Page 1 Prestige 324 Intelligent Broadband Sharing Gateway User’s Guide Version 3.60 January 2003...
Page 2 Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 3: Federal Communications Commission
Federal Communications Commission This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Information For Canadian Users
Prestige 324 Intelligent Broadband Sharing Gateway Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective operation and safety requirements. The Industry Canada label does not guarantee that the equipment will operate to a user's satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Page 5: Declaration Of Conformity
Voltage dips, short interruptions and voltage variations immunity tests Declaration of Conformity Prestige 324 Intelligent Broadband Sharing Gateway We, the Manufacturer/Importer, ZyXEL Communications Corp. No. 6, Innovation Rd. II, Science-Based Industrial Park, Hsinchu, Taiwan, 300 R.O.C declare that the product...
Page 6: Zyxel Limited Warranty
Prestige 324 Intelligent Broadband Sharing Gateway ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or...
Page 7: Customer Support
+45-3955-0707 ftp.zyxel.dk +49-2405-6909-0 www.zyxel.de +49-2405-6909-99 +603-795-34-407 REGULAR MAIL ZyXEL Communications Corp., 6 Innovation Road II, Science- Based Industrial Park, Hsinchu, 300, Taiwan ZyXEL Communications Inc., 1650 Miraloma Avenue, Placentia, CA 92870, U.S.A. ZyXEL Communications A/S, Columbusvej 5, 2860 Soeborg, Denmark ZyXEL Deutschland GmbH.
Page 8: Table Of Contents
Prestige 324 Intelligent Broadband Sharing Gateway Copyright... ii Federal Communications Commission (FCC) Interference Statement... iii Information for Canadian Users ... iv ZyXEL Limited Warranty... vi Customer Support ... vii List of Figures... xiii List of Diagrams ... xviii List of Charts ... xviii List of Tables ...
Page 9 Wizard Setup: Screen 2... 4-2 Wizard Setup: Screen 3... 4-7 Basic Setup Complete ... 4-12 Chapter 5 Introducing the SMT and General Setup ...5-1 Accessing the Prestige via the Console Port ... 5-1 Navigating the SMT Interface... 5-2 Changing the System Password ... 5-5 General Setup...
Page 10 Prestige 324 Intelligent Broadband Sharing Gateway Chapter 10 IP Static Route Setup... 10-1 10.1 IP Static Route Setup ...10-2 Chapter 11 Network Address Translation (NAT)... 11-1 11.1 Introduction...11-1 11.2 SUA (Single User Account) Versus NAT...11-6 11.3 NAT Setup ...11-8 11.4 General NAT Examples ...11-20 Advanced Management ...III Chapter 12 Firewall ...
Page 11 14.3 Installing UPnP in Windows Example ... 14-4 14.4 Using UPnP in Windows XP Example... 14-6 Chapter 15 SNMP Configuration...15-1 15.1 About SNMP ... 15-1 15.2 Supported MIBs ... 15-2 15.3 SNMP Configuration... 15-2 15.4 SNMP Traps... 15-3 Chapter 16 System Information & Diagnosis ...16-1 16.1 System Status ...
Page 12 Prestige 324 Intelligent Broadband Sharing Gateway 19.3 Remote Management and the Firewall...19-4 19.4 Remote Management and NAT ...19-4 19.5 System Timeout ...19-5 Chapter 20 Call Scheduling ... 20-1 20.1 Introduction...20-1 20.2 Schedule Setup...20-1 20.3 Schedule Set Setup...20-2 20.4 Applying Schedule Sets to Remote Nodes...20-4 Chapter 21 Troubleshooting ...
Page 13: List Of Figures
Prestige 324 Intelligent Broadband Sharing Gateway List of Figures Figure 1-1 Internet Access Application... 1-5 Figure 2-1 Prestige Rear Panel Connections ... 2-1 Figure 2-2 Front Panel ... 2-4 Figure 3-1 Web Site Address ... 3-1 Figure 3-2 Default Password... 3-1 Figure 3-3 Change Password...
Page 14 Prestige 324 Intelligent Broadband Sharing Gateway Figure 7-6 Menu 3.2 — TCP/IP and DHCP Ethernet Setup...7-7 Figure 7-7 Menu 3.2.1 — IP Alias Setup...7-9 Figure 8-1 Internet Access Setup (Ethernet)...8-2 Figure 8-2 Internet Access Setup (PPTP) ...8-4 Figure 8-3 Internet Access (PPPoE) ...8-5 Figure 8-4 Internet Setup Test Example ...8-6 Figure 9-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ...9-2 Figure 9-2 Remote Node Profile for PPTP Encapsulation...9-4...
Page 15 Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-14 NAT Example 1... 11-21 Figure 11-15 Menu 4 — Internet Access & NAT Example... 11-21 Figure 11-16 NAT Example 2... 11-22 Figure 11-17 NAT Example 3... 11-23 Figure 11-18 Example 3: Menu 11.3... 11-24 Figure 11-19 Example 3: Menu 15.1.1.1...
Page 16 Prestige 324 Intelligent Broadband Sharing Gateway Figure 14-1 Configuring UPnP ...14-3 Figure 15-1 Menu 22 — SNMP Configuration ...15-2 Figure 16-1 Menu 24 — System Maintenance ...16-1 Figure 16-2 Menu 24.1 — System Maintenance — Status...16-2 Figure 16-3 Menu 24.2 — System Information and Console Port Speed...16-4 Figure 16-4 Menu 24.2.1 System Maintenance —...
Page 17 Prestige 324 Intelligent Broadband Sharing Gateway Figure 18-1 Command Mode in Menu 24... 18-1 Figure 18-2 Valid Commands ... 18-2 Figure 18-3 Call Control ... 18-2 Figure 18-4 Budget Management... 18-3 Figure 18-5 Call History ... 18-4 Figure 18-6 Menu 24 — System Maintenance... 18-5 Figure 18-7 Menu 24.10 System Maintenance —...
Page 18 Prestige 324 Intelligent Broadband Sharing Gateway List of Diagrams Diagram 1 Single-PC per Modem Hardware Configuration... 2 Diagram 2 Prestige as a PPPoE Client... 3 Diagram 3 Transport PPP frames over Ethernet ... 4 Diagram 4 PPTP Protocol Overview ... 5 Diagram 5 Example Message Exchange between PC and an ANT ...
Page 19 Prestige 324 Intelligent Broadband Sharing Gateway List of Tables Table 1-1 Internet Access Configuration Checklist ... 1-5 Table 2-1Prestige Rear Panel Connections ... 2-2 Table 2-2 LED Descriptions ... 2-4 Table 4-1 Wizard 2: Ethernet Encapsulation... 4-3 Table 4-2 Ethernet Encapsulation ... 4-3 Table 4-3 PPTP Encapsulation...
Page 20 Prestige 324 Intelligent Broadband Sharing Gateway Table 9-2 Fields in Menu 11.1 (PPTP Encapsulation)...9-4 Table 9-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only)...9-6 Table 9-4 Remote Node Network Layer Options Menu Fields ...9-8 Table 9-5 Menu 11.1 — Remote Node Profile (Traffic Redirect Field)...9-12 Table 9-6 Traffic Redirect Setup ...9-13 Table 10-1 IP Static Route Menu Fields ...10-3 Table 11-1 NAT Definitions ...11-1...
Page 21 Prestige 324 Intelligent Broadband Sharing Gateway Table 18-1 Budget Management ... 18-3 Table 18-2 Call History Fields ... 18-4 Table 18-3 Time and Date Setting Fields... 18-6 Table 19-1 Menu 24.11 – Remote Management Control... 19-3 Table 20-1 Schedule Set Setup Fields... 20-3 Table 21-1 Troubleshooting the Start-Up of your Prestige ...
Page 23: Preface
Congratulations on your purchase of the Prestige 324 Broadband Sharing Gateway with four-port switch. Don’t forget to register your Prestige (fast, easy online registration at www.zyxel.com) for free future product updates and information. Your Prestige is easy to install and to configure. The embedded web configurator is a convenient platform- independent GUI (Graphical User Interface) that allows you to access the Prestige’s management settings.
Page 24: Syntax Conventions
Prestige 324 Intelligent Broadband Sharing Gateway Syntax Conventions • Mouse action sequences are denoted using a comma. For example, click Start, Settings, Control Panel, Network means first you click Start, move the mouse pointer over Settings, then move the mouse pointer over Control Panel and finally click Network •...
Page 26: Getting Started
Getting Started Getting Started This section helps you connect, install and setup your Prestige to operate on your network and access the Internet.
Page 28: Chapter 1 Getting To Know Your Prestige
Getting to Know Your Prestige This chapter introduces the main applications of the Prestige as well as a list of key features. Intelligent Broadband Sharing Gateway The Prestige is a dual Ethernet Broadband Sharing Gateway with an integrated 4-port switch and robust network management features for Internet access via external Cable/xDSL modem.
Page 29: Firmware Features
1.2.2 Firmware Features Full Network Management Your Prestige offers you a variety of options for network management. It supports password protected local and remote network management via the console port or a telnet connection using SMT (System Management Interface). Your Prestige includes an intuitive web configurator that makes setup and configuration easy.
Page 30: Dhcp Support
Prestige 324 Intelligent Broadband Sharing Gateway DHCP Support DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to Windows 9x, Windows NT, Windows 2000 and other systems that support the DHCP client.
Page 31: Broadband Internet Access Via Cable Or Dsl Modem
Time and Date Setting This feature (menu 24.10) allows you to get the current time and date from an external server when you power up your Prestige. The real time is then displayed in the Prestige Menu 24.1- System Status and error logs.
Page 32: Internet Access Configuration Checklist
Figure 1-1 Internet Access Application Internet Access Configuration Checklist The following table shows the minimum SMT menu configurations you’ll need to make (without changing the default Prestige values) in order to access the Internet. See your Quick Start Guide and the embedded web configurator online help for information on using the web configurator Internet access wizard to access the Internet (preferred method for non-experienced SMT users).
Page 33 Table 1-1 Internet Access Configuration Checklist FIELD Encapsulation Choose PPPoE if you have a dial-up connection to the Internet (or PPTP if you reside in France or Austria); otherwise choose Ethernet. Choose from RR- Manager, RR-Telstra or RR- Toshiba if your ISP is Time Warner's RoadRunner;...
