Page 1 Prestige 324 Intelligent Broadband Sharing Gateway User’s Guide Version V3.61(JF.0) April 2004...
Page 2: Copyright
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 3 Prestige 324 User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.
Page 4: Information For Canadian Users
Prestige 324 User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Page 5: Zyxel Limited Warranty
Prestige 324 User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to...
Page 6: Customer Support
Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION WORLDWIDE support@zyxel.com.tw +886-3-578-3942 www.zyxel.com ZyXEL Communications Corp. 6 Innovation Road II www.europe.zyxel.com Science Park ftp.zyxel.com Hsinchu 300 Taiwan sales@zyxel.com.tw +886-3-578-2439 ftp.europe.zyxel.com NORTH support@zyxel.com +1-800-255-4101 www.us.zyxel.com...
Page 7 SUPPORT E-MAIL TELEPHONE WEB SITE REGULAR MAIL SALES E-MAIL FTP SITE LOCATION SWEDEN support@zyxel.se +46 31 744 7700 www.zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 Göteborg sales@zyxel.se +46 31 744 7701 Sweden FINLAND support@zyxel.fi +358-9-4780-8411 www.zyxel.fi ZyXEL Communications Oy Malminkaari 10...
Page 9: Table Of Contents
Prestige 324 User’s Guide Table of Contents Copyright..............................ii Federal Communications Commission (FCC) Interference Statement..........iii Information for Canadian Users .......................iv ZyXEL Limited Warranty ..........................v Customer Support ............................vi List of Figures ............................xvii List of Tables ............................xxiii Preface ..............................xxvii Getting Started ..............................I Chapter 1 Getting to Know Your Prestige .....................
Page 10 Prestige 324 User’s Guide Chapter 4 System Screens........................4-1 System Overview ........................4-1 Configuring General Setup ......................4-1 Dynamic DNS..........................4-2 Configuring Dynamic DNS ......................4-3 Configuring Password.........................4-4 Configuring Time Setting ......................4-5 Chapter 5 LAN Screens ...........................5-1 LAN Overview ...........................5-1 DHCP Setup..........................5-1 LAN TCP/IP ..........................5-1 Configuring IP ..........................5-3 Configuring IP Alias ........................5-6 Chapter 6 WAN Screens...........................6-1...
Page 11 Prestige 324 User’s Guide Chapter 7 Network Address Translation (NAT) Screens..............7-1 NAT Overview........................... 7-1 Using NAT..........................7-6 SUA Server ..........................7-6 Configuring SUA Server......................7-8 Configuring Address Mapping....................7-10 Trigger Port Forwarding......................7-13 Configuring Trigger Port Forwarding ..................7-14 Chapter 8 Static Route Screens ......................
Page 12 Prestige 324 User’s Guide 11.2 Configuring WWW.......................11-2 11.3 Configuring Telnet........................11-4 11.4 Configuring TELNET......................11-4 11.5 Configuring FTP ........................11-5 11.6 SNMP ...........................11-6 11.7 Configuring DNS ........................11-10 11.8 Configuring Security......................11-11 Logs and Maintenance ..........................VI Chapter 12 Centralized Logs.........................12-1 12.1 View Log ..........................12-1 12.2 Log Settings ..........................12-2 Chapter 13 Maintenance........................13-1 13.1...
Page 13 Prestige 324 User’s Guide 16.1 Introduction to WAN ......................16-1 16.2 Dial Backup.......................... 16-2 16.3 Configuring Dial Backup in Menu 2..................16-2 16.4 Advanced WAN Setup ......................16-3 16.5 Remote Node Profile (Backup ISP) ..................16-5 16.6 Editing PPP Options......................16-8 16.7 Editing TCP/IP Options .......................
Page 14 Prestige 324 User’s Guide 21.1 Using NAT..........................21-1 21.2 Applying NAT ........................21-1 21.3 NAT Setup ..........................21-3 21.4 Configuring a Server behind NAT..................21-9 21.5 General NAT Examples ......................21-10 21.6 Configuring Trigger Port Forwarding.................21-18 Chapter 22 Enabling the Firewall ......................22-1 22.1 Remote Management and the Firewall .................22-1 22.2 Access Methods ........................22-1 22.3...
Page 15 Prestige 324 User’s Guide 25.4 Diagnostic ..........................25-9 Chapter 26 Firmware and Configuration File Maintenance ............. 26-1 26.1 Filename Conventions......................26-1 26.2 Backup Configuration ......................26-2 26.3 Restore Configuration ......................26-6 26.4 Uploading Firmware and Configuration Files..............26-8 Chapter 27 System Maintenance......................27-1 27.1 Command Interpreter Mode ....................
Page 17: List Of Figures
Prestige 324 User’s Guide List of Figures Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem............1-5 Figure 2-1 Change Password Screen......................2-1 Figure 2-2 The MAIN MENU Screen of the Web Configurator..............2-3 Figure 3-1 Wizard 1 ............................3-2 Figure 3-2 Wizard 2: Ethernet Encapsulation ....................
Page 18 Prestige 324 User’s Guide Figure 7-1 How NAT Works...........................7-3 Figure 7-2 NAT Application With IP Alias .....................7-4 Figure 7-3 Multiple Servers Behind NAT Example..................7-8 Figure 7-4 SUA/NAT Setup..........................7-9 Figure 7-5 Address Mapping ........................7-10 Figure 7-6 Address Mapping Edit.........................7-12 Figure 7-7 Trigger Port Forwarding Process: Example ................7-13 Figure 7-8 Trigger Port ..........................7-15 Figure 8-1 Example of Static Routing Topology ....................8-1 Figure 8-2 Static Route ...........................8-2...
Page 19 Prestige 324 User’s Guide Figure 13-2 System Status: Show Statistics ....................13-3 Figure 13-3 DHCP Table..........................13-4 Figure 13-4 Firmware Upload........................13-5 Figure 13-5 Firmware Upload........................13-6 Figure 13-6 Firmware Upload In Process ....................13-6 Figure 13-7 Network Temporarily Disconnected..................13-6 Figure 13-8 Firmware Upload Error ......................
Page 20 Prestige 324 User’s Guide Figure 16-9 Menu 11.5: Dial Backup Remote Node Filter.................16-13 Figure 17-1 Menu 3 LAN Setup ........................17-1 Figure 17-2 Menu 3.1 LAN Port Filter Setup....................17-1 Figure 17-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup ................17-2 Figure 17-4 Menu 3.2.1: IP Alias Setup......................17-5 Figure 18-1 Menu 4 Internet Access Setup....................18-1 Figure 18-2 Internet Access Setup (PPTP) ....................18-4 Figure 18-3 Internet Access Setup (PPPoE) ....................18-5...
Page 21 Prestige 324 User’s Guide Figure 21-11 Menu 4 Internet Access & NAT Example................21-11 Figure 21-12 NAT Example 2 ........................21-11 Figure 21-13 Menu 15.2.1 Specifying an Inside Server................21-12 Figure 21-14 NAT Example 3 ........................21-13 Figure 21-15 Example 3: Menu 11.3......................21-14 Figure 21-16 Example 3: Menu 15.1.1.1 ....................
Page 22 Prestige 324 User’s Guide Figure 25-1 Menu 24 System Maintenance ....................25-1 Figure 25-2 Menu 24.1 System Maintenance : Status ..................25-2 Figure 25-3 Menu 24.2 System Information and Console Port Speed............25-3 Figure 25-4 Menu 24.2.1 System Maintenance : Information ..............25-4 Figure 25-5 Menu 24.2.2 System Maintenance : Change Console Port Speed..........25-5 Figure 25-6 Menu 24.3.2 System Maintenance : Syslog Logging..............25-5 Figure 25-7 Call-Triggering Packet Example ....................25-9 Figure 25-8 Menu 24.4 System Maintenance : Diagnostic.................25-10...
Page 23 Prestige 324 User’s Guide List of Tables Table 2-1 Screens Summary........................... 2-3 Table 3-1 Ethernet Encapsulation ........................3-3 Table 3-2 PPPoE Encapsulation........................3-5 Table 3-3 PPTP Encapsulation ........................3-7 Table 3-4 Private IP Address Ranges ......................3-8 Table 3-5 Example of Network Properties for LAN Servers with Fixed IP Addresses........3-9 Table 3-6 WAN Setup ..........................
Page 24 Prestige 324 User’s Guide Table 7-3 Services and Port Numbers......................7-7 Table 7-4 SUA/NAT Setup ..........................7-9 Table 7-5 Address Mapping ..........................7-11 Table 7-6 Address Mapping Edit ........................7-12 Table 7-7 Trigger Port...........................7-15 Table 8-1 Static Route.............................8-2 Table 8-2 Static Route: Edit..........................8-3 Table 9-1 Configuring UPnP ..........................9-3 Table 10-1 Firewall: Settings ........................10-4 Table 10-2 Firewall: Filter ..........................10-7 Table 10-3 Firewall: Service.........................10-9...
Page 25 Prestige 324 User’s Guide Table 15-2 Menu 1.1 Configure Dynamic DNS................... 15-4 Table 16-1 MAC Address Cloning in WAN Setup..................16-1 Table 16-2 Menu 2: Dial Backup Setup ....................... 16-3 Table 16-3 Advanced WAN Port Setup: AT Commands Fields ..............16-4 Table 16-4 Advanced WAN Port Setup: Call Control Parameters ...............
