Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................4 Part I: User’s Guide ..................12 Chapter 1 Getting To Know Your P-79X ......................13 1.1 Overview ............................13 1.1.1 High-speed Internet Access with G.SHDSL ................14 1.1.2 High-speed Point-to-point Connections ...................14 1.1.3 High-speed Point-to-2points Connections ................14 1.2 Ways to Manage the P-79X ......................15 1.3 Good Habits for Managing the P-79X ....................15...
Page 5
Table of Contents Chapter 4 Internet Setup Wizard .........................31 4.1 Overview ............................31 4.2 Internet Access Wizard Setup ......................31 4.2.1 Manual Configuration ......................33 Chapter 5 Tutorials ...............................38 5.1 Overview ............................38 5.2 Configuring Point-to-point Connection ....................38 5.2.1 Set Up the Server ........................38 5.2.2 Set Up the Client ........................39 5.2.3 Connect the P-79Xs ........................40 5.3 Configuring a Point-to-2points Connection ..................40...
Page 6
Table of Contents 6.7 Traffic Redirect ..........................61 6.8 Traffic Shaping ..........................62 6.8.1 ATM Traffic Classes .........................63 Chapter 7 WWAN ..............................65 7.1 Overview ............................65 7.1.1 What You Can Do in this Chapter ....................66 7.1.2 What You Need to Know ......................66 7.1.3 Before You Begin ........................67 7.2 The 3G WAN Setup Screen ......................67 7.3 Technical Reference ..........................69 Chapter 8...
Page 7
Table of Contents 9.4.1 The Address Mapping Rule Edit Screen .................93 9.5 The ALG Screen ..........................94 9.6 NAT Technical Reference ........................95 9.6.1 NAT Definitions ........................95 9.6.2 What NAT Does ........................96 9.6.3 How NAT Works ........................96 9.6.4 NAT Application ........................96 9.6.5 NAT Mapping Types ........................97 Chapter 10 Firewalls ..............................99 10.1 Overview ............................99...
Page 9
Table of Contents Chapter 15 Static Route ............................157 15.1 Overview ............................157 15.2 The Static Route Screen .......................157 15.2.1 Static Route Edit ........................158 Chapter 16 802.1Q ..............................160 16.1 Overview ............................160 16.1.1 What You Can Do in the 802.1Q Screens ................160 16.1.2 What You Need to Know About 802.1Q ................160 16.1.3 802.1Q Example ........................161 16.2 The 802.1Q Group Setting Screen ....................163 16.2.1 Editing 802.1Q Group Setting ....................165...
Page 10
Table of Contents 19.2.1 Configuring the WWW Screen .....................183 19.3 The Telnet Screen .........................184 19.4 The SSH Screen ...........................184 19.5 The SNMP Screen ........................185 19.5.1 Supported MIBs ........................186 19.5.2 SNMP Traps ........................187 19.5.3 Configuring SNMP .......................187 19.6 The DNS Screen ..........................188 19.7 The ICMP Screen ..........................189 19.8 The CWMP Screen ........................190 Chapter 20...
Page 11
Table of Contents 23.1.2 What You Need To Know About Tools .................218 23.1.3 Before You Begin .........................219 23.1.4 Tool Examples ........................219 23.2 The Firmware Screen ........................224 23.3 The Configuration Screen ......................225 23.4 The Restart Screen ........................228 Chapter 24 Diagnostic ............................229 24.1 Overview ............................229 24.1.1 What You Can Do in the Diagnostic Screens ..............229 24.2 The General Diagnostic Screen ....................229...
You can set up your P-793H v3 for high-speed Internet access or for high-speed point-to-point or point-to-2 points connections with other SHDSL models. The P-793H v3 can be used for either IP routing or bridging depending on your network configuration.
Chapter 1 Getting To Know Your P-79X 1.1.1 High-speed Internet Access with G.SHDSL The P-79X provides high-speed G.SHDSL Internet access. The G.SHDSL (Single-pair High-speed Digital Subscriber Line) is a symmetrical, bi-directional DSL service that uses your telephone line to provide data rates up to 2.3 Mbits/sec. (The “G.” in “G.SHDSL” is defined by the G.991.2 ITU (International Telecommunication Union) state-of-the-art industry standard).
Chapter 1 Getting To Know Your P-79X Figure 3 Point-to-2points Connections with Your P-79X Note: See Chapter 5 on page 38 for more information on setting up point-to-point and point-to-2points connections. 1.2 Ways to Manage the P-79X Use any of the following methods to manage the P-79X. •...
Green The P-793H v3 recognizes a USB connection through the USB slot. Blinking The P-793H v3 is sending/receiving data to /from the USB device connected to it. The P-793H v3 does not detect a USB connection through the USB slot.
Page 17
DESCRIPTION INTERNET Green The Internet connection is up, and the P-793H v3 has an IP address. (If the P-793H v3 uses RFC 1483 in bridge mode, this light does not turn on, but it does blink when the P- 793H v3 is sending/receiving data.) Blinking The P-793H v3 is sending/receiving data.
Chapter 1 Getting To Know Your P-79X Figure 6 P-791R v3 LEDs The following table describes the LEDs. Table 4 P-791R v3 LEDs COLOR STATUS DESCRIPTION POWER Green The P-791R v3 is receiving power and functioning properly. Blinking The P-791R v3 is rebooting or performing diagnostics. Power to the P-791R v3 is too low.
See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. Note: This guide uses the P-793H v3 screens as an example. The screens may vary slightly for different models. 2.2 Accessing the Web Configurator Make sure your P-79X hardware is properly connected (refer to the Quick Start Guide).
Page 20
Chapter 2 Introducing the Web Configurator Figure 7 Login Screen The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply;...
Chapter 2 Introducing the Web Configurator Figure 9 Select a Mode Note: For security reasons, the P-79X automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 2.3 Web Configurator Main Screen Figure 10 Main Screen As illustrated above, the main screen is divided into these parts: P-79X Series User’s Guide...
Chapter 2 Introducing the Web Configurator • A - title bar • B - navigation panel • C - main window • D - status bar 2.3.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions.
Page 23
Chapter 2 Introducing the Web Configurator Table 6 Navigation Panel Summary LINK FUNCTION Address Use this screen to configure network address translation mapping rules. Mapping This screen appears when you choose Full Feature from the NAT > General screen. Use this screen to enable or disable SIP ALG. Security Firewall General...
Chapter 2 Introducing the Web Configurator Table 6 Navigation Panel Summary LINK FUNCTION Remote Use this screen to configure through which interface(s) and MGMT from which IP address(es) users can use HTTPS or HTTP to manage the P-79X. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the P-79X.
H A PT ER Status Screens 3.1 Overview Use the Status screens to look at the current status of the device, system resources, and interfaces (LAN and WAN). The Status screen also provides detailed information of client list, Any IP, VPN and packet statistics. 3.2 The Status Screen Use this screen to view the status of the P-79X.