Page 34: Chapter 2 Hardware Installation & Initial Setup
Hardware Installation & Initial Setup This chapter shows you how to connect hardware and perform the initial setup. Front Panel Prestige. CON/AUX Console/ Auxiliary Prestige Rear Panel and Connections Figure 2-1 Prestige Rear Panel Connections Hardware Installation & Initial Setup Prestige 324 Intelligent Broadband Sharing Gateway Panel Green...
Page 35: Table 2-1Prestige Rear Panel Connections
Table 2-1Prestige Rear Panel Connections CONNECTION Power 9V AC Connect the included power adaptor to the power supply and connect the other end of the power adaptor cable to this socket. See the Power Adapter Specification Appendix for regional Power 9V AC Connect the end of the included power adaptor (use only this adapter) to this power socket.
Page 36: Turning On Your Prestige
CON/AUX Just connect this port if you want to configure the Prestige using the SMT via console switch port or set up a backup WAN connection. CON/AUX port Set this switch to the “CON” side to use the CON/AUX port as a regular console port for local device configuration and management.
Page 37: Front Panel Leds
Front Panel LEDs The LEDs on the front panel indicate the operational status of the Prestige. The following table describes the LED functions. FUNCTION Power CON/AUX Console/ Auxiliary 10M LAN1,2,3,4 100M LAN1,2,3,4 Figure 2-2 Front Panel Table 2-2 LED Descriptions COLOR STATUS Green...
Page 38 FUNCTION Hardware Installation & Initial Setup Prestige 324 Intelligent Broadband Sharing Gateway Table 2-2 LED Descriptions COLOR STATUS Orange The Prestige is connected to a 100Mbps LAN port(s). Flashing The 100M LAN port(s) is sending/receiving packets. The WAN Link is not ready, or has failed. Green The 10M WAN Link is ok.
Page 40: Chapter 3 Introducing The Web Configurator
Introducing the Web Configurator Accessing the Prestige Web Configurator Step 1. Make sure your Prestige hardware is properly connected (refer to instructions in the hardware installation chapter). Step 2. Prepare your computer/computer network to connect to the Internet (refer to the Quick Start Guide or the appendices in this guide).
Page 41: Figure 3-3 Change Password
Step 3. You should now see the web configurator MAIN MENU screen. Click WIZARD to begin a series of screens to help you configure your Prestige for the first time. Click a link under SETUP in the navigation panel to configure advanced Prestige features. Click MAINTENANCE in the navigation panel to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.
Page 42: Figure 3-4 The Main Menu Screen Of The Web Configurator
Prestige 324 Intelligent Broadband Sharing Gateway WIZARD Navigation panel LOGOUT Figure 3-4 The MAIN MENU Screen of the Web Configurator Follow the instructions you see in the MAIN MENU screen or click the icon (located in the top right corner of most screens) to view embedded help. icon does not appear in the MAIN MENU screen.
Page 44: Chapter 4 Wizard Setup
This chapter shows you how to use the Wizard to access the Internet for the first time. Introduction to Wizard Screens The Wizard consists of screens to help you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP checklist in the Quick Start Guide to know what to enter in each field.
Page 45: Wizard Setup: Screen 2
Click Next to configure the Prestige for internet access. Figure 4-1 Wizard 1 Wizard Setup: Screen 2 The Prestige offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE. 4.2.1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet. Wizard Setup...
Page 46: Table 4-1 Wizard 2: Ethernet Encapsulation
Table 4-1 Wizard 2: Ethernet Encapsulation FIELD ISP Parameters for Internet Access You must choose the Ethernet option when the WAN port is used as a regular Encapsulation Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection. Choose from Standard or a RoadRunner version. The User Name, Password Service Type and Login Server IP Address fields are not applicable (N/A) for the latter.
Page 47: Figure 4-2 Wizard 2: Pptp Encapsulation
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. For more information on PPTP, please refer to the appendices The Prestige supports one PPTP server connection at any given time. Figure 4-2 Wizard 2: PPTP Encapsulation Table 4-3 PPTP Encapsulation FIELD DESCRIPTION...
Page 48: Pppoe Encapsulation
FIELD Encapsulation Select PPTP from the pull-down list box. User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above. Nailed Up Select Nailed Up Connection if you do not want the connection to time out. Connection Type the time in seconds that elapses before the router automatically disconnects Idle Timeout...
Page 49: Figure 4-3 Wizard2: Pppoe Encapsulation
the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users. One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.
Page 50: Table 4-4 Pppoe Encapsulation
FIELD ISP Parameter for Internet Access Choose an encapsulation method from the pull-down list box. PPPoE forms a dial-up Encapsulation connection. Service Name Type the name of your service provider. (Optional) User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above.
Page 51: Table 4-5 Private Ip Address Ranges
You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 52: Dns Server Address Assignment
Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP. The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered.
Page 53: Figure 4-4 Wizard 3
Table 4-6 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address Subnet mask Gateway (or default route) FIELD WAN IP Address Assignment Get automatically from Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Page 54 FIELD Enter your WAN IP address in this field when you selected Use Fixed IP IP Address Address. Enter the IP subnet mask in this field if applicable when you selected Use Fixed IP Address. This field is not visible when you chose PPPoE IP Subnet Mask encapsulation in the previous wizard screen.
Page 55: Basic Setup Complete
Basic Setup Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet. The rest of this User’s Guide shows you how to configure the SMT menus except where no SMT menus exist for certain features such as UPnP and the firewall.
Page 56: Chapter 5 Introducing The Smt And General Setup
Introducing the SMT and General Setup This chapter shows you how to access the SMT menus via the console port, how to navigate the Accessing the Prestige via the Console Port Make sure you have the physical connection properly set up as described in the hardware installation chapter.
Page 57: Navigating The Smt Interface
Prestige 324 Intelligent Broadband Sharing Gateway Copyright (c) 1994 - 2002 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:a0:c5:01:23:45 initialize ch =1, ethernet address: 00:a0:c5:01:23:46 Press ENTER to continue... 5.1.2 Entering the Password The login screen appears after you press [ENTER], prompting you to enter the password, as shown next.
Page 58: Table 5-1 Main Menu Commands
OPERATION Move down to To move forward to a submenu, type in the number of the desired submenu and another menu press [ENTER]. Move up to a Press the [ESC] key to move back to the previous menu. previous menu Move to a “hidden”...
Page 59: Figure 5-3 Prestige Main Menu
Prestige 324 Intelligent Broadband Sharing Gateway Copyright (c) 1994 - 2002 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 15. NAT Setup Enter Menu Selection Number: 5.2.2 System Management Terminal Interface Summary...
Page 60: Changing The System Password
Menu Title System Maintenance Schedule Setup Exit Changing the System Password The first thing you should do is change the default system password by following the steps shown next. Step 1. Enter 23 in the main menu to open Menu 23 - System Password as shown next. Old Password= ? New Password= ? Retype to confirm= ?
Page 61: Figure 5-5 Example Xmodem Upload
Prestige 324 Intelligent Broadband Sharing Gateway 5.3.1 Resetting the Prestige If you forget your password or cannot access the SMT menu, you will need to reload the factory-default configuration file or use the RESET button the back of the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file.
Page 62: General Setup
Procedure To Use The RESET Button Make sure the PWR led is on (not blinking) when you begin this procedure. Step 1. Press the RESET button for ten seconds, then release it. If the PWR LED begins to blink, the defaults have been restored and the Prestige restarts. Otherwise, go to step 2. Step 2.
Page 63: Figure 5-6 Menu 1 - General Setup
Prestige 324 Intelligent Broadband Sharing Gateway 5.4.1 Dynamic DNS Dynamic DNS (Domain Name System) allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe or other services). You can also access your FTP server or Web site on your own computer using a DNS-like address (for example, myhost.dhs.org, where myhost is a name of your choice) which will never change instead of using an IP address that changes each time you reconnect.
Page 64: Table 5-3 General Setup Menu Field
FIELD System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
Page 65: Figure 5-7 Configure Dynamic Dns
Prestige 324 Intelligent Broadband Sharing Gateway Service Provider= WWW.DynDNS.ORG Active= Yes DDNSType= DynamicDNS Host1= Host2= Host3= EMAIL= USER= Password= ******** Enable Wildcard= No Offline= N/A Edit Update IP Address: Use Server Detected IP= Yes User Specified IP Addr=No IP Addr=N/A Press ENTER to confirm or ESC to cancel: Follow the instructions in the next table to configure Dynamic DNS parameters.
