Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page.
P-793H User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids.
Page 6
P-793H User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
P-793H User’s Guide Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
Page 9
P-793H User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION support@zyxel.no +47-22-80-61-80 www.zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 NORWAY sales@zyxel.no +47-22-80-61-81 0667 Oslo Norway info@pl.zyxel.com +48 (22) 333 8250 www.pl.zyxel.com ZyXEL Communications ul.
Table of Contents ....................11 List of Figures ......................25 List of Tables ......................33 Preface ........................39 Chapter 1 Getting To Know Your ZyXEL Device ..............41 1.1 Overview ......................41 1.1.1 High-speed Internet Access ..............41 1.1.2 High-speed Point-to-point Connections ............42 1.2 LEDs ........................42 Chapter 2 Introducing the Web Configurator................
Page 12
4.1 Point-to-point Connection Overview ..............67 4.2 Point-to-point Connection Procedure ..............68 4.2.1 Set up the Server ..................68 4.2.2 Set up the Client ..................68 4.2.3 Connect the ZyXEL Devices ..............69 Chapter 5 WAN Setup......................71 5.1 WAN Overview ....................71 5.1.1 Encapsulation ...................71 5.1.1.1 ENET ENCAP .................71...
Page 13
5.8.2 Advanced Modem Settings for Dial Backup ..........91 Chapter 6 LAN Setup....................... 95 6.1 LAN Overview ....................95 6.1.1 LANs, WANs and the ZyXEL Device ............95 6.1.2 DHCP Setup .....................96 6.1.2.1 IP Pool Setup ..................96 6.1.3 DNS Server Address ................96 6.1.4 DNS Server Address Assignment .............97 6.2 LAN TCP/IP ......................97...
Page 14
8.4.2.2 Illegal Commands (NetBIOS and SMTP) ........124 8.4.2.3 Traceroute ..................125 8.5 Stateful Inspection ....................125 8.5.1 Stateful Inspection Process ..............126 8.5.2 Stateful Inspection and the ZyXEL Device ..........126 8.5.3 TCP Security ...................127 8.5.4 UDP/ICMP Security ................127 8.5.5 Upper Layer Protocols ................128 8.6 Guidelines for Enhancing Security with Your Firewall ........128...
Page 15
IPSec VPN ......................155 11.1 IPSec VPN Overview ..................155 11.1.1 IKE SA Overview ..................156 11.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..156 11.1.1.2 IKE SA Proposal ................157 11.1.1.3 Diffie-Hellman (DH) Key Exchange ..........157 11.1.1.4 Authentication ................158 11.1.2 Additional Topics for IKE SA ..............159...
Page 16
P-793H User’s Guide 11.1.4.1 IPSec SA using Manual Keys ............162 11.2 VPN Setup Screen ..................163 11.3 Editing VPN Policies ..................165 11.4 Configuring Advanced IKE Settings ...............170 11.5 Configuring Manual Key .................173 11.6 Viewing SA Monitor ..................176 11.7 Configuring Global Setting ................177 11.8 Telecommuter VPN/IPSec Examples .............178...
Page 17
16.1.1 How do I know if I'm using UPnP? ............215 16.1.2 NAT Traversal ..................215 16.1.3 Cautions with UPnP ................216 16.2 UPnP and ZyXEL ...................216 16.2.1 Configuring UPnP .................216 16.3 Installing UPnP in Windows Example ............217 16.4 Using UPnP in Windows XP Example ............220 Chapter 17 System ........................
Page 19
Chapter 29 Firewall Setup ....................... 297 29.1 Using ZyXEL Device SMT Menus ..............297 29.1.1 Activating the Firewall ................297 Chapter 30 Filter Configuration ....................299 30.1 Introduction to Filters ..................299 30.1.1 The Filter Structure of the ZyXEL Device ..........300 Table of Contents...
Page 20
P-793H User’s Guide 30.2 Configuring a Filter Set ..................301 30.2.1 Configuring a Filter Rule ...............304 30.2.2 Configuring a TCP/IP Filter Rule ............304 30.2.3 Configuring a Generic Filter Rule ............307 30.3 Example Filter ....................309 30.4 Filter Types and NAT ..................311 30.5 Firewall Versus Filters ..................311 30.6 Applying a Filter .....................311...
Page 21
P-793H User’s Guide 34.4 Restore Configuration ..................333 34.4.1 Restore Using FTP ................333 34.4.2 Restore Using FTP Session Example ..........334 34.4.3 Restore Via Console Port ..............334 34.5 Uploading Firmware and Configuration Files ..........335 34.5.1 Firmware File Upload ................335 34.5.2 Configuration File Upload ..............336 34.5.3 FTP File Upload Command from the DOS Prompt Example ....336...
Page 22
P-793H User’s Guide Chapter 38 Troubleshooting ....................361 38.1 Problems Starting Up the ZyXEL Device ............361 38.2 Problems with the LAN ...................361 38.3 Problems with the WAN .................362 38.4 Problems Accessing the ZyXEL Device ............363 Appendix A Product Specifications ..................365 Appendix B Wall-mounting Instructions.................
Page 29
P-793H User’s Guide Figure 168 Menu 4: Internet Access & NAT Example ............291 Figure 169 NAT Example 2 ....................291 Figure 170 Menu 15.2: Specifying an Inside Server ............292 Figure 171 NAT Example 3 ....................293 Figure 172 Example 3: Menu 11.3 ..................293 Figure 173 Example 3: Menu 15.1.1.1 ................
Page 30
P-793H User’s Guide Figure 211 Successful Backup Confirmation Screen ............333 Figure 212 Menu 24.6: Restore Configuration ..............333 Figure 213 Restore Using FTP Session Example ............... 334 Figure 214 System Maintenance: Restore Configuration ........... 334 Figure 215 System Maintenance: Starting Xmodem Download Screen ......334 Figure 216 Restore Configuration Example ................
Page 31
P-793H User’s Guide Figure 254 Red Hat 9.0: KDE: Ethernet Device: General ..........380 Figure 255 Red Hat 9.0: KDE: Network Configuration: DNS ..........380 Figure 256 Red Hat 9.0: KDE: Network Configuration: Activate ........381 Figure 257 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 ....... 381 Figure 258 Red Hat 9.0: Static IP Address Setting in ifconfig-eth0...
Page 36
Table 131 Menu 26: Schedule Setup ................. 358 Table 132 Menu 26.1: Schedule Set Setup ................ 359 Table 133 Troubleshooting Starting Up Your ZyXEL Device ..........361 Table 134 Troubleshooting the LAN ................... 361 Table 135 Troubleshooting the WAN .................. 362 Table 136 Troubleshooting Accessing the ZyXEL Device ..........
Settings and then click Control Panel. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The P-793H may be referred to as the “ZyXEL Device” or the “device” in this User’s Guide.
Page 40
User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
ZyXEL Devices of the same type. In either setup, the ZyXEL Device itself can act as a router or as a bridge. As a router, the ZyXEL Device provides features such as firewall, content filtering and bandwidth management. As a bridge, the ZyXEL Device minimizes the configuration changes you have to make in your existing network.
Set up each ZyXEL Device as a router or as a bridge, depending on the desired configuration. If you set up a ZyXEL Device as a router, you can use features such as firewall, content filtering and bandwidth management. If you set up a ZyXEL Device as a bridge, you can minimize the configuration changes you have to make in your existing network.