Page 26
Chapter 3 Status Screens Table 7 Status Screen LABEL DESCRIPTION Host Name This field displays the P-79X system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field. Model Number This is the model name of your device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your P- 79X.
Chapter 3 Status Screens Table 7 Status Screen LABEL DESCRIPTION CPU Usage This field displays what percentage of the P-79X’s processing ability is currently used. When this percentage is close to 100%, the P-79X is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using QoS;...
Chapter 3 Status Screens 3.5 Any IP Table Click Status > AnyIP Table to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the P-79X but is in a different subnet than the P-79X. Figure 12 Any IP Table Each field is described in the following table.
Page 29
Chapter 3 Status Screens Figure 13 Packet Statistics The following table describes the fields in this screen. Table 9 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your P-79X’s present date and time.
Page 30
Chapter 3 Status Screens Table 9 Packet Statistics (continued) LABEL DESCRIPTION Rx Errors This field displays the number of error packets received on this port. Tx B/s This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second.
H A PT ER Internet Setup Wizard 4.1 Overview Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 4.2 Internet Access Wizard Setup After you enter the password to access the web configurator, select Go to Wizard setup and click Apply.
Page 32
Chapter 4 Internet Setup Wizard Figure 15 Wizard Welcome Your P-79X attempts to detect your DSL connection and your connection type. The following screen appears if a connection is not detected. Check your hardware connections and click Restart the INTERNET SETUP Wizard to return to the wizard welcome screen. If you still cannot connect, click Manually configure your Internet connection.
Chapter 4 Internet Setup Wizard Figure 17 Auto-Detection: PPPoE The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 4.2.1 on page 33 on how to manually configure the P-79X for Internet access.
Page 34
Chapter 4 Internet Setup Wizard Figure 19 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 10 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Transfer Mode Select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-79X uses the SHDSL technology for data transmission over the DSL port.
Page 35
Chapter 4 Internet Setup Wizard Table 10 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Multiplexing Select the multiplexing method used by your ISP from the Multiplex drop-down list box either VC-based or LLC-based. Virtual Circuit VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
Page 36
Chapter 4 Internet Setup Wizard Internet Connection with PPPoE (continued) Table 11 LABEL DESCRIPTION Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Exit Click this to close the wizard screen without saving. Internet Connection with RFC 1483 Figure 21 The following table describes the fields in this screen.
Page 37
Chapter 4 Internet Setup Wizard Table 12 Internet Connection with RFC 1483 (continued) LABEL DESCRIPTION First DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Second DNS As above.
H A PT ER Tutorials 5.1 Overview This chapter describes: • Configuring Point-to-point Connection, see page 38 • Configuring a Point-to-2points Connection, see page 40 Note: The tutorials featured in this chapter require a basic understanding of connecting to and using the Web Configurator on your P-79X. For details, see the included Quick Start Guide.
Chapter 5 Tutorials Click Network > WAN > Internet Access Setup. Configure the Internet Access Setup screen as the following. Select ATM as the Transfer Mode. Select Bridge as the Mode. Configure the Multiplexing, Encapsulation, VPI, and VCI fields for the point-to-point connection.
Chapter 5 Tutorials Scroll down to the Service Type section. In the Service Mode field, select 2 wire, the same type of connection you selected for the server. In the Service Type field, select Client. The rest of the fields will be negotiated with the server. Click Apply. 5.2.3 Connect the P-79Xs Connect the DSL ports on the P-79Xs together, and wait while the P-79Xs automatically establish the connection.
Chapter 5 Tutorials 5696/3200 Kpbs 2560/1280 Kpbs To set up the point-to-2 point connection between A, B and C you need to: Set up the Server. Set up the Clients. Connect the P-79Xs. 5.3.1 Set up the Server Log in to the server P-79X of Company A. Click Network >...
Chapter 5 Tutorials Figure 24 WAN > Internet Access Setup 5.3.2 Set up the Clients Log in to the client P-79X of branch office B. Click Network > WAN > Internet Access Setup. Select ATM as the Transfer Mode. Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server.
Chapter 5 Tutorials Figure 26 WAN > Internet Connection > Service Type of C 5.3.3 Connect the P-79Xs Connect the DSL ports on the P-79Xs together, and wait while the P-79Xs automatically establish the connection. Make sure that the Y-cable is connected to the proper DSL outlets. The Y-cable connector marked DSL1 must be connected to the outgoing DSL 1 telephone jack and the Y-cable connector marked DSL2 must be connected to the outgoing DSL 2 telephone jack.
H A PT ER WAN Setup 6.1 Overview This chapter describes how to configure WAN settings from the WAN screens. Use these screens to configure your P-79X for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Chapter 6 WAN Setup WAN IP Address The WAN IP address is an IP address for the P-79X, which makes it accessible from an outside network. It is used by the P-79X to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-79X tries to access the Internet.
Page 47
Chapter 6 WAN Setup Figure 28 Network > WAN >Internet Access Setup The following table describes the labels in this screen. Table 13 Network > WAN > Internet Access Setup LABEL DESCRIPTION General Transfer Mode Select the transfer mode you want to use. PTM (Packet Transfer Mode): The P-79X uses the SHDSL technology for data transmission over the DSL port.
Page 48
Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Mode Select Routing (default) from the drop-down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account. Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Page 49
Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Subnet Mask This option is available if you select ENET ENCAP in the Encapsulation field. Enter a subnet mask in dotted decimal notation. Gateway IP This option is available if you select ENET ENCAP in the Encapsulation field.
Chapter 6 WAN Setup Table 13 Network > WAN > Internet Access Setup (continued) LABEL DESCRIPTION Transfer Min Rate This field is enabled if Service Type is Server. Set the minimum rate at which (Kbps) the P-79X sends and receives information. The actual transfer rate will be between this value and the maximum transfer rate you configure.
Chapter 6 WAN Setup Table 14 2wire-2line Service Mode (continued) LABEL DESCRIPTION Enable Rate Indicate whether or not the P-79X can adjust the speed of its connection to Adaption that of the other device. Transfer Max Rate This field is enabled if Service Type is Server. Set the maximum rate at which (Kbps) the P-79X sends and receives information.
Page 52
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 15 Network > WAN > Internet Access Setup: Advanced Setup LABEL DESCRIPTION RIP & Multicast This section is not available when you configure the P-79X to be in bridge Setup mode.
Chapter 6 WAN Setup 6.3 The More Connections Screen The P-79X allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN > Internet Access Setup screen to set up Internet access, you are configuring the first WAN connection.
Page 54
Chapter 6 WAN Setup Figure 32 Network > WAN > More Connections: Edit The following table describes the labels in this screen. Table 17 Network > WAN > More Connections: Edit LABEL DESCRIPTION This is the index number of the WAN connections. General Active Select the check box to activate or clear the check box to deactivate this...
Chapter 6 WAN Setup Table 17 Network > WAN > More Connections: Edit (continued) LABEL DESCRIPTION Enter 802.1Q VLAN Specify a VLAN ID number. ID[1-4094] IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed;...