Page 66 Table 5-4 Configure Dynamic DNS Menu Fields FIELD Enable Wildcard Your Prestige supports DYNDNS Wildcard. Press [SPACE BAR] and then [ENTER] to select Yes or No This field is N/A when you choose DDNS client as your service provider. This field is only available when CustomDNS is selected in the Offline DDNS Type field.
Page 68: Chapter 6 Wan Setup And Dial Backup
This chapter describes how to configure the WAN using menu 2 and dial-backup using menus 2, Cloning The MAC Address The MAC address field allows users to configure the WAN port's MAC address by using either the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file).
Page 69: Dial Backup
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-1 MAC Address Cloning in WAN Setup Menu FIELD MAC Address: Assigned By Press [SPACE BAR] and then [ENTER] to choose one of two methods to assign a MAC Address. Choose Factory Default to select the factory assigned default MAC Address.
Page 70: Figure 6-2 Configuring Dial Backup In Menu 2
Press ENTER to Confirm or ESC to Cancel: Figure 6-2 Configuring Dial Backup in Menu 2 The following table contains instructions on how to configure your WAN setup. Table 6-2 Configuring Dial Backup in Menu 2 FIELD Dial-Backup: Active Use this field to turn the dial-backup feature on (Yes) or off (No). Phone Enter the telephone number assigned to your line by your telephone Number...
Page 71: At Command Strings
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-2 Configuring Dial Backup in Menu 2 FIELD Edit Advanced To edit the advanced setup for the Dial Backup port, move the cursor to Setup this field; press the [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 2.1: Advanced Setup.
Page 72: Figure 6-3 Menu 2.1 Advanced Wan Setup
To edit the advanced setup for the Dial Backup port, move the cursor to the Edit Advanced Setup field in Menu 2 - WAN Setup, press the [SPACE BAR] to select Yes and then press [ENTER]. AT Command Strings: Dial= atdt Drop= ~~+++~~ath Answer= ata Drop DTR When Hang Up= Yes...
Page 73: Table 6-4 Advanced Wan Port Setup: Call Control Parameters
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-3 Advanced WAN Port Setup: AT Commands Fields FIELD AT Response String: CLID (Calling Line Enter the keyword that precedes the CLID (Calling Line Identification) Identification) in the AT response string. This lets the Prestige capture the CLID in the AT response string that comes from the WAN device.
Page 74: Figure 6-4 Menu 11.1 Remote Node Profile (Backup Isp)
6.2.6 Configuring Remote Node Profile (Backup ISP) Enter 2 in Menu 11 Remote Node Setup to open Menu 11.1 Remote Node Profile (Backup ISP) (shown below) and configure the setup for your Dial Backup port connection. Not available on all models. Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Active= Yes...
Page 75 Prestige 324 Intelligent Broadband Sharing Gateway Table 6-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD Authen This field sets the authentication protocol used for outgoing calls. Options for this field are: CHAP/PAP - Your Prestige will accept either CHAP or PAP when requested by this remote node.
Page 76: Editing Ppp Options
Table 6-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD Allocated Enter the maximum number of minutes that this remote node may be Budget called within the time period configured in the Period field. The default for this field is 0 meaning there is no budget control and no time limit for accessing this remote node.
Page 77: Figure 6-5 Menu 11.2 - Remote Node Ppp Options
Prestige 324 Intelligent Broadband Sharing Gateway Press Space Bar to Toggle. Figure 6-5 Menu 11.2 - Remote Node PPP Options Table 6-6 Menu 11.2 - Remote Node PPP Options FIELD Encapsulation Select the vendor-specific encapsulation for the link. There are two options in this field. Standard PPP - Standard PPP encapsulation is used.
Page 78 Password: To handle the first prompt, you specify “ogin: ” as the Expect string and “myLogin” as the Send string in set. The reason for leaving out the leading “L” is to avoid having to know exactly whether it is upper or lower case.
Page 79: Figure 6-6 Remote Node Setup Script
Prestige 324 Intelligent Broadband Sharing Gateway Active= No Set 1: Expect= Send= Set 2: Expect= Send= Set 3: Expect= Send= Set 4: Expect= Send= Press Space Bar to Toggle. FIELD Active Press the space bar to toggle between Yes and No. Set 1-6: Enter an Expect string to match.
Page 80: Chapter 7 Lan Setup
Introduction From the main menu, enter 3 to display menu 3 (shown next). 7.1.1 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic. You seldom need to filter the LAN traffic, however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches.
Page 81: Tcp/Ip And Dhcp For Lan
Prestige 324 Intelligent Broadband Sharing Gateway Figure 7-2 Menu 3.1 — LAN Port Filter Setup Menu 3.2 is discussed in the next part of the manual. Please read on. TCP/IP and DHCP for LAN The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.
Page 82: Table 7-1 Example Of Network Properties For Lan Servers With Fixed Ip Addresses
IP Pool Setup The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server computers, e.g., server for mail, FTP, telnet, web, etc., that you may have. DNS Server Address The DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa, e.g., the IP address of www.zyxel.com is 204.217.0.2.
Page 83: Table 7-2 Private Ip Address Ranges
Prestige 324 Intelligent Broadband Sharing Gateway enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let’s say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved).
Page 84: Rip Setup
Prestige 324 Intelligent Broadband Sharing Gateway assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 7.2.5 RIP Setup RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers.
Page 85: Tcp/Ip And Dhcp Ethernet Setup
Prestige 324 Intelligent Broadband Sharing Gateway The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Page 86: Figure 7-5 Menu 3 - Lan Setup (10/100 Mbps Ethernet)
Figure 7-5 Menu 3 — LAN Setup (10/100 Mbps Ethernet) To edit the TCP/IP and DHCP configuration, enter 2 to display Menu 3.2 - TCP/IP and DHCP Ethernet Setup as shown next. Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP= Server Configuration: Client IP Pool Starting Address= 192.168.1.33...
Page 87: Table 7-3 Lan Dhcp Setup Menu Fields
Prestige 324 Intelligent Broadband Sharing Gateway FIELD DHCP This field enables/disables the DHCP server. If it is set to Server, your Prestige will act as a DHCP server. If set to None, DHCP service will be disabled and you must have another DHCP sever on your LAN, or else the workstation must be manually configured.
Page 88: Figure 7-7 Menu 3.2.1 - Ip Alias Setup
FIELD Edit IP Alias The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Press the [SPACE BAR] to select Yes, then press [ENTER] to display menu 3.2.1 When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
Page 89 Prestige 324 Intelligent Broadband Sharing Gateway FIELD IP Address Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige.
Page 90: Chapter 8 Internet Access
Prestige 324 Broadband Sharing Gateway with 4-Port Switch This chapter shows you how to configure your Prestige for Internet access. Internet Access Setup You will see three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE encapsulation.
Page 91: Figure 8-1 Internet Access Setup (Ethernet)
ISP's Name= myISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation = SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 8-1 Internet Access Setup (Ethernet) The following table describes this screen.
Page 92: Configure Pptp Client
Prestige 324 Broadband Sharing Gateway with 4-Port Switch Table 8-1 Internet Access Setup Menu Fields FIELD IP Address Assignment If your ISP did not assign you a fixed IP address, select Dynamic, otherwise select Static and enter the IP address & subnet mask in the following fields. IP Address Enter the (fixed) IP address assigned to you by your ISP (Static IP Address Assignment is selected in the previous field).
Page 93: Figure 8-2 Internet Access Setup (Pptp)
ISP's Name= myISP Encapsulation= PPTP Service Type= N/A My Login= My Password= ****** Idle Timeout= 300 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address=N/A Network Address Translation = SUA Only Press ENTER to Confirm or ESC to Cancel: The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4.
Page 94: Figure 8-3 Internet Access (Pppoe)
Prestige 324 Broadband Sharing Gateway with 4-Port Switch procedures for Windows users. One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.
Page 95: Internet Test Setup
Table 8-3 New Fields in Menu 4 (PPPoE) screen FIELD Encapsulation Press the [SPACE BAR] and then press [ENTER] to choose PPPoE. The encapsulation method influences your choices for IP Address. Idle Timeout This value specifies the time in seconds that elapses before the Prestige automatically disconnects from the PPPoE server.
Page 97: Advanced Applications
Advanced Applications This section describes the advanced applications of your Prestige, such as NAT, Remote Node Setup and IP Static Route Setup.
Page 98: Chapter 9 Remote Node Setup
This chapter shows you how to configure menu 11 and all its sub-menus including traffic redirect. Introduction A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node.
