How do I backup/restore configurations by using FTP client program via LAN?......................102 Why can't I make Telnet to Prestige from WAN? ........102 What should I do if I forget the system password?........103 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 3
What IP/Port mapping does Multi-NAT support? ........110 What is the difference between SUA and Multi-NAT? ......111 What is BOOTP/DHCP?................111 What is DDNS?..................111 When do I need DDNS service? ..............112 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 4
Why do you need a firewall when your router has packet filtering and NAT built-in?..................... 119 What is Denials of Service (DoS)attack?...........119 What is Ping of Death attack?..............119 What is Teardrop attack? ................119 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 5
What VPN software that has been tested with Prestige successfully?..129 Will ZyXEL support Secure Remote Management?........129 Does Prestige VPN support NetBIOS broadcast? ........129 Is the host behind NAT allowed to use IPSec? ..........129 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 6
Do I need the same kind of antenna on both sides of a link ?錯誤! 尚未定義書籤。 Why the 2.4 Ghz Frequency range ?......錯誤! 尚未定義書籤。 What is Server Set ID (SSID) ? ....... 錯誤! 尚未定義書籤。 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 7
What is RADIUS ?........... 錯誤! 尚未定義書籤。 What is WPA ?............錯誤! 尚未定義書籤。 What is WPA-PSK?..........錯誤! 尚未定義書籤。 Trouble Shooting ......................132 Using Embedded Packet Trace ................132 Debug PPPoE Connection .................147 CLI Command List....................159 All contents copyright (c) 2005 ZyXEL Communications Corporation.
2. DHCP server enabled with IP pool starting from 192.168.1.33 3. Default SMT menu password = 1234 • Setting up the PC (Windows OS) 1. Ethernet connection All PCs must have an Ethernet adapter card installed. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 9
When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network. • Setting up the Prestige router All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 10
2. Login first The default password is the default SMT password, '1234'. 3. Configure Prestige for Internet access by using WIZARD SETUP The Web screen shown below takes PPPoE as the example. All contents copyright (c) 2005 ZyXEL Communications Corporation.
DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses negotiating between the DHCP clients and the server. See figure 1. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 12
Primary DNS Server= N/A Secondary DNS Server= N/A Remote DHCP Server= 192.168.1.2 TCP/IP Setup: IP Address= 192.168.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= None Version= N/A Multicast= None IP Policies= Edit IP Alias= No All contents copyright (c) 2005 ZyXEL Communications Corporation.
To make a server visible to the outside world, specify the port number of the service and the inside address of the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using WAN IP the Prestige's address which can be obtained from menu 24.1. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 14
0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: • Port numbers for some services Service Port Number Telnet SMTP DNS (Domain Name Server) www-http (Web) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial-up adapter that provides PPP support for the analog or ISDN modem. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 16
PPTP client setup (Win9x) Add one VPN connection from Dial-Up Networking by entering the correct username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 17
WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the remote Win9x client. For example: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 18
IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is established, you can start the network protocol application such as IP, IPX and NetBEUI. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Internet ISP, thus making them appear as if they had come from the NAT system itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 20
In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 21
SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. • SMT Menus 1. Applying NAT in the SMT Menus All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 22
NAT is disabled when you select this option. When you select this option the SMT will use Address SUA Only Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 23
Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets further information on these menus. Enter 1 to bring up Menu 15.1-Address Mapping Sets All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 24
Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 25
Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu. Menu 15.1.1 - Address Mapping Rules Set Name= ? Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 26
15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs displayed in Menu 15.1.1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 27
Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot have an End IP address beginning before the Start IP address. • NAT Server Sets All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 28
ESC at any time to cancel. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 29
1723 Protocol) 1. Internet Access Only In our Internet Access example, we only need one rule where all our ILAs map to one IGA assigned by the ISP. See the following figure. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 30
My Login= cso@zyxel My Password= ******** Idle Timeout (sec)= 0 IP Address Assignment= Dynamic IP Address= N/A Network Address Translation= SUA Only Address Mapping Set= 1 Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 31
NAT as shown below. Menu 15.2 - NAT Server Setup (Used for SUA Only) Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.33 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 32
8. Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 33
Rule 1 Setup: Select One-to-One type to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1. Menu 15.1.1.1 - - Rule 1 Type: One-to-One Local IP: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 34
Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3. Menu 15.1.1.3 - - Rule 3 Type: Many-to-One Local IP: Start= 0.0.0.0 End = 255.255.255.255 Global IP: Start= [Enter IGA3] End = N/A All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 35
Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- ------ 1. 192.168.1.10 [IGA1] 2. 192.168.1.11 [IGA2] 3. 0.0.0.0 255.255.255.255 [IGA3] [IGA3] Server All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 36
Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.20 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: 4. Support Non NAT Friendly Applications All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 37
End = [Enter IGA3] Press ENTER to Confirm or ESC to Cancel: The three rules configured for using One-to-One mapping type is shown below. Menu 15.1.1.1 - - Rule 1 Type: One-to-One All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 38
End = N/A Press ENTER to Confirm or ESC to Cancel: Menu 15.1.1.3 - - Rule 3 Type: One-to-One Local IP: Start= 192.168.1.12 End = N/A Global IP: Start= [Enter IGA3] End = N/A All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 39
Many One to One • Server The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) ILA1<--->IGA1 ILA2<--->IGA2 Many-to-Many ILA3<--->IGA1 Overload ILA4<--->IGA2 ILA1<--->IGA1 Many-to-Many No ILA2<--->IGA2 Overload ILA3<--->IGA3 ILA4<--->IGA4 All contents copyright (c) 2005 ZyXEL Communications Corporation.
With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The following diagram illustrates the logic flow when executing a filter rule. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 41
The Generic filter rules belong to the device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the protocol category; they act on the IP and IPX packets. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 42
'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 43
IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 44
Menu 11.1 - Remote Node Profile Rem Node Name= LAN Route= IP Active= Yes Bridge= No Encapsulation= PPP Edit PPP Options= No Incoming: Rem IP Addr= ? Rem Login= test Edit IP/IPX/Bridge= No Rem Password= ******** All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 45
In order to avoid operational problems later, the Prestige will disable its routing/bridging functions if there is an inconsistency among its filter rules. filter for blocking the web service • Configuration Before configuring a filter, you need to know the following information: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 46
------ ----------------- Web Request _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ Enter Filter Set Number to Configure= 1 Edit Comments= Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 47
Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,2 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 53 Port # Comp= Equal All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 48
Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: 5. After the three rules are completed, you will see the rule summary in Menu 21. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 49
------ ----------------- Block a client _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ _______________ Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 50
Action Not Matched..Set to 'Forward' to allow the packets from other clients 3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup. A filter for blocking a specific MAC address All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 51
0040: 77 61 62 63 64 65 66 67 68 69 The detailed format of the Ethernet Version II: + Ethernet Version II - Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45 (Destination MAC) - Ethernet II Protocol Type: IP All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 52
0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 0040: 77 61 62 63 64 65 66 67 68 69 2. We are now ready to configure the 'Generic Filter Rule' as below. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 53
[00 80 c8 4c ea 63] that the Prestige should use to compare with the masked packet. If the result from the masked packet matches the 'Value', then the packet is considered matched. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 54
'Protocol Filter' that is used for configuring the TCPIP and IPX filters. Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters= device filters= 1 Output Filter Sets: protocol filters= device filters= All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 55
Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first. Menu 21 - Filter Set Configuration Filter Filter All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 56
IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 57
Press ENTER to Confirm or ESC to Cancel: • Rule 3-Destination port number 138 with protocol number 6 (TCP) Menu 21.1.3 - TCP/IP Filter Rule Filter #: 1,3 Filter Type= TCP/IP Filter Rule Active= Yes All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 58
Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 138 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= N/A More= No Log= None All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 59
Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: • Rule 6-Destination port number 139 with protocol number 17 (UDP) Menu 21.1.6 - TCP/IP Filter Rule Filter #: 1,6 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 60
N D N 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 5 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N 6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 61
Press ENTER to Confirm or ESC to Cancel: • Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP) Menu 21.2.2 - TCP/IP Filter Rule Filter #: 2,2 Filter Type= TCP/IP Filter Rule Active= Yes All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 62
N D F 1. Apply the filter set 'NetBIOS_LAN' in the 'Input protocol filters=' in the Menu 3 for blocking the packets from LAN Menu 3.1 - General Ethernet Setup Input Filter Sets: All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP to the DDNS server. • Toggle 'Configure Dynamic DNS' option to 'Yes' and press ENTER for configuring the settings of the DDNS in menu 1.1. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 64
Toggle to 'Yes'. Enter the hostname you subscribe from the above DDNS server. For example, Host zyxel.com.tw. EMAIL Enter the email address you give to the DDNS server. Enter the user name that User All contents copyright (c) 2005 ZyXEL Communications Corporation.