Page 56
Chapter 6 WAN Setup Figure 33 Network > WAN > More Connections: Edit: Advanced Setup The following table describes the labels in this screen. Table 18 Network > WAN > More Connections: Edit: Advanced Setup LABEL DESCRIPTION RIP Setup This section is not available when you configure the P-79X to be in bridge mode.
Chapter 6 WAN Setup Table 18 Network > WAN > More Connections: Edit: Advanced Setup (continued) LABEL DESCRIPTION Generic Filter Select the generic filter(s) to control outgoing traffic. You may choose up to 4 sets of filters. You can configure generic filters in the Packet Filter screen. See Chapter 12 on page 119 for more details.
Page 58
Chapter 6 WAN Setup The following table describes the labels in this screen. Table 19 Network > Internet (WAN) > WAN Backup LABEL DESCRIPTION Backup Type Select the method that the P-79X uses to check the DSL connection. Select DSL Link to have the P-79X check if the connection to the DSLAM is up.
Chapter 6 WAN Setup 6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The P-79X supports the following methods.
Chapter 6 WAN Setup 6.5.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc.
Chapter 6 WAN Setup 6.5.5 Nailed-Up Connection (PPP) A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The P-79X does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.
Chapter 6 WAN Setup Figure 35 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the P-79X itself as the gateway for each LAN network.
Chapter 6 WAN Setup Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Page 64
Chapter 6 WAN Setup The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers.
H A PT ER WWAN 7.1 Overview This chapter discusses the P-79X’s WWAN screens. Use these screens to configure your P-79X for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 7 WWAN 7.1.1 What You Can Do in this Chapter • Use the 3G WAN Setup screen to configure 3G WAN connection (Section 7.2 on page 67). Table 20 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION DSL LINK CONNECTION MODE ENCAPSULATION CONNECTION SETTINGS...
Chapter 7 WWAN WAN IP Address The WAN IP address is an IP address for the P-79X, which makes it accessible from an outside network. It is used by the P-79X to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the P-79X tries to access the Internet.
Page 68
Chapter 7 WWAN Note: This P-79X supports connecting one 3G dongle at a time. Figure 40 Internet Access Application: 3G WAN Use this screen to configure your 3G settings. Click Network > WWAN > 3G WAN Setup. Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on.
Chapter 7 WWAN Table 21 Network Setting > WWAN > 3G Backup (continued) LABEL DESCRIPTION A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card. If your ISP enabled PIN code authentication, enter the 4-digit PIN code (0000 for example) provided by your ISP.
Page 70
Chapter 7 WWAN For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection.
Page 71
Chapter 7 WWAN Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the maximum average rate at which cells can be sent over the virtual connection. SCR may not be greater than the PCR. Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR.
Page 72
Chapter 7 WWAN The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers.
Page 73
Chapter 7 WWAN 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094. TPID User Priority VLAN ID 2 Bytes 3 Bits 1 Bit 12 Bits Multicast IP packets are transmitted in either one of two ways - Unicast (1 sender - 1 recipient) or Broadcast...
H A PT ER LAN Setup 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Chapter 8 LAN Setup Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your P-79X an IP address, subnet mask, DNS and other routing information when it's turned on.
Chapter 8 LAN Setup Enter an IP address into the IP Address field. The IP address must be in dotted decimal notation. This will become the IP address of your P-79X. Enter the IP subnet mask into the IP Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered.
Page 77
Chapter 8 LAN Setup Figure 44 Network > LAN > IP: Advanced Setup The following table describes the labels in this screen. Table 23 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from Noneand Both. RIP Version Select the RIP version from RIP-1and RIP-2.
Chapter 8 LAN Setup Table 23 Network > LAN > IP: Advanced Setup LABEL DESCRIPTION Allow between LAN Select this check box to forward NetBIOS packets from the LAN to the WAN and WAN and from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.
Page 79
Chapter 8 LAN Setup Figure 45 Network > LAN > DHCP Setup The following table describes the labels in this screen. Table 24 Network > LAN > DHCP Setup LABEL DESCRIPTION DHCP Setup DHCP If set to Server, your P-79X can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client.
Chapter 8 LAN Setup Table 24 Network > LAN > DHCP Setup LABEL DESCRIPTION First DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the P-79X's WAN IP address). Second DNS Server Select UserDefined if you have the IP address of a DNS server. Enter the Third DNS Server DNS server's IP address in the field to the right.
Chapter 8 LAN Setup The following table describes the labels in this screen. Table 25 Network > LAN > Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Chapter 8 LAN Setup 8.5.1 Configuring the LAN IP Alias Screen Use this screen to change your P-79X’s IP alias settings. Click Network > LAN > IP Alias to open the following screen. Figure 48 Network > LAN > IP Alias The following table describes the labels in this screen.
Chapter 8 LAN Setup 8.6 LAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 8.6.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the P-79X ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Chapter 8 LAN Setup • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The P-79X supports the IPCP DNS server extensions through the DNS proxy feature.
Chapter 8 LAN Setup • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 86
Chapter 8 LAN Setup The P-79X supports IGMP version 1 (IGMP-v1), IGMP version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). At start up, the P-79X queries all directly connected networks to gather group membership. After that, the P-79X periodically updates this information. IP multicasting can be enabled/disabled on the P-79X LAN and/or WAN interfaces in the web configurator (LAN;...
H A PT ER Network Address Translation (NAT) 9.1 Overview This chapter discusses how to configure NAT on the P-79X. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 9 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Chapter 9 Network Address Translation (NAT) Table 27 Network > NAT > General (continued) LABEL DESCRIPTION Max NAT/Firewall When computers use peer to peer applications, such as file sharing applications, Session Per User they need to establish NAT sessions. If you do not limit the number of NAT sessions a single client can establish, this can result in all of the available NAT sessions being used.
Chapter 9 Network Address Translation (NAT) Configuring Servers Behind Port Forwarding (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Chapter 9 Network Address Translation (NAT) Table 28 Network > NAT > Port Forwarding LABEL DESCRIPTION Server IP Address Enter the IP address of the server for the specified service. Click this button to add a rule to the table below. This is the rule index number (read-only).
Chapter 9 Network Address Translation (NAT) Table 29 Network > NAT > Port Forwarding: Edit (continued) LABEL DESCRIPTION End Port Enter a port number in this field. To forward only one port, enter the port number again in the Start Port field above and then enter it again in this field.
Chapter 9 Network Address Translation (NAT) Table 30 Network > NAT > Address Mapping (continued) LABEL DESCRIPTION Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types.
Chapter 9 Network Address Translation (NAT) The following table describes the fields in this screen. Table 31 Network > NAT > Address Mapping: Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. One-to-One: One-to-One mode maps one local IP address to one global IP address.