Page 99: Figure 9-1 Menu 11.1 Remote Node Profile For Ethernet Encapsulation
Rem Node Name= ChangeMe Active= Yes Encapsulation= Ethernet Service Type= Standard Service Name= N/A Outgoing: My Login= N/A My Password= N/A Server IP= N/A Figure 9-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Table 9-1 Fields in Menu 11.1 (Ethernet Encapsulation) FIELD Rem Node Enter a descriptive name for the remote node.
Page 100: Pptp Encapsulation
Table 9-1 Fields in Menu 11.1 (Ethernet Encapsulation) FIELD Service Name This is valid only when you have chosen PPPoE encapsulation. If you are using PPPoE encapsulation, then type the name of your PPPoE service here. Outgoing My Login This field is applicable for PPPoE encapsulation only. Enter the login name assigned by your ISP when the Prestige calls this remote node.
Page 101: Figure 9-2 Remote Node Profile For Pptp Encapsulation
Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Active= Yes Encapsulation= PPTP Service Type= Standard Service Name=N/A Outgoing: My Login= My Password= ******** Authen= CHAP/PAP PPTP : IP Addr= Server IP Addr= Connection ID/Name= Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
Page 102 Prestige 324 Intelligent Broadband Sharing Gateway Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled.
Page 103: Figure 9-3 Menu 11.1 Remote Node Profile For Pppoe Encapsulation
Rem Node Name= ChangeMe Active= Yes Encapsulation= PPPoE Service Type= Standard Service Name= Outgoing= My Login= My Password= ******** Authen= CHAP/PAP Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 9-3 Menu 11.1 Remote Node Profile for PPPoE Encapsulation The next table describes the fields NOT already described in Table 9-1 already.
Page 104: Edit Ip Remote Node Network Layer Options
Table 9-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only) FIELD Schedules You can apply up to four schedule sets here. For more details please refer to the Call Scheduling chapter. Nailed-Up This field specifies if you want to make the connection to this Connection remote node a nailed-up connection.
Page 105: Table 9-4 Remote Node Network Layer Options Menu Fields
Table 9-4 Remote Node Network Layer Options Menu Fields FIELD IP Address If your ISP did not assign you an explicit IP address, select Assignment Dynamic; otherwise select Static and enter the IP address & subnet mask in the following fields. Rem IP If you have a Static IP Assignment, enter the IP address assigned to Address...
Page 106: Remote Node Filter
Table 9-4 Remote Node Network Layer Options Menu Fields FIELD broadcasts. Press the [SPACE BAR] to select the RIP direction. Options are: Both, None, In Only, Out Only or None. Please see the RIP Setup section for more information on RIP. The default for RIP on the WAN side is None.
Page 107: Traffic Redirect
Menu 11.5 - Remote Node Filter Input Filter Sets: Output Filter Sets: Call Filter Sets: Enter here to CONFIRM or ESC to CANCEL: Figure 9-5 Remote Node Filter (Ethernet Encapsulation) Figure 9-6 Remote Node Filter (PPTP/PPPoE Encapsulation) Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet through its normal gateway.
Page 108: Figure 9-7 Traffic Redirect Wan Setup
Prestige 324 Intelligent Broadband Sharing Gateway Figure 9-7 Traffic Redirect WAN Setup The following network topology allows you to avoid triangle route security holes when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network.
Page 109: Figure 9-9 Menu 11.1 - Remote Node Profile
2. Traffic-redirect route. 3. Dial-backup route. For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the Prestige tries the traffic-redirect route next.
Page 110: Figure 9-10 Menu 11.6 - Traffic Redirect Setup
9.5.2 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the backup gateway using Menu 11.6 — Traffic Redirect Setup. Figure 9-10 Menu 11.6 — Traffic Redirect Setup FIELD Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup.
Page 111 FIELD Metric Enter a number from 1 to 15 to set this route’s priority among the Prestige’s routes (see Route Priority and Metric on page 9-11) The smaller the number, the higher priority the route has. Check WAN Enter the IP address of a reliable nearby computer (for example, your IP Address ISP’s DNS server address) to test your Prestige’s WAN accessibility.
Page 112: Chapter 10 Ip Static Route Setup
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 10 IP Static Route Setup This chapter shows you how to configure static routes with your Prestige. Static routes tell the Prestige routing information what it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN. Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.
Page 113: Figure 10-2 Menu 12 - Ip Static Route Setup
10.1 IP Static Route Setup You configure IP static routes in menu 12. 1, by selecting one of the IP static routes as shown below. Enter 12 from the main menu. Figure 10-2 Menu 12 — IP Static Route Setup Now, enter the index number of one of the static routes you want to configure.
Page 114: Table 10-1 Ip Static Route Menu Fields
Table 10-1 IP Static Route Menu Fields FIELD Route # This is the index number of the static route that you chose in menu 12. Route Name Enter a descriptive name for this route. This is for identification purposes only. Active This field allows you to activate/deactivate this static route.
Page 116: Chapter 11 Network Address Translation (Nat)
Network Address Translation (NAT) 11.1 Introduction NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, e.g., the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 117: What Nat Does
NAT never changes the IP address (either local or global) of an outside host. 11.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back the inside local address before forwarding it to the original inside host.
Page 118: Figure 11-1 How Nat Works
Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-1 How NAT Works 11.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
Page 119: Figure 11-2 Nat Application With Ip Alias
Figure 11-2 NAT Application With IP Alias 11.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. 2. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Page 120: Table 11-2 Nat Mapping Types
3. Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses. 4. Many One-to-One: In Many One-to-One mode, the Prestige maps the each local IP addresses to unique global IP addresses. 5.
Page 121: Sua (Single User Account) Versus Nat
TYPE Many-One-to-One Server 11.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyXEL implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See section 11.3.1 for a detailed description of the NAT set for SUA.
Page 122: Figure 11-3 Menu 4 - Applying Nat For Internet Access
Figure 11-3 Menu 4 — Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11.1. Step 1. Enter 11 from the main menu. Step 2. Move the cursor to the Edit IP field, press the [SPACE BAR] to select Yes and then press Step 3.
Page 123: Nat Setup
Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address: N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= 1 Private= No RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: Press Space Bar to Toggle.
Page 124: Figure 11-5 Menu 15 - Nat Setup
will use Set 1, which supports all mapping types as outlined in Table 11-2. When you select SUA Only, the SMT will use the pre-configured Set 255 (read only). The Server Set is a list of LAN side servers mapped to external ports. To use this set (one set for the Prestige 10), a server rule must be set up inside the NAT Address Mapping set.
Page 125: Figure 11-7 Menu 15.1.255 - Sua Address Mapping Rules
Set Name= SUA Idx Local Start IP --- --------------- --------------- --------------- --------------- ------ 1. 0.0.0.0 255.255.255.255 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 11-7 Menu 15.1.255 — SUA Address Mapping Rules The following table explains the fields in this screen. FIELD Set Name This is the name of the set you selected in menu...
Page 126 Table 11-4 SUA Address Mapping Rules FIELD Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types discussed above (see Table 11-2).
Page 127: Figure 11-8 Menu 15.1.1 - First Set
Set Name= ? Idx Local Start IP --- --------------- --------------- --------------- --------------- ------ Action= None Press ENTER to Confirm or ESC to Cancel: The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify.
Page 128 FIELD Action The default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule.
Page 129: Figure 11-9 Menu 15.1.1.1 - Editing/Configuring An Individual Rule In A Set
Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= End = N/A Global IP: Start= End = N/A Press Space Bar to Toggle. Figure 11-9 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set Table 11-6 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set FIELD Type Press the [SPACE BAR] to select one of five types.
Page 130: Port Forwarding Setup
Prestige 324 Intelligent Broadband Sharing Gateway Table 11-6 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Once you have finished configuring a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel. When you configure One-to-One and Many-One-to-One mapping rules, the firewall automatically allows traffic originating from the WAN to be forwarded to the LAN IP address(es) of the computers specified in those rules.
Page 131: Table 11-7 Services & Port Numbers