(MIB). The MIB is made up of several parts, including the Standard MIB, specified as part of SNMP, and Enterprise Specific MIB, which are defined by different manufacturer for hardware specific management. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 66
NMSs use these operations to determine which variables a managed device supports and to sequentially gather information from variable tables (such as IP routing table) in managed devices. 9. Traps The managed devices to asynchronously report certain events to NMSs use trap. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 67
The SNMPv1 messages contains two part. The first part contains a version and a community name. The second part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 68
Some traps are sent to the SNMP manager when anyone of the following events happens: • coldStart (defined in RFC-1215) : If the machine coldstarts, the trap will be sent after booting. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 69
"System reboot by user !" will be sent. (ii) For fatal error : System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 70
The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps describe a simple setup procedure for configuring all SNMP settings. Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 192.168.1.33 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige will not send trap any NMS manager. Using syslog 4. Prestige Setup Menu 24.3.2 - System Maintenance - UNIX Syslog and Accounting UNIX Syslog: Active= Yes Syslog IP Address= 192.168.1.33 Log Facility= Local 1 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Therefore, three routes are created in the Prestige as shown below when the three networks are configured. If the Prestige's DHCP is also enabled, the IP pool for the clients can be any of the three networks. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ip ro st...
Page 76
If the Prestige's DHCP server is enabled, the IP pool for the clients can be any of the DHCP Setup three networks. Enter the first LAN IP address for the Prestige. This will create the first route in the TCP/IP Setup enif0 interface. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Toggle to 'Yes' and enter the third LAN IP address for the Prestige. This will create the IP Alias 2 third route in the enif0:1 interface. Using Call Scheduling 1. What is Call Scheduling ? All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 78
2. Select a Schedule Set number and give it a name: Menu 26 - Schedule Setup Schedule Schedule Set # Name Set # Name ------ ----------------- ------ ----------------- 1 ZyXEL 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 79
Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time(hh:mm)= 12 : 00 Duration(hh:mm)= 16 : 00 Action= Enable Dial-on-demand Press ENTER to Confirm or ESC to Cancel: Key Settings: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 80
Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= cso@zyxel Schedules= 1,2,3,4 My Password= ******** Nailed-Up Connection= No Retype to Confirm= ******** Authen= CHAP/PAP All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 81
Current Date: 2004 - 01 - 01 New Date (yyyy-mm-dd): 2004 - 01 - 01 Time Zone= GMT+0800 Daylight Saving= No Start Date (mm-dd): 01 - 00 End Date (mm-dd): 01 - 00 All contents copyright (c) 2005 ZyXEL Communications Corporation.
DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.0 Secondary DNS Server= 0.0.0.0 Remote DHCP Server= N/A TCP/IP Setup: IP Address= 192.168.1.1 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 83
Private= No RIP Direction= None Version= RIP-2B Multicast= IGMP-v2 IP Policies= Enter here to CONFIRM or ESC to CANCEL: Key Settings: Multicast IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using SMT Menu 2 WAN Backup Setup. Menu 2 - Wan Backup Setup Menu 2 - Wan Backup Setup All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 85
"down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested. Traffic All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 86
Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. You can also configure traffic redirect via web configuration. The configuration page is in WAN/WAN Backup. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Control points: Control points can manipulate network devices When you add a new control point (in this case, a laptop) to a network, the device may ask the network to find UPnP-enabled devices. These devices respond with their URLs and device descriptions. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 88
UPnP, so we take Microsoft MSN application as an example in this support note. You can learn how MSN benefit from NAT traversal feature in UPnP in this application note. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 89
The second check box allow users' application to change configuration in this device. For instance, if you enable this item, then user's MSN application can assign dynamic port mapping to the router. So that network administrator don't need to setup SUA port mapping in the router. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 90
2. After getting IP address, you can go to open MSN application on PC and sign in MSN server. 3. Start a Video conversation with one online user. 4. On the opposite side, your partner select Accept to accept your conversation request. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 91
Prestige 2602H-6xC Support Notes 5. Finally, your video conversation is achieved. All contents copyright (c) 2005 ZyXEL Communications Corporation.
SIP handles telephone calls and can interface with traditional circuit-switched telephone networks. The Prestige can hold up to two SIP account simultaneously please follow the below instruction to configure the SIP account properly. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 93
Prestige (LAN IP address). The default management IP of Prestige is 192.168.1.1. Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234' All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 94
SIP-Number@SIP-Srevice-Domain. A SIP number is the part of the SIP URI that comes before the "@" symbol. Enter your SIP number in this field. You can use up to 31 ASCII characters. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 95
VoIP calls. Clear this check box to show identification information when you make VoIP calls. Apply to Phone 1 and Phone 2 correspond to the Prestige’s physical PHONE 1 and 2 ports, respectively. Select whether you want to receive calls for this All contents copyright (c) 2005 ZyXEL Communications Corporation.
Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. Phone port settings Prestige allow you to configure the volume and echo cancellation setting for each individual phone port. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 97
Select this check box to use Voice Activity Detection (VAD) to reduce the bandwidth that a call uses. The Prestige will generate and send comfort Support noise when you are not talking. All contents copyright (c) 2005 ZyXEL Communications Corporation.
To configure phone book for speed dial please follow the below step. Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP address of the Prestige. The default management IP of Prestige is 192.168.1.1. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 99
Speed Dial Phone Book section of the screen. This section of the screen displays the currently saved speed dial entries. Speed Dial You can configure up to 10 entries and use them to make calls. Phone Book All contents copyright (c) 2005 ZyXEL Communications Corporation.
It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites and public Web download site as they become available. How do I access the embedded web configurator? All contents copyright (c) 2005 ZyXEL Communications Corporation.
Fail to due so may result in update fail and require RMA. b. To backup your firmware, use the FTP client program to get file 'ras' from the Prestige. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Telnet service is enabled but your host IP is not the secured host entered in Menu 24.11. In this case, the error message 'Client IP is not allowed!' will appear on the Telnet screen. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Basically, NAT is a process of translating one address to another. A NAT implementation can be as simple as substituting an IP address with another. This allows a network to rectify the illegal address problem mentioned above without going through each and every host. All contents copyright (c) 2005 ZyXEL Communications Corporation.
1 ADSL WAN port. It is the most simple and affordable solution for multiple and instant broadband Internet access router. Virtually all-popular applications over Internet, such as Web, E-Mail, FTP, Telnet, Gopher, are supported. Prestige is designed for SOHO, branch offices, workgroups, and educational users. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the Prestige if the ISP uses PPPoE. All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP from ISP, instead, can be recognized or pinged by another real IP. The Prestige Internet Access Sharing Router works like an intelligent router that route between the virtual IP and the real IP. All contents copyright (c) 2005 ZyXEL Communications Corporation.