Chapter 9 Network Address Translation (NAT) Figure 56 Network > NAT > ALG The following table describes the fields in this screen. Table 32 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to change the private ports or IP in SIP messages so that the VoIP client behind the P-79X can be found in RTP traffic.
Chapter 9 Network Address Translation (NAT) 9.6.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Chapter 9 Network Address Translation (NAT) Figure 58 NAT Application With IP Alias 9.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the P-79X maps one local IP address to one global IP address.
Page 98
Chapter 9 Network Address Translation (NAT) The following table summarizes these types. Table 34 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1 IGA1 Many-to-One (SUA/PAT) ILA1 IGA1 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 …...
HAPTER Firewalls 10.1 Overview This chapter shows you how to enable and configure the P-79X firewall. Use these screens to enable and configure the firewall that protects your P-79X and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Chapter 10 Firewalls 10.1.2 What You Need to Know About Firewall Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Page 101
Chapter 10 Firewalls Firewall Example: Rules In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 102
Chapter 10 Firewalls Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Firewall Example: Rules: MyService P-79X Series User’s Guide...
Chapter 10 Firewalls 10.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 60 Security > Firewall > General The following table describes the labels in this screen. Table 35 Security >...
Chapter 10 Firewalls 10.3 The Firewall Rule Screen Note: The ordering of your rules is very important as rules are applied in turn. Refer to Section 10.5 on page 110 for more information. Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules.
Chapter 10 Firewalls Table 36 Security > Firewall > Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Page 106
Chapter 10 Firewalls Figure 62 Security > Firewall > Rules: Edit The following table describes the labels in this screen. Table 37 Security > Firewall > Rules: Edit LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select whether to discard (Drop), deny and send Packet...
Chapter 10 Firewalls Table 37 Security > Firewall > Rules: Edit (continued) LABEL DESCRIPTION End IP Address Enter the ending IP address in a range here. Subnet Mask Enter the subnet mask here, if applicable. Add >> Click Add >> to add a new address to the Source or Destination Address box.
Chapter 10 Firewalls Figure 63 Three-Way Handshake For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack. 10.4.1 Threshold Values If everything is working properly, you probably do not need to change the threshold settings as the default threshold values should work for most small offices.
Page 109
Chapter 10 Firewalls Figure 64 Security > Firewall > Threshold The following table describes the labels in this screen. Table 38 Security > Firewall > Threshold LABEL DESCRIPTION Denial of Service The P-79X measures both the total number of existing half-open sessions and Thresholds the rate of session establishment attempts.
Chapter 10 Firewalls Table 38 Security > Firewall > Threshold (continued) LABEL DESCRIPTION TCP Maximum An unusually high number of half-open sessions with the same destination host Incomplete address could indicate that a DoS attack is being launched against the host. Specify the number of existing half-open TCP sessions with the same destination host IP address that causes the firewall to start dropping half-open sessions to that same destination host IP address.
Chapter 10 Firewalls • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the P-79X’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Chapter 10 Firewalls Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. 10.5.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the P-79X and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
HAPTER URL Blocking 11.1 Overview Internet content filtering allows you to block web sites based on keywords in the URL. Section 11.1.4 on page 113 for an example of setting up content filtering. 11.1.1 What You Can Do in the URL Blocking Screens •...
Page 114
Chapter 11 URL Blocking Click Apply. Security > Content Filter > Keyword: Example Bob’s son arrives home from school at four, while his parents arrive later, at about 7pm. So keyword blocking is enabled for these times on weekdays and not on the weekend when the parents are at home.
Chapter 11 URL Blocking The children can access the family computer in the living room, while only the parents use another computer in the study room. So keyword blocking is only needed on the family computer and the study computer can be excluded from keyword blocking. Bob’s home network is on the domain “192.168.1.xxx”.
Chapter 11 URL Blocking Figure 65 Security > URL Blocking > Keyword The following table describes the labels in this screen. Table 39 Security > URL Blocking > Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that This box contains the list of all the keywords that you have configured contain these keywords in...
Chapter 11 URL Blocking Figure 66 Security > URL Blocking > Schedule The following table describes the labels in this screen. Table 40 Security > URL Blocking > Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 118
Chapter 11 URL Blocking Figure 67 Security > URL Blocking > Trusted The following table describes the labels in this screen. Table 41 Security > URL Blocking > Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
HAPTER Packet Filter 12.1 Overview Your P-79X uses filters to decide whether to allow passage of traffic. This chapter discusses how to create and apply filters. 12.1.1 What You Can Do in the Packet Filter Screen Use the Packet Filter screens (Section 12.2 on page 119) to display the filter sets and configure the rules for protocol and generic filters.
Chapter 12 Packet Filter Figure 68 Security > Packet Filter The following table describes the labels in this screen. Table 42 Security > Packet Filter LABEL DESCRIPTION This field displays the index number of the filter set. Name Enter a name for the filter set. The text may consist of up to 16 letters, numerals and any printable character found on a typical English language keyboard.
Chapter 12 Packet Filter Figure 69 Security > Packet Filter > Edit (Protocol Filter) The following table describes the labels in this screen. Table 43 Security > Packet Filter > Edit (Protocol Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn a filter rule on or off.
Page 122
Chapter 12 Packet Filter Figure 70 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule The following table describes the labels in this screen. Table 44 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule LABEL DESCRIPTION Active Select the check box to enable the filter rule.
Chapter 12 Packet Filter Table 44 Security > Packet Filter > Edit (Protocol Filter) > Edit Rule (continued) LABEL DESCRIPTION More Select Yes to pass a matching packet to the next filter rule before an action is taken. Select No to act upon the packet according to the action fields. Select a logging option from the following: None –...
Chapter 12 Packet Filter The following table describes the labels in this screen. Table 45 Security > Packet Filter > Edit (Generic Filter) LABEL DESCRIPTION This is the index number of the rules in a filter set. Active Use the check box to turn on or off a filter rule. Filter Type This field displays whether the filter type is a protocol filter or generic filter.
Chapter 12 Packet Filter Table 46 Security > Packet Filter > Edit (Generic Filter) > Edit Rule (continued) LABEL DESCRIPTION Value Enter the value (in hexadecimal notation) to compare with the data portion. More Select Yes to pass a matching packet to the next filter rule before an action is taken.
Chapter 12 Packet Filter 12.3.2 Firewall Versus Filters Below are some comparisons between the P-79X’s filtering and firewall functions. Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed. •...
Page 127
Chapter 12 Packet Filter Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database.
HAPTER 13.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 129
Chapter 13 VPN Figure 75 VPN: IKE SA and IPSec SA IPSec SA Internet IKE SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Chapter 13 VPN Finding Out More Section 13.6 on page 139 for advanced technical information on IPSec VPN. 13.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. Note: This chapter is not available when you use the P-791R v3 device.
Chapter 13 VPN The following table describes the fields in this screen. Table 47 Security > VPN > Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active.
Page 132
Chapter 13 VPN Figure 78 Security > VPN > Setup > Edit The following table describes the fields in this screen. Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall.