ECHO FTP (File Transfer Protocol) Telnet SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System) Finger HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) NNTP (Network News Transport Protocol) SNMP (Simple Network Management Protocol) SNMP trap PPTP (Point-to-Point Tunneling Protocol) Configuring a Server behind NAT Follow these steps to configure a server behind NAT:...
Page 132: Figure 11-10 Menu 15.2 - Nat Server Setup
Menu 15.2 - NAT Server Setup Rule Start Port No. --------------------------------------------------- Default Press ENTER to Confirm or ESC to Cancel: Figure 11-10 Menu 15.2 — NAT Server Setup Figure 11-11 Multiple Servers Behind NAT Example Prestige 324 Intelligent Broadband Sharing Gateway End Port No.
Page 133: Figure 11-12 Trigger Port Forwarding Process: Example
11.3.3 Trigger Port Setup The Prestige records the IP address of a LAN computer that requests a service that you have defined as a “trigger port”. The response from the Internet can then be forwarded directly to the LAN computer. Trigger ports are transient;...
Page 134: Figure 11-13 Menu 15.3: Trigger Port Setup
Enter 3 in menu 15 to display Menu 15.3 — Trigger Port Setup, shown next. Rule Name ---------------------------------------------------------------------- Real Audio Figure 11-13 Menu 15.3: Trigger Port Setup Prestige 324 Intelligent Broadband Sharing Gateway Menu 15.3 - Trigger Port Setup Incoming Start Port End Port 6970...
Page 135: General Nat Examples
Table 11-8 Menu 15.3—Trigger Port Setup Description FIELD Rule This is the rule index number. Name Enter a unique name for identification purposes. You may enter up to 15 characters in this field. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Page 136: Figure 11-14 Nat Example 1
ISP's Name= ChangeMe Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 11-15 Menu 4 —...
Page 137: Figure 11-16 Nat Example 2
11.4.2 Example 2: Internet Access with an Inside Server In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown later. 11.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP.
Page 138: Figure 11-17 Nat Example 3
Rule 4. You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets.
Page 139: Figure 11-18 Example 3: Menu 11.3
Step 4. Select Type as One-to-One (direct mapping for packets going both ways), and enter the local Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Start IP as 10.132.50.1 (our first IGA). (See Figure 11-19). Step 5.
Page 140: Figure 11-19 Example 3: Menu 15.1.1.1
Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Set Name= Example3 Idx Local Start IP --- --------------- --------------- --------------- --------------- ------ 1.
Page 141: Figure 11-21 Example 3: Menu 15.2
Rule --------------------------------------------------- Press ENTER to Confirm or ESC to Cancel: 11.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for this mapping type. The following figure illustrates this.
Page 142: Figure 11-22 Nat Example 4
Other applications, for example, gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications still won’t work through NAT even when using One-to-One and Many One-to-One Follow the steps outlined in example 3 above to configure these two menus as follows. Type= Many-One-to-One Local IP: Start= 192.168.1.10...
Page 143: Figure 11-24 Example 4: Menu 15.1.1 - Address Mapping Rules
Set Name= Example4 Idx Local Start IP --- --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 Action= Edit Press ENTER to Confirm or ESC to Cancel: Figure 11-24 Example 4: Menu 15.1.1 — Address Mapping Rules 11-28 Menu 15.1.1 - Address Mapping Rules Local End IP Global Start IP Global End IP 192.168.1.12...
Page 145: Advanced Management
Advanced Management This section provides information on Firewall, Filter Configuration, SNMP Configuration, System Information and Diagnosis, Firmware and Configuration File Maintenance, System Maintenance and Call Scheduling.
Page 147: Chapter 12 Firewall
Chapter 12 Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 12.1 Introduction What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 148: Guidelines For Enhancing Security With Your Firewall
The Prestige can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
Page 149: Smt Firewall Menu
12.2 SMT Firewall Menu Enter “21” from the main menu to display the following screen. Figure 12-1 Menu 21 - Filter and Firewall Setup Enter “2” to display the firewall setup menu. You may only enable or disable the firewall in this screen. Use the web configurator to configure the firewall.
Page 150: Web Configurator Firewall Settings Screen
The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies. You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so.
Page 151: Figure 12-3 Firewall Settings
FIELD Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. LAN to WAN To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen.
Page 152: The Firewall, Nat And Remote Management
FIELD Packets to Log Choose what LAN to WAN packets to log. Choose from: WAN to LAN To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen. Packets to Log Choose what WAN to LAN and WAN to WAN/Prestige packets to log.
Page 153: Figure 12-4 Firewall Rule Directions
12.4.1 LAN-to-WAN rules LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all traffic from your local network to the Internet. How can you block certain LAN to WAN traffic? You may choose to block certain LAN-to-WAN traffic in the Services screen (click the Services tab). All services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that block those services originating from the LAN.
Page 154: Filter
what WAN-to-LAN packets to log, you are in fact deciding what WAN-to-LAN and WAN-to- WAN/Prestige packets to log. Allow NetBIOS traffic from the WAN to the LAN using the WAN IP web screen or SMT menu 24.8 commands. Forwarded WAN-to-LAN packets are not considered alerts. 12.5 Filter Click on the Filter tab.
Page 155: Table 12-2 Firewall Filter
FIELD Restricted Web Features ActiveX ActiveX is a tool for building dynamic and active Web pages and distributed object applications. When you visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you visit the site again. Java Java is a programming language and development environment for building downloadable Web components or Internet and intranet business applications of all...
Page 156: Services
12.6 Services Click on the Service tab. The screen appears as shown next. Use this screen to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them. Figure 12-6 Firewall Service 12-10 Firewall...
Page 157: Table 12-3 Firewall Service
FIELD Enable Services Select this check box to enable this feature. Blocking Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field.
Page 159: Chapter 13 Filter Configuration
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 13 Filter Configuration This chapter shows you how to create and apply filter(s). 13.1 About Filtering Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
Page 160: Figure 13-1 Outgoing Packet Filtering Process
match Outgoing Data Filtering Packet Match Drop packet Figure 13-1 Outgoing Packet Filtering Process For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets 13.1.1 The Filter Structure of the Prestige A filter set consists of one or more filter rules.
Page 161: Figure 13-2 Filter Rule Process
Prestige 324 Intelligent Broadband Sharing Gateway Start Packet into Filter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Execute Filter Next Filter Set Next Filter Rule Available? Available? Rule Check Next Rule Forward Drop Drop Packet...
Page 162: Configuring A Filter Set
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 13.2 Configuring a Filter Set To configure a filter set, follow the procedure below.
Page 163: Figure 13-5 Menu 21.1.1 - Filter Rules Summary
Press [ENTER] at the message: [Press ENTER to confirm] to open Menu 21.1.1 — Filter Rules Summary. # A Type - - ---- ------------------------------------------------------------ Enter Filter Rule Number (1-6) to Configure: Figure 13-5 Menu 21.1.1 – Filter Rules Summary 13.2.1 Filter Rules Summary Menu This screen shows the summary of the existing rules in the filter set.
Page 164: Table 13-2 Rule Abbreviations Used
Table 13-1 Abbreviations Used in the Filter Rules Summary Menu FIELD Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. Action Not Matched. “F”...
Page 165: Figure 13-6 Menu 21.1.1 - Tcp/Ip Filter Rule
separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filter field or vice versa, the Prestige will warn you and will not allow you to save. 13.2.3 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule.
Page 166 FIELD IP Protocol Protocol refers to the upper layer protocol, e.g., TCP is 6, UDP is 17 and ICMP is 1. This value must be between 0 and 255 If Yes, the rule applies to packet with IP source route IP Source Route option;...
Page 167 Table 13-3 TCP/IP Filter Rule Menu Fields FIELD More If Yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields. If the More field is Yes, then Action Matched and Action Not Matched will be No.
Page 168: Figure 13-7 Executing An Ip Filter
Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Matched Check IP Protocol Matched Check Src & Dest Port Matched More? Action Matched Drop Drop Packet 13-10 Not Matched...
Page 169: Figure 13-8 Menu 21.4.1 - Generic Filter Rule
13.2.4 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.
Page 170 Table 13-4 Generic Filter Rule Menu Fields FIELD Filter Type Use the [SPACE BAR] to select a rule. Parameters displayed below each type will be different. Options are: Generic Filter Rule or TCP/IP Filter Rule. Select Yes to turn on the filter rule. Active Offset Enter the starting byte of the data portion in the packet that you...