Page 26 Prestige 324 User’s Guide Table 23-3 TCP/IP Filter Rule ........................23-7 Table 23-4 Generic Filter Rule Menu Fields ....................23-11 Table 24-1 Menu 22 SNMP Configuration ....................24-3 Table 24-2 SNMP Traps..........................24-4 Table 24-3 Ports and Permanent Virtual Circuits..................24-4 Table 25-1 System Maintenance: Status Menu Fields ..................25-2 Table 25-2 Menu 24.2.1 System Maintenance : Information................25-4 Table 25-3 Menu 24.3.2 System Maintenance : Syslog and Accounting............25-5 Table 25-4 System Maintenance Menu Diagnostic ..................25-11...
Page 27: Preface
Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 28 Prestige 324 User’s Guide • The version number on the title page is the latest firmware version that is documented in this User’s Guide. Earlier versions may also be included. • “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose”...
Page 29: Getting Started
Getting Started Part I: Getting Started This part helps you get to know your Prestige, introduces the web configurator and covers how to configure the Wizard Setup screens.
Page 31: Chapter 1 Getting To Know Your Prestige
Prestige 324 User’s Guide Chapter 1 Getting to Know Your Prestige This chapter introduces the main features and applications of the Prestige. Prestige Internet Security Gateway Overview The Prestige is the ideal secure gateway for all data passing between the Internet and LAN’s. By integrating NAT, and firewall, ZyXEL’s Prestige is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.
Page 32 Prestige 324 User’s Guide Time and Date The Prestige allows you to get the current time and date from an external server when you turn on your Prestige. You can also set the time manually. Reset Button The Prestige reset button is built into the rear panel. Use this button to restore the factory default password to 1234;...
Page 33 Prestige 324 User’s Guide Dynamic DNS Support With Dynamic DNS (Domain Name System) support, you can have a static hostname alias for a dynamic IP address, allowing the host to be more easily accessible from various locations on the Internet. You must register for this service with a Dynamic DNS service provider.
Page 34: Applications For The Prestige
Prestige 324 User’s Guide Full Network Management The embedded web configurator is an all-platform web-based utility that allows you to easily access the Prestige’s management settings and configure the firewall. Most functions of the Prestige are also software configurable via the SMT (System Management Terminal) interface. The SMT is a menu-driven interface that you can access over a telnet connection.
Page 35: Figure 1-1 Secure Internet Access Via Cable, Dsl Or Wireless Modem
Prestige 324 User’s Guide Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem Introducing the Web Configurator...
Page 37: Chapter 2 Introducing The Web Configurator
Prestige 324 User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the Prestige web configurator and provides an overview of its screens. Web Configurator Overview The embedded web configurator allows you to manage the Prestige from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator.
Page 38: Resetting The Prestige
Prestige 324 User’s Guide Step 6. You should now see the MAIN MENU screen (see Figure 2-2). The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the Prestige if this happens to you.
Page 39: Figure 2-2 The Main Menu Screen Of The Web Configurator
Prestige 324 User’s Guide Click WIZARD for initial configuration including general setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. Use submenus to configure Prestige features. Select a language from the drop down listbox and click this button.
Page 40 Prestige 324 User’s Guide Table 2-1 Screens Summary LINK FUNCTION Use this screen to configure LAN DHCP and TCP/IP settings. IP Alias Use this screen to partition your LAN interface into subnets. Route This screen allows you to configure route priority. WAN ISP Use this screen to change your Prestige’s WAN ISP settings.
Page 41 Prestige 324 User’s Guide Table 2-1 Screens Summary LINK FUNCTION Use this screen to configure through which interface(s) and from which IP address(es) users can send DNS queries to the Prestige. Security Use this screen to change your anti-probing settings. LOGS View Log Use this screen to view the logs for the categories that you selected.
Page 43: Chapter 3 Wizard Setup
Prestige 324 User’s Guide Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. Wizard Setup Overview The web configurator’s setup wizard helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use.
Page 44: Wizard Setup: Screen 2
Prestige 324 User’s Guide Figure 3-1 Wizard 1 Wizard Setup: Screen 2 The Prestige offers three choices of encapsulation. They are Ethernet, PPP over Ethernet or PPTP. 3.3.1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet. Wizard Setup...
Page 45: Figure 3-2 Wizard 2: Ethernet Encapsulation
Prestige 324 User’s Guide Figure 3-2 Wizard 2: Ethernet Encapsulation The following table describes the fields in this screen. Table 3-1 Ethernet Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Page 46 Prestige 324 User’s Guide Table 3-1 Ethernet Encapsulation LABEL DESCRIPTION Relogin This field only applies when you select Telia Login in the Service Type field. The Every(min) Telia server logs the Prestige out if the Prestige does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Prestige to wait between logins.
Page 47: Figure 3-3 Wizard2: Pppoe Encapsulation
Prestige 324 User’s Guide Figure 3-3 Wizard2: PPPoE Encapsulation The following table describes the fields in this screen. Table 3-2 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up connection.
Page 48: Figure 3-4 Wizard 2: Pptp Encapsulation
Prestige 324 User’s Guide Table 3-2 PPPoE Encapsulation LABEL DESCRIPTION Back Click Back to return to the previous screen. 3.3.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks. PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.
Page 49: Table 3-3 Pptp Encapsulation
Prestige 324 User’s Guide The following table describes the fields in this screen. Table 3-3 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop-down list box. User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above.
Page 50: Table 3-4 Private Ip Address Ranges
Prestige 324 User’s Guide Table 3-3 PPTP Encapsulation LABEL DESCRIPTION Back Click Back to return to the previous screen. Wizard Setup: Screen 3 The third wizard screen allows you to configure WAN IP address assignment, DNS server address assignment and the WAN MAC address. 3.4.1 WAN IP Address Assignment Every computer on the Internet must have a unique IP address.
Page 51: Table 3-5 Example Of Network Properties For Lan Servers With Fixed Ip Addresses
Prestige 324 User’s Guide If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use;...
Page 52: Table 3-6 Wan Setup
Prestige 324 User’s Guide The third wizard screen varies according to the type of encapsulation that you select in the second wizard screen. Figure 3-5 Wizard 3 The following table describes the fields in this screen. Table 3-6 WAN Setup LABEL DESCRIPTION WAN IP Address Assignment...
Page 53: Basic Setup Complete
Prestige 324 User’s Guide Table 3-6 WAN Setup LABEL DESCRIPTION IP Subnet Mask Enter the IP subnet mask in this field if you selected Use Fixed IP Address. This field is not available when you select PPPoE encapsulation in the previous wizard screen.
Page 54: System, Lan And Wan
System, LAN and WAN Part II: System, LAN and WAN This part covers configuration of the system, LAN, and WAN screens.
Page 55: Chapter 4 System Screens
Prestige 324 User’s Guide Chapter 4 System Screens This chapter provides information on the System screens. System Overview See the Wizard Setup chapter for more information on the next few screens. Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 System General Setup The following table describes the labels in this screen.
Page 56: Dynamic Dns
Prestige 324 User’s Guide Table 4-1 System General Setup LABEL DESCRIPTION Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name.
Page 57: Configuring Dynamic Dns
Prestige 324 User’s Guide First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.
Page 58: Configuring Password
Prestige 324 User’s Guide Table 4-2 DDNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 59: Configuring Time Setting
Prestige 324 User’s Guide Figure 4-3 Password The following table describes the labels in this screen. Table 4-3 Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field. New Password Type the new password in this field.
Page 60: Figure 4-4 Time Setting
Prestige 324 User’s Guide Figure 4-4 Time Setting The following table describes the labels in this screen. Table 4-4 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the Prestige.
Page 61 Prestige 324 User’s Guide Table 4-4 Time Setting LABEL DESCRIPTION Synchronize Now Click Apply to save your changes including the time server address and then click this button to get the time and date from the time server you specified above. Current Time This field displays the time of your Prestige.
Page 63: Chapter 5 Lan Screens
Prestige 324 User’s Guide Chapter 5 LAN Screens This chapter describes how to configure LAN settings. LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks.
Page 64 Prestige 324 User’s Guide These parameters should work for the majority of installations. If your ISP gives you explicit DNS server address(es), read the embedded web configurator help regarding what fields need to be configured. 5.3.2 IP Address and Subnet Mask Refer to the IP Address and Subnet Mask section in the Wizard Setup chapter for this information.
Page 65: Configuring Ip
Prestige 324 User’s Guide Configuring IP Click LAN to open the IP screen. Figure 5-1 IP The following table describes the fields in this screen. Table 5-1 IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 66 Prestige 324 User’s Guide Table 5-1 IP LABEL DESCRIPTION Pool Size This field specifies the size, or count of the IP address pool. DNS Servers Assigned by DHCP Server The Prestige passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients.
Page 67 Prestige 324 User’s Guide Table 5-1 IP LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.
Page 68: Configuring Ip Alias
Prestige 324 User’s Guide Configuring IP Alias IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. To change your Prestige’s IP Alias settings, click LAN, then the IP Alias tab.
Page 69 Prestige 324 User’s Guide Table 5-2 IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.
Page 71: Chapter 6 Wan Screens
Prestige 324 User’s Guide Chapter 6 WAN Screens This chapter describes how to configure WAN settings. WAN Overview See the LAN chapter for information about Primary and Secondary DNS Server, DNS Server Address Assignment and IP Address and Subnet Mask. TCP/IP Priority (Metric) The metric represents the "cost of transmission".