Page 133
Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode DNS Server (for If there is a private DNS server that services the VPN, type its IP address here.
Page 134
Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Local ID Type Select IP to identify this P-79X by its IP address. Select DNS to identify this P-79X by a domain name. Select E-mail to identify this P-79X by an e-mail address. Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field.
Page 135
Chapter 13 VPN Table 48 Security > VPN > Setup > Edit LABEL DESCRIPTION Secure Gateway Type the WAN IP address or the URL (up to 31 characters) of the IPSec router Address with which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the IPSec Key Mode field must be set to IKE).
Chapter 13 VPN 13.4 Configuring Advanced IKE Settings Click Advanced Setup in the VPN Setup-Edit screen to open this screen. Figure 79 Security > VPN > Setup > Edit > Advanced Setup The following table describes the fields in this screen. Table 49 Security >...
Page 137
Chapter 13 VPN Table 49 Security > VPN > Setup > Edit > Advanced Setup (continued) LABEL DESCRIPTION Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it with another party before you can communicate with them over a secure connection.
Chapter 13 VPN Figure 80 Security > VPN > Monitor The following table describes the fields in this screen. Table 50 Security > VPN > Monitor LABEL DESCRIPTION This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode.
Chapter 13 VPN Figure 81 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 13 VPN IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP packet's source address is the outbound address of the sending VPN gateway, and its destination address is the inbound address of the VPN device at the receiving end. When using ESP protocol with authentication, the packet contents (in this case, the entire original packet) are encrypted.
Chapter 13 VPN • Set the NAT router to forward UDP port 500 to IPSec router A. Finally, NAT is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the "original header plus original payload," which is unchanged by a NAT device. The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table.
Chapter 13 VPN tunnel with authentication and encryption. This is the most common mode of operation. Tunnel mode is required for gateway to gateway and host to gateway communications. Tunnel mode communications have two sets of IP headers: • Outside header: The outside IP header contains the destination IP address of the VPN gateway. •...
Chapter 13 VPN • Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The P-79X automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires. The P-79X also automatically renegotiates the IPSec SA if both IPSec routers have keep alive enabled, even if there is no traffic.
Chapter 13 VPN Figure 85 VPN Host using Intranet DNS Server Example ISP DNS Servers 212.54.64.170 212.54.54.171 DNS:212.54.64.170 Remote 10.1.1.1/200 IPSec Router 212.54.64.171 Internet Intranet DNS 10.1.1.10 VPN DNS: 10.1.1.10 = VPN Tunnel 192.168.1.1/50 172.16.1.1/50 If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP addresses to access the computers on the remote network.
Chapter 13 VPN Table 53 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= E-mail Type an e-mail address (up to 31 characters) by which to identify this P-79X. The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e- mail address.
Chapter 13 VPN 13.6.10 Pre-Shared Key A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section 13.6.5 on page 143 for more on IKE phases). It is called “pre-shared” because you have to share it with another party before you can communicate with them over a secure connection.
Chapter 13 VPN Table 57 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS Local IP Address: Telecommuter A: 192.168.2.12 192.168.1.10 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 Remote IP 192.168.1.10 0.0.0.0 (N/A) Address: 13.6.12.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
Page 149
Chapter 13 VPN Table 58 Telecommuters Using Unique VPN Rules Example (continued) TELECOMMUTERS HEADQUARTERS Telecommuter A (telecommutera.dydns.org) Headquarters P-79X Rule 1: Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Secure Gateway Address: telecommuter1.com Remote Address 192.168.2.12 Telecommuter B (telecommuterb.dydns.org)
HAPTER Certificates 14.1 Overview This chapter describes how your P-79X can use certificates as a means of authenticating clients. It gives background information about public-key certificates and explains how to use them. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Chapter 14 Certificates Factory Default Certificate The P-79X generates its own unique self-signed certificate when you first turn it on. This certificate is referred to in the GUI as the factory default certificate. 14.1.2 Verifying a Certificate Before you import a trusted certificate into the P-79X, you should verify that you have the correct certificate.
Chapter 14 Certificates Finding Out More Section 14.3 on page 155 for technical background information on certificates. 14.2 The Trusted CAs Screen This screen displays a summary list of certificates of the certification authorities that you have set the P-79X to accept as trusted. The P-79X accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Chapter 14 Certificates 14.2.1 Trusted CA Import Follow the instructions in this screen to save a trusted certification authority’s certificate to the P- 79X. Click Security > Certificates to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen.
Chapter 14 Certificates 14.2.2 Trusted CA Details Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the P-79X to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Click Security >...
Chapter 14 Certificates Table 61 Trusted CA Details (continued) LABEL DESCRIPTION Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
Chapter 14 Certificates method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.
HAPTER Static Route 15.1 Overview The P-79X usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the P-79X send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the P-79X’s LAN interface.
Chapter 15 Static Route Figure 95 Advanced > Static Route The following table describes the labels in this screen. Table 62 Advanced > Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field indicates whether the rule is active or not. Clear the check box to disable the rule.
Page 159
Chapter 15 Static Route Figure 96 Advanced > Static Route: Edit The following table describes the labels in this screen. Table 63 Advanced > Static Route: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route.
HAPTER 802.1Q 16.1 Overview This chapter describes how to configure the 802.1Q settings. A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. A VLAN group can be treated as an individual device. Each group can have its own rules about where and how to forward traffic.
16.1.3 802.1Q Example This example shows how to configure the 802.1Q settings on the P-79X. 802.1Q/1P Example P-793H v3 VoIP Network Internet - (PPPoE) LAN1 and LAN2 are connected to ATAs (Analogue Telephone Adapters) and used for VoIP traffic.
Page 162
Chapter 16 802.1Q To set a high priority for VoIP traffic, follow these steps. Click Advanced > 802.1Q > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1and LAN2. Click Apply. Advanced > 802.1Q/1P > Port Setting: Example Ports 3 and 4 are connected to desktop computers and are used for Internet traffic.
Chapter 16 802.1Q Advanced > 802.1Q/1P > Group Setting: Example This completes the 802.1Q setup. 16.2 The 802.1Q Group Setting Screen Use this screen to activate 802.1Q and display the VLAN groups. Click Advanced > 802.1Q to display the following screen. P-79X Series User’s Guide...
Page 164
Chapter 16 802.1Q Figure 98 Advanced > 802.1Q > Group Setting The following table describes the labels in this screen. Table 64 Advanced > 802.1Q > Group Setting LABEL DESCRIPTION 802.1Q Active Select this check box to activate the 802.1Q feature. Management Vlan Enter the ID number of a VLAN group.
Chapter 16 802.1Q 16.2.1 Editing 802.1Q Group Setting Use this screen to configure the settings for each VLAN group. In the 802.1Q screen, click the Edit button from the Modify filed to display the following screen. Figure 99 Advanced > 802.1Q > Group Setting > Edit The following table describes the labels in this screen.
