on page 67). Table 20 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION DSL LINK CONNECTION MODE ENCAPSULATION CONNECTION SETTINGS...
Page 67: Before You Begin
Chapter 7 WWAN WAN IP Address The WAN IP address is an IP address for the P-79X, which makes it accessible from an outside network. It is used by the P-79X to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-79X tries to access the Internet.
Page 68 Chapter 7 WWAN Note: This P-79X supports connecting one 3G dongle at a time. Figure 40 Internet Access Application: 3G WAN Use this screen to configure your 3G settings. Click Network > WWAN > 3G WAN Setup. Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on.
Page 69: Technical Reference
Chapter 7 WWAN Table 21 Network Setting > WWAN > 3G Backup (continued) LABEL DESCRIPTION A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card. If your ISP enabled PIN code authentication, enter the 4-digit PIN code (0000 for example) provided by your ISP.
Page 70 Chapter 7 WWAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 71 Chapter 7 WWAN Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Page 72 Chapter 7 WWAN The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers.
Page 73 Chapter 7 WWAN 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094. TPID User Priority VLAN ID 2 Bytes 3 Bits 1 Bit 12 Bits Multicast IP packets are transmitted in either one of two ways - Unicast (1 sender - 1 recipient) or Broadcast...
Page 74: Lan Setup
H A PT ER LAN Setup 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Page 75: Before You Begin
Chapter 8 LAN Setup Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your P-79X an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 76: The Advanced Lan Ip Setup Screen
Chapter 8 LAN Setup Enter an IP address into the IP Address field. The IP address must be in dotted decimal notation. This will become the IP address of your P-79X. Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered.
Page 77 Chapter 8 LAN Setup Figure 44 Network > LAN > IP: Advanced Setup The following table describes the labels in this screen. Table 23 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from Noneand Both. RIP Version Select the RIP version from RIP-1and RIP-2.
Page 78: The Dhcp Setup Screen
Chapter 8 LAN Setup Table 23 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION Allow between LAN Select this check box to forward NetBIOS packets from the LAN to the WAN and WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.
Page 79 Chapter 8 LAN Setup Figure 45 Network > LAN > DHCP Setup The following table describes the labels in this screen. Table 24 Network > LAN > DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your P-79X can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Page 80: The Client List Screen
Chapter 8 LAN Setup Table 24 Network > LAN > DHCP Setup LABEL DESCRIPTION First DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the P-79X's WAN IP address). Second DNS Server Select UserDefined if you have the IP address of a DNS server. Enter the Third DNS Server DNS server's IP address in the field to the right.
Page 81: The Ip Alias Screen
Chapter 8 LAN Setup The following table describes the labels in this screen. Table 25 Network > LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Page 82: Configuring The Lan Ip Alias Screen
Chapter 8 LAN Setup 8.5.1 Configuring the LAN IP Alias Screen Use this screen to change your P-79X’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 48 Network > LAN > IP Alias The following table describes the labels in this screen.
Page 83: Lan Technical Reference
Chapter 8 LAN Setup 8.6 LAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 8.6.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the P-79X ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Page 84: Lan Tcp/Ip
Chapter 8 LAN Setup • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The P-79X supports the IPCP DNS server extensions through the DNS proxy feature.
Page 85: Rip Setup
Chapter 8 LAN Setup • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 86 Chapter 8 LAN Setup The P-79X supports IGMP version 1 (IGMP-v1), IGMP version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). At start up, the P-79X queries all directly connected networks to gather group membership. After that, the P-79X periodically updates this information. IP multicasting can be enabled/disabled on the P-79X LAN and/or WAN interfaces in the web configurator (LAN;...
Page 87: Network Address Translation (Nat)
H A PT ER Network Address Translation (NAT) 9.1 Overview This chapter discusses how to configure NAT on the P-79X. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 88: The Nat General Setup Screen
Chapter 9 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Page 89: The Port Forwarding Screen
Chapter 9 Network Address Translation (NAT) Table 27 Network > NAT > General (continued) LABEL DESCRIPTION Max NAT/Firewall When computers use peer to peer applications, such as file sharing applications, Session Per User they need to establish NAT sessions. If you do not limit the number of NAT sessions a single client can establish, this can result in all of the available NAT sessions being used.
Page 90: Configuring The Port Forwarding Screen
Chapter 9 Network Address Translation (NAT) Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 91: The Port Forwarding Rule Edit Screen
Chapter 9 Network Address Translation (NAT) Table 28 Network > NAT > Port Forwarding LABEL DESCRIPTION Server IP Address Enter the IP address of the server for the specified service. Click this button to add a rule to the table below. This is the rule index number (read-only).
Page 92: The Address Mapping Screen
Chapter 9 Network Address Translation (NAT) Table 29 Network > NAT > Port Forwarding: Edit (continued) LABEL DESCRIPTION End Port Enter a port number in this field. To forward only one port, enter the port number again in the Start Port field above and then enter it again in this field.
Page 93: The Address Mapping Rule Edit Screen
Chapter 9 Network Address Translation (NAT) Table 30 Network > NAT > Address Mapping (continued) LABEL DESCRIPTION Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types.
Page 94: The Alg Screen
Chapter 9 Network Address Translation (NAT) The following table describes the fields in this screen. Table 31 Network > NAT > Address Mapping: Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. One-to-One: One-to-One mode maps one local IP address to one global IP address.
Page 95: Nat Technical Reference
Chapter 9 Network Address Translation (NAT) Figure 56 Network > NAT > ALG The following table describes the fields in this screen. Table 32 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to change the private ports or IP in SIP messages so that the VoIP client behind the P-79X can be found in RTP traffic.
Page 96: What Nat Does
Chapter 9 Network Address Translation (NAT) 9.6.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 97: Nat Mapping Types
Chapter 9 Network Address Translation (NAT) Figure 58 NAT Application With IP Alias 9.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the P-79X maps one local IP address to one global IP address.
Page 98 Chapter 9 Network Address Translation (NAT) The following table summarizes these types. Table 34 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1 IGA1 Many-to-One (SUA/PAT) ILA1 IGA1 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 …...