ZyXEL Device is sending/receiving data.) Blinking The ZyXEL Device is sending/receiving data. The ZyXEL Device tried to get an IP address, but an error occurred. The Internet connection is down. Chapter 1 Getting To Know Your ZyXEL Device...
Page 44
P-793H User’s Guide Chapter 1 Getting To Know Your ZyXEL Device...
See the chapter on troubleshooting if you need to make sure these functions are allowed in Internet Explorer. 2.2 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Prepare your computer/computer network to connect to the ZyXEL Device (refer to the Quick Start Guide).
Go to Advanced setup, and click Apply to display the Status screen. Select Click here to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on and always go to the Status screen. See Section 2.4 on page...
Note: The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the ZyXEL Device if this happens to you. 2.3 Navigating the Web Configurator After you enter the admin password, use the sub-menus on the navigation panel to configure ZyXEL Device features.
SETUP Logout Click this icon to exit the web configurator. Status Use this screen to look at the ZyXEL Device’s general device, system and interface status information. You can also access the summary statistics tables. Network Internet Use this screen to configure ISP parameters, WAN IP address Connection assignment, and more advanced properties.
Page 49
Use this screen to block sites containing certain keywords in the URL. Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Trusted Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device.
This screen contains administrative and system-related information and also allows you to change your password. Time Setting Use this screen to change your ZyXEL Device’s time and date. Logs View Log Use this screen to view the logs for the categories that you selected.
Model Number This is the model number of the ZyXEL Device. MAC Address This is the MAC (Media Access Control) or Ethernet address unique to your ZyXEL Device. ZyNOS Firmware This is the ZyNOS Firmware version and the date created. ZyNOS is ZyXEL's Version proprietary Network Operating System design.
Network Operating System) and is thus available for running processes like NAT, VPN and the firewall. The bar displays what percent of the ZyXEL Device's heap memory is in use. The bar turns from green to red when the maximum is being approached.
Link Status This is the status of your WAN link. WAN IP Address This is the IP address assigned to your ZyXEL Device on the WAN. Upstream Speed This is the upstream speed of your ZyXEL Device. Downstream Speed This is the downstream speed of your ZyXEL Device.
If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the ZyXEL Device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”.
P-793H User’s Guide H A P T E R Wizards Use these screens to configure Internet access or to configure basic bandwidth management. Note: See the advanced menu chapters for background information on these fields. To access the wizards, click Go to Wizard setup in...
P-793H User’s Guide 3.1 Internet Setup Wizard Use these screens to configure Internet access settings. To access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection.
P-793H User’s Guide Table 6 Internet Setup Wizard: ISP Parameters LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. The next wizard screen you see depends on what mode and encapsulation you selected above. Exit Click Exit to close the wizard screen without saving your changes.
P-793H User’s Guide Table 7 Internet Setup Wizard: ISP Parameters (Ethernet) LABEL DESCRIPTION First DNS Enter the IP address(es) of the DNS server(s) provided by your ISP. If your ISP did Server not provide one or both, use the default value(s).
P-793H User’s Guide This screen appears if your Internet connection uses RFC1483 encapsulation. Figure 14 Internet Setup Wizard: ISP Parameters (RFC1483) The following table describes the fields in this screen. Table 9 Internet Setup Wizard: ISP Parameters (RFC1483) LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP.
P-793H User’s Guide Figure 15 Internet Setup Wizard: ISP Parameters (PPPoA) The following table describes the fields in this screen. Table 10 Internet Setup Wizard: ISP Parameters (PPPoA) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given.
ZyXEL Device features. 3.2 Bandwidth Management Wizard Use these screens to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth. This helps keep one service, or application, from using all of the available bandwidth and shutting out other services.
P-793H User’s Guide The following table describes the services you can select. Table 12 Bandwidth Management Setup: Services SERVICE DESCRIPTION E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals. Here are some default ports for e-mail:...
Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s WAN or LAN port. If you do not select this, you cannot run the rest of the wizard.
These fields display the services names. Priority Select High, Mid or Low priority for each service to have your ZyXEL Device use a priority for traffic that matches that service. A service with High priority is given as much bandwidth as it needs.
42.) Figure 20 Example: Point-to-point Connections In a point-to-point connection, the DSL ports on the ZyXEL Devices are directly connected to each other, not to an ISP or the Internet. The connection can use RFC 1483 in bridge mode or ENET ENCAP in router mode, and the ZyXEL Devices must use the same VPI, VCI, multiplexing, and encapsulation method.
Client. Connect the ZyXEL Devices. 4.2.1 Set up the Server 1 Log in to the ZyXEL Device that will be the server. (See Chapter 2 on page 45.) 2 Click Network > WAN > Internet Connection. 3 Configure the VPI, VCI, Multiplexing, and Encapsulation fields for the point-to-point connection.
7 Click Apply. 4.2.3 Connect the ZyXEL Devices Connect the DSL ports on the ZyXEL Devices together, and wait while the ZyXEL Devices automatically establish the connection. When the connection is established, the DSL1, DSL2, and INTERNET lights are on. It takes up to half a minute to establish the connection. If the connection is not established, verify that the settings match.
5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 5.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
The ZyXEL Device does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the ZyXEL Device will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons.
"1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost". The metric sets the priority for the ZyXEL Device’s routes to the Internet. If any two of the default routes have the same metric, the ZyXEL Device uses the following pre-defined priorities: •...
P-793H User’s Guide Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
An example application is background file transfer. 5.4 Internet Connection To change your ZyXEL Device’s WAN remote node settings, click Network > WAN > Internet Connection. The screen differs by the encapsulation. Section 5.1 on page 71 for more information.
P-793H User’s Guide Figure 23 WAN > Internet Connection The following table describes the labels in this screen. Table 15 WAN > Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Service Provider, e.g., MyISP. This information is for descriptive purposes only.
Page 78
67.) Otherwise, select Client. Enable Rate This field is enabled if Service Type is Server. Indicate whether or not the Adaption ZyXEL Device can adjust the speed of its connection to that of the other device. Chapter 5 WAN Setup...
This field is enabled if Service Type is Server. Set the maximum rate at which (Kbps) the ZyXEL Device sends and receives information. If you select Enable Rate Adaption, the ZyXEL Device adjusts to the speed of the other device and may exceed this rate. Transfer Min Rate This field is enabled if Service Type is Server.
Passthrough to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
P-793H User’s Guide 5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection.
Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the ZyXEL Device will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 83
Select Nailed-Up Connection when you want your connection up all the time. Connection The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Demand Select Connect on Demand when you don't want the connection up all the time and specify an idle time-out in the Max Idle Timeout field.
P-793H User’s Guide 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 27 WAN > More Connections > Advanced Setup The following table describes the labels in this screen.
LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
Use this screen to forward traffic to a backup gateway or to use the dial-backup port when the ZyXEL Device cannot connect to the Internet. To open this screen, click WAN > WAN Backup Setup. The screen appears as shown.
Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Page 88
Table 20 WAN > WAN Backup Setup (continued) LABEL DESCRIPTION Recovery Interval When the ZyXEL Device is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.
Click Cancel to begin configuring this screen afresh. 5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Device’s advanced dial backup settings. Click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. Figure 31 WAN > WAN Backup Setup > Advanced Setup...
Select this if you want to enable RIP in the dial-backup connection. RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. Clear this if you want the ZyXEL Deviceto not send any RIP packets and to ignore any RIP packets received.