Page 166
Chapter 16 802.1Q Figure 100 Advanced > 802.1Q > Port Setting The following table describes the labels in this screen. Table 66 Advanced > 802.1Q > Port Setting LABEL DESCRIPTION Ports This field displays the types of ports available to join the VLAN group. 802.1Q PVID Assign a VLAN ID for the port.
HAPTER Quality of Service (QoS) 17.1 Overview Use the QoS screens to set up your P-79X to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the P-79X to group and prioritize application traffic and fine-tune network performance.
Chapter 17 Quality of Service (QoS) Tagging and Marking In a QoS class, you can configure whether to add or change the DiffServ Code Point (DSCP) value, IEEE 802.1p priority level and VLAN ID number in a matched packet. When the packet passes through a compatible network, the networking device, such as a backbone switch, can provide specific treatment or service based on the tag or marker.
Page 169
Chapter 17 Quality of Service (QoS) Figure 103 QoS Class Example: VoIP -2 Figure 104 QoS Class Example: Boss -1 P-79X Series User’s Guide...
Chapter 17 Quality of Service (QoS) Figure 105 QoS Class Example: Boss -2 17.2 The QoS General Screen Use this screen to enable or disable QoS and have the P-79X automatically assign priority to traffic according to the IEEE 802.1p priority level, IP precedence and/or packet length. Click Advanced >...
Chapter 17 Quality of Service (QoS) The following table describes the labels in this screen. Table 67 Advanced > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the P-79X forwards out through the WAN interface.
Chapter 17 Quality of Service (QoS) Figure 107 Advanced > QoS > Class Setup The following table describes the labels in this screen. Table 68 Advanced > QoS > Class Setup LABEL DESCRIPTION Create a new Class Click Add to create a new classifier. This is the number of each classifier.
Page 173
Chapter 17 Quality of Service (QoS) Figure 108 Advanced > QoS > Class Setup: Edit Appendix F on page 279 for a list of commonly-used services. The following table describes the labels in this screen. Table 69 Advanced > QoS > Class Setup: Edit LABEL DESCRIPTION Class Configuration...
Page 174
Chapter 17 Quality of Service (QoS) Table 69 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Order This shows the ordering number of this classifier. Select an existing number for where you want to put this classifier and click Apply to move the classifier to the number you selected.
Chapter 17 Quality of Service (QoS) Table 69 Advanced > QoS > Class Setup: Edit (continued) LABEL DESCRIPTION Exclude Select this option to exclude the packets that match the specified criteria from this classifier. Others Service This field simplifies classifier configuration by allowing you to select a predefined application.
Chapter 17 Quality of Service (QoS) IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p). Table 70 IEEE 802.1p Priority Level and Traffic Type PRIORITY TRAFFIC TYPE LEVEL...
Chapter 17 Quality of Service (QoS) The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
HAPTER Dynamic DNS Setup 18.1 Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 179
Chapter 18 Dynamic DNS Setup Figure 109 Advanced > Dynamic DNS The following table describes the fields in this screen. Table 72 Advanced > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 180
Chapter 18 Dynamic DNS Setup Table 72 Advanced > Dynamic DNS (continued) LABEL DESCRIPTION Use specified IP Type the IP address of the host name(s). Use this if you have a static IP address. Address Apply Click this to save your changes. Cancel Click this to restore your previously saved settings.
HAPTER Remote Management 19.1 Overview Remote management allows you to determine which services/protocols can access which P-79X interface (if any) from which computers. The following figure shows remote management of the P-79X coming in from the WAN. Figure 110 Remote Management From the WAN HTTP Telnet Note: When you configure remote management to allow management from the WAN, you...
Chapter 19 Remote Management To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The P-79X automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
Chapter 19 Remote Management • Use the P-79X’s LAN IP address when configuring from the LAN. System Timeout There is a default system management idle timeout of five minutes (three hundred seconds). The P-79X automatically logs you out if the management session remains idle for longer than this timeout period.
Chapter 19 Remote Management Table 73 Advanced > Remote MGMT > WWW LABEL DESCRIPTION Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 19.3 The Telnet Screen You can use Telnet to access the P-79X’s command line interface. Specify which interfaces allow Telnet access and from which IP address the access can come.
Chapter 19 Remote Management Figure 114 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the P-79X). An agent translates the local management information from the managed device into a form compatible with SNMP.
Chapter 19 Remote Management 19.5.2 SNMP Traps The P-79X will send traps to the SNMP manager when any one of the following events occurs: Table 76 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
Chapter 19 Remote Management Table 77 Advanced > Remote MGMT > SNMP LABEL DESCRIPTION Access Status Select the interface(s) through which a computer may access the P-79X using this service. Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the P-79X using this service.
Chapter 19 Remote Management The following table describes the labels in this screen. Table 78 Advanced > Remote MGMT > DNS LABEL DESCRIPTION Port The DNS service port number is 53 and cannot be changed here. Access Status Select the interface(s) through which a computer may send DNS queries to the P- 79X.
Chapter 19 Remote Management The following table describes the labels in this screen. Table 79 Advanced > Remote MGMT > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Page 191
Chapter 19 Remote Management Figure 118 Advanced > Remote MGMT > CWMP The following table describes the labels in this screen. Table 80 Advanced > Remote MGMT> CWMP LABEL DESCRIPTION Enable Select On for the P-79X to send periodic inform via TR-069 on the WAN. Otherwise, select Off.
HAPTER Universal Plug-and-Play (UPnP) 20.1 Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 20 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the P-79X allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention.
Chapter 20 Universal Plug-and-Play (UPnP) 20.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows XP. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
Chapter 20 Universal Plug-and-Play (UPnP) Networking Services Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 20.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the P-79X.
Page 196
Chapter 20 Universal Plug-and-Play (UPnP) Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings. P-79X Series User’s Guide...
Page 197
Chapter 20 Universal Plug-and-Play (UPnP) Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Page 198
Chapter 20 Universal Plug-and-Play (UPnP) System Tray Icon Double-click on the icon to display your current Internet connection status. Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the P-79X without finding out the IP address of the P-79X first.
Page 199
Chapter 20 Universal Plug-and-Play (UPnP) Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your P-79X and select Invoke. The web configurator login screen displays. P-79X Series User’s Guide...
Page 200
Chapter 20 Universal Plug-and-Play (UPnP) Network Connections: My Network Places Right-click on the icon for your P-79X and select Properties. A properties window displays with basic information about the P-79X. Network Connections: My Network Places: Properties: Example P-79X Series User’s Guide...
HAPTER System Settings 21.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 21.1.1 What You Can Do in the System Settings Screens • Use the General screen (Section 21.2 on page 201) to configure system settings.
Page 202
Chapter 21 System Settings Click Maintenance > System to open the General screen. Figure 120 Maintenance > System > General The following table describes the labels in this screen. Table 82 Maintenance > System > General LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes.
Chapter 21 System Settings Table 82 Maintenance > System > General LABEL DESCRIPTION Type your new system password (up to 30 characters). Note that as you type a Password password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the P-79X.