5 second, the unit will be reset. When the reset button is pressed the devices all parameter will be reset back to factory default include, password, and IP address. The default IP address is 192.168.1.1, Password 1234. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Most independent Internet Service Providers today connect to the Internet using a single 1.5 Mbps "T1" telephone line. All of their subscribers share that 1.5 Mbps pipeline. Cable head-ends connecting to the Internet backbone using a T1 limit their subscribers to an absolute maximum of 1.5 Mbps. All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address. All contents copyright (c) 2005 ZyXEL Communications Corporation.
NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode. The following table summarizes these types. NAT Type IP Mapping One-to-One ILA1<--->IGA1 ILA1<--->IGA1 Many-to-One ILA2<--->IGA1 (SUA/PAT) Many-to-Many ILA1<--->IGA1 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Without DDNS, we always tell the users to use the WAN IP of the 312 to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name All contents copyright (c) 2005 ZyXEL Communications Corporation.
However, SUA should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP is an already exist standard and many type of service already runs on IP, by using IP as a platform integrate service is now possible and low cost where traditional circuit may take long time to achieve. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Voice quality is most commonly rated through a voice quality metric called the Mean Opinion Score (MOS) which is recommendation by ITU-T. The MOS is a 5 point scale where 5 represent excellent voice quality and 1 represent bad voice quality. All contents copyright (c) 2005 ZyXEL Communications Corporation.
1. A high-speed Internet connection. This can be a cable modem, or a high-speed network services such as ISDN, DSL or a T-1 link. The need of the bandwidth required will depend on the amount of telephone traffic will be in your network. All contents copyright (c) 2005 ZyXEL Communications Corporation.
If you can register to server but can only make out going call but can not receive incoming calls or the incoming call signal establishment can be made but voice only goes one way very likely there is NAT/firewall router before it, please see NAT/firewall related question above for tips to troubleshoot. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses. This adds a level of security since the clients on the private LAN are invisible to the Internet. All contents copyright (c) 2005 ZyXEL Communications Corporation.
4. The Prestige's firewall is fast. It uses a hashing function to search the matched session cache instead of going through every individual rule for a packet. 5. The Prestige's firewall provides email service to notify you for routine reports and when alerts occur. All contents copyright (c) 2005 ZyXEL Communications Corporation.
SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response, While the targeted system waits for the ACK that follows the All contents copyright (c) 2005 ZyXEL Communications Corporation.
There are two default ACLs pre-configured in the Prestige, one allows all connections from LAN to WAN and the other blocks all connections from WAN to LAN except of the DHCP packets. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: For the output data filters: • Deny bounceback packet • Allow packets that originate from us Filter rule setup: • Filter Type =TCP/IP Filter Rule All contents copyright (c) 2005 ZyXEL Communications Corporation.
A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication. All contents copyright (c) 2005 ZyXEL Communications Corporation.
PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself. The All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP payload including user data. There is no restriction that the IPSec hosts and the security gateway must be separate machines. Both IPSec protocols, AH and ESP, can operate in either transport mode and tunnel mode. All contents copyright (c) 2005 ZyXEL Communications Corporation.
IP address dynamically assigned from ISP, so Prestige needs additional information to make the decision. Such additional information is what we call phase 1 ID. In the IKE payload, there are local and peer ID field to achieve this. All contents copyright (c) 2005 ZyXEL Communications Corporation.
IPSec VPN is available for Prestige since ZyNOS V3.50. It is free upgrade, no registration is needed. By upgrading the firmware and also configurations (romfile) to ZyNOS V3.50, the IPSec VPN capability All contents copyright (c) 2005 ZyXEL Communications Corporation.
I am planning my Prestige-to-Prestige VPN configuration. What do I need to know? First of all, both Prestige must have VPN capabilities. Please check the firmware version, V3.50 or later has the VPN capability. All contents copyright (c) 2005 ZyXEL Communications Corporation.