Page 72: Configuring Route
Prestige 324 User’s Guide Table 6-1 Private IP Address Ranges 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 73: Configuring Wan Isp
Prestige 324 User’s Guide Figure 6-1 WAN Setup: Route The following table describes the fields in this screen. Table 6-3 WAN Setup: Route LABEL DESCRIPTION The default WAN connection is "1” as your broadband connection via the WAN port should always be your preferred method of accessing the WAN. The default priority of the routes is WAN, Traffic Redirect and then Dial Backup: Traffic Redirect...
Page 74: Figure 6-2 Ethernet Encapsulation
Prestige 324 User’s Guide Figure 6-2 Ethernet Encapsulation The following table describes the labels in this screen. Table 6-4 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Service Type Choose from Standard, Telstra (RoadRunner Telstra authentication method), RR- Manager (Roadrunner Manager authentication method), RR-Toshiba (Roadrunner...
Page 75 Prestige 324 User’s Guide Table 6-4 Ethernet Encapsulation LABEL DESCRIPTION Relogin This field only applies when you select Telia Login in the Service Type field. The Every(min) Telia server logs the Prestige out if the Prestige does not log in periodically. Type the number of minutes from 1 to 59 (30 default) for the Prestige to wait between logins.
Page 76: Figure 6-3 Pppoe Encapsulation
Prestige 324 User’s Guide Figure 6-3 PPPoE Encapsulation The following table describes the labels in this screen. Table 6-5 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 77 Prestige 324 User’s Guide Table 6-5 PPPoE Encapsulation LABEL DESCRIPTION Nailed-Up Select Nailed-Up Connection if you do not want the connection to time out. Connection Idle Timeout This value specifies the time in seconds that elapses before the router automatically disconnects from the PPPoE server.
Page 78: Figure 6-4 Pptp Encapsulation
Prestige 324 User’s Guide Figure 6-4 PPTP Encapsulation The following table describes the labels in this screen. Table 6-6 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks.
Page 79: Configuring Wan Ip
Prestige 324 User’s Guide Table 6-6 PPTP Encapsulation LABEL DESCRIPTION Password Type the password associated with the User Name above. Retype to Confirm Type your password again to make sure that you have entered is correctly. Nailed-up Select Nailed-Up Connection if you do not want the connection to time out. Connection Idle Timeout This value specifies the time in seconds that elapses before the Prestige...
Page 80: Figure 6-5 Wan: Ip
Prestige 324 User’s Guide Figure 6-5 WAN: IP The following table describes the labels in this screen. Table 6-7 WAN: IP LABEL DESCRIPTION WAN IP Address Assignment Get automatically Select this option If your ISP did not assign you a fixed IP address. This is the from ISP default selection.
Page 81 Prestige 324 User’s Guide Table 6-7 WAN: IP LABEL DESCRIPTION My WAN IP Subnet Type your network's IP subnet Mask. Mask (Ethernet only) Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field. Gateway/Remote IP Enter the gateway IP address (if your ISP gave you one) in this field if you selected Address...
Page 82 Prestige 324 User’s Guide Table 6-7 WAN: IP LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Choose Both, None, In Only or Out Only. When set to Both or Out Only, the Prestige will broadcast its routing table periodically.
Page 83: Configuring Wan Mac
Prestige 324 User’s Guide Table 6-7 WAN: IP LABEL DESCRIPTION Allow between WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and and LAN from the WAN to the LAN. If your firewall is enabled with the default policy set to block WAN to LAN traffic, you also need to enable the default WAN to LAN firewall rule that forwards NetBIOS traffic.
Page 84: Traffic Redirect
Prestige 324 User’s Guide Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige cannot connect to the Internet through its normal gateway. Connect the backup gateway on the WAN so that the Prestige still provides firewall protection.
Page 85: Configuring Traffic Redirect
Prestige 324 User’s Guide Configuring Traffic Redirect To change your Prestige’s Traffic Redirect settings, click WAN, then the Traffic Redirect tab. The screen appears as shown. Figure 6-9 WAN: Traffic Redirect The following table describes the labels in this screen. Table 6-8 WAN: Traffic Redirect LABEL DESCRIPTION...
Page 86: Configuring Dial Backup
Prestige 324 User’s Guide Table 6-8 WAN: Traffic Redirect LABEL DESCRIPTION Check WAN Configuration of this field is optional. If you do not enter an IP address here, the Prestige IP Address will use the default gateway IP address. Configure this field to test your Prestige's WAN accessibility.
Page 87: Figure 6-10 Dial Backup Setup
Prestige 324 User’s Guide Figure 6-10 Dial Backup Setup WAN Screens 6-17...
Page 88: Table 6-9 Dial Backup Setup
Prestige 324 User’s Guide The following table describes the labels in this screen. Table 6-9 Dial Backup Setup LABEL DESCRIPTION Enable Dial Backup Select this check box to turn on dial backup. Basic Settings Login Name Type the login name assigned by your ISP. Password Type the password assigned by your ISP.
Page 89 Prestige 324 User’s Guide Table 6-9 Dial Backup Setup LABEL DESCRIPTION Get IP Address Type the login name assigned by your ISP for this remote node. Automatically from Remote Server Used Fixed IP Select this check box if your ISP assigned you a fixed IP address, then enter the Address IP address in the following field.
Page 90 Prestige 324 User’s Guide Table 6-9 Dial Backup Setup LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. RIP-1 is universally supported;...
Page 91: Advanced Modem Setup
Prestige 324 User’s Guide Table 6-9 Dial Backup Setup LABEL DESCRIPTION Configure Budget Select this check box to have the dial backup connection on during the time that you select. Allocated Budget Type the amount of time (in minutes) that the dial backup connection can be used during the time configured in the Period field.
Page 92: Configuring Advanced Modem Setup
Prestige 324 User’s Guide 6.11.3 Response Strings The response strings tell the Prestige the tags, or labels, immediately preceding the various call parameters sent from the WAN device. The response strings have not been standardized; please consult the documentation of your WAN device to find the correct tags. 6.12 Configuring Advanced Modem Setup Click the Edit button in the Dial Backup screen to display the Advanced Setup screen shown next.
Page 93: Figure 6-11 Advanced Setup
Prestige 324 User’s Guide Figure 6-11 Advanced Setup The following table describes the labels in this screen. Table 6-10 Advanced Setup LABEL DESCRIPTION EXAMPLE AT Command Strings Dial Type the AT Command string to make a call. atdt WAN Screens 6-23...
Page 94 Prestige 324 User’s Guide Table 6-10 Advanced Setup LABEL DESCRIPTION EXAMPLE Drop Type the AT Command string to drop a call. "~" represents a one ~~+++~~ath second wait, for example, "~~~+++~~ath" can be used if your modem has a slow response time. Answer Type the AT Command string to answer a call.
Page 95: Nat And Static Route
NAT and Static Route Part III: NAT and Static Route This part covers Network Address Translation and setting up static routes.
Page 97: Nat Overview
Prestige 324 User’s Guide Chapter 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the Prestige. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet.
Page 98 Prestige 324 User’s Guide NAT never changes the IP address (either local or global) of an outside host. 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 99: Figure 7-1 How Nat Works
Prestige 324 User’s Guide Figure 7-1 How NAT Works 7.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
Page 100: Figure 7-2 Nat Application With Ip Alias
Prestige 324 User’s Guide Figure 7-2 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
Page 101: Table 7-2 Nat Mapping Types
Prestige 324 User’s Guide Many One-to-One: In Many-One-to-One mode, the Prestige maps each local IP address to a unique global IP address. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many One-to-One NAT mapping types.
Page 102: Using Nat
Prestige 324 User’s Guide Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 7.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 103: Table 7-3 Services And Port Numbers
Prestige 324 User’s Guide 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. In addition to the servers for specified services, NAT supports a default server.
Page 104: Configuring Sua Server
Prestige 324 User’s Guide IP address assigned by ISP. Figure 7-3 Multiple Servers Behind NAT Example Configuring SUA Server If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management. Click SUA/NAT to open the SUA Server screen.
Page 105: Figure 7-4 Sua/Nat Setup
Prestige 324 User’s Guide Figure 7-4 SUA/NAT Setup The following table describes the labels in this screen. Table 7-4 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the Prestige discards all packets received for ports that are not specified in this screen or remote management.
Page 106: Configuring Address Mapping
Prestige 324 User’s Guide Table 7-4 SUA/NAT Setup LABEL DESCRIPTION Server IP Enter the inside IP address of the server here. Address Apply Click Apply to save your changes back to the Prestige. Reset Click Reset to begin configuring this screen afresh. Configuring Address Mapping Ordering your rules is important because the Prestige applies the rules in the order that you specify.
Page 107: Table 7-5 Address Mapping
Prestige 324 User’s Guide Table 7-5 Address Mapping LABEL DESCRIPTION Local Start IP This refers to the Inside Local Address (ILA), which is the starting local IP address. If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address.
Page 108: Figure 7-6 Address Mapping Edit
Prestige 324 User’s Guide Figure 7-6 Address Mapping Edit The following table describes the labels in this screen. Table 7-6 Address Mapping Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-one mode maps one local IP address to one global IP address.
Page 109: Trigger Port Forwarding
Prestige 324 User’s Guide Table 7-6 Address Mapping Edit LABEL DESCRIPTION Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-One, Many-to-One and Server mapping types.