Enter the maximum amount of time (in minutes) each call can last. Enter 0 if there is no limit. With Period, you can set a limit on the total outgoing call time of the ZyXEL Device within a certain period of time. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Call Control Dial Timeout Enter a number of seconds for the ZyXEL Device to keep trying to set up an outgoing call before timing out (stopping). The ZyXEL Device times out and stops if it cannot set up an outgoing call within the timeout value.
Page 93
Table 22 WAN > WAN Backup Setup > Advanced Setup > Edit (continued) LABEL DESCRIPTION Call Back Delay Enter a number of seconds for the ZyXEL Device to wait between dropping a callback request call and dialing the corresponding callback call. Back Click Back to return to the previous screen.
Page 94
P-793H User’s Guide Chapter 5 WAN Setup...
6.1.1 LANs, WANs and the ZyXEL Device The actual physical connection determines whether the ZyXEL Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
If the Primary and Secondary DNS Server fields in the DHCP Setup screen are not specified, for instance, left as 0.0.0.0, the ZyXEL Device tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the real DNS server learned through IPCP and relays the response back to the computer.
If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are left as 0.0.0.0 in the DHCP Setup screen.
• Both - the ZyXEL Device will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received.
P-793H User’s Guide • Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. • None - the ZyXEL Device will not send any RIP packets and will ignore any RIP packets received.
LAN setup. 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Device's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 35 LAN > IP > Advanced Setup...
Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Chapter 6 LAN Setup...
Address contiguous addresses in the IP address pool. Pool Size This field is enabled if the ZyXEL Device is a Server. Enter the size of, or the number of addresses in, the IP address pool. Remote DHCP This field is enabled if the ZyXEL Device is a Relay. Enter the IP address of the Server DHCP server to which the ZyXEL Device should route requests.
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network > LAN > Client List. The screen appears as shown. Figure 37 LAN > Client List The following table describes the labels in this screen.
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The ZyXEL Device supports three logical LAN interfaces via its single physical Ethernet interface with the ZyXEL Device itself as the gateway for each LAN network.
This field is enabled if RIP Direction is not None. The RIP Version field controls the format and the broadcasting method of the RIP packets that the ZyXEL Device sends (it recognizes both formats when receiving). RIP-1 is universally supported but RIP-2 carries more information.
Page 106
P-793H User’s Guide Chapter 6 LAN Setup...
IP address known within another network. 7.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
Table 29 on page 110. • Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. • Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device.
Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
NAT > General screen or when you edit a server mapping set with Full Feature NAT. If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
Click the delete icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration.
Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Note that port numbers do not change for One-to-one NAT mapping type. Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
P-793H User’s Guide H A P T E R Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
The ZyXEL Device also has packet filtering capabilities. The ZyXEL Device is installed between the LAN and the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
P-793H User’s Guide 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
P-793H User’s Guide • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on what is known as a backlog queue.
P-793H User’s Guide Figure 51 Smurf Attack 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 35 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 8.4.2.2 Illegal Commands (NetBIOS and SMTP)
The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet.
P-793H User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Below is a brief technical description of how these connections are tracked. Connections may either be defined by the upper protocols (for instance, TCP), or by the ZyXEL Device itself (as with the "virtual connections" created for UDP and ICMP).
P-793H User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
8.7 Packet Filtering vs. Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 8.7.1 Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
P-793H User’s Guide 8.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A"...
9.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users.
These custom rules work by comparing the Source IP address, Destination IP address and IP protocol type of network traffic to rules set by the administrator. Your customized rules take precedence and override the ZyXEL Device’s default rules. 9.3 Rule Logic Overview Note: Study these points carefully before configuring rules.
LAN to LAN/ Router and WAN to WAN/ Router rules apply to packets coming in on the associated interface (LAN or WAN, respectively). LAN to LAN/ Router means policies for LAN-to-ZyXEL Device (the policies for managing the ZyXEL Device through the LAN interface) and policies for LAN-to-LAN (the policies that control routing between two subnets on the LAN).
You may have more than one connection to the Internet (through one or more ISPs). If the alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur.
9.5.2 Solving the “Triangle Route” Problem You can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the WAN to go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection.
Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the ZyXEL Device firewall permit the use of triangle Route route topology on the network. See the appendix for more on triangle route topology.
Click this button to display more information. Basic... Click this button to display less information. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7 Firewall Rules Summary Note: The ordering of your rules is very important as rules are applied in turn.
Table 39 Firewall > Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using. When you are using 80% or less of the storage in Use space, the bar is green.
P-793H User’s Guide Use this screen to create or edit a firewall rule. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels.
Page 140
Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert Send Alert Message Select the check box to have the ZyXEL Device generate an alert when the rule to Administrator is matched. When Matched.
Click Cancel to exit this screen without saving. 9.7.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read...
P-793H User’s Guide Figure 61 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
P-793H User’s Guide Figure 63 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
P-793H User’s Guide Figure 64 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Figure 65 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Select this option to prevent hackers from finding the ZyXEL Device by probing for Requests for unused ports. If you select this option, the ZyXEL Device will not respond to port Unauthorized request(s) for unused ports, thus leaving the unused ports and the ZyXEL Device Services.
• If the Blocking Time timeout is 0 (the default), then the ZyXEL Device deletes the oldest existing half-open session for the host for every new connection request to the host. This ensures that the number of half-open sessions to a given host will never exceed the threshold.
ZyXEL Device deletes half-open sessions as required to accommodate new connection attempts. For example, if One Minute Low is 80 and One Minute High is 100, the ZyXEL Device starts deleting half-open sessions when more than 100 session...
Page 150
Connection Request Comes. Deny New Select this, and specify for how long the ZyXEL Device should block new Connection Request connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256).
Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering. You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering.
Click Cancel to return to the previously saved settings. 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to perform content filtering. Click Security > Content Filter > Schedule. The screen appears as shown.
Click Cancel to return to the previously saved settings. 10.4 Configuring Trusted Computers Use this screen to exclude a range of users on the LAN from content filtering on your ZyXEL Device. Click Security > Content Filter > Trusted. The screen appears as shown.
IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the ZyXEL Device and remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the ZyXEL Device and remote IPSec router can send data between computers on the local network and remote network.
11.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router In the ZyXEL Device, you have to specify the IP addresses of the ZyXEL Device and the remote IPSec router to establish an IKE SA.
SA. The remote IPSec router selects an acceptable proposal and sends the accepted proposal back to the ZyXEL Device. If the remote IPSec router rejects all of the proposals (for example, if the VPN tunnel is not configured correctly), the ZyXEL Device and remote IPSec router cannot establish an IKE SA.
The ZyXEL Device and the remote IPSec router each has its own identity, so each one must store two sets of information, one for itself and one for the other router. Local ID type and ID...
Peer ID content: tom@yourcompany.com It is also possible to configure the ZyXEL Device to ignore the identity of the remote IPSec router. In this case, you usually set the peer ID type to Any. This is not as secure as other peer ID types, however.
Aggressive mode does not provide as much security as main mode because the identity of the ZyXEL Device and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters).
Header Header In tunnel mode, the ZyXEL Device encapsulates the entire IP packet. As a result, there are two IP headers, as well as the header for the active protocol. • Outside header: The outside IP header contains the IP addresses of the ZyXEL Device and remote IPSec router.
In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet. If the active protocol is ESP, the ZyXEL Device does not include the original IP header when it encapsulates the packet, in which case it is not possible to verify the integrity of the source IP address.