If Prestige stays in menu 24.1, 24.8 and 27.3 a certain of memory is allocated to generate the required statistics. So, we do not suggest to stay in menu 24.1, 27.3 and 24.8 when VPN is in use. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 130
If I have NAT router between two VPN gateways, and I would like to use IP type as Phase 1 ID, what should I know? We presume your environment may look like this, All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 131
PCs or even a network of PCs to utilize the VPN/IPSec service. Can Prestige support IPSec passthrough? Yes, Prestige can support IPSec passthrough. Prestige series don't only support IPSec/VPN gateway, it can also be a NAT router supporting IPSec passthrough. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Prestige. It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule. The format of the display is as following: Packet: All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 134
Header Checksum = 0x3E71 (15985) Source IP = 0xC0A80102 (192.168.1.2) Destination IP = 0xC01F0782 (192.31.7.130) TCP Header: Source Port = 0x045C (1116) Destination Port = 0x0050 (80) Sequence Number = 0x00BD15A7 (12391847) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 135
= 0x002C (44) Idetification = 0x57F3 (22515) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xED (237) Protocol = 0x06 (TCP) Header Checksum = 0xAC8C (44172) Source IP = 0xC01F0782 (192.31.7.130) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 136
Source MAC Addr = 0080C84CEA63 Network Type = 0x0800 (TCP/IP) IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x0028 (40) Idetification = 0x350B (13579) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 137
1.3 Enable the trace log by entering: sys trcp sw on & sys trcl sw on 1.4 Display the brief trace online by entering: sys trcd brief 1.5 Display the detailed trace online by entering: sys trcd parse All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 138
= 0x00 (0) Total Length = 0x048B (1163) Idetification = 0xB139 (45369) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0xEE (238) Protocol = 0x06 (TCP) Header Checksum = 0xA9AB (43435) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 139
0050: 9C 58 3E 95 3E E7 FC 2A-4C 2F FB BE 2F FE EF D0 .X>.>..*L/../... ---<0001>---------------------------------------------------------------- LAN Frame: ENET1-XMIT Size: 54/ 54 Time: 12387.490 sec Frame Type: TCP 202.132.155.97:10270->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5012345 Source MAC Addr = 00A0C5921312 Network Type = 0x0800 (TCP/IP) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 143
Source IP = 0xC01F0782 (192.31.7.130) Destination IP = 0xC0A80102 (192.168.1.2) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x044F (1103) Sequence Number = 0xD91B1826 (3642431526) Ack Number = 0x00AA405F (11157599) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 144
Prestige> sys trcl sw on Prestige> sys trcp sw on Prestige> sys trcl sw off Prestige> sys trcp sw off Prestige> sys trcp brief 12864.800 ENET1-T[0411] TCP 202.132.155.97:10278->204.217.0.2:80 12864.890 ENET1-R[0247] TCP 204.217.0.2:80->202.132.155.97:10282 All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 145
= 0xCA849B61 (202.132.155.97) TCP Header: Source Port = 0x0050 (80) Destination Port = 0x2826 (10278) Sequence Number = 0x4D713D8A (1299266954) Ack Number = 0x00C8C015 (13156373) Header Length = 20 Flags = 0x18 (.AP...) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 146
Type of Service = 0x00 (0) Total Length = 0x018D (397) Idetification = 0xF20C (61964) Flags = 0x02 Fragment Offset = 0x00 Time to Live = 0x7F (127) Protocol = 0x06 (TCP) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 151
2. Offline Trace--capture the trace first and display later The details for capturing the trace in SMT menu 24.8 are as follows. Online Trace 1. Trace LAN packet 2. Trace WAN packet All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 152
---<0000>---------------------------------------------------------------- LAN Frame: ENET0-RECV Size: 62/ 62 Time: 12089.790 sec Frame Type: TCP 192.168.1.2:1116->192.31.7.130:80 Ethernet Header: Destination MAC Addr = 00A0C5921311 Source MAC Addr = 0080C84CEA63 Network Type = 0x0800 (TCP/IP) All contents copyright (c) 2005 ZyXEL Communications Corporation.
The latest CI command list is available in release notes of every ZyXEL firmware release. Please go to ZyXEL public WEB site http://www.zyxel.com/support/download.php to download firmware package (*.zip), you should unzip the package to get the release note in PDF format. All contents copyright (c) 2005 ZyXEL Communications Corporation.