Page 99: Firewalls
HAPTER Firewalls 10.1 Overview This chapter shows you how to enable and configure the P-79X firewall. Use these screens to enable and configure the firewall that protects your P-79X and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 100: What You Need To Know About Firewall
Chapter 10 Firewalls 10.1.2 What You Need to Know About Firewall Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 101 Chapter 10 Firewalls Firewall Example: Rules In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 102 Chapter 10 Firewalls Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Firewall Example: Rules: MyService P-79X Series User’s Guide...
Page 103: The Firewall General Screen
Chapter 10 Firewalls 10.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 60 Security > Firewall > General The following table describes the labels in this screen. Table 35 Security >...
Page 104: The Firewall Rule Screen
Chapter 10 Firewalls 10.3 The Firewall Rule Screen Note: The ordering of your rules is very important as rules are applied in turn. Refer to Section 10.5 on page 110 for more information. Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules.
Page 105: Configuring Firewall Rules
Chapter 10 Firewalls Table 36 Security > Firewall > Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Page 106 Chapter 10 Firewalls Figure 62 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 37 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select whether to discard (Drop), deny and send Packet...
Page 107: The Firewall Threshold Screen
Chapter 10 Firewalls Table 37 Security > Firewall > Rules: Edit (continued) LABEL DESCRIPTION End IP Address Enter the ending IP address in a range here. Subnet Mask Enter the subnet mask here, if applicable. Add >> Click Add >> to add a new address to the Source or Destination Address box.
Page 108: Threshold Values
Chapter 10 Firewalls Figure 63 Three-Way Handshake For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack. 10.4.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices.
Page 109 Chapter 10 Firewalls Figure 64 Security > Firewall > Threshold The following table describes the labels in this screen. Table 38 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service The P-79X measures both the total number of existing half-open sessions and Thresholds the rate of session establishment attempts.
Page 110: Firewall Technical Reference
Chapter 10 Firewalls Table 38 Security > Firewall > Threshold (continued) LABEL DESCRIPTION TCP Maximum An unusually high number of half-open sessions with the same destination host Incomplete address could indicate that a DoS attack is being launched against the host. Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address.
Page 111: Guidelines For Enhancing Security With Your Firewall
Chapter 10 Firewalls • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the P-79X’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Page 112: Security Considerations
Chapter 10 Firewalls Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. 10.5.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the P-79X and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
Page 113: Url Blocking
HAPTER URL Blocking 11.1 Overview Internet content filtering allows you to block web sites based on keywords in the URL. Section 11.1.4 on page 113 for an example of setting up content filtering. 11.1.1 What You Can Do in the URL Blocking Screens •...
Page 114 Chapter 11 URL Blocking Click Apply. Security > Content Filter > Keyword: Example Bob’s son arrives home from school at four, while his parents arrive later, at about 7pm. So keyword blocking is enabled for these times on weekdays and not on the weekend when the parents are at home.
Page 115: The Keyword Screen
Chapter 11 URL Blocking The children can access the family computer in the living room, while only the parents use another computer in the study room. So keyword blocking is only needed on the family computer and the study computer can be excluded from keyword blocking. Bob’s home network is on the domain “192.168.1.xxx”.
Page 116: The Schedule Screen
Chapter 11 URL Blocking Figure 65 Security > URL Blocking > Keyword The following table describes the labels in this screen. Table 39 Security > URL Blocking > Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured contain these keywords in...
Page 117: The Trusted Screen
Chapter 11 URL Blocking Figure 66 Security > URL Blocking > Schedule The following table describes the labels in this screen. Table 40 Security > URL Blocking > Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 118 Chapter 11 URL Blocking Figure 67 Security > URL Blocking > Trusted The following table describes the labels in this screen. Table 41 Security > URL Blocking > Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 119: Packet Filter
HAPTER Packet Filter 12.1 Overview Your P-79X uses filters to decide whether to allow passage of traffic. This chapter discusses how to create and apply filters. 12.1.1 What You Can Do in the Packet Filter Screen Use the Packet Filter screens (Section 12.2 on page 119) to display the filter sets and configure the rules for protocol and generic filters.
Page 120: Editing Protocol Filters
Chapter 12 Packet Filter Figure 68 Security > Packet Filter The following table describes the labels in this screen. Table 42 Security > Packet Filter LABEL DESCRIPTION This field displays the index number of the filter set. Name Enter a name for the filter set. The text may consist of up to 16 letters, numerals and any printable character found on a typical English language keyboard.
Page 121: Configuring Protocol Filter Rules
Chapter 12 Packet Filter Figure 69 Security > Packet Filter > Edit (Protocol Filter) The following table describes the labels in this screen. Table 43 Security > Packet Filter > Edit (Protocol Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off.
Page 122 Chapter 12 Packet Filter Figure 70 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule The following table describes the labels in this screen. Table 44 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule LABEL DESCRIPTION Active Select the check box to enable the filter rule.
Page 123: Editing Generic Filters
Chapter 12 Packet Filter Table 44 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule (continued) LABEL DESCRIPTION More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. Select a logging option from the following: None –...
Page 124: Configuring Generic Packet Rules
Chapter 12 Packet Filter The following table describes the labels in this screen. Table 45 Security > Packet Filter > Edit (Generic Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn on or off a filter rule. Filter Type This field displays whether the filter type is a protocol filter or generic filter.
Page 125: Packet Filter Technical Reference
Chapter 12 Packet Filter Table 46 Security > Packet Filter > Edit (Generic Filter) > Edit Rule (continued) LABEL DESCRIPTION Value Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken.
Page 126: Firewall Versus Filters
Chapter 12 Packet Filter 12.3.2 Firewall Versus Filters Below are some comparisons between the P-79X’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed. •...
Page 127 Chapter 12 Packet Filter Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database.