Page 110: Configuring Trigger Port Forwarding
Prestige 324 User’s Guide 1. Jane requests a file from the Real Audio server (port 7070). 2. Port 7070 is a “trigger” port and causes the Prestige to record Jane’s computer IP address. The Prestige associates Jane's computer IP address with the "incoming" port range of 6970-7170. 3.
Page 111: Figure 7-8 Trigger Port
Prestige 324 User’s Guide Figure 7-8 Trigger Port The following table describes the labels in this screen. Table 7-7 Trigger Port LABEL DESCRIPTION This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
Page 112 Prestige 324 User’s Guide Table 7-7 Trigger Port LABEL DESCRIPTION Start Port Type a port number or the starting port number in a range of port numbers. End Port Type a port number or the ending port number in a range of port numbers. Apply Click Apply to save your changes back to the Prestige.
Page 113: Chapter 8 Static Route Screens
Prestige 324 User’s Guide Chapter 8 Static Route Screens This chapter shows you how to configure static routes for your Prestige. Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.
Page 114 Prestige 324 User’s Guide Figure 8-2 Static Route The following table describes the labels in this screen. Table 8-1 Static Route LABEL DESCRIPTION Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination.
Page 115: Figure 8-3 Static Route: Edit
Prestige 324 User’s Guide Figure 8-3 Static Route: Edit The following table describes the labels in this screen. Table 8-2 Static Route: Edit LABEL DESCRIPTION Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activate/deactivate this static route.
Page 116 Prestige 324 User’s Guide Table 8-2 Static Route: Edit LABEL DESCRIPTION Private This parameter determines if the Prestige will include this route to a remote node in its RIP broadcasts. Select this check box to keep this route private and not included in RIP broadcasts. Clear this checkbox to propagate this route to other hosts through RIP broadcasts.
Page 117: Upnp And Firewall
UPnP and Firewall Part IV: UPnP and Firewall This part provides information and configuration instructions for configuration of Universal Plug and Play, firewall and content filtering.
Page 118: Chapter 9 Upnp
Prestige 324 User’s Guide Chapter 9 UPnP This chapter introduces the Universal Plug and Play feature. Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 119: Upnp And Zyxel
Prestige 324 User’s Guide 9.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration.
Page 120: Figure 9-1 Configuring Upnp
Prestige 324 User’s Guide Figure 9-1 Configuring UPnP The following table describes the labels in this screen. Table 9-1 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug Select this checkbox to activate UPnP. Be aware that anyone could use a and Play (UPnP) feature UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to...
Page 121: Installing Upnp In Windows Example
Prestige 324 User’s Guide Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. 9.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. Step 1. Click Start and Control Panel.
Page 122 Prestige 324 User’s Guide Step 1. Click Start and Control Panel. Step 2. Double-click Network Connections. Step 3. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. The Windows Optional Networking Components Wizard window displays.
Page 123: Using Upnp In Windows Xp Example
Prestige 324 User’s Guide Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device. Make sure the computer is connected to a LAN port of the ZyXEL device. Turn on your computer and the ZyXEL device.
Page 124 Prestige 324 User’s Guide Step 3. In the Internet Connection Properties Step 4. You may edit or delete the port window, click Settings to see the port mappings or click Add to mappings that were automatically created. manually add port mappings. UPnP...
Page 125 Prestige 324 User’s Guide When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Step 5. Select the Show icon in notification area when connected check box and click OK. An icon displays in the system tray Step 6.
Page 126 Prestige 324 User’s Guide Step 1. Click Start and then Control Panel. Step 2. Double-click Network Connections. Step 3. Select My Network Places under Other Places. Step 4. An icon with the description for each UPnP-enabled device displays under Local Network. Step 5.
Page 127 Prestige 324 User’s Guide Step 6. Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device. 9-10 UPnP...
Page 128: Chapter 10 Firewall
Prestige 324 User’s Guide Chapter 10 Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 10.1 Introduction What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another.
Page 129 Prestige 324 User’s Guide Prestige can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
Page 130: Firewall Settings Screen
Prestige 324 User’s Guide 10.2 Firewall Settings Screen From the MAIN MENU, click FIREWALL to open the Settings screen. Figure 10-1 Firewall: Settings The following table describes the labels in this screen. Firewall 10-3...
Page 131: Table 10-1 Firewall: Settings
Prestige 324 User’s Guide Table 10-1 Firewall: Settings LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Select this check box to have the Prestige firewall ignore the use of triangle route Route topology on the network.
Page 132: The Firewall, Nat And Remote Management
Prestige 324 User’s Guide 10.3 The Firewall, NAT and Remote Management Figure 10-2 Firewall Rule Directions 10.3.1 LAN-to-WAN rules LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all traffic from your local network to the Internet. How can you block certain LAN to WAN traffic? You may choose to block certain LAN-to-WAN traffic in the Services screen (click the Services tab).
Page 133: Configuring Content Filtering
Prestige 324 User’s Guide How can you forward certain WAN to LAN traffic? You may allow traffic originating from the WAN to be forwarded to the LAN by: Configuring NAT port forwarding rules in the web configurator SUA Server screen or SMT NAT menus.
Page 134: Figure 10-3 Firewall: Filter
Prestige 324 User’s Guide Figure 10-3 Firewall: Filter The following table describes the labels in this screen. Table 10-2 Firewall: Filter LABEL DESCRIPTION Restricted Web Features ActiveX ActiveX is a tool for building dynamic and active Web pages and distributed object applications.
Page 135: Services
Prestige 324 User’s Guide Table 10-2 Firewall: Filter LABEL DESCRIPTION Java Java is a programming language and development environment for building downloadable Web components or Internet and intranet business applications of all kinds. Cookies Web servers that track usage and provide service based on ID use cookies. Web Proxy This is a server that acts as an intermediary between a user and the Internet to provide security, administrative control, and caching service.
Page 136: Figure 10-4 Firewall: Service
Prestige 324 User’s Guide Figure 10-4 Firewall: Service The following table describes the labels in this screen. Table 10-3 Firewall: Service LABEL DESCRIPTION Enable Services Select this check box to enable this feature. Blocking Firewall 10-9...
Page 138 Prestige 324 User’s Guide Table 10-3 Firewall: Service LABEL DESCRIPTION Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field.
Page 139: Remote Management
Remote Management Part V: Remote Management This part provides information and configuration instructions for configuration of remote management.
Page 141: Chapter 11 Remote Management Screens
Prestige 324 User’s Guide Chapter 11 Remote Management Screens This chapter provides information on the Remote Management screens. 11.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 142: Configuring Www
Prestige 324 User’s Guide 11.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: 1. A filter in SMT menu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service.
Page 143: Figure 11-1 Remote Management: Www
Prestige 324 User’s Guide Figure 11-1 Remote Management: WWW The following table describes the labels in this screen. Table 11-1 Remote Management: WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 144: Configuring Telnet
Prestige 324 User’s Guide 11.3 Configuring Telnet You can configure your Prestige for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the Prestige. Figure 11-2 Telnet Configuration on a TCP/IP Network 11.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown.
Page 145: Configuring Ftp
Prestige 324 User’s Guide Figure 11-3 Remote Management: Telnet The following table describes the labels in this screen. Table 11-2 Remote Management: Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 146: Snmp
Prestige 324 User’s Guide Figure 11-4 Remote Management: FTP The following table describes the labels in this screen. Table 11-3 Remote Management: FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 147: Figure 11-5 Snmp Management Model
Prestige 324 User’s Guide The Prestige supports SNMP version one (SNMPv1). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. SNMP is only available if TCP/IP is configured. Figure 11-5 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager.
Page 148: Table 11-4 Snmp Traps
Prestige 324 User’s Guide etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: •...
Page 149: Figure 11-6 Remote Management: Snmp
Prestige 324 User’s Guide Table 11-4 SNMP Traps TRAP # TRAP NAME DESCRIPTION For fatal error : A trap is sent with the message of the fatal code if the system reboots because of fatal errors. 11.6.3 Configuring SNMP To change your Prestige’s SNMP settings, click REMOTE MGMT, then the SNMP tab. The screen appears as shown.
Page 150: Configuring Dns
Prestige 324 User’s Guide Table 11-5 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set community, which is the password for incoming Set requests from the management station.
Page 151: Configuring Security
Prestige 324 User’s Guide Figure 11-7 Remote Management: DNS The following table describes the labels in this screen. Table 11-6 Remote Management: DNS LABEL DESCRIPTION Server Port The DNS service port number is 53 and cannot be changed here. Server Access Select the interface(s) through which a computer may send DNS queries to the Prestige.
Page 152: Figure 11-8 Security
Prestige 324 User’s Guide If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response packet is automatically returned. This allows the outside user to know the Prestige exists. Your Prestige supports anti- probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your Prestige when unsupported ports are probed.
Page 153 Prestige 324 User’s Guide Table 11-7 Security LABEL DESCRIPTION Do not respond Select this option to prevent hackers from finding the Prestige by probing for unused to requests for ports. If you select this option, the Prestige will not respond to port request(s) for unauthorized unused ports, thus leaving the unused ports and the Prestige unseen.
Page 154: Logs And Maintenance
Logs and Maintenance Part VI: Logs and Maintenance This part covers the centralized logs and maintenance screens.