P-793H User’s Guide In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs.
This field displays the identification name for this VPN policy. Local Address This is the IP address(es) of computer(s) on your local network behind your ZyXEL Device. The same (static) IP address is displayed twice when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings.
Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the ZyXEL Device automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work.
Page 167
When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a subnet mask on the LAN behind your ZyXEL Device.
Page 168
The domain name or e-mail address is for identification purposes only and can be any string. My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes.
Page 169
For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the ZyXEL Device will use the address in the Secure Gateway Address field (refer to the Secure Gateway Address field description).
Select MD5 for minimal security and SHA1 for maximum security. Advanced Click Advanced to configure more detailed settings of your IKE key management. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 11.4 Configuring Advanced IKE Settings Section 11.1 on page 155...
Phase 1 Negotiation Mode Select the negotiation mode for the IKE SA. Main is more secure than Aggressive. The ZyXEL Device and remote IPSec router must use the same negotiation mode. Chapter 11 IPSec VPN...
Page 172
Table 52 VPN > Setup > Edit > Advanced (continued) LABEL DESCRIPTION Pre-Shared Key Type the pre-shared key the IKE SA uses. The ZyXEL Device and remote IPSec router must use the same pre-shared key. If the keys are different, the ZyXEL Device receives a “PYLD_MALFORMED” (payload malformed) packet.
DH1 enables PFS and uses Diffie-Hellman Group 1, a 768-bit random number. DH2 enables PFS and uses Diffie-Hellman Group 2, a 1024-bit random number. Apply Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Cancel Click Cancel to return to the previous screen without saving your changes.
If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 175
When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a subnet mask on the LAN behind your ZyXEL Device.
A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. You can also configure the ZyXEL Device to renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.
Refresh Click Refresh to display the current active VPN connection(s). 11.7 Configuring Global Setting Use this screen to change your ZyXEL Device’s global settings. Click VPN and then VPN Global Setting. The screen appears as shown. Chapter 11 IPSec VPN...
The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters has a static public IP address. 11.8.1 Telecommuters Sharing One VPN Rule Example...
VPN rule for a VPN connection with a ZyXEL Device located at headquarters. The ZyXEL Device at headquarters (HQ in the figure) identifies each incoming SA by its ID type and content and uses the appropriate VPN rule to establish the VPN connection.
Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Headquarters ZyXEL Device Rule 1: Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12...
P-793H User’s Guide 11.9 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 11 IPSec VPN...
ZyXEL Device about the networks beyond the remote nodes. Figure 86 Example of Static Routing Topology 12.2 Configuring Static Route Use this screen to look at static routes in the ZyXEL Device. Click Advanced > Static Route to open the Static Route screen. Chapter 12 Static Route...
Click the edit icon to go to the screen where you can set up a static route on the ZyXEL Device. Click the delete icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route.
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 12 Static Route...
(bandwidth budgets) to different bandwidth rules. The ZyXEL Device applies bandwidth management to traffic that it forwards out through an interface. The ZyXEL Device does not control the bandwidth of traffic that comes into an interface. Bandwidth management applies to all traffic flowing out of the router, regardless of the traffic's source.
64 Kbps 64 Kbps 13.5 Scheduler The scheduler divides up an interface’s bandwidth among the bandwidth classes. The ZyXEL Device has two types of scheduler: fairness-based and priority-based. 13.5.1 Priority-based Scheduler With the priority-based scheduler, the ZyXEL Device forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes.
When you enable maximize bandwidth usage, the ZyXEL Device first makes sure that each bandwidth class gets up to its bandwidth allotment. Next, the ZyXEL Device divides up an interface’s available bandwidth (bandwidth that is unbudgeted or unused by the classes) depending on how many bandwidth classes require more bandwidth and on their priority levels.
P-793H User’s Guide 13.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps.
• Each class gets up to its budgeted bandwidth. The administration class only uses 1024 kbps of its budgeted 2048 kbps. • The ZyXEL Device divides the total 3072 kbps total of unbudgeted and unused bandwidth equally among the other classes. 1024 kbps extra goes to each so the other classes each get a total of 3072 kbps.
P-793H User’s Guide 13.6.4 Bandwidth Management Priorities The following table describes the priorities that you can apply to traffic that the ZyXEL Device forwards out through an interface. Table 65 Bandwidth Management Priorities PRIORITY LEVELS: TRAFFIC WITH A HIGHER PRIORITY GETS THROUGH FASTER WHILE TRAFFIC WITH A LOWER PRIORITY IS DROPPED IF THE NETWORK IS CONGESTED.
Select Priority-Based to give preference to bandwidth classes with higher priorities. Select Fairness-Based to treat all bandwidth classes equally. Select this check box to have the ZyXEL Device divide up all of the interface’s Bandwidth unallocated and/or unused bandwidth among the bandwidth classes that require Usage bandwidth.
Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing rule. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
LABEL DESCRIPTION Rule Configuration Active Select this check box to have the ZyXEL Device apply this bandwidth management rule. Enable a bandwidth management rule to give traffic that matches the rule priority over traffic that does not match the rule.
Page 196
(service type) number. ID 0 means any protocol number. Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 13 Bandwidth Management...
13.9 Bandwidth Monitor Section 13.1 on page 187 for background information. Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. Click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules.
Section 14.2 on page 199 for configuration instruction. 14.2 Configuring Dynamic DNS Use this screen to change your ZyXEL Device’s DDNS settings. Click Advanced > Dynamic DNS. The screen appears as shown. Section 14.1 on page 199 for more information.
Select the type of service that you are registered for from your Dynamic DNS Type service provider. Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name.
Page 201
Table 69 Dynamic DNS > Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 202
P-793H User’s Guide Chapter 14 Dynamic DNS Setup...
To disable remote management of a service, select Disable in the corresponding Access Status field. You may only have one remote management session running at a time. The ZyXEL Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts.
• Use the ZyXEL Device’s LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a system management idle timeout. The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling.
15.4 Configuring Telnet Section 15.1 on page 203 for background information. Use this screen to configure Telnet access to the ZyXEL Device. Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 97 Remote MGMT > Telnet...
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service.
• Trap - Used by the agent to inform the manager of some events. 15.6.1 Supported MIBs The ZyXEL Device supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance.
15.6.3 Configuring SNMP Section 15.1 on page 203 for background information. Use this screen to change your ZyXEL Device’s SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 100 Remote MGMT > SNMP The following table describes the labels in this screen.
Click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
Click Cancel to begin configuring this screen afresh. 15.8 Configuring ICMP Use this screen to control how the ZyXEL Device responds to other types of requests. Click Advanced > Remote MGMT > ICMP. The screen appears as shown. If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned.
Click Cancel to begin configuring this screen afresh. 15.9 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Whether or not the device must periodically send periodicEnable information to CNM Access. It is recommended to set this [0:Disable/ value to 1 in order for the ZyXEL Device to send 1:Enable] information to CNM Access. The duration in seconds of the interval for which the device...
P-793H User’s Guide H A P T E R Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices.
See the following sections for examples of installing and using UPnP. 16.2.1 Configuring UPnP Use this screen to set up UPnP in the ZyXEL Device. Click Advanced > UPnP to display the screen shown next. Section 16.1 on page 215 for more information.
Allow UPnP to pass through Select this to allow UPnP-enabled applications to automatically pass Firewall through the ZyXEL Device’s firewall. This is less secure, but you do not have to configure firewall rules for these applications. Apply Click Apply to save the setting to the ZyXEL Device.