Page 128: Vpn
HAPTER 13.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 129 Chapter 13 VPN Figure 75 VPN: IKE SA and IPSec SA IPSec SA Internet IKE SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Page 130: Before You Begin
Chapter 13 VPN Finding Out More Section 13.6 on page 139 for advanced technical information on IPSec VPN. 13.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. Note: This chapter is not available when you use the P-791R v3 device.
Page 131: The Vpn Edit Screen
Chapter 13 VPN The following table describes the fields in this screen. Table 47 Security > VPN > Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active.
Page 132 Chapter 13 VPN Figure 78 Security > VPN > Setup > Edit The following table describes the fields in this screen. Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall.
Page 133 Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode DNS Server (for If there is a private DNS server that services the VPN, type its IP address here.
Page 134 Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Local ID Type Select IP to identify this P-79X by its IP address. Select DNS to identify this P-79X by a domain name. Select E-mail to identify this P-79X by an e-mail address. Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field.
Page 135 Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Secure Gateway Type the WAN IP address or the URL (up to 31 characters) of the IPSec router Address with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Key Mode field must be set to IKE).
Page 136: Configuring Advanced Ike Settings
Chapter 13 VPN 13.4 Configuring Advanced IKE Settings Click Advanced Setup in the VPN Setup-Edit screen to open this screen. Figure 79 Security > VPN > Setup > Edit > Advanced Setup The following table describes the fields in this screen. Table 49 Security >...
Page 137 Chapter 13 VPN Table 49 Security > VPN > Setup > Edit > Advanced Setup (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Page 138: Viewing Sa Monitor
Chapter 13 VPN Table 49 Security > VPN > Setup > Edit > Advanced Setup (continued) LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data.
Page 139: Ipsec Vpn Technical Reference
Chapter 13 VPN Figure 80 Security > VPN > Monitor The following table describes the fields in this screen. Table 50 Security > VPN > Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Page 140: Ipsec And Nat
Chapter 13 VPN Figure 81 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 141: Vpn, Nat, And Nat Traversal
Chapter 13 VPN IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP packet's source address is the outbound address of the sending VPN gateway, and its destination address is the inbound address of the VPN device at the receiving end. When using ESP protocol with authentication, the packet contents (in this case, the entire original packet) are encrypted.
Page 142: Encapsulation
Chapter 13 VPN • Set the NAT router to forward UDP port 500 to IPSec router A. Finally, NAT is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the "original header plus original payload," which is unchanged by a NAT device. The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table.
Page 143: Ike Phases
Chapter 13 VPN tunnel with authentication and encryption. This is the most common mode of operation. Tunnel mode is required for gateway to gateway and host to gateway communications. Tunnel mode communications have two sets of IP headers: • Outside header: The outside IP header contains the destination IP address of the VPN gateway. •...
Page 144: Negotiation Mode
Chapter 13 VPN • Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The P-79X automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The P-79X also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, even if there is no traffic.
Page 145: Id Type And Content
Chapter 13 VPN Figure 85 VPN Host using Intranet DNS Server Example ISP DNS Servers 212.54.64.170 212.54.54.171 DNS:212.54.64.170 Remote 10.1.1.1/200 IPSec Router 212.54.64.171 Internet Intranet DNS 10.1.1.10 VPN DNS: 10.1.1.10 = VPN Tunnel 192.168.1.1/50 172.16.1.1/50 If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network.
Page 146: Id Type And Content Examples
Chapter 13 VPN Table 53 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= E-mail Type an e-mail address (up to 31 characters) by which to identify this P-79X. The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e- mail address.
Page 147: Pre-Shared Key
Chapter 13 VPN 13.6.10 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 13.6.5 on page 143 for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.
Page 148: Telecommuters Using Unique Vpn Rules Example
Chapter 13 VPN Table 57 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS Local IP Address: Telecommuter A: 192.168.2.12 192.168.1.10 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 192.168.1.10 0.0.0.0 (N/A) Address: 13.6.12.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
Page 149 Chapter 13 VPN Table 58 Telecommuters Using Unique VPN Rules Example (continued) TELECOMMUTERS HEADQUARTERS Telecommuter A (telecommutera.dydns.org) Headquarters P-79X Rule 1: Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Secure Gateway Address: telecommuter1.com Remote Address 192.168.2.12 Telecommuter B (telecommuterb.dydns.org)
Page 150: Certificates
HAPTER Certificates 14.1 Overview This chapter describes how your P-79X can use certificates as a means of authenticating clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 151: Verifying A Certificate
Chapter 14 Certificates Factory Default Certificate The P-79X generates its own unique self-signed certificate when you first turn it on. This certificate is referred to in the GUI as the factory default certificate. 14.1.2 Verifying a Certificate Before you import a trusted certificate into the P-79X, you should verify that you have the correct certificate.
Page 152: The Trusted Cas Screen
Chapter 14 Certificates Finding Out More Section 14.3 on page 155 for technical background information on certificates. 14.2 The Trusted CAs Screen This screen displays a summary list of certificates of the certification authorities that you have set the P-79X to accept as trusted. The P-79X accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 153: Trusted Ca Import
Chapter 14 Certificates 14.2.1 Trusted CA Import Follow the instructions in this screen to save a trusted certification authority’s certificate to the P- 79X. Click Security > Certificates to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen.
Page 154: Trusted Ca Details
Chapter 14 Certificates 14.2.2 Trusted CA Details Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the P-79X to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Click Security >...
Page 155: Certificates Technical Reference
Chapter 14 Certificates Table 61 Trusted CA Details (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
Page 156: Private-Public Certificates
Chapter 14 Certificates method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.
Page 157: Static Route
HAPTER Static Route 15.1 Overview The P-79X usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the P-79X send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the P-79X’s LAN interface.
Page 158: Static Route Edit