Page 204
Chapter 21 System Settings Table 83 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Time and Date Setup Manual Select this radio button to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it.
Page 205
Chapter 21 System Settings Table 83 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November.
HAPTER Logs 22.1 Overview This chapter contains information about configuring general log settings and viewing the P-79X’s logs. The web configurator allows you to choose which categories of events and/or alerts to have the P- 79X log and then display the logs or have the P-79X send them to an administrator (as e-mail) or to a syslog server.
Chapter 22 Logs Figure 122 Maintenance > Logs > View Log The following table describes the fields in this screen. Table 84 Maintenance > Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop- down list box.
Page 208
Chapter 22 Logs Figure 123 Maintenance > Logs > Log Settings The following table describes the fields in this screen. Table 85 Maintenance > Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
Chapter 22 Logs Table 85 Maintenance > Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: • Daily • Weekly • Hourly • When Log is Full •...
Chapter 22 Logs Table 86 SMTP Error Messages -7 means DATA fail -8 means mail data send fail 22.4.1 Example E-mail Log An "End of Log" message displays for each mail in which a complete log has been sent. The following is an example of a log sent by e-mail.
Page 211
Chapter 22 Logs Table 87 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has logged on to the router's web configurator Successful WEB login interface. Someone has failed to log on to the router's web WEB login failed configurator interface. Someone has logged on to the router via telnet.
Page 212
Chapter 22 Logs Table 89 Access Control Logs LOG MESSAGE DESCRIPTION Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access Firewall default policy: [ TCP | matched the default policy and was blocked or UDP | IGMP | ESP | GRE | OSPF ] forwarded according to the default policy’s setting. <Packet Direction>...
Page 213
Chapter 22 Logs Table 91 Packet Filter Logs LOG MESSAGE DESCRIPTION Attempted access matched a configured filter rule (denoted [ TCP | UDP | ICMP | IGMP | by its set and rule number) and was blocked or forwarded Generic ] packet filter according to the rule.
Page 214
Chapter 22 Logs Table 94 PPP Logs (continued) LOG MESSAGE DESCRIPTION The PPP connection’s Internet Protocol Control Protocol stage is opening. ppp:IPCP Opening The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is closing. ppp:IPCP Closing Table 95 UPnP Logs LOG MESSAGE...
Page 215
Chapter 22 Logs Table 97 Attack Logs (continued) LOG MESSAGE DESCRIPTION The firewall classified a packet with no source routing entry as an ip spoofing - no routing IP spoofing attack. entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The firewall classified an ICMP packet with no source routing ip spoofing - no routing entry as an IP spoofing attack.
Page 216
Chapter 22 Logs Table 100 ICMP Notes TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench A gateway may discard internet datagrams if it does not have the buffer space...
Page 217
Chapter 22 Logs Table 101 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as <Facility*8 + Severity>Mon dd the system name if you haven’t configured one) when the hr:mm:ss hostname router generates a syslog. The facility is defined in the src="<srcIP:srcPort>"...
HAPTER Tools 23.1 Overview This chapter explains how to upload new firmware, manage configuration files and restart your P- 79X. Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer. That way if you later misconfigure the device, you can upload the backed up configuration file to return to your previous settings.
Chapter 23 Tools This is a sample FTP session saving the current configuration to the computer file “config.cfg”. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the P-79X only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use.
Page 220
Chapter 23 Tools Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. Restore Using FTP Session Example Figure 125 Restore Using FTP Session Example ftp>...
Chapter 23 Tools FTP Session Example of Firmware File Upload Figure 126 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 222
Chapter 23 Tools Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device).
Page 223
Chapter 23 Tools Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 104 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous.
Chapter 23 Tools where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the P-79X IP address, “get” transfers the file source on the P-79X (rom-0, name of the configuration file on the P-79X) to the file destination on the computer and renames it config.rom. Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients.
Chapter 23 Tools The following table describes the labels in this screen. Table 106 Maintenance > Tools > Firmware LABEL DESCRIPTION Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you want to upload in this field or click Choose File to find it.
Page 226
Chapter 23 Tools Figure 131 Maintenance > Tools > Configuration Backup Configuration Backup Configuration allows you to back up (save) the P-79X’s current configuration to a file on your computer. Once your P-79X is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 227
Chapter 23 Tools Figure 132 Configuration Upload Successful The P-79X automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 133 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address (192.168.1.1).
Chapter 23 Tools You can also press the RESET button on the rear panel to reset the factory defaults of your P-79X. Refer to Section 1.5 on page 18 for more information on the RESET button. 23.4 The Restart Screen System restart allows you to reboot the P-79X remotely without turning the power off.
HAPTER Diagnostic 24.1 Overview These read-only screens display information to help you identify problems with the P-79X. 24.1.1 What You Can Do in the Diagnostic Screens • Use the General screen (Section 24.2 on page 229) to ping an IP address. •...
Chapter 24 Diagnostic The following table describes the fields in this screen. Table 108 Maintenance > Diagnostic > General LABEL DESCRIPTION TCP/IP Type the IP address of a computer or the URL that you want to ping in order to test Address a connection.
Page 231
Chapter 24 Diagnostic The following table describes the fields in this screen. Table 109 Maintenance > Diagnostic > DSL Line LABEL DESCRIPTION DSL Line Status Click this to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the P-79X from the ISP).
HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • P-79X Access and Login • Internet Access • Network Connections 25.1 Power, Hardware Connections, and LEDs The P-79X does not turn on.
Chapter 25 Troubleshooting 25.2 P-79X Access and Login I forgot the IP address for the P-79X. The default IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the P-79X by looking up the IP address of the default gateway for your computer.
Chapter 25 Troubleshooting If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the P-79X using another service, such as Telnet. If you can access the P-79X, check the remote management settings and firewall rules to find out why the P-79X does not respond to HTTP.
Chapter 25 Troubleshooting Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page Make sure you entered your ISP account information correctly in the wizard. These fields are case- sensitive, so make sure [Caps Lock] is not on.
Page 236
Chapter 25 Troubleshooting • If the DSL LEDs are off, there is no DSL connection. Check if your cables are connected properly to the P-79X. • If the DSL LEDs are blinking fast, the P-79X is initializing the DSL line. If they keeps blinking for a long time, please reboot the device.
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 240
• http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Communications ES Ltd • http://www.zyxel.es Sweden • ZyXEL Communications P-79X Series User’s Guide...
Page 241
Appendix A Customer Support • http://www.zyxel.se Switzerland • Studerus AG • http://www.zyxel.ch/ Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Brazil •...
Page 242
Appendix A Customer Support • http://www.zyxel.com/me/en/ North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za P-79X Series User’s Guide...
PP EN D I X Wall-mounting Instructions Do the following to hang your P-79X on a wall. Note: See the product specifications appendix for the size of screws to use and how far apart to place them. Locate a high position on a wall that is free of obstructions. Use a sturdy wall. Drill two holes for the screws.