Page 155: Chapter 12 Centralized Logs
Prestige 324 User’s Guide Chapter 12 Centralized Logs This chapter contains information about configuring general log settings and viewing the Prestige’s logs. Refer to the appendices for example log message explanations. 12.1 View Log The web configurator allows you to look at all of the Prestige’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen.
Page 156: Log Settings
Prestige 324 User’s Guide Table 12-1 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings page (see section 12.2) display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Page 157: Figure 12-2 Log Settings
Prestige 324 User’s Guide Figure 12-2 Log Settings The following table describes the labels in this screen. Table 12-2 Log Settings LABEL DESCRIPTION Address Info Centralized Logs 12-3...
Page 158 Prestige 324 User’s Guide Table 12-2 Log Settings LABEL DESCRIPTION Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e- mail.
Page 159 Prestige 324 User’s Guide Table 12-2 Log Settings LABEL DESCRIPTION Day for Sending Use the drop down list box to select which day of the week to send the logs. Time for Sending Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send the logs.
Page 161: Chapter 13 Maintenance
Prestige 324 User’s Guide Chapter 13 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 13.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your Prestige.
Page 162: Table 13-1 System Status
Prestige 324 User’s Guide The following table describes the labels in this screen. Table 13-1 System Status LABEL DESCRIPTION System Name This is the System Name you chose in the first Internet Access Wizard screen. It is for identification purposes Model Name The model name identifies your device type.
Page 163: Figure 13-2 System Status: Show Statistics
Prestige 324 User’s Guide Figure 13-2 System Status: Show Statistics The following table describes the labels in this screen. Table 13-2 System Status: Show Statistics LABEL DESCRIPTION Port This is the WAN or LAN port. Status This displays the port speed and duplex setting if you're using Ethernet encapsulation and down (line is down), idle (line (ppp) idle), dial (starting to trigger a call) and drop (dropping a call) if you're using PPPoE encapsulation.
Page 164: Dhcp Table Screen
Prestige 324 User’s Guide Table 13-2 System Status: Show Statistics LABEL DESCRIPTION Stop Click Stop to stop refreshing statistics, click Stop. 13.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Page 165: F/W Upload Screen
Prestige 324 User’s Guide Table 13-3 DHCP Table LABEL DESCRIPTION MAC Address This field shows the MAC address of the computer with the name in the Host Name field. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 166: Figure 13-5 Firmware Upload
Prestige 324 User’s Guide Figure 13-5 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse... to find the .bin file you want to upload. Remember that you must decompress Browse...
Page 167: Configuration Screen
Prestige 324 User’s Guide Figure 13-8 Firmware Upload Error 13.5 Configuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE, and then the Configuration tab. Information related to factory defaults, backup configuration, and restoring configuration appears as shown next.
Page 168: Figure 13-9 Configuration
Prestige 324 User’s Guide Figure 13-9 Configuration 13.5.1 Backup Configuration Backup configuration allows you to back up (save) the Prestige’s current configuration to a file on your computer. Once your Prestige is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 169: Figure 13-10 Configuration Upload Successful
Prestige 324 User’s Guide Table 13-4 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Click Browse... to find the file you want to upload. Remember that you must decompress Browse...
Page 170: Restart Screen
Prestige 324 User’s Guide Figure 13-12 Restore Configuration Error 13.5.3 Back to Factory Defaults Pressing the Reset button in this section clears all user-entered configuration information and returns the Prestige to its factory defaults as shown on the screen. The following warning screen will appear. Figure 13-13 Reset Warning Message You can also press the RESET button on the rear panel to reset the factory defaults of your Prestige.
Page 171: Figure 13-14 Restart
Prestige 324 User’s Guide Figure 13-14 Restart Maintenance 13-11...
Page 172: Smt General Configuration
SMT General Configuration Part VII: SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN setup, LAN setup, Internet access, remote node, static route, NAT and enabling the firewall. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 173: Chapter 14 Introducing The Smt
Prestige 324 User’s Guide Chapter 14 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 14.1 SMT Introduction The Prestige’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
Page 174: Figure 14-1 Login Screen
Prestige 324 User’s Guide Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Enter Password : **** Figure 14-1 Login Screen 14.1.4 Prestige SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your Prestige.
Page 175: Navigating The Smt Interface
Prestige 324 User’s Guide Figure 14-2 SMT Menu Overview 14.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Introducing the SMT 14-3...
Page 176: Table 14-1 Main Menu Commands
Prestige 324 User’s Guide Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 14-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to [ENTER] To move forward to a submenu, type in the number of the desired another menu submenu and press [ENTER].
Page 177: Figure 14-3 Smt Main Menu
Prestige 324 User’s Guide Copyright (c) 1994 - 2003 ZyXEL Communications Corp. Prestige 324 Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall Setup 2. WAN Setup 22. SNMP Configuration 3. LAN Setup 23. System Password 4.
Page 178: Changing The System Password
Prestige 324 User’s Guide Table 14-2 Main Menu Summary MENU TITLE DESCRIPTION System Maintenance This menu provides system status, diagnostics, software upload, etc. Schedule Setup Use this menu to schedule outgoing calls. Exit Use this to exit from SMT and return to a blank screen. 14.3 Changing the System Password Change the Prestige default password by following the steps shown next.
Page 179: Chapter 15 Menu 1 General Setup
Prestige 324 User’s Guide Chapter 15 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 15.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 180: Figure 15-1 Menu 1 General Setup
Prestige 324 User’s Guide Menu 1 - General Setup System Name= Domain Name= zyxel.com.tw First System DNS Server= From ISP IP Address= N/A Second System DNS Server= From ISP IP Address= N/A Third System DNS Server= From ISP IP Address= N/A Edit Dynamic DNS= No Press ENTER to Confirm or ESC to Cancel: Figure 15-1 Menu 1 General Setup...
Page 181 Prestige 324 User’s Guide Table 15-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE First System DNS DNS (Domain Name System) is for mapping a domain name to its From ISP Server corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address Second System of a machine before you can access it.
Page 182: Figure 15-2 Menu 1.1 Configure Dynamic Dns
Prestige 324 User’s Guide Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No DDNSType= DynamicDNS Host1= Host2= Host3= USER= Password= ******** Enable Wildcard= No Offline= N/A Edit Update IP Address: Use Server Detected IP= No User Specified IP Address= No IP Address= N/A Press ENTER to Confirm or ESC to Cancel: Figure 15-2 Menu 1.1 Configure Dynamic DNS...
Page 183 Prestige 324 User’s Guide Table 15-2 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION EXAMPLE Offline This field is only available when CustomDNS is selected in the DDNS Type field. Press [SPACE BAR] and then [ENTER] to http://www.dyndns.org/ select Yes. When Yes is selected, traffic is redirected to a URL that you have previously specified (see www.dyndns.org...
Page 185: Chapter 16 Wan And Dial Backup Setup
Prestige 324 User’s Guide Chapter 16 WAN and Dial Backup Setup This chapter describes how to configure the WAN using menu 2 and dial-backup using menus 2.1 and 11.1. 16.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. From the main menu, enter 2 to open menu 2.
Page 186: Dial Backup
Prestige 324 User’s Guide Table 16-1 MAC Address Cloning in WAN Setup FIELD DESCRIPTION EXAMPLE IP Address This field is applicable only if you choose the IP address attached on 192.168.1.35 LAN method in the Assigned By field. Enter the IP address of the computer on the LAN whose MAC you are cloning.
Page 187: Advanced Wan Setup
Prestige 324 User’s Guide The following table describes the fields in this menu. Table 16-2 Menu 2: Dial Backup Setup FIELD DESCRIPTION EXAMPLE Dial-Backup: Active Use this field to turn the dial-backup feature on (Yes) or off (No). Phone Enter the telephone number assigned to your line by your telephone 1234567 Number company.
Page 188: Figure 16-3 Menu 2.1 Advanced Wan Setup
Prestige 324 User’s Guide Menu 2.1 - Advanced WAN Setup AT Command Strings: Call Control: Dial= Dial Timeout(sec)= 0 Drop= Retry Count= 0 Answer= Retry Interval(sec)= N/A Drop Timeout(sec)= 0 Drop DTR When Hang Up= No Call Back Delay(sec)= 0 AT Response Strings: CLID= Called Id=...
Page 189: Remote Node Profile (Backup Isp)
Prestige 324 User’s Guide Table 16-4 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT Call Control Dial Timeout Enter a number of seconds for the Prestige to keep trying to set 60 seconds (sec) up an outgoing call before timing out (stopping). The Prestige times out and stops if it cannot set up an outgoing call within the timeout value.
Page 190: Figure 16-4 Menu 11.1 Remote Node Profile (Backup Isp)
Prestige 324 User’s Guide Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= ? Edit IP= No Outgoing: Edit Script Options= No My Login= My Password= ******** Telco Option: Retype to Confirm= ******** Allocated Budget(min)= 0 Authen= CHAP/PAP...
Page 191 Prestige 324 User’s Guide Table 16-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Pri Phone # Enter the first (primary) phone number from the ISP for this remote node. If the Primary Phone number is busy or does not answer, your Sec Phone # Prestige dials the Secondary Phone number if available.
Page 192: Editing Ppp Options
Prestige 324 User’s Guide Table 16-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Idle Timeout Enter the number of seconds of idle time (when there is no traffic from 100 seconds the Prestige to the remote node) that can elapse before the Prestige (default) automatically disconnects the PPP connection.