Chapter 15 Static Route Figure 95 Advanced > Static Route The following table describes the labels in this screen. Table 62 Advanced > Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field indicates whether the rule is active or not. Clear the check box to disable the rule.
Page 159 Chapter 15 Static Route Figure 96 Advanced > Static Route: Edit The following table describes the labels in this screen. Table 63 Advanced > Static Route: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
Page 160: Overview
HAPTER 802.1Q 16.1 Overview This chapter describes how to configure the 802.1Q settings. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. A VLAN group can be treated as an individual device. Each group can have its own rules about where and how to forward traffic.
Page 161: Q Example
16.1.3 802.1Q Example This example shows how to configure the 802.1Q settings on the P-79X. 802.1Q/1P Example P-793H v3 VoIP Network Internet - (PPPoE) LAN1 and LAN2 are connected to ATAs (Analogue Telephone Adapters) and used for VoIP traffic.
Page 162 Chapter 16 802.1Q To set a high priority for VoIP traffic, follow these steps. Click Advanced > 802.1Q > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1and LAN2. Click Apply. Advanced > 802.1Q/1P > Port Setting: Example Ports 3 and 4 are connected to desktop computers and are used for Internet traffic.
Page 163: The 802.1Q Group Setting Screen
Chapter 16 802.1Q Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q setup. 16.2 The 802.1Q Group Setting Screen Use this screen to activate 802.1Q and display the VLAN groups. Click Advanced > 802.1Q to display the following screen. P-79X Series User’s Guide...
Page 164 Chapter 16 802.1Q Figure 98 Advanced > 802.1Q > Group Setting The following table describes the labels in this screen. Table 64 Advanced > 802.1Q > Group Setting LABEL DESCRIPTION 802.1Q Active Select this check box to activate the 802.1Q feature. Management Vlan Enter the ID number of a VLAN group.
Page 165: Editing 802.1Q Group Setting
Chapter 16 802.1Q 16.2.1 Editing 802.1Q Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q screen, click the Edit button from the Modify filed to display the following screen. Figure 99 Advanced > 802.1Q > Group Setting > Edit The following table describes the labels in this screen.
Page 166 Chapter 16 802.1Q Figure 100 Advanced > 802.1Q > Port Setting The following table describes the labels in this screen. Table 66 Advanced > 802.1Q > Port Setting LABEL DESCRIPTION Ports This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port.
Page 167: Quality Of Service (Qos)
HAPTER Quality of Service (QoS) 17.1 Overview Use the QoS screens to set up your P-79X to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the P-79X to group and prioritize application traffic and fine-tune network performance.
Page 168: Qos Class Setup Example
Chapter 17 Quality of Service (QoS) Tagging and Marking In a QoS class, you can configure whether to add or change the DiffServ Code Point (DSCP) value, IEEE 802.1p priority level and VLAN ID number in a matched packet. When the packet passes through a compatible network, the networking device, such as a backbone switch, can provide specific treatment or service based on the tag or marker.
Page 169 Chapter 17 Quality of Service (QoS) Figure 103 QoS Class Example: VoIP -2 Figure 104 QoS Class Example: Boss -1 P-79X Series User’s Guide...
Page 170: The Qos General Screen
Chapter 17 Quality of Service (QoS) Figure 105 QoS Class Example: Boss -2 17.2 The QoS General Screen Use this screen to enable or disable QoS and have the P-79X automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length. Click Advanced >...
Page 171: The Class Setup Screen
Chapter 17 Quality of Service (QoS) The following table describes the labels in this screen. Table 67 Advanced > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the P-79X forwards out through the WAN interface.
Page 172: The Class Configuration Screen
Chapter 17 Quality of Service (QoS) Figure 107 Advanced > QoS > Class Setup The following table describes the labels in this screen. Table 68 Advanced > QoS > Class Setup LABEL DESCRIPTION Create a new Class Click Add to create a new classifier. This is the number of each classifier.
Page 173 Chapter 17 Quality of Service (QoS) Figure 108 Advanced > QoS > Class Setup: Edit Appendix F on page 279 for a list of commonly-used services. The following table describes the labels in this screen. Table 69 Advanced > QoS > Class Setup: Edit LABEL DESCRIPTION Class Configuration...
Page 174 Chapter 17 Quality of Service (QoS) Table 69 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Order This shows the ordering number of this classifier. Select an existing number for where you want to put this classifier and click Apply to move the classifier to the number you selected.
Page 175: Qos Technical Reference
Chapter 17 Quality of Service (QoS) Table 69 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Exclude Select this option to exclude the packets that match the specified criteria from this classifier. Others Service This field simplifies classifier configuration by allowing you to select a predefined application.
Page 176: Ip Precedence
Chapter 17 Quality of Service (QoS) IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p). Table 70 IEEE 802.1p Priority Level and Traffic Type PRIORITY TRAFFIC TYPE LEVEL...
Page 177: Automatic Priority Queue Assignment
Chapter 17 Quality of Service (QoS) The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
Page 178: Dynamic Dns Setup
HAPTER Dynamic DNS Setup 18.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 179 Chapter 18 Dynamic DNS Setup Figure 109 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 72 Advanced > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 180 Chapter 18 Dynamic DNS Setup Table 72 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click this to save your changes. Cancel Click this to restore your previously saved settings.
Page 181: Remote Management
HAPTER Remote Management 19.1 Overview Remote management allows you to determine which services/protocols can access which P-79X interface (if any) from which computers. The following figure shows remote management of the P-79X coming in from the WAN. Figure 110 Remote Management From the WAN HTTP Telnet Note: When you configure remote management to allow management from the WAN, you...
Page 182: What You Can Do In The Remote Management Screens
Chapter 19 Remote Management To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The P-79X automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
Page 183: The Www Screen
Chapter 19 Remote Management • Use the P-79X’s LAN IP address when configuring from the LAN. System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The P-79X automatically logs you out if the management session remains idle for longer than this timeout period.
Page 184: The Telnet Screen
Chapter 19 Remote Management Table 73 Advanced > Remote MGMT > WWW LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 19.3 The Telnet Screen You can use Telnet to access the P-79X’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come.
Page 185: The Snmp Screen
Chapter 19 Remote Management Click Advanced > Remote MGMT > SSH. The screen appears as shown. Figure 113 Advanced > Remote MGMT> SSH The following table describes the labels in this screen. Table 75 Advanced > Remote MGMT > SSH LABEL DESCRIPTION Port...
Page 186: Supported Mibs