Page 171: Example Filter
13.3 Example Filter Let’s look at an example to block outside users from accessing the Prestige via telnet. See the included support CD for more example filters. 1. Enter 21 from the main menu to open Menu 21 - Filter Set Configuration. 2.
Page 172: Figure 13-10 Example Filter - Menu 21.3.1
Menu 21.7.1 - TCP/IP Filter Rule Filter #: 7,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 21 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No...
Page 173: Figure 13-11 Example Filter Rules Summary — Menu 21.3
# A Type - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 Enter Filter Rule Number (1-6) to Configure: 2 This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination FTP ports (DP = 21).
Page 174: Filter Types And Nat
# A Type Filter Rules - - ---- ------------------------------------------------------------------------------- 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 Enter Filter Rule Number (1-6) to Configure: Figure 13-12 Example Filter Rules Summary After you’ve created the filter set, you must apply it. 6.
Page 175: Applying A Filter And Factory Defaults
Figure 13-13 Protocol and Device Filter Sets 13.5 Applying a Filter and Factory Defaults This section shows you where to apply the filter(s) after you design it (them). 13.5.1 LAN traffic You seldom need to filter LAN traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches.
Page 176: Figure 13-15 Filtering Remote Node Traffic
13.5.2 Remote Node Filters Go to menu 11.5 (shown next – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas.
Page 177: Chapter 14 Upnp
14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Page 178: Upnp And Zyxel
14.1.3 Cautions with UPnP The automated nature of NAT Transversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 179: Figure 14-1 Configuring Upnp
FIELD Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use a and Play (UPnP) feature UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Page 180: Installing Upnp In Windows Example
FIELD Allow UPnP to pass through firewall UPNP Name Apply Reset 14.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 9.
Page 181: Installing Upnp In Windows Xp
In the Communications window, select the Universal Plug and Play check box in the Components selection box. Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 11.
Page 182: Using Upnp In Windows Xp Example
Select Networking Service in the Components selection box and click Details. In the Networking Services window, select the Universal Plug and Play check box. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 14.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
Page 183 Auto-discover Your UPnP-enabled Network Device 14. Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 15. Right-click the icon and select Properties. UPnP Prestige 324 Intelligent Broadband Sharing Gateway 14-7...
Page 184 In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. When the UPnP-enabled device is disconnected from your computer, all port Select Show icon in notification area when connected option and click OK. An icon displays in the system tray 14-8 mappings will be deleted automatically.
Page 185: Web Configurator Easy Access
Prestige 324 Intelligent Broadband Sharing Gateway Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device. Follow the steps below to access the web configurator.
Page 186 An icon with the description for each UPnP- enabled device displays under Local Network. Right-click on the icon for your ZyXEL device and select Invoke. The web configurator login screen displays. Right-click on the icon for your ZyXEL device and select Properties.
Page 187: Chapter 15 Snmp Configuration
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 15 SNMP Configuration This chapter explains SNMP configuration menu 22. SNMP is only available if TCP/IP is configured. 15.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices.
Page 188: Supported Mibs
COMMAND Allows the manager to retrieve an object variable from the agent. GetNext Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Page 189: Snmp Traps
Table 15-2 SNMP Configuration Menu Fields FIELD Type the Get Community, which is the password for the incoming Get Community Get- and GetNext requests from the management station. Set Community Type the Set community, which is the password for incoming Set requests from the management station.
Page 190 TRAP # TRAP NAME For intentional reboot: For fatal error: 15-4 Table 15-3 SNMP Traps A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (e.g. download new files, CI command "sys reboot", etc.). A trap is sent with the message of the fatal code if the system reboots because of fatal errors.
Page 191: Chapter 16 System Information & Diagnosis
System Information & Diagnosis This chapter covers the diagnostic tools that help you to maintain your Prestige. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below. Figure 16-1 Menu 24 —...
Page 192: Figure 16-2 Menu 24.1 - System Maintenance - Status
16.1.1 To get to the System Status: • Enter 24 to display Menu 24 - System Maintenance. • In this menu, enter number 1 to open System Maintenance - Status. • There are three commands in Menu 24.1 - System Maintenance - Status. Entering 1 drops the WAN (PPTP/PPPoE) connection, 9 resets the counters and [ESC] takes you back to the previous screen.
Page 193: System Information And Console Port Speed
Table 16-1 System Maintenance — Status Menu Fields FIELD RxPkts The number of received packets on this port. Cols The number of collisions on this port. Tx B/s Shows the transmission speed in Bytes per second on this port. Rx B/s Shows the reception speed in Bytes per second on this port.
Page 194: Figure 16-3 Menu 24.2 - System Information And Console Port Speed
Enter 24 to go to Menu 24 - System Maintenance. Enter 2 to open Menu 24.2 - System Information and Console Port Speed. From this menu you have two choices as shown in the next figure: Menu 24.2 - System Information and Console Port Speed Please enter selection: Figure 16-3 Menu 24.2 —...
Page 195: Figure 16-5 Menu 24.2.2 - System Maintenance - Change Console Port Speed
Table 16-2 Fields in System Maintenance FIELD Name This is the Prestige's system name + domain name assigned in menu 1. E.G., System Name= Prestige; Domain Name= Name= Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the version of ZyXEL's Network Operating System software. Ethernet Address Refers to the Ethernet MAC (Media Access Control) address of your Prestige.
Page 196: Log And Trace
16.3 Log and Trace There are three logging facilities in the Prestige. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging. UNIX syslog is an external UNIX server used for storing log messages.
Page 197: Figure 16-7 Examples Of Error And Information Messages
59 Thu Jan 1 00:00:03 1970 PINI INFO SMT Session Begin 60 Thu Jan 1 00:05:11 1970 PINI INFO SMT Session End 61 Thu Jan 1 00:17:59 1970 PINI INFO SMT Session Begin 62 Thu Jan 1 00:24:40 1970 PINI INFO SMT Session End 63 Thu Jan 1 00:35:32 1970 PINI INFO SMT Session Begin Clear Error Log (y/n): Figure 16-7 Examples of Error and Information Messages...
Page 198 Table 16-3 System Maintenance Menu Syslog Parameters PARAMETER Syslog IP Address Enter the IP Address of the server that will log the CDR (Call Detail Record) and system messages i.e., the syslog server. Log Facility Press the [SPACE BAR] to toggle between the 7 different Local options. The log facility allows you to log the message to different files in the server.
Page 199: Diagnostic
IP Frame: ENET0-RECV Size: 44/ 44 Frame Type: IP Header: IP Version Header Length Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source IP Destination IP TCP Header: Source Port Destination Port Sequence Number Ack Number Header Length Flags...
Page 200: Figure 16-10 Menu 24.4 - System Maintenance - Diagnostic
TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Figure 16-10 Menu 24.4 — System Maintenance — Diagnostic Follow the procedure below to get to Menu 24.4 - System Maintenance – Diagnostic. Step 4.
Page 201: Figure 16-11 Wan & Lan Dhcp
The following table describes the diagnostic tests available in menu 24.4 for your Prestige and the connections. Table 16-4 System Maintenance Menu Diagnostic NUMBER FIELD Ping Host WAN DHCP Release WAN DHCP Renewal Internet Setup Test Reboot System Host IP Address System Information &...
Page 203: Chapter 17 Firmware And Configuration File Maintenance
Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 204: Backup Configuration
The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or ftp site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 - System Maintenance - Information to confirm that you have uploaded the correct firmware version.
Page 205: Figure 17-1 Telnet In Menu 24.5
Please note that terms “download” and “upload” are relative to the computer. Download means to transfer from the Prestige to the computer, while upload means from your computer to the Prestige. Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below:...
Page 206: Figure 17-2 Ftp Session Example
Example of FTP Commands from the DOS Prompt 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 207: Backup Configuration Using Tftp
There is a SMT console session running. 17.2.2 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients.