P-793H User’s Guide Figure 105 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 106 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next.
P-793H User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
P-793H User’s Guide Figure 110 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 111 Internet Connection Properties Chapter 16 Universal Plug-and-Play (UPnP)
P-793H User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 112 Internet Connection Properties: Advanced Settings Figure 113 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Figure 116 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 16 Universal Plug-and-Play (UPnP)
P-793H User’s Guide Figure 117 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 118 Network Connections: My Network Places: Properties: Example...
The Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP from the ISP is used. While you must enter the host name (System Name), the domain name can be assigned from the ZyXEL Device via DHCP.
Password User Password If you log in with the user password, you can only view the ZyXEL Device status. The default user password is user. New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type.
17.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 120 System > Time Setting...
When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the ZyXEL Device get the time and date from the Server time server you specified below.
Page 231
In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Use the Log Settings screen to configure where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs and/or immediate alerts the ZyXEL Device is to record. See Section 18.1 on page 233 for more information.
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log To The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
Page 236
Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs. Clear log after Select the check box to delete all the logs after the ZyXEL Device sends an E-mail of sending mail the logs.
ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot.
Note: Do NOT turn off the ZyXEL Device while firmware upload is in progress! Note: Do NOT turn off the ZyXEL Device while firmware upload is in progress! After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again.
Figure 126 Error Message 19.2 Configuration Use this screen to back up or restore the configuration of the ZyXEL Device. You can also use this screen to reset the ZyXEL Device to the factory default settings. To access this screen, click Maintenance >...
If the ZyXEL Device’s IP address is different in the configuration file you selected, you may need to change the IP address of your computer to be in the same subnet as that of the ZyXEL Device. See your Quick Start Guide or the appendices for details on how to set up your computer’s IP address.
19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration. Figure 131 Tools > Restart...
P-793H User’s Guide H A P T E R Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a computer on the network. Click Maintenance > Diagnostic to open the screen shown next.
P-793H User’s Guide Figure 133 Diagnostic > DSL Line The following table describes the fields in this screen. Table 87 Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. Capture All Logs Click this button to display all logs generated by the DSL line.
H A P T E R Introducing the SMT The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT.
ZyXEL Device will automatically log you out. You will then have to telnet into the ZyXEL Device again. You can use the web configurator or the CI commands (menu 24.8) to change the inactivity timeout period.
P-793H User’s Guide Table 88 Main Menu Summary MENU FUNCTION 21 Filter and Firewall Use this menu to configure filters and to activate or deactivate the firewall. Setup 22 SNMP Configuration Use this menu to configure SNMP. 23 System Password Use this menu to change your password.
P-793H User’s Guide Table 89 SMT Menus Overview (continued) MENUS SUB MENUS 24 System Maintenance 24.1 System Maintenance - Status 24.2 System Information and 24.2.1 System Maintenance - Console Port Speed Information 24.2.2 System Maintenance - Change Console Port Speed 24.3 System Maintenance -...
Page 249
P-793H User’s Guide Table 90 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move to a “hidden” Press [SPACE BAR] Fields beginning with “Edit” lead to hidden menus and menu to change No to Yes have a default setting of No. Press [SPACE BAR] once to then press [ENTER].
Page 250
P-793H User’s Guide Chapter 21 Introducing the SMT...
Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Location Enter a descriptive name for the place where the ZyXEL Device is located. You can enter up to 31 characters, or you can leave this field blank. Contact Person’s Enter the name of the person to contact for questions about the ZyXEL Device.
Bridge If Route IP is Yes, select Yes in this field to enable bridging in the ZyXEL Device for protocols that are not supported by IP-based routing (for example, SNA). If Route IP is No, select Yes in this field to enable bridging in the ZyXEL Device for all protocols.
IP address specified below. Only select Yes if the ZyXEL Device uses or is behind a static public IP address. Use IP Address Enter the static public IP address if you select Yes in the Use Specified IP Address field.
Page 254
P-793H User’s Guide Chapter 22 General Setup...
Service Type Press [SPACE BAR] to indicate whether the ZyXEL Device is the server or the client in the DSL connection. Select Server if this ZyXEL Device is the server in a point-to- point application. (See Chapter 4 on page 67.) Otherwise, select Client.
Page 256
Select the method that the ZyXEL Device uses to check the DSL connection. Mechanism Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Use this field to turn the traffic redirect feature on (Yes) or off (No). Configuration Backup Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Gateway IP Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet Address connection terminates.
P-793H User’s Guide 23.4 Configuring Dial Backup in Menu 2 From the main menu, enter 2 to open menu 2. Figure 140 Menu 2.2: Dial Backup Setup Menu 2.2 - Dial Backup Setup Dial-Backup: Active= No Port Speed= 115200 AT Command String: Init= at&fs0=0...
Call Control Dial Timeout (sec) Enter a number of seconds for the ZyXEL Device to keep trying to set up an outgoing call before timing out (stopping). The ZyXEL Device times out and stops if it cannot set up an outgoing call within the timeout value.
Page 260
P-793H User’s Guide Chapter 23 WAN Setup...
P-793H User’s Guide H A P T E R LAN Setup Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup.
DHCP This field enables/disables the DHCP server. If set to Server, your ZyXEL Device will act as a DHCP server. You should configure the rest of the fields in this section except for Remote DHCP Server. If set to Relay, the ZyXEL Device acts as a surrogate DHCP server and relays requests and responses between the remote server and the clients.
Page 263
Device's LAN IP address displays in the IP Address field below (read-only). The ZyXEL Device tells the DHCP clients on the LAN that the ZyXEL Device itself is the DNS server. When a computer on the LAN sends a DNS query to the ZyXEL Device, the ZyXEL Device forwards the query to the ZyXEL Device's system DNS server (configured in menu 1) and relays the response back to the computer.
Enter the IP address of your ZyXEL Device in dotted decimal notation. IP Subnet Mask Your ZyXEL Device will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the ZyXEL Device.
P-793H User’s Guide 24.4.1 Port-based VLAN Setup You use menu 3.6 to control whether or not the ZyXEL Device sends layer-2 traffic (MAC addresses) between LAN ports. For example, if LAN port 1 and LAN port 2 are connected to different departments, you might not want the ZyXEL Device to broadcast traffic to both networks.
Page 266
P-793H User’s Guide Chapter 24 LAN Setup...
Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you should use.
Page 268
P-793H User’s Guide Table 99 Menu 4: Internet Access Setup (continued) FIELD DESCRIPTION The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you.
P-793H User’s Guide H A P T E R Remote Node Setup Use this menu to configure detailed remote node settings (for example, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway.
This section is only enabled for PPPoA or PPPoE connections. Rem Login Type the login name that this remote node will use to call your ZyXEL Device. The login name and the Rem Password will be used to authenticate this node.
Page 271
Enter the schedule sets that apply to this connection. Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP when it is turned on and to remain connected all the time. This is not recommended if you pay for your Internet connected based on the amount of time you are connected.
Enter the password again. Authen This field appears if you select PPPoE in the Encapsulation field. Select what type of authentication your ISP uses. Select CHAP/PAP if you want the ZyXEL Device to support both choices. Pri Phone # Type the phone number(s) for this remote node. If the Primary Phone number...
Enter the schedule sets that apply to this connection. Nailed-Up Connection Select this if you want the ZyXEL Device to automatically connect to your ISP when it is turned on and to remain connected all the time. This is not recommended if you pay for your Internet connected based on the amount of time you are connected.