Chapter 19 Remote Management Figure 114 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the P-79X). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 187: Snmp Traps
Chapter 19 Remote Management 19.5.2 SNMP Traps The P-79X will send traps to the SNMP manager when any one of the following events occurs: Table 76 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
Page 188: The Dns Screen
Chapter 19 Remote Management Table 77 Advanced > Remote MGMT > SNMP LABEL DESCRIPTION Access Status Select the interface(s) through which a computer may access the P-79X using this service. Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the P-79X using this service.
Page 189: The Icmp Screen
Chapter 19 Remote Management The following table describes the labels in this screen. Table 78 Advanced > Remote MGMT > DNS LABEL DESCRIPTION Port The DNS service port number is 53 and cannot be changed here. Access Status Select the interface(s) through which a computer may send DNS queries to the P- 79X.
Page 190: The Cwmp Screen
Chapter 19 Remote Management The following table describes the labels in this screen. Table 79 Advanced > Remote MGMT > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Page 191 Chapter 19 Remote Management Figure 118 Advanced > Remote MGMT > CWMP The following table describes the labels in this screen. Table 80 Advanced > Remote MGMT> CWMP LABEL DESCRIPTION Enable Select On for the P-79X to send periodic inform via TR-069 on the WAN. Otherwise, select Off.
Page 192: Universal Plug-And-Play (Upnp)
HAPTER Universal Plug-and-Play (UPnP) 20.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Page 193: The Upnp Screen
Chapter 20 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-79X allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention.
Page 194: Installing Upnp In Windows Example
Chapter 20 Universal Plug-and-Play (UPnP) 20.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows XP. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
Page 195: Using Upnp In Windows Xp Example
Chapter 20 Universal Plug-and-Play (UPnP) Networking Services Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 20.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the P-79X.
Page 196 Chapter 20 Universal Plug-and-Play (UPnP) Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings. P-79X Series User’s Guide...
Page 197 Chapter 20 Universal Plug-and-Play (UPnP) Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 198 Chapter 20 Universal Plug-and-Play (UPnP) System Tray Icon Double-click on the icon to display your current Internet connection status. Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-79X without finding out the IP address of the P-79X first.
Page 199 Chapter 20 Universal Plug-and-Play (UPnP) Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your P-79X and select Invoke. The web configurator login screen displays. P-79X Series User’s Guide...
Page 200 Chapter 20 Universal Plug-and-Play (UPnP) Network Connections: My Network Places Right-click on the icon for your P-79X and select Properties. A properties window displays with basic information about the P-79X. Network Connections: My Network Places: Properties: Example P-79X Series User’s Guide...
Page 201: System Settings
HAPTER System Settings 21.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 21.1.1 What You Can Do in the System Settings Screens • Use the General screen (Section 21.2 on page 201) to configure system settings.
Page 202 Chapter 21 System Settings Click Maintenance > System to open the General screen. Figure 120 Maintenance > System > General The following table describes the labels in this screen. Table 82 Maintenance > System > General LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes.
Page 203: The Time Setting Screen
Chapter 21 System Settings Table 82 Maintenance > System > General LABEL DESCRIPTION Type your new system password (up to 30 characters). Note that as you type a Password password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the P-79X.
Page 204 Chapter 21 System Settings Table 83 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Time and Date Setup Manual Select this radio button to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it.
Page 205 Chapter 21 System Settings Table 83 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
Page 206: Logs
HAPTER Logs 22.1 Overview This chapter contains information about configuring general log settings and viewing the P-79X’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the P- 79X log and then display the logs or have the P-79X send them to an administrator (as e-mail) or to a syslog server.
Page 207: The Log Settings Screen
Chapter 22 Logs Figure 122 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 84 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop- down list box.
Page 208 Chapter 22 Logs Figure 123 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 85 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Page 209: Smtp Error Messages
Chapter 22 Logs Table 85 Maintenance > Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full •...
Page 210: Example E-Mail Log
Chapter 22 Logs Table 86 SMTP Error Messages -7 means DATA fail -8 means mail data send fail 22.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 211 Chapter 22 Logs Table 87 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has logged on to the router's web configurator Successful WEB login interface. Someone has failed to log on to the router's web WEB login failed configurator interface. Someone has logged on to the router via telnet.
Page 212 Chapter 22 Logs Table 89 Access Control Logs LOG MESSAGE DESCRIPTION Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access Firewall default policy: [ TCP | matched the default policy and was blocked or UDP | IGMP | ESP | GRE | OSPF ] forwarded according to the default policy’s setting. <Packet Direction>...
Page 213 Chapter 22 Logs Table 91 Packet Filter Logs LOG MESSAGE DESCRIPTION Attempted access matched a configured filter rule (denoted [ TCP | UDP | ICMP | IGMP | by its set and rule number) and was blocked or forwarded Generic ] packet filter according to the rule.
Page 214 Chapter 22 Logs Table 94 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Internet Protocol Control Protocol stage is opening. ppp:IPCP Opening The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 95 UPnP Logs LOG MESSAGE...
Page 215 Chapter 22 Logs Table 97 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall classified a packet with no source routing entry as an ip spoofing - no routing IP spoofing attack. entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified an ICMP packet with no source routing ip spoofing - no routing entry as an IP spoofing attack.
Page 216 Chapter 22 Logs Table 100 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...
Page 217 Chapter 22 Logs Table 101 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as <Facility*8 + Severity>Mon dd the system name if you haven’t configured one) when the hr:mm:ss hostname router generates a syslog. The facility is defined in the src="<srcIP:srcPort>"...
Page 218: Tools
HAPTER Tools 23.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your P- 79X. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer. That way if you later misconfigure the device, you can upload the backed up configuration file to return to your previous settings.
Page 219: Before You Begin