Page 208: Table 17-3 General Commands For Tftp Gui Clients
where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige IP address, “get” transfers the file source on the Prestige (rom-0 name of the configuration file on the Prestige) to the file destination on the computer and renames it config.rom. TFTP GUI Clients The following table describes some of the fields that you may see in some TFTP GUI clients.
Page 209: Figure 17-3 System Maintenance - Backup Configuration
Ready to backup Configuration via Xmodem. Do you want to continue (y/n): Figure 17-3 System Maintenance — Backup Configuration Step 1. The following screen indicates that the Xmodem download has started. You can enter ctrl-x to terminate operation any time. Starting XMODEM download...
Page 210: Restore Configuration
** Backup Configuration completed. OK. ### Hit any key to continue.### Figure 17-6 Successful Backup Confirmation Screen 17.3 Restore Configuration This section shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk.
Page 211: Figure 17-7 Telnet Into Menu 24.6
Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
Page 212: Figure 17-8 Restore Using Ftp Or Tftp Session Example
Restore Using FTP or TFTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Figure 17-8 Restore Using FTP or TFTP Session Example Refer to the TFTP and FTP over WAN Will Not Work When section to read about configurations that disallow TFTP and FTP to work over WAN.
Page 213: Uploading Firmware And Configuration Files
Figure 17-11 Restore Configuration Example Step 6. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu. Figure 17-12 Successful Restoration Confirmation Screen 17.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files.
Page 214: Figure 17-13 Telnet Into Menu 24.7.1 - Upload System Firmware
DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 17.4.1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the Prestige, you will see the following screens for uploading firmware and the configuration file using FTP.
Page 215: Figure 17-14 Telnet Into Menu 24.7.2 - System Maintenance
Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 216: Figure 17-15 Ftp Session Example Of Firmware File Upload
FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec.
Page 217: Tftp Upload Command Example
Step 34. Use the TFTP client (see the example below) to transfer files between the Prestige and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the Prestige in CI mode before and during the TFTP transfer.
Page 218: Figure 17-16 Menu 24.7.1 As Seen Using The Console Port
Menu 24.7.1 - System Maintenance - Upload Router Firmware To upload router firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message. 3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.
Page 219: Figure 17-18 Menu 24.7.2 As Seen Using The Console Port
Uploading a Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload Router Configuration File. Follow the instructions as shown in the next screen. Menu 24.7.2 - System Maintenance - Upload Router Configuration File To upload router configuration file: 1.
Page 220: Figure 17-19 Example Xmodem Upload
Step 2. After the configuration upload process has completed, restart the Prestige by entering “atgo”. 17-18 Figure 17-19 Example Xmodem Upload Firmware and Configuration Maintenance Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol.
Page 221: Chapter 18 System Maintenance & Information
System Maintenance & Information 18.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. The CI can be entered from the SMT by selecting menu 24.8.
Page 222: Call Control Support
Copyright (c) 1994 - 2002 ZyXEL Communications Corp. ras> ? Valid commands are: exit ras> 18.2 Call Control Support The Prestige provides two call control functions: budget management and call history. Please note that this menu is only applicable when Encapsulation is set to PPPoE or PPTP in menu 4 or menu 11.1.
Page 223: Figure 18-4 Budget Management
18.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Remote Node 1. ChangeMe The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will be blocked.
Page 224: Figure 18-5 Call History
18.2.2 Call History This is the second option in Menu 24.9 - System Maintenance - Call Control. It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Phone Number FIELD Phone Number...
Page 225: Time And Date Setting
18.3 Time and Date Setting Time and Date Setting is a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige.
Page 226: Figure 18-7 Menu 24.10 System Maintenance - Time And Date Setting
Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: New Time (hh:mm:ss): Current Date: New Date (yyyy-mm-dd): Time Zone= GMT Daylight Saving= No Start Date (mm-dd): End Date (mm-dd): Figure 18-7 Menu 24.10 System Maintenance —...
Page 227 Table 18-3 Time and Date Setting Fields FIELD Time Zone Press [SPACE BAR] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings.
Page 229: Chapter 19 Remote Management
Chapter 19 Remote Management This chapter covers remote management (SMT menu 24.11). 19.1 Introduction You may restrict a service that can be used to remotely manage the Prestige using SMT menu 11 and submenus. 19.1.1 Telnet First configure your Prestige for remote management through an SMT session using the console port. Once your Prestige is configured, you can configure it remotely using Telnet as shown next.
Page 230: Remote Management Setup
19.1.3 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 19.1.4 SNMP (Simple Network Management Protocol) Simple Network Management Protocol is a member of TCP/IP protocol suite that is used for exchanging management information between network devices.
Page 231: Figure 19-2 Menu 24.11 - Remote Management Control
If you enable remote management of a service, but have applied a filter to block the service, then you will not be able to remotely manage the service. To disable remote management of a service, select Disable in the corresponding Server Access field. Enter 11 from menu 24 to bring up Menu 24.11 –...
Page 232: Remote Management And The Firewall
Table 19-1 Menu 24.11 – Remote Management Control FIELD Server Access Select the access interface (if any) by pressing [SPACE BAR], then [ENTER] to choose from: LAN only, WAN only, ALL or Disable. Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige.
Page 233: System Timeout
Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 19.5 System Timeout A management session (either via the web configurator or SMT) can be left idle for 5 minutes (default) before the session times out.
Page 235: Chapter 20 Call Scheduling
This chapter shows you how to setup call time periods for remote nodes. 20.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a video-cassette recorder (you can record programs at times that you specify).
Page 236: Schedule Set Setup
Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts. For example, if sets 1, 2, 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2, 3 and 4 as the Prestige, by default, applies the lowest numbered set first. Set 2 will take precedence over set 3 and 4, and so on.
Page 237: Table 20-1 Schedule Set Setup Fields
FIELD Active Choose Yes to activate and No to deactivate the schedule set. Start Date Enter the start date that you wish the set to take effect in year - month-day format. Valid dates are from the present to February 5, 2036.
Page 238: Applying Schedule Sets To Remote Nodes
20.4 Applying Schedule Sets to Remote Nodes Once your schedule sets are configured, you must apply them to the desired remote node(s). Enter 11 from the main menu and, using the [SPACE BAR], select PPPoE or PPTP in the Encapsulation field. Enter your target remote node index number(s) in the Schedules field, as shown next.
Page 239: Figure 20-4 Applying Schedule Sets To A Remote Node Example (Pptp Encapsulation)
Rem Node Name= ChangeMe Active= Yes Encapsulation= PPTP Service Type= Standard Service Name= Outgoing: Rem Login= Rem Password= ******** Athen= CHAP/PAP PPTP: My IP Addr= Server IP Addr= Connection ID/Name= Authen= CHAP/PAP Press ENTER to Confirm or ESC to Cancel: Figure 20-4 Applying Schedule Sets to a Remote Node Example (PPTP Encapsulation) Call Scheduling Menu 11.1 - Remote Node Profile...
Page 241: Chapter 21 Troubleshooting
This chapter covers the potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. See 21.1 Problems Starting Up the Prestige Table 21-1 Troubleshooting the Start-Up of your Prestige PROBLEM None of the LEDs are on when you power on the Prestige...
Page 242: Problems With The Wan Interface
Prestige 324 Intelligent Broadband Sharing Gateway PROBLEM Cannot ping any computer on the LAN. 21.3 Problems with the WAN Interface Table 21-3 Troubleshooting the WAN interface PROBLEM Cannot get a WAN IP address from the ISP. Cannot connect to a remote node or ISP.
Page 244: Appendices And Index
Prestige 324 Intelligent Broadband Sharing Gateway Appendices and Index This section provides some Appendices and an Index.
Page 245: Appendix Apppoe
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
Page 246: Diagram 1 Single-Pc Per Modem Hardware Configuration
Prestige 324 Intelligent Broadband Sharing Gateway Diagram 1 Single-PC per Modem Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
Page 247: Diagram 2 Prestige As A Pppoe Client
The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs. Diagram 2 Prestige as a PPPoE Client PPPoE...
Page 248: Appendix Bpptp