Enter the IP address of the gateway provided by your ISP. These fields appear if you selected PPPoE in Encapsulation in menu 11. Rem IP Addr Enter the IP address of the remote (peer) computer to which the ZyXEL Device connects. Rem Subnet Mask Enter the subnet mask of the remote (peer) computer to which the ZyXEL Device connects.
Use this menu to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the ZyXEL Device to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field.
Passthrough to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the ZyXEL Device. Each host can have a separate account and a public WAN IP address.
P-793H User’s Guide H A P T E R Static Route Setup Use this menu to configure IP and bridge (MAC) static routes. 27.1 IP Static Route Setup Enter 1 from the menu 12. Select one of the IP static routes as shown next to configure IP static routes in menu 12.1.
ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes. Metric Enter a number from 1 to 15 to set this route’s priority among the ZyXEL Device’s routes (see Section 5.2 on page 74).
ZyXEL Device that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your ZyXEL Device; over the WAN, the gateway must be the IP address of one of the remote nodes.
Section 28.2.1 on page 285 for a detailed description of the NAT set for SUA. The ZyXEL Device also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types.
Section 28.2.1 on page 285). Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device. 28.2 NAT Setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN and the DMZ.
P-793H User’s Guide Figure 162 Menu 15.1: Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. ACL Default Set 255. SUA (read only) Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only.
Confirm…” to save your configuration, or press [ESC] to cancel. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Confirm…” to save your configuration, or press [ESC] to cancel. 28.3 Configuring a Server behind NAT Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup.
1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to open menu 15.2 (and configure the address mapping rules for the WAN port on a ZyXEL Device with a single WAN port). Figure 165 Menu 15.2: NAT Server Sets Menu 15.2 - NAT Server Sets...
Rule This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each active rule in order, and it only follows the first one that applies. Start Port This field displays the beginning of the range of port numbers forwarded by this rule.
P-793H User’s Guide Figure 170 Menu 15.2: Specifying an Inside Server Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
P-793H User’s Guide Figure 171 NAT Example 3 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 172 on page 293.
1 Enter 15 from the main menu. 2 Enter 2 to go to menu 15.2. 3 (Enter 1 or 2 from menu 15.2 on a ZyXEL Device with multiple WAN ports) configure the menu as shown in Figure 175 on page 295.
P-793H User’s Guide Figure 175 Example 3: Menu 15.2 Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation.
P-793H User’s Guide Figure 177 Example 4: Menu 15.1.1.1: Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Type= Many-to-Many No Overload Local IP: Start= 192.168.1.10 = 192.168.1.12 Global IP: Start= 10.132.50.1 = 10.132.50.3 Server Mapping Set= N/A After you’ve configured your rule, you should be able to check the settings in menu 15.1.1 as shown next.
H A P T E R Firewall Setup Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next.
Page 298
P-793H User’s Guide Note: Configure the firewall rules using the web configurator or CLI commands. Chapter 29 Firewall Setup...
This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
24 rules active for a single port. 30.2 Configuring a Filter Set The ZyXEL Device includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. Chapter 30 Filter Configuration...
P-793H User’s Guide 1 Enter 21 in the main menu to open menu 21. Figure 183 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 2 Enter 1 to bring up the following menu.
P-793H User’s Guide Figure 185 Menu 21.1.1: Filter Rules Summary Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - The following table describes the labels in this screen. Table 112 Abbreviations Used in the Filter Rules Summary Menu...
P-793H User’s Guide Figure 186 Menu 21.1.1.1: TCP/IP Filter Rule Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= No IP Protocol= 0 IP Source Route= No Destination: IP Addr= IP Mask= Port #=...
Page 306
P-793H User’s Guide Table 114 Menu 21.1.1.1: TCP/IP Filter Rule FIELD DESCRIPTION Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the source port in the packet against the value given in Source: Port #.
P-793H User’s Guide Figure 187 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
P-793H User’s Guide For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Menu 21.1.1 - Filter Rules Summary. 30.3 Example Filter Let’s look at an example to block outside users from accessing the ZyXEL Device via telnet. Please see our included disk for more example filters. Figure 189 Telnet Filter Example 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup.
P-793H User’s Guide Figure 190 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= IP Mask= Port #= 23...
NAT for incoming packets. On the other hand, the generic, or device filters are applied to the raw packets that appear on the wire. They are applied at the point when the ZyXEL Device is receiving and sending the packets; i.e., the interface. The interface can be an Ethernet port or any other hardware port.
You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the ZyXEL Device and output filter sets filter outgoing traffic from the ZyXEL Device.
Trusted Host If you enter a trusted host, your ZyXEL Device will only respond to SNMP messages from this address. A blank (default) field means your ZyXEL Device will respond to all SNMP messages it receives, regardless of source.
The following table describes the labels in this menu. Table 117 Menu 23: System Password FIELD DESCRIPTION Old Password Enter the current administrator password for the ZyXEL Device. New Password Enter the new administrator password for the ZyXEL Device. Retype to confirm Enter the new administrator password again.
Page 316
P-793H User’s Guide Chapter 32 System Password...
System Status is a tool that can be used to monitor your ZyXEL Device. Specifically, it gives you information on your system firmware version, number of packets sent and number of packets received.
(line (ppp) idle), Dial (starting to trigger a call) and Drop (dropping a call) if you're using PPPoE encapsulation. It displays N/A if the port is not connected. TxPkts This is the number of packets transmitted from the ZyXEL Device to the remote node. RxPkts This is the number of packets received by the ZyXEL Device from the remote node.
P-793H User’s Guide Table 118 Menu 24.1: System Maintenance - Status (continued) FIELD DESCRIPTION TxPkts This is the number of transmitted packets on this port. RxPkts This is the number of received packets on this port. This section displays information about the WAN port.
Table 119 Menu 24.2.1: System Maintenance - Information FIELD DESCRIPTION Name This is the ZyXEL Device's system name + domain name assigned in menu 1. For example, System Name= xxx; Domain Name= baboo.mickey.com Name= xxx.baboo.mickey.com Routing Refers to the routing protocol used.
Console Port Speed: 9600 33.4 Log and Trace There are two logging facilities in the ZyXEL Device. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
Clear Error Log (y/n): 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging, as shown next.
P-793H User’s Guide 33.5 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyXEL Device to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown next. Not all fields are available on all models.
Page 326
P-793H User’s Guide Chapter 33 System Information & Diagnosis...
The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing.
The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary.
4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”.
To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the ZyXEL Device and log in. Because TFTP does not have any security checks, the ZyXEL Device records the IP address of the telnet client and accepts TFTP requests only from this address.
Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer. Local File Enter the path and name of the firmware file (*.bin extension) or configuration file...
P-793H User’s Guide Refer to Section 34.3.5 on page 330 to read about configurations that disallow TFTP and FTP over WAN. 34.3.9 Backup Via Console Port Back up configuration via console port by following the HyperTerminal procedure shown next. Procedures using other serial communications programs should be similar.
FTP is the preferred method for restoring your current computer configuration to your ZyXEL Device since FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete.
5 Enter “bin” to set transfer mode to binary. 6 Find the “rom” file (on your computer) that you want to restore to your ZyXEL Device. 7 Use “put” to transfer files from the ZyXEL Device to the computer, for example, “put config.rom rom-0”...
FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the ZyXEL Device, you will see the following screens for uploading firmware and the configuration file using FTP.