Chapter 23 Tools This is a sample FTP session saving the current configuration to the computer file “config.cfg”. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the P-79X only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use.
Page 220 Chapter 23 Tools Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. Restore Using FTP Session Example Figure 125 Restore Using FTP Session Example ftp>...
Page 221: Ftp Session Example Of Firmware File Upload
Chapter 23 Tools FTP Session Example of Firmware File Upload Figure 126 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 222 Chapter 23 Tools Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device).
Page 223 Chapter 23 Tools Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 104 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Page 224: The Firmware Screen
Chapter 23 Tools where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the P-79X IP address, “get” transfers the file source on the P-79X (rom-0, name of the configuration file on the P-79X) to the file destination on the computer and renames it config.rom. Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients.
Page 225: The Configuration Screen
Chapter 23 Tools The following table describes the labels in this screen. Table 106 Maintenance > Tools > Firmware LABEL DESCRIPTION Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Choose File to find it.
Page 226 Chapter 23 Tools Figure 131 Maintenance > Tools > Configuration Backup Configuration Backup Configuration allows you to back up (save) the P-79X’s current configuration to a file on your computer. Once your P-79X is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 227 Chapter 23 Tools Figure 132 Configuration Upload Successful The P-79X automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 133 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.1).
Page 228: The Restart Screen
Chapter 23 Tools You can also press the RESET button on the rear panel to reset the factory defaults of your P-79X. Refer to Section 1.5 on page 18 for more information on the RESET button. 23.4 The Restart Screen System restart allows you to reboot the P-79X remotely without turning the power off.
Page 229: Diagnostic
HAPTER Diagnostic 24.1 Overview These read-only screens display information to help you identify problems with the P-79X. 24.1.1 What You Can Do in the Diagnostic Screens • Use the General screen (Section 24.2 on page 229) to ping an IP address. •...
Page 230: The Dsl Line Diagnostic Screen
Chapter 24 Diagnostic The following table describes the fields in this screen. Table 108 Maintenance > Diagnostic > General LABEL DESCRIPTION TCP/IP Type the IP address of a computer or the URL that you want to ping in order to test Address a connection.
Page 231 Chapter 24 Diagnostic The following table describes the fields in this screen. Table 109 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION DSL Line Status Click this to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the P-79X from the ISP).
Page 232: Troubleshooting
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • P-79X Access and Login • Internet Access • Network Connections 25.1 Power, Hardware Connections, and LEDs The P-79X does not turn on.
Page 233: P-79X Access And Login
Chapter 25 Troubleshooting 25.2 P-79X Access and Login I forgot the IP address for the P-79X. The default IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the P-79X by looking up the IP address of the default gateway for your computer.
Page 234: Internet Access
Chapter 25 Troubleshooting If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the P-79X using another service, such as Telnet. If you can access the P-79X, check the remote management settings and firewall rules to find out why the P-79X does not respond to HTTP.
Page 235: Network Connections
Chapter 25 Troubleshooting Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page Make sure you entered your ISP account information correctly in the wizard. These fields are case- sensitive, so make sure [Caps Lock] is not on.
Page 236 Chapter 25 Troubleshooting • If the DSL LEDs are off, there is no DSL connection. Check if your cables are connected properly to the P-79X. • If the DSL LEDs are blinking fast, the P-79X is initializing the DSL line. If they keeps blinking for a long time, please reboot the device.
Page 237: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 238 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com/tw/zh/ Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de P-79X Series User’s Guide...
Page 239 • http://www.zyxel.by Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech Republic • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 240 • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Communications ES Ltd • http://www.zyxel.es Sweden • ZyXEL Communications P-79X Series User’s Guide...
Page 241 Appendix A Customer Support • http://www.zyxel.se Switzerland • Studerus AG • http://www.zyxel.ch/ Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Brazil •...
Page 242 Appendix A Customer Support • http://www.zyxel.com/me/en/ North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za P-79X Series User’s Guide...
Page 243: Appendix B Wall-Mounting Instructions
PP EN D I X Wall-mounting Instructions Do the following to hang your P-79X on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. Locate a high position on a wall that is free of obstructions. Use a sturdy wall. Drill two holes for the screws.
Page 244: Appendix C Setting Up Your Computer's Ip Address
PP EN D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 245 Appendix C Setting up Your Computer’s IP Address Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
Page 246 Appendix C Setting up Your Computer’s IP Address Figure 141 Windows 95/98/Me: TCP/IP Properties: IP Address Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 247 Appendix C Setting up Your Computer’s IP Address • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
Page 248 Appendix C Setting up Your Computer’s IP Address Figure 144 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 145 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. P-79X Series User’s Guide...
Page 249 Appendix C Setting up Your Computer’s IP Address Figure 146 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. •...
Page 250 Appendix C Setting up Your Computer’s IP Address If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 251 Appendix C Setting up Your Computer’s IP Address Figure 149 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 252 Appendix C Setting up Your Computer’s IP Address Figure 150 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 151 Windows Vista: Control Panel Click Network and Sharing Center. Figure 152 Windows Vista: Network And Internet Click Manage network connections.
Page 253 Appendix C Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 154 Windows Vista: Network and Sharing Center Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Page 254 Appendix C Setting up Your Computer’s IP Address • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 156 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 255 Appendix C Setting up Your Computer’s IP Address Figure 157 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 256 Appendix C Setting up Your Computer’s IP Address Figure 158 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. Close the Network Connections window.