Page 193: Editing Tcp/Ip Options
Prestige 324 User’s Guide 16.7 Editing TCP/IP Options Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 - Remote Node Network Layer Options. Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic em IP Addr= 0.0.0.0 Rem Subnet Mask= 0.0.0.0...
Page 194 Prestige 324 User’s Guide Table 16-6 Menu 11.3: Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Network Network Address Translation (NAT) allows the translation of an Internet None Address protocol address used within one network (for example a private IP (default) Translation address used in a local network) to a different IP address known within...
Page 195: Editing Login Script
Prestige 324 User’s Guide 16.8 Editing Login Script For some remote gateways, text login is required before PPP negotiation is started. The Prestige provides a script facility for this purpose. The script has six programmable sets; each set is composed of an ‘Expect’ string and a ‘Send’...
Page 196: Remote Node Filter
Prestige 324 User’s Guide Menu 11.4 - Remote Node Script Active= No Set 1: Set 5: Expect= Expect= Send= Send= Set 2: Set 6: Expect= Expect= Send= Send= Set 3: Expect= Send= Set 4: Expect= Send= Enter here to CONFIRM or ESC to CANCEL: Figure 16-8 Menu 11.4: Remote Node Script The following table describes the fields in this menu.
Page 197: Figure 16-9 Menu 11.5: Dial Backup Remote Node Filter
Prestige 324 User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 16-9 Menu 11.5: Dial Backup Remote Node Filter Menu 2 WAN Setup 16-13...
Page 199: Chapter 17 Menu 3 Lan Setup
Prestige 324 User’s Guide Chapter 17 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 17.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3.
Page 200: Protocol Dependent Ethernet Setup
Prestige 324 User’s Guide 17.2 Protocol Dependent Ethernet Setup Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as outlined below. For TCP/IP Ethernet setup refer to the Internet Access Application chapter. For bridging Ethernet setup refer to the Bridging Setup chapter. 17.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP.
Page 201 Prestige 324 User’s Guide Table 17-1 Menu 3.2: DHCP Ethernet Setup Fields FIELD DESCRIPTION EXAMPLE Client IP Pool: Starting Address This field specifies the first of the contiguous addresses in the IP address 192.168.1.33 pool. Size of Client IP This field specifies the size, or count of the IP address pool. Pool First DNS Server The Prestige passes a DNS (Domain Name System) server IP address...
Page 202: Table 17-2 Menu 3.2: Lan Tcp/Ip Setup Fields
Prestige 324 User’s Guide Table 17-2 Menu 3.2: LAN TCP/IP Setup Fields FIELD DESCRIPTION EXAMPLE TCP/IP Setup: IP Address Enter the IP address of your Prestige in dotted decimal notation 192.168.1.1 (default) IP Subnet Mask Your Prestige will automatically calculate the subnet mask based 255.255.255.0 on the IP address that you assign.
Page 203: Figure 5-2 Ip Alias
Prestige 324 User’s Guide Menu 3.2.1 - IP Alias Setup IP Alias 1= Yes IP Address= IP Subnet Mask= 0.0.0.0 RIP Direction= None Version= RIP-1 Incoming protocol filters= Outgoing protocol filters= IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A...
Page 204 Prestige 324 User’s Guide Table 17-3 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. 17-6 Menu 3 LAN Setup...
Page 205: Chapter 18 Internet Access
Prestige 324 User’s Guide Chapter 18 Internet Access This chapter shows you how to configure your Prestige for Internet access 18.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your Prestige to access the Internet.
Page 206: Table 18-1 Menu 4: Internet Access Setup (Ethernet)
Prestige 324 User’s Guide Table 18-1 Menu 4: Internet Access Setup (Ethernet) FIELD DESCRIPTION ISP’s Name Enter the name of your Internet Service Provider, e.g., myISP. This information is for identification purposes only. Encapsulation Press [SPACE BAR] and then press [ENTER] to choose Ethernet. The encapsulation method influences your choices for the IP Address field.
Page 207: Configuring The Pptp Client
Prestige 324 User’s Guide Table 18-1 Menu 4: Internet Access Setup (Ethernet) FIELD DESCRIPTION Network Address Network Address Translation (NAT) allows the translation of an Internet protocol Translation address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 208: Configuring The Pppoe Client
Prestige 324 User’s Guide Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= PPTP Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel:...
Page 209: Basic Setup Complete
Prestige 324 User’s Guide Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= PPPoE Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel:...
Page 210 Prestige 324 User’s Guide When the firewall is activated, the default policy allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet. You may deactivate the firewall in menu 21.2 or via the Prestige embedded web configurator. You may also define additional firewall rules or modify existing ones but please exercise extreme caution in doing so.
Page 211: Chapter 19 Remote Node Configuration
Prestige 324 User’s Guide Chapter 19 Remote Node Configuration This chapter covers remote node configuration. 19.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection.
Page 212: Figure 19-1 Menu 11.1 Remote Node Profile For Ethernet Encapsulation
Prestige 324 User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A My Password= N/A Edit Traffic Redirect= No Retype to Confirm= N/A Server= N/A...
Page 213 Prestige 324 User’s Guide Table 19-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION EXAMPLE My Password Enter the password assigned by your ISP when the Prestige calls this ***** remote node. Valid for PPPoE encapsulation only. Retype to Type your password again to make sure that you have entered it ***** Confirm...
Page 214: Figure 19-2 Menu 11.1 Remote Node Profile For Pppoe Encapsulation
Prestige 324 User’s Guide 19.2.2 PPPoE Encapsulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). You can only use PPPoE encapsulation when you’re using the Prestige with a DSL modem as the WAN device. If you change the Encapsulation to PPPoE, then you will see the next screen.
Page 215: Table 19-2 Fields In Menu 11.1 (Pppoe Encapsulation Specific)
Prestige 324 User’s Guide The second is that the Prestige will try to bring up the connection when turned on and whenever the connection is down. A nailed-up connection can be very expensive for obvious reasons. Do not specify a nailed-up connection unless your telephone company offers flat-rate service or you need a constant connection and the cost is of no concern.
Page 216: Figure 19-3 Menu 11.1 Remote Node Profile For Pptp Encapsulation
Prestige 324 User’s Guide 19.2.3 PPTP Encapsulation If you change the Encapsulation to PPTP in menu 11.1, then you will see the next screen. Please see the appendix for information on PPTP. Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= PPTP...
Page 217: Edit Ip
Prestige 324 User’s Guide 19.3 Edit IP Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.3 - Remote Node Network Layer Options. Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A...
Page 218 Prestige 324 User’s Guide Table 19-4 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE My WAN Addr This field is applicable to PPPoE and PPTP encapsulations only. Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number.
Page 219: Remote Node Filter
Prestige 324 User’s Guide Table 19-4 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used None to establish membership in a Multicast group. The Prestige supports both (default) IGMP version 1 (IGMP-v1) and version 2 (IGMP-v2). Press [SPACE BAR] to enable IP Multicasting or select None to disable it.
Page 220: Figure 19-6 Menu 11.5: Remote Node Filter (Pppoe Or Pptp Encapsulation)
Prestige 324 User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 19-6 Menu 11.5: Remote Node Filter (PPPoE or PPTP Encapsulation) 19.4.1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the backup gateway using Menu 11.6 —...
Page 221 Prestige 324 User’s Guide Table 19-5 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Configuration: Backup Enter the IP address of your backup gateway in dotted decimal notation. 0.0.0.0 Gateway IP The Prestige automatically forwards traffic to this IP address if the Address Prestige’s Internet connection terminates.
Page 223: Chapter 20 Static Route Setup
Prestige 324 User’s Guide Chapter 20 Static Route Setup This chapter shows how to setup IP static routes. 20.1 IP Static Route Setup Step 1. To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Menu 12 - IP Static Route Setup 1.
Page 224: Figure 20-2 Menu12.1 Edit Ip Static Route
Prestige 324 User’s Guide Menu 12.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ESC to Cancel: Figure 20-2 Menu12.1 Edit IP Static Route The following table describes the fields for Menu 12.1 –...
Page 225 Prestige 324 User’s Guide Table 20-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes, this route is kept private and is not included in RIP broadcasts.
Page 227: Chapter 21 Network Address Translation (Nat)
Prestige 324 User’s Guide Chapter 21 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 21.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the Prestige. 21.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 228: Figure 21-1 Menu 4 Applying Nat For Internet Access
Prestige 324 User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only...
Page 229: Nat Setup
Prestige 324 User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: Figure 21-2 Menu 11.3 Applying NAT to the Remote Node...
Page 230: Figure 21-3 Menu 15 Nat Setup
Prestige 324 User’s Guide configurator screens for further information on these menus. To configure NAT, enter 15 from the main menu to bring up the following screen. Menu 15 - NAT Setup 1. Address Mapping Sets 2. Port Forwarding Setup 3.
Page 231: Figure 21-5 Menu 15.1.255 Sua Address Mapping Rules
Prestige 324 User’s Guide Menu 15.1.255 - Address Mapping Rules Set Name= SUA Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 0.0.0.0 255.255.255.255 0.0.0.0 0.0.0.0 Server Press ENTER to Confirm or ESC to Cancel: Figure 21-5 Menu 15.1.255 SUA Address Mapping Rules The following table explains the fields in this menu.
Page 232: Figure 21-6 Menu 15.1.1 First Set
Prestige 324 User’s Guide Table 21-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen. User-Defined Address Mapping Sets Now let’s look at option 1 in menu 15.1.