34.5.3 FTP File Upload Command from the DOS Prompt Example 1 Launch the FTP client on your computer. 2 Enter “open”, followed by a space and the IP address of your ZyXEL Device. 3 Press [ENTER] when prompted for a username.
4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “put” to transfer files from the computer to the ZyXEL Device, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.bin) to the ZyXEL Device and renames it “ras”.
The file name for the firmware is “ras”. Note that the telnet connection must be active and the ZyXEL Device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
34.5.9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 222 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 –...
34.5.11 Example Xmodem Configuration Upload Using HyperTerminal Click Transfer, then Send File to display the following screen. Figure 224 Example Xmodem Upload After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”. Chapter 34 Firmware and Configuration File Maintenance...
Enter the CI from the SMT by selecting menu 24.8. Access can be by Telnet or by a serial connection to the console port, although some commands are only available with a serial connection. See the included disk or zyxel.com for more detailed information on CI commands. Enter 8 from Menu 24 - System Maintenance.
The budget management function allows you to set a limit on the total outgoing call time of the ZyXEL Device within certain times. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
P-793H User’s Guide 35.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Not all fields are available on all models.
35.3 Time and Date Setting The ZyXEL Device’s Real Time Chip (RTC) keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyXEL Device.
P-793H User’s Guide The following table describes the fields in this screen. Table 126 Menu 24.10: System Maintenance - Time and Date Setting FIELD DESCRIPTION Time Protocol Enter the time service protocol that your timeserver uses. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
P-793H User’s Guide Table 126 Menu 24.10: System Maintenance - Time and Date Setting (continued) FIELD DESCRIPTION End Date (mm- Configure the day and time when Daylight Saving Time ends if you selected Yes in nth-week-hr) the Daylight Saving field. The hr field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
LAN only, WAN only, ALL or Disable. Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the ZyXEL Device. Enter an IP address to restrict access to a client with a matching IP address.
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths. • NAT - The ZyXEL Device performs NAT by default for traffic going to or from the ge1 interface. Routing policy’s SNAT allows network administrators to have traffic received on a specified interface use a specified IP address as the source IP address.
P-793H User’s Guide IPPR follows the existing packet filtering facility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy routes. To open this menu, enter 25 in the main menu.
P-793H User’s Guide Table 129 Menu 25: IP Routing Policy Setup, Abbreviations (continued) ABBREVIATION MEANING Maximum Throughput Maximum Reliability Minimum Cost 36.6 IP Routing Policy Use this menu to configure policy routes. To open this menu, select Edit and enter the appropriate rule number in menu 25.
The gateway is an immediate neighbor of your ZyXEL Device and must be on the same subnet as the ZyXEL Device, if it is on the LAN, or the IP address of a remote node, if it is on the WAN. Enter 0.0.0.0 to specify the default gateway.
P-793H User’s Guide Figure 235 IP Routing Policy Example To force Web packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the ZyWALL, follow the steps as shown next.
P-793H User’s Guide 4 Create another rule in menu 25.1 for this rule to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 237 IP Routing Policy Example 2 Menu 25.1.1 - IP Routing Policy...
37.2 Schedule Setup This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to look at the schedule sets in the ZyXEL Device. To open this menu, enter 26 in the main menu. Figure 238 Menu 26: Schedule Setup...
This menu is only applicable if your Internet connection uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device. To open this menu, enter the number of the schedule set in the Enter Schedule Set Number to Configure field, enter the name of the schedule set in the Edit Name field, and press [ENTER] in menu 26.
P-793H User’s Guide The following table describes the labels in this menu. Table 132 Menu 26.1: Schedule Set Setup FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to activate the schedule set.
Check for faulty Ethernet cables. Make sure your computer’s Ethernet Card is working properly. I cannot access Make sure that the IP address and the subnet mask of the ZyXEL Device and your the ZyXEL computer(s) are on the same subnet.
Password (be sure to use the correct casing). Refer to the WAN Setup chapter. I cannot access Make sure the ZyXEL Device is turned on and connected to the network. the Internet. Verify your WAN settings. Refer to the chapter on WAN setup.
Your computer’s and the ZyXEL Device’s IP addresses must be on the same subnet for LAN access. If you changed the ZyXEL Device’s LAN IP address, then enter the new one as the URL. Check that pop-up windows, JavaScripts and Java permissions are allowed (See Appendix D on page 383).
P-793H User’s Guide Appendix A Product Specifications Table 137 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 192.168.1.33 to 192.168.1.64 Dimensions (W x D x H) 180 x 128 x 36 mm...
4 Make sure the screws are snugly fastened to the wall. They need to hold the weight of the ZyXEL Device with the connection cables. 5 Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws.
Page 368
P-793H User’s Guide Appendix B Wall-mounting Instructions...
P-793H User’s Guide Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
P-793H User’s Guide Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
P-793H User’s Guide Figure 242 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab. • If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
P-793H User’s Guide • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window.
P-793H User’s Guide 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 245 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Figure 246 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties.
P-793H User’s Guide Figure 247 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
P-793H User’s Guide Figure 248 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
P-793H User’s Guide Figure 249 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
P-793H User’s Guide Figure 250 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT).
P-793H User’s Guide Figure 251 Macintosh OS X: Apple Menu 2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list.
P-793H User’s Guide 6 Restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version.
P-793H User’s Guide Figure 254 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields.
P-793H User’s Guide Figure 256 Red Hat 9.0: KDE: Network Configuration: Activate 7 After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen. Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address.
P-793H User’s Guide 2 If you know your DNS server IP address(es), enter the DNS server information in the file in the directory. The following figure shows an example where resolv.conf /etc two DNS server IP addresses are specified. Figure 259 Red Hat 9.0: DNS Settings in resolv.conf nameserver 172.23.5.1...
P-793H User’s Guide P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default).
P-793H User’s Guide Figure 263 Internet Options 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
P-793H User’s Guide Figure 264 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-793H User’s Guide 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-793H User’s Guide Figure 267 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
P-793H User’s Guide Figure 268 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
7648 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (e.g. www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation Security (IPSEC_TUNNEL) Protocol) tunneling protocol uses this service. FINGER...
Page 390
P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTP Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS HTTPS is a secured http session often used in e-commerce. ICMP...
Page 391
P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION RCMD Remote Command Service. REAL_AUDIO 7070 A streaming audio service that enables real time sound over the web. REXEC Remote Execution Daemon. RLOGIN Remote Login. ROADRUNNER TCP/UDP...
Page 392
P-793H User’s Guide Table 139 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
P-793H User’s Guide Appendix F IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
P-793H User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 140 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID...
P-793H User’s Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
P-793H User’s Guide Table 143 Alternative Subnet Mask Notation (continued) SUBNET MASK SUBNET MASK “1” BITS LAST OCTET BIT VALUE 255.255.255.248 1111 1000 255.255.255.252 1111 1100 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used.
P-793H User’s Guide Table 145 Subnet 1 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: Highest Host ID: 192.168.1.126 192.168.1.127 Table 146 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
P-793H User’s Guide Example Eight Subnets Similarly use a 27-bit mask to create 8 subnets (000, 001, 010, 011, 100, 101, 110, 111). The following table shows class C IP address last octet values for each subnet. Table 151 Eight Subnets...