Page 257 Appendix C Setting up Your Computer’s IP Address Figure 159 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 160 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: P-79X Series User’s Guide...
Page 258 Appendix C Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-79X in the Router address box. Close the TCP/IP Control Panel.
Page 259 Appendix C Setting up Your Computer’s IP Address Figure 162 Macintosh OS X: Network For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 260 Appendix C Setting up Your Computer’s IP Address Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 261 Appendix C Setting up Your Computer’s IP Address If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 165 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab.
Page 262: Verifying Settings
Appendix C Setting up Your Computer’s IP Address Figure 167 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the BOOTPROTO= field. Type IPADDR= followed static by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask.
Page 263 Appendix C Setting up Your Computer’s IP Address Figure 171 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
Page 264: Appendix D Pop-Up Windows, Javascript And Java Permissions
PP EN D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 265 Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 173 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 266 Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 174 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 175 Pop-up Blocker Settings P-79X Series User’s Guide...
Page 267 Appendix D Pop-up Windows, JavaScript and Java Permissions Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 268 Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 177 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Page 269 Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 178 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window.
Page 270 Appendix D Pop-up Windows, JavaScript and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps below apply to Mozilla Firefox 3.0 as well. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 271: Appendix E Ip Addresses And Subnetting
PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 272: Subnet Masks
Appendix E IP Addresses and Subnetting Figure 182 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 273 Appendix E IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 111 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 274 Appendix E IP Addresses and Subnetting Table 113 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 275 Appendix E IP Addresses and Subnetting Figure 184 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 276 Appendix E IP Addresses and Subnetting Table 115 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 116 Subnet 3...
Page 277 Appendix E IP Addresses and Subnetting Table 118 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 119 24-bit Network Number Subnet Planning NO.
Page 278 Appendix E IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Page 279: Appendix F Services
P P EN D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 280 Appendix F Services Table 121 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 281 Appendix F Services Table 121 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NEW-ICQ 5190 An Internet chat program. NEWS A protocol for news groups. 2049 Network File System - NFS is a client/ server distributed file service that provides transparent file sharing for network environments.
Page 282 Appendix F Services Table 121 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP 1900 The Simple Service Discovery Protocol...
Page 283: Appendix G Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 284: European Union
Appendix G Legal Information EUROPEAN UNION The following information applies if you use the product within the European Union. List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Liechtenstein Belgium Lithuania Bulgaria Luxembourg Croatia Malta...
Page 285 Appendix G Legal Information ErP (Energy-related Products) ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied regulation requirements which are: Network standby power consumption <...
Page 286 Appendix G Legal Information Environmental Product Declaration P-79X Series User’s Guide...
Page 287: Zyxel Limited Warranty
Appendix G Legal Information 台灣安全警告為了您的安全，請先閱讀以下警告及指示 : • 請勿將此產品接近水、火焰或放置在高溫的環境。 • 避免設備接觸任何液體 - 切勿讓設備接觸水、雨水、高濕度、污水腐蝕性的液體或其他水份。 • 灰塵及污物 - 切勿接觸灰塵、污物、沙土、食物或其他不合適的材料。 • 雷雨天氣時，不要安裝，使用或維修此設備。有遭受電擊的風險。 • 切勿重摔或撞擊設備，並勿使用不正確的電源變壓器。 • 若接上不正確的電源變壓器會有爆炸的風險。 • 請勿隨意更換產品內的電池。 • 如果更換不正確之電池型式，會有爆炸的風險，請依製造商說明書處理使用過之電池。 • 請將廢電池丟棄在適當的電器或電子設備回收處。 • 請勿將設備解體。 • 請勿阻礙設備的散熱孔，空氣對流不足將會造成設備損害。 • 請插在正確的電壓供給插座 ( 如 : 北美 / 台灣電壓 110V AC，歐洲是 230V AC)。 •...
Page 288: Index
Index Index Any IP Numerics status applications 802.1Q/1P high-speed Internet access activation point-to-point connections example applications, NAT group settings management VLAN port settings PVID tagging frames 160, 165 backup configuration 222, 223, 226 activation backup type 802.1Q/1P bandwidth management classifiers Broadband content filtering broadcast...
Page 289 Index certifications customer support viewing Change Password screen Class of Service, see CoS classifiers default password 802.1Q tags default server, NAT 89, 90 activation default URL configuration Denials of Service, see DoS creation DSCP 174, 175 DHCP 75, 79, 83, 201 priority diagnostic Differentiated Services, see DiffServ...
Page 290 Index Encapsulation packet direction packet filtering PPP over Ethernet rules 104, 110 schedules encapsulation 45, 48, 54, 66, 142 security ENET ENCAP status PPPoE three-way handshake RFC 1483 59, 70 firmware ENET ENCAP 218, 224 48, 54, 59 upgrading version exporting forwarding ports 88, 89...
Page 291 Index IANA keep alive Internet Assigned Numbers Authority see IANA ICMP 100, 189, 190 ID type and content IEEE 802.1Q client list IGMP DHCP 46, 73, 75, 77, 85 75, 79, 83 version 75, 79, 83 IGMP IKE phases 75, 85 IP address 74, 75, 84 IP alias...
Page 292 Index good habits IPSec using FTP. See FTP. local using SMT. See SMT. outside using SNMP. See SNMP. using Telnet. See command interface. packet filtering using the command interface. See command port forwarding 88, 89 interface. activation using the web configurator. See web configurator. configuration using TR-069.
Page 293 Index packet statistics DiffServ DSCP Packet Transfer Mode 174, 175, 176 example passwords administrator IP precedence users priority queue Peak Cell Rate (PCR) Quality of Service, see QoS Quick Start Guide point-to-point connections 14, 38, 40 procedure 38, 41 policy route and metric port forwarding 88, 89...
Page 294 Index Select Mode screen name passwords Session Initiation Protocol, see SIP administrator setup users classifiers restoring configuration DHCP status 22, 25 firewalls 103, 105, 108 firewalls IP alias logs packet filtering 121, 124 time port forwarding System Management Terminal SNMP see SMT static route wizard...
Page 295 Index VLAN ID SHA1 fingerprint VLAN Identifier See VID tunnel mode VLAN tag 48, 60 established in two phases IPSec security associations (SA) see also IKE SA, IPSec SA unicast 46, 73 Universal Plug and Play, see UPnP upgrading firmware 220, 224 UPnP activation...
Page 296 Index P-79X Series User’s Guide...
Page 297 Index P-79X Series User’s Guide...