Prestige 324 Intelligent Broadband Sharing Gateway Appendix B PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
Page 249: Diagram 4 Pptp Protocol Overview
When the Prestige is deployed in such a setup, it appears as a PC to the ANT (ADSL Network Termination). In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature allows users on the network to access a different remote server using the Prestige's Internet connection.
Page 250: Diagram 5 Example Message Exchange Between Pc And An Ant
Prestige 324 Intelligent Broadband Sharing Gateway Each PPTP session has distinct control connection and PPP data connection. Call Connection The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established before call control messages can be exchanged. Please note that a tunnel control connection supports multiple call sessions.
Page 251: Appendix C Boot Commands
The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware (ZyNOS) is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen. In debug mode you have access to a series of boot module commands, for example ATLC firmware) and...
Page 252: Diagram 7 Boot Module Commands
Prestige 324 Intelligent Broadband Sharing Gateway just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(y,m,d) change system date to year/month/day or show current date ATDS...
Page 253: Appendix D Netbios Filter Commands
Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to: •...
Page 254: Netbios Filter Configuration
Prestige 324 Intelligent Broadband Sharing Gateway The filter types and their default settings are as follows. NAME LAN to WAN This field displays whether NetBIOS packets are blocked or forwarded from the LAN to the WAN. WAN to the LAN This field displays whether NetBIOS packets are blocked or forwarded from the WAN to the LAN.
Page 255 This command blocks LAN to WAN NetBIOS packets Command: sys filter netbios config 1 off This command forwards WAN to the LAN NetBIOS packets Command: sys filter netbios config 2 on This command blocks IPSec NetBIOS packets Command: sys filter netbios config 3 off This command stops NetBIOS commands from initiating calls.
Page 256: Appendix E Log Descriptions
Prestige 324 Intelligent Broadband Sharing Gateway Configure centralized logs using the embedded web configurator; see the online help for details. LOG MESSAGE %s exceeds the max. number of session per host! LOG MESSAGE Time calibration is successful Time calibration failed DHCP client gets %s DHCP client IP expired...
Page 257: Chart 3 Upnp Logs
TELNET Login Successfully TELNET Login Fail FTP Login Successfully FTP Login Fail NAT Session Table is Full! !! Phase 1 ID type mismatch !! Phase 1 ID content mismatch !! No known phase 1 ID type found LOG MESSAGE UPnP pass through Firewall CATEGORY LOG MESSAGE URLFOR...
Page 258: Chart 5 Icmp Type And Code Explanations
Prestige 324 Intelligent Broadband Sharing Gateway JAVBLK IP/Domain Name Chart 5 ICMP Type and Code Explanations TYPE CODE Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench...
Page 259 Chart 5 ICMP Type and Code Explanations TYPE CODE Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Log Descriptions...
Page 260: Appendix F Power Adapter Specifications
Prestige 324 Intelligent Broadband Sharing Gateway AC Power Adapter Model: MW41-0901000A Input Power: AC120Volts/60Hz/13W Output Power: AC 9Volts/1.0A Power Consumption: 10 W Safety Standards: UL, CUL (UL 1310, CSA C22.2 No.223) AC Power Adapter Model: JAA-091000E Input Power: AC230Volts/50Hz/65mA Output Power: AC 9Volts/1.0A Power Consumption: 10 W Safety Standards: TUV, CE (EN 60950) United Kingdom Plug Standards...
Page 261: Appendix G Hardware Specifications
Power Specification MTBF Operation Temperature Ethernet Specification for WAN Ethernet Specification for LAN Cable Pin Assignments In a serial communications connection, generally a computer is DTE (Data Terminal Equipment) and a modem is DCE (Data Circuit-terminating Equipment). The Prestige is DCE when you connect a computer to the console port.
Page 262: Appendix H Setting Up Your Computer's Ip Address
Prestige 324 Intelligent Broadband Sharing Gateway Appendix H Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 263 1. Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. 2. The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add.
Page 264 Prestige 324 Intelligent Broadband Sharing Gateway Select Client for Microsoft Networks from the list of network clients and then click OK. Restart your computer so the changes you made take effect. In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties.
Page 265 Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 266 Prestige 324 Intelligent Broadband Sharing Gateway Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your Prestige and restart your computer when prompted. Checking/Modifying Your Computer’s IP Address Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. Select your network adapter.
Page 267 Windows 2000/NT/XP In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. In Windows XP, click Network Connections. In Windows 2000/NT, click Network and Dial-up Connections. Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties.
Page 268 Prestige 324 Intelligent Broadband Sharing Gateway Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Setting up Your Computer’s IP Address...
Page 269 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 270 Prestige 324 Intelligent Broadband Sharing Gateway -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 271 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 272 Prestige 324 Intelligent Broadband Sharing Gateway Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Setting up Your Computer’s IP Address...
Page 273: Macintosh Os X
Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
Page 274 Prestige 324 Intelligent Broadband Sharing Gateway Click the Apple menu, and click System Preferences to open the System Preferences window. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab.
Page 275: Chart 7 Brute-Force Password Guessing Protection Commands
Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See other appendices for information on the command structure. Chart 7 Brute-Force Password Guessing Protection Commands COMMAND sys pwderrtm sys pwderrtm 0 sys pwderrtm N Example...
Page 276: Appendix J Triangle Route
Prestige 324 Intelligent Broadband Sharing Gateway The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.
Page 277: Diagram 11 "Triangle Route" Problem
The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network.
Page 278: Diagram 12 Ip Alias
Prestige 324 Intelligent Broadband Sharing Gateway Diagram 12 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
Page 279 Step 2. Enter “8” in menu 24 to enter CI command mode. Step 3. Use the following commands to allow/disallow triangle route. sys firewall ignore triangle all sys firewall ignore triangle all on Triangle Route This command allows triangle route. This command disallows triangle route.
Page 281: Index
10/100 MB Auto-negotiation ...1-1 Active...6-7 Address Assignment ... 4-7, 4-9 Allocated Budget ...6-9 Applying Schedule Sets to Remote Nodes...20-4 AT command ... 6-3, 6-5, 17-2 Authen...6-8 Authentication... 6-8, 9-6 auto-negotiation ...1-1 backup...17-2 Boot commands ... 7 Broadband Sharing Gateway... xxiii, 1-1 Budget Management ...18-3 Cable Modem...2-3 call back delay...6-6...
Page 282 DYNDNS Wildcard... 5-8 Edit IP ... 6-8 EMAIL... 5-10 E-mail Address ... 5-10 Enable Wildcard ... 5-11 encapsulation ... 6-10 Encapsulation PPP over Ethernet... 1 Entering Information ... 5-3 Error Log ... 16-6 Ethernet... 4-2, 4-5, 12-2 Ethernet Encapsulation ... 8-1, 9-1, 9-2, 9-4, 9-10, 11-15 Factory Default ...
Page 283 IP Alias Setup ...7-9 IP Multicast... 1-3, 7-5 Internet Group Management Protocol (IGMP) ...1-3 IP Network Number ...7-3 IP Pool...7-3 IP Static Route ... 10-1, 10-2, 10-3 LAN Setup ... 7-1, 7-6, 7-7 log ...16-6 Log Facility...16-8 MAC Address ... 6-1, 6-2, 21-2 Main Menu...5-3 Management Information Base (MIB)...15-1 Metric...
Page 284 Quick Start Guide ... 3-1 Read Me First ... xxiii Rear Panel... 2-1 Related Documentation... xxiii Rem Node Name... 6-7 Remote Management ... 19-1 Remote Management Limitations... 19-4 Remote Management Setup ... 19-2 Remote Node ... 9-1 Remote Node Setup... 5-4 Remote Node Filter...
Page 285 System Timeout ...19-5 TCP/IP 7-2, 7-6, 7-7, 7-8, 9-7, 13-7, 13-9, 13-12, 13-16, 19-1 TCP/IP filter rule...13-7 Telnet Configuration ...19-1 Telnet Under NAT ...19-1 TFTP And FTP Over WAN} ...19-4 Restrictions ...19-4 TFTP and FTP over WAN Will Not Work When….

This manual is also suitable for:

Prestige 324

ZyXEL Communications Intelligent Broadband Sharing Gateway P-324 User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Hardware Installation & Initial Setup

Chapter 3 Introducing the Web Configurator

Chapter 4 Wizard Setup

Chapter 5 Introducing the SMT and General Setup

Chapter 6 WAN Setup and Dial Backup

Chapter 7 LAN Setup

Chapter 8 Internet Access

Chapter 9 Remote Node Setup

Chapter 10 IP Static Route Setup

Chapter 11 Network Address Translation (NAT)

Chapter 12 Firewall

Chapter 13 Filter Configuration

Chapter 14 Upnp

Chapter 15 SNMP Configuration

Chapter 16 System Information & Diagnosis

Chapter 17 Firmware and Configuration File Maintenance

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Intelligent Broadband Sharing Gateway P-324

Summary of Contents for ZyXEL Communications Intelligent Broadband Sharing Gateway P-324