P-793H User’s Guide The following table is a summary for class “B” subnet planning. Table 153 Class B Subnet Planning NO. “BORROWED” HOST NO. HOSTS PER SUBNET MASK NO. SUBNETS BITS SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 255.255.224.0 (/19) 8190 255.255.240.0 (/20)
Command Interpreter The following describes how to use the command interpreter. You can use telnet to access the CLI (Command Line Interface) commands. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 402
P-793H User’s Guide Appendix G Command Interpreter...
P-793H User’s Guide Appendix H Firewall Commands The following describes the firewall commands. Table 154 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall SetUp This command turns the firewall on or off. config edit firewall active <yes | no> This command returns the previously saved config retrieve firewall firewall settings.
Page 404
This command sets the day on which the config edit firewall e-mail current firewall log is sent through e-mail if the day <sunday | monday | tuesday ZyXEL Device is set to send it on a weekly | wednesday | thursday | friday basis. | saturday>...
Page 405
This command sets the threshold of half-open config edit firewall attack TCP sessions with the same destination tcp-max-incomplete <0-255> where the ZyXEL Device starts dropping half- open sessions to that destination. Sets This command sets a name to identify a config edit firewall set <set...
Page 406
ZyXEL Device check for traffic with this #> rule <rule #> srcaddr- individual source address. single <ip address> This command sets a rule to have the ZyXEL config edit firewall set <set Device check for traffic from a particular #> rule <rule #> srcaddr- subnet (defined by IP address and subnet subnet <ip address>...
Page 407
Table 154 Firewall Commands (continued) FUNCTION COMMAND DESCRIPTION This command sets a rule to have the ZyXEL config edit firewall set <set Device check for traffic with a particular #> rule <rule #> destaddr- subnet destination (defined by IP address and subnet <ip address>...
Page 408
P-793H User’s Guide Appendix H Firewall Commands...
• Allow or disallow NetBIOS packets to initiate calls. Display NetBIOS Filter Settings Syntax: sys filter netbios disp This command gives a read-only list of the current NetBIOS filter modes for The ZyXEL Device. NetBIOS Display Filter Settings Command Example =========== NetBIOS Filter Status ===========...
P-793H User’s Guide The filter types and their default settings are as follows. Table 155 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or forwarded Block and WAN between the LAN and the WAN.
P-793H User’s Guide Appendix J Log Descriptions This appendix provides descriptions of example log messages. Table 156 System Maintenance Logs LOG MESSAGE DESCRIPTION The router has adjusted its time based on information from the Time calibration is time server. successful The router failed to get information from the time server.
P-793H User’s Guide Table 156 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Someone has logged on to the router's web configurator Successful HTTPS login interface using HTTPS protocol. Someone has failed to log on to the router's web configurator HTTPS login failed interface using HTTPS protocol.
P-793H User’s Guide Table 159 TCP Reset Logs LOG MESSAGE DESCRIPTION The router sent a TCP reset packet when a host was under a SYN Under SYN flood attack, flood attack (the TCP incomplete count is per destination host.) sent TCP RST...
P-793H User’s Guide Table 161 ICMP Logs LOG MESSAGE DESCRIPTION ICMP access matched the default policy and was blocked Firewall default policy: ICMP or forwarded according to the user's setting. For type and <Packet Direction>, <type:%d>, code details, see Table 173 on page 423.
The ZyXEL Device cannot get the IP address of the external content DNS resolving failed filtering via DNS query. Creating socket failed The ZyXEL Device cannot issue a query because TCP/IP socket creation failed, port:port number. Appendix J Log Descriptions...
P-793H User’s Guide Table 165 Content Filtering Logs (continued) LOG MESSAGE DESCRIPTION The connection to the external content filtering server failed. Connecting to content filter server fail License key is invalid The external content filtering license key is invalid. Table 166 Attack Logs...
P-793H User’s Guide Table 167 IPSec Logs LOG MESSAGE DESCRIPTION The router received and discarded a packet with an incorrect Discard REPLAY packet sequence number. The router received a packet that has been altered. A third party may Inbound packet have altered or tampered with the packet.
Page 418
P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router couldn’t resolve the IP address from the domain Cannot resolve Secure Gateway name that was used for the secure gateway address. Addr for rule <%d> The displayed ID information did not match between the two Peer ID: <peer id>...
Page 419
P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The router was not able to use extended authentication to XAUTH fail! Username: authenticate the listed username. <Username> The listed rule’s IKE phase 1 negotiation mode did not match Rule[%d] Phase 1 negotiation between the router and the peer.
P-793H User’s Guide Table 168 IKE Logs (continued) LOG MESSAGE DESCRIPTION The listed rule’s IKE phase 2 did not match between the router Rule [%d] phase 2 mismatch and the peer. The listed rule’s IKE phase 2 key lengths (with the AES...
P-793H User’s Guide Table 169 PKI Logs (continued) LOG MESSAGE DESCRIPTION The router received directory data that was too large (the size is listed) Rcvd data <size> too from the LDAP server whose address and port are recorded in the large! Max size Source field.
P-793H User’s Guide Table 170 Certificate Path Verification Failure Reason Codes (continued) CODE DESCRIPTION Database method failed. Path was not verified. Maximum path length reached. Table 171 802.1X Logs LOG MESSAGE DESCRIPTION A user was authenticated by the local user database.
P-793H User’s Guide Table 172 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN. (W to L) WAN to LAN ACL set for packets traveling from the WAN to the LAN.
P-793H User’s Guide Table 173 ICMP Notes (continued) TYPE CODE DESCRIPTION Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message Information Reply Information reply message Table 174 Syslog Logs LOG MESSAGE DESCRIPTION "This message is sent by the system ("RAS" displays as the <Facility*8 + Severity>Mon dd...
5 Step 5.Use the sys logs save command to store the settings in the ZyXEL Device (you must do this in order to record logs). Displaying Logs • Use the sys logs display command to show all of the logs in the ZyXEL Device’s log. Appendix J Log Descriptions...
• Use the sys logs clear command to erase all of the ZyXEL Device’s logs. Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. ras> sys logs load ras>...
P-793H User’s Guide Index Change Password screen Command Interpreter (CI) command syntax active protocol command usage configuration file and encapsulation back up 239, 328 back up using FTP address mapping backing up using console port backing up using TFTP and transport mode...
Page 428
P-793H User’s Guide brute-force 122, 123 structure IP spoofing TCP/IP filter rule firewall ping of death and filter set SYN flood and IP alias teardrop and remote management threshold. See DoS threshold. anti-probing types of application-level using ICMP direction using illegal NetBIOS commands...
Page 429
P-793H User’s Guide negotiation mode peer identity pre-shared key proposal and WAN IKE SA. See also VPN. LAN ports, communication between Internet Control Message Protocol. See ICMP. LEDs Internet Group Multicast Protocol. See IGMP. LLC (multiplexing) Internet Protocol Security. See IPSec.
Page 430
TR-069 client conditions remote node encapsulation and filter set procedure RESET button roles for the ZyXEL Device in reset to factory defaults 54, 239 server restart Point-to-Point Protocol over ATM Adaptation Layer 5. See PPPoA. RFC 1112. See IGMP. Point-to-Point Protocol over Ethernet. See PPPoE.
Page 431
P-793H User’s Guide traffic shaping Maximum Burst Size (MBS) Peak Cell Rate (PCR) safety warnings Sustained Cell Rate (SCR) schedule set triangle route Select Mode screen and IP alias and traffic redirect Simple Network Management Protocol. See SNMP. Single User Account. See SUA.