This manual is also suitable for:

P-792h v3 P-791r v3

ZyXEL Communications P-793H v3 User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Getting to Know Your P-79X

Chapter 2 Introducing the Web Configurator

Chapter 3 Status Screens

Chapter 4 Internet Setup Wizard

Chapter 5 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 6 WAN Setup

Chapter 7 WWAN

Chapter 8 LAN Setup

Chapter 9 Network Address Translation (NAT)

Chapter 10 Firewalls

Chapter 11 URL Blocking

Chapter 12 Packet Filter

Chapter 13 VPN

Chapter 14 Certificates

Chapter 15 Static Route

Chapter 16 802.1Q

Chapter 17 Quality of Service (Qos)

Chapter 18 Dynamic DNS Setup

Chapter 19 Remote Management

Chapter 20 Universal Plug-And-Play (Upnp)

Chapter 21 System Settings

Chapter 22 Logs

Chapter 23 Tools

Chapter 24 Diagnostic

Chapter 25 Troubleshooting

Appendix A Customer Support

Appendix B Wall-Mounting Instructions

Appendix C Setting up Your Computer's IP Address

Appendix D Pop-Up Windows, Javascript and Java Permissions

Appendix E IP Addresses and Subnetting

Appendix F Services

Appendix G Legal Information

Quick Links

Related Manuals for ZyXEL Communications P-793H v3

Summary of Contents for ZyXEL Communications P-793H v3