Page 233: Table 21-3 Menu 15.1.1 First Set
Prestige 324 User’s Guide ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9.
Page 234: Figure 21-7 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set
Prestige 324 User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 0.0.0.0 = N/A Global IP: Start= 0.0.0.0 = N/A Press ENTER to Confirm or ESC to Cancel: Figure 21-7 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set The following table explains the fields in this menu.
Page 235: Configuring A Server Behind Nat
Prestige 324 User’s Guide 21.4 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to display Menu 15.2 - NAT Server Setup as shown next. Menu 15.2 - NAT Server Setup Rule Start Port No.
Page 236: General Nat Examples
Prestige 324 User’s Guide Figure 21-9 Multiple Servers Behind NAT Example 21.5 General NAT Examples The following are some examples of NAT configuration. 21.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 237: Figure 21-11 Menu 4 Internet Access & Nat Example
Prestige 324 User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Retype to Confirm= N/A Login Server= N/A Relogin Every (min)= IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only...
Page 238: Figure 21-13 Menu 15.2.1 Specifying An Inside Server
Prestige 324 User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 192.168.1.10 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 21-13 Menu 15.2.1 Specifying an Inside Server 21.5.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP.
Page 239 Prestige 324 User’s Guide Figure 21-14 NAT Example 3 Step 1. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 21-15.
Page 240 Prestige 324 User’s Guide Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= 1 Private= N/A RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: Figure 21-15 Example 3: Menu 11.3...
Page 241 Prestige 324 User’s Guide Menu 15.1.1 - Address Mapping Rules NAT_SET Set Name= Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- ------ 192.168.1.10 10.132.50.1 192.168.1.11 10.132.50.2 0.0.0.0 255.255.255.255 10.132.50.3 10.132.50.3 Server Action= None Select Rule= N/A Press ENTER to Confirm or ESC to Cancel:...
Page 242 Prestige 324 User’s Guide Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------- Default Default 0.0.0.0 192.168.1.21 192.168.1.20 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Example 3: Menu 15.2.1 21.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation.
Page 243: Figure 21-19 Example 4: Menu 15.1.1.1 Address Mapping Rule
Prestige 324 User’s Guide Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types. Follow the steps outlined in example 3 to configure these two menus as follows. Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP:...
Page 244: Configuring Trigger Port Forwarding
Prestige 324 User’s Guide 21.6 Configuring Trigger Port Forwarding Only one LAN computer can use a trigger port (range) at a time. Enter 3 in menu 15 to display Menu 15.3 — Trigger Port Setup, shown next. Menu 15.3 - Trigger Port Setup Incoming Trigger Rule...
Page 245 Prestige 324 User’s Guide Table 21-5 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE End Port Enter a port number or the ending port number in a range of port numbers. 7070 Press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.
Page 247: Chapter 22 Enabling The Firewall
Prestige 324 User’s Guide Chapter 22 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 22.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: •...
Page 248: Figure 22-1 Menu 21.2 Firewall Setup
Prestige 324 User’s Guide Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies.
Page 249: Smt Advanced Management
SMT Advanced Management Part VIII: SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management and call scheduling. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 250: Chapter 23 Filter Configuration
Prestige 324 User’s Guide Chapter 23 Filter Configuration This chapter shows you how to create and apply filters. 23.1 Introduction to Filters Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
Page 251: Figure 23-1 Outgoing Packet Filtering Process
Prestige 324 User’s Guide Call Filtering Active Data Built-in User-defined Data match match match Outgoing Initiate call default Call Filters Packet if line not up Call Filters (if applicable) Filtering Send packet and reset Idle Timer Match Match Match Drop Drop packet Drop packet packet...
Page 252: Figure 23-2 Filter Rule Process
Prestige 324 User’s Guide Start Packet into filter Fetch First Filter Set Filter Set Fetch Next Fetch First Filter Set Filter Rule Fetch Next Filter Rule Next filter Next Filter Set Rule Active? Available? Available? Execute Filter Rule Check Next Rule Forward Drop...
Page 253: Configuring A Filter Set
Prestige 324 User’s Guide You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 23.2 Configuring a Filter Set The Prestige includes filtering for NetBIOS over TCP/IP packets by default.
Page 254: Table 23-1 Abbreviations Used In The Filter Rules Summary Menu
Prestige 324 User’s Guide Step 3. Select the filter set you wish to configure (1-12) and press [ENTER] Step 4. Enter a descriptive name or comment in the Edit Comments field and press [ENTER]. Step 5. Press [ENTER] at the message [Press ENTER to confirm] to open Menu 21.1.1 - Filter Rules Summary.
Page 255: Table 23-2 Rule Abbreviations Used
Prestige 324 User’s Guide Table 23-2 Rule Abbreviations Used ABBREVIATION DESCRIPTION Protocol Source Address Source Port number Destination Address Destination Port number Offset Length Refer to the next section for information on configuring the filter rules. 23.2.1 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to open menu 21.1.1.1 for the rule.
Page 256: Figure 23-6 Menu 21.1.1.1 Tcp/Ip Filter Rule
Prestige 324 User’s Guide To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0...
Page 257 Prestige 324 User’s Guide Table 23-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS IP Mask Enter the IP mask to apply to the Destination: IP Addr. 0.0.0.0 Port # Enter the destination port of the packets that you wish to filter. 0-65535 The range of this field is 0 to 65535.
Page 258 Prestige 324 User’s Guide Table 23-3 TCP/IP Filter Rule FIELD DESCRIPTION OPTIONS Press [SPACE BAR] and then [ENTER] to select a logging None option from the following: Action None – No packets will be logged. Matched Action Matched - Only packets that match the rule parameters will be logged.
Page 259: Figure 23-7 Executing An Ip Filter
Prestige 324 User’s Guide Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src Not Matched IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest Not Matched IP Addr Matched Check Not Matched IP Protocol Matched Check Src &...
Page 260: Figure 23-8 Menu 21.1.4.1 Generic Filter Rule
Prestige 324 User’s Guide 23.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet.
Page 261 Prestige 324 User’s Guide Table 23-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION OPTIONS Filter Use [SPACE BAR] and then [ENTER] to select a rule type. Parameters Generic Filter Type displayed below each type will be different. TCP/IP filter rules are used to Rule filter IP packets while generic filter rules allow filtering of non-IP packets.
Page 262: Example Filter
Prestige 324 User’s Guide 23.3 Example Filter Let’s look at an example to block outside users from accessing the Prestige via telnet. Figure 23-9 Telnet Filter Example Step 1. Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup. Step 2.
Page 263: Figure 23-10 Example Filter: Menu 21.1.3.1
Prestige 324 User’s Guide Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure. Press [SPACE BAR] and then Menu 21.1.3.1 - TCP/IP Filter Rule [ENTER] to choose this filter rule Filter #: 3,1 type.
Page 264: Filter Types And Nat
Prestige 324 User’s Guide Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F Enter Filter Rule Number (1-6) to Configure: M = N means an action can be taken immediately.
Page 265: Firewall Versus Filters
Prestige 324 User’s Guide Generic and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by- connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the “native”...
Page 266: Figure 23-13 Filtering Lan Traffic
Prestige 324 User’s Guide If you do not activate the firewall, it is advisable to apply filters. 23.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate.
Page 267: Figure 23-14 Filtering Remote Node Traffic
Prestige 324 User’s Guide Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 23-14 Filtering Remote Node Traffic 23-18 Filter Configuration...
Page 268: Chapter 24 Snmp Configuration
Prestige 324 User’s Guide Chapter 24 SNMP Configuration This chapter explains SNMP Configuration menu 22. 24.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Page 269: Supported Mibs
Prestige 324 User’s Guide An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
Page 270: Figure 24-2 Menu 22 Snmp Configuration
Prestige 324 User’s Guide Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 24-2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters. Table 24-1 Menu 22 SNMP Configuration FIELD DESCRIPTION...
Page 271: Snmp Traps
Prestige 324 User’s Guide 24.4 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs: Table 24-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION coldStart (defined in RFC-1215) A trap is sent after booting (power on). warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
Page 272: Chapter 25 System Information And Diagnosis
Prestige 324 User’s Guide Chapter 25 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
Page 273: Figure 25-2 Menu 24.1 System Maintenance : Status
Prestige 324 User’s Guide Menu 24.1 - System Maintenance - Status 07:33:32 Wed. Dec. 24, 2003 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time 100M/Full 15982 938667 2520 2:07:57 100M/Full 22381 21235 2399 6:55:05 Port Ethernet Address IP Address IP Mask DHCP...
Page 274: System Information
Prestige 324 User’s Guide Table 25-1 System Maintenance: Status Menu Fields FIELD DESCRIPTION IP Mask The IP mask of the port listed on the left. DHCP The DHCP setting of the port listed on the left. System up Time The total time the Prestige has been on. Name This is the Prestige's system name + domain name assigned in menu 1.
Page 275: Figure 25-4 Menu 24.2.1 System Maintenance : Information
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.
Page 276: Log And Trace
Prestige 324 User’s Guide Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Figure 25-5 Menu 24.2.2 System Maintenance : Change Console Port Speed 25.3 Log and Trace There are two logging facilities in the Prestige.
Page 277 Prestige 324 User’s Guide Table 25-3 Menu 24.3.2 System Maintenance : Syslog and Accounting PARAMETER DESCRIPTION Syslog Server IP Enter the IP Address of the server that will log the CDR (Call Detail Record) and Address system messages i.e., the syslog server. Log Facility Press [SPACE BAR] and then [ENTER] to select a Local option.