PP EN D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 245
Appendix C Setting up Your Computer’s IP Address Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
Page 246
Appendix C Setting up Your Computer’s IP Address Figure 141 Windows 95/98/Me: TCP/IP Properties: IP Address Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 247
Appendix C Setting up Your Computer’s IP Address • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
Page 248
Appendix C Setting up Your Computer’s IP Address Figure 144 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 145 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. P-79X Series User’s Guide...
Page 249
Appendix C Setting up Your Computer’s IP Address Figure 146 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. •...
Page 250
Appendix C Setting up Your Computer’s IP Address If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 251
Appendix C Setting up Your Computer’s IP Address Figure 149 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
Page 252
Appendix C Setting up Your Computer’s IP Address Figure 150 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 151 Windows Vista: Control Panel Click Network and Sharing Center. Figure 152 Windows Vista: Network And Internet Click Manage network connections.
Page 253
Appendix C Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 154 Windows Vista: Network and Sharing Center Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Page 254
Appendix C Setting up Your Computer’s IP Address • If you have a static IP address click Use the following IP address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 156 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
Page 255
Appendix C Setting up Your Computer’s IP Address Figure 157 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 256
Appendix C Setting up Your Computer’s IP Address Figure 158 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. Close the Network Connections window.
Page 257
Appendix C Setting up Your Computer’s IP Address Figure 159 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 160 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: P-79X Series User’s Guide...
Page 258
Appendix C Setting up Your Computer’s IP Address • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your P-79X in the Router address box. Close the TCP/IP Control Panel.
Page 259
Appendix C Setting up Your Computer’s IP Address Figure 162 Macintosh OS X: Network For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. •...
Page 260
Appendix C Setting up Your Computer’s IP Address Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. Click the Red Hat button (located on the bottom left corner), select System Setting and click Network.
Page 261
Appendix C Setting up Your Computer’s IP Address If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen. Enter the DNS server information in the fields provided. Figure 165 Red Hat 9.0: KDE: Network Configuration: DNS Click the Devices tab.
Appendix C Setting up Your Computer’s IP Address Figure 167 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter in the BOOTPROTO= field. Type IPADDR= followed static by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask.
Page 263
Appendix C Setting up Your Computer’s IP Address Figure 171 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb)
PP EN D I X Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 265
Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 173 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Page 266
Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 174 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 175 Pop-up Blocker Settings P-79X Series User’s Guide...
Page 267
Appendix D Pop-up Windows, JavaScript and Java Permissions Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 268
Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 177 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Page 269
Appendix D Pop-up Windows, JavaScript and Java Permissions Figure 178 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window.
Page 270
Appendix D Pop-up Windows, JavaScript and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary slightly. The steps below apply to Mozilla Firefox 3.0 as well. You can enable Java, Javascript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Appendix E IP Addresses and Subnetting Figure 182 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation).
Page 273
Appendix E IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 111 Subnet Masks BINARY DECIMAL 4TH OCTET OCTET...
Page 274
Appendix E IP Addresses and Subnetting Table 113 Alternative Subnet Mask Notation (continued) ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.224 1110 0000 255.255.255.240 1111 0000 255.255.255.248 1111 1000 255.255.255.252 1111 1100 Subnetting You can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the company network for security reasons.
Page 275
Appendix E IP Addresses and Subnetting Figure 184 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 276
Appendix E IP Addresses and Subnetting Table 115 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.65 192.168.1.64 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 116 Subnet 3...
Page 277
Appendix E IP Addresses and Subnetting Table 118 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 119 24-bit Network Number Subnet Planning NO.
Page 278
Appendix E IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
P P EN D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 280
Appendix F Services Table 121 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 281
Appendix F Services Table 121 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NEW-ICQ 5190 An Internet chat program. NEWS A protocol for news groups. 2049 Network File System - NFS is a client/ server distributed file service that provides transparent file sharing for network environments.
Page 282
Appendix F Services Table 121 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP 1900 The Simple Service Discovery Protocol...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Appendix G Legal Information EUROPEAN UNION The following information applies if you use the product within the European Union. List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Liechtenstein Belgium Lithuania Bulgaria Luxembourg Croatia Malta...
Page 285
Appendix G Legal Information ErP (Energy-related Products) ZyXEL products put on the EU market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied regulation requirements which are: Network standby power consumption <...
Page 286
Appendix G Legal Information Environmental Product Declaration P-79X Series User’s Guide...
Index Index Any IP Numerics status applications 802.1Q/1P high-speed Internet access activation point-to-point connections example applications, NAT group settings management VLAN port settings PVID tagging frames 160, 165 backup configuration 222, 223, 226 activation backup type 802.1Q/1P bandwidth management classifiers Broadband content filtering broadcast...
Page 289
Index certifications customer support viewing Change Password screen Class of Service, see CoS classifiers default password 802.1Q tags default server, NAT 89, 90 activation default URL configuration Denials of Service, see DoS creation DSCP 174, 175 DHCP 75, 79, 83, 201 priority diagnostic Differentiated Services, see DiffServ...
Page 290
Index Encapsulation packet direction packet filtering PPP over Ethernet rules 104, 110 schedules encapsulation 45, 48, 54, 66, 142 security ENET ENCAP status PPPoE three-way handshake RFC 1483 59, 70 firmware ENET ENCAP 218, 224 48, 54, 59 upgrading version exporting forwarding ports 88, 89...
Page 291
Index IANA keep alive Internet Assigned Numbers Authority see IANA ICMP 100, 189, 190 ID type and content IEEE 802.1Q client list IGMP DHCP 46, 73, 75, 77, 85 75, 79, 83 version 75, 79, 83 IGMP IKE phases 75, 85 IP address 74, 75, 84 IP alias...
Page 292
Index good habits IPSec using FTP. See FTP. local using SMT. See SMT. outside using SNMP. See SNMP. using Telnet. See command interface. packet filtering using the command interface. See command port forwarding 88, 89 interface. activation using the web configurator. See web configurator. configuration using TR-069.
Page 293
Index packet statistics DiffServ DSCP Packet Transfer Mode 174, 175, 176 example passwords administrator IP precedence users priority queue Peak Cell Rate (PCR) Quality of Service, see QoS Quick Start Guide point-to-point connections 14, 38, 40 procedure 38, 41 policy route and metric port forwarding 88, 89...
Page 294
Index Select Mode screen name passwords Session Initiation Protocol, see SIP administrator setup users classifiers restoring configuration DHCP status 22, 25 firewalls 103, 105, 108 firewalls IP alias logs packet filtering 121, 124 time port forwarding System Management Terminal SNMP see SMT static route wizard...
Page 295
Index VLAN ID SHA1 fingerprint VLAN Identifier See VID tunnel mode VLAN tag 48, 60 established in two phases IPSec security associations (SA) see also IKE SA, IPSec SA unicast 46, 73 Universal Plug and Play, see UPnP upgrading firmware 220, 224 UPnP activation...