Page 278 Prestige 324 User’s Guide 3. Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
Page 279 Prestige 324 User’s Guide 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”)
Page 280: Diagnostic
Prestige 324 User’s Guide IP Frame: ENET0-RECV Size: Time: 17:02:44.262 Frame Type: IP Header: IP Version Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset = 0x00 Time to Live = 0xFE (254)
Page 281: Figure 25-8 Menu 24.4 System Maintenance : Diagnostic
Prestige 324 User’s Guide Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Figure 25-8 Menu 24.4 System Maintenance : Diagnostic 25.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in Figure 25-9.
Page 282: Table 25-4 System Maintenance Menu Diagnostic
Prestige 324 User’s Guide Table 25-4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Enter 1 to ping any machine (with an IP address) on your LAN or WAN. Enter its IP address in the Host IP Address field below. WAN DHCP Release Enter 2 to release your WAN DHCP settings.
Page 284: Chapter 26 Firmware And Configuration File Maintenance
Prestige 324 User’s Guide Chapter 26 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 26.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc.
Page 285: Backup Configuration
Prestige 324 User’s Guide Table 26-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration Rom-0 This is the configuration filename on the *.rom File Prestige. Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the default password), the error log and the trace log.
Page 286 Prestige 324 User’s Guide 26.2.1 Backup Configuration Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2.
Page 287: Figure 26-2 Ftp Session Example
Prestige 324 User’s Guide 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp>...
Page 288 Prestige 324 User’s Guide 3. The IP address in the Secured Client IP field in menu 24.11 does not match the client IP. If it does not match, the Prestige will disconnect the Telnet session immediately. 4. You have an SMT console session running. 26.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN.
Page 289: Restore Configuration
Prestige 324 User’s Guide 26.2.8 GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 26-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped.
Page 290 Prestige 324 User’s Guide For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1.
Page 291: Uploading Firmware And Configuration Files
Prestige 324 User’s Guide 26.3.2 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Figure 26-4 Restore Using FTP Session Example Refer to section 26.2.5 to read about configurations that disallow TFTP and FTP over WAN.
Page 292: Figure 26-5 Telnet Into Menu 24.7.1 Upload System Firmware
Prestige 324 User’s Guide Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested.
Page 293: Figure 26-7 Ftp Session Example Of Firmware File Upload
Prestige 324 User’s Guide 26.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3. Press [ENTER] when prompted for a username.
Page 294 Prestige 324 User’s Guide To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Page 296: Chapter 27 System Maintenance
Prestige 324 User’s Guide Chapter 27 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 27.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions.
Page 297: Call Control Support
A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished. Copyright (c) 1994 - 2003 ZyXEL Communications Corp. ras> ?
Page 298: Figure 27-4 Budget Management
Prestige 324 User’s Guide 27.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Menu 24.9.1 - Budget Management Remote Node Connection Time/Total Budget Elapsed Time/Total Period 1.
Page 299: Time And Date Setting
Prestige 324 User’s Guide 27.2.2 Call History This is the second option in Menu 24.9 - System Maintenance - Call Control. It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu.
Page 300: Figure 27-6 Menu 24: System Maintenance
Prestige 324 User’s Guide you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige. The real time is then displayed in the Prestige error logs and firewall logs. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown next. Menu 24 - System Maintenance System Status System Information and Console Port Speed...
Page 301: Table 27-3 Time And Date Setting Fields
Prestige 324 User’s Guide Table 27-3 Time and Date Setting Fields FIELD DESCRIPTION Time Protocol Enter the time service protocol that your timeserver sends when you turn on the Prestige. Not all timeservers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 302 Prestige 324 User’s Guide When the Prestige starts up, if there is a timeserver configured in menu 24.10. iii. 24-hour intervals after starting. System Maintenance 27-7...
Page 304: Remote Management
Prestige 324 User’s Guide Chapter 28 Remote Management This chapter covers remote management (SMT menu 24.11). 28.1 Remote Management Remote management allows you to determine which services/protocols can access which Prestige interface (if any) from which computers. You may manage your Prestige from a remote location via: Internet (WAN only) ALL (LAN and WAN) LAN only...
Page 305: Table 28-1 Menu 24.11 - Remote Management Control
Prestige 324 User’s Guide The following table describes the fields in this screen. Table 28-1 Menu 24.11 – Remote Management Control FIELD DESCRIPTION EXAMPLE Telnet Server Each of these read-only labels denotes a service or protocol. FTP Server Web Server SNMP Service DNS Service Port...
Page 306: Chapter 29 Call Scheduling
Prestige 324 User’s Guide Chapter 29 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 29.1 Introduction to Call Scheduling The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long.
Page 307: Figure 29-2 Menu 26.1 Schedule Set Setup
Prestige 324 User’s Guide To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 —...
Page 308 Prestige 324 User’s Guide Table 29-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE Once: If you selected Once in the How Often field above, then enter the date 2000-01-01 the set should activate here in year-month-date format. Date Weekday: If you selected Weekly in the How Often field above, then select the day(s) when the set should activate (and recur) by going to that day(s) and pressing [SPACE BAR] to select Yes, then press [ENTER].
Page 309: Figure 29-3 Applying Schedule Set(S) To A Remote Node (Pppoe)
Prestige 324 User’s Guide Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= Schedules= 1,2,3,4 Apply your My Password= ******** Nailed-Up Connection= No...
Page 310: Appendices And Index
Part IX: Appendices and Index This section provides some Appendices and an Index.
Page 312: Appendix Apppoe
Prestige 324 User’s Guide Appendix A PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to an xDSL Access Concentrator where the PPP session terminates (see the next figure).
Page 313 Prestige 324 User’s Guide Diagram A-1 Single-PC per Modem Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP.
Page 314 Prestige 324 User’s Guide The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs. Diagram A-2 The Prestige as a PPPoE Client PPPoE...
Page 316: Appendix Bpptp
Prestige 324 User’s Guide Appendix B PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
Page 317 Prestige 324 User’s Guide In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature allows users on the network to access a different remote server using the Prestige's Internet connection.
Page 318 Prestige 324 User’s Guide The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established before call control messages can be exchanged. Please note that a tunnel control connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup between a PC and an ANT. Diagram B-3 Example Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC...
Page 320: Appendix C Netbios Filter Commands
Prestige 324 User’s Guide Appendix C NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls.
Page 321: Table C-1 Netbios Filter Default Settings
Prestige 324 User’s Guide Table C-1 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN This field displays whether NetBIOS packets are blocked or Forward and WAN forwarded from the LAN to the WAN or from the WAN to the LAN. IPSec Packets This field displays whether NetBIOS packets sent through a VPN Forward...
Page 322 Prestige 324 User’s Guide Command: sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls. NetBIOS Filter Commands...
Page 324: Appendix D Log Descriptions
Prestige 324 User’s Guide Appendix D Log Descriptions Configure centralized logs using the embedded web configurator; see the online help for details. This appendix describes some of the log messages. Chart 1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
Page 325 Prestige 324 User’s Guide Chart 2 System Maintenance Logs LOG MESSAGE DESCRIPTION TELNET Login Someone has logged on to the router via telnet. Successfully TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Someone has logged on to the router via ftp.
Page 326 Prestige 324 User’s Guide Chart 4 Content Filtering Logs CATEGORY LOG MESSAGE DESCRIPTION JAVBLK IP/Domain Name The Prestige blocked access to this IP address or domain name because of a forbidden service such as: ActiveX, a Java applet, a cookie, or a proxy. Chart 5 ICMP Type and Code Explanations TYPE CODE...
Page 327 Prestige 324 User’s Guide Chart 5 ICMP Type and Code Explanations TYPE CODE DESCRIPTION Echo message Time Exceeded Time to live exceeded in transit Fragment reassembly time exceeded Parameter Problem Pointer indicates the error Timestamp Timestamp request message Timestamp Reply Timestamp reply message Information Request Information request message...
Page 328: Appendix E Setting Up Your Computer's Ip Address
Prestige 324 User’s Guide Appendix E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Page 329 Prestige 324 User’s Guide 1. Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. 2. The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add.
Page 330 Prestige 324 User’s Guide Select Client for Microsoft Networks from the list of network clients and then click OK. Restart your computer so the changes you made take effect. In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties.
Page 331 Prestige 324 User’s Guide Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in).
Page 332 Prestige 324 User’s Guide Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your Prestige and restart your computer when prompted. Checking/Modifying Your Computer’s IP Address Click Start and then Run. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. Select your network adapter.
Page 333 Prestige 324 User’s Guide Windows 2000/NT/XP In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. In Windows XP, click Network Connections. Right-click Local Area Connection and In Windows 2000/NT, click Network and then click Properties. Dial-up Connections.
Page 334 Prestige 324 User’s Guide Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Brute Force Password Guessing Protection...
Page 335 Prestige 324 User’s Guide The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 336 Prestige 324 User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 337 Prestige 324 User’s Guide In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 338 Prestige 324 User’s Guide Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. Brute Force Password Guessing Protection E-11...
Page 339 Prestige 324 User’s Guide For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your Prestige in the Router address box.
Page 340 Prestige 324 User’s Guide Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. For statically assigned settings, do the following: -From the Configure box, select Manually.
Page 342 Prestige 324 User’s Guide Appendix F Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See other appendices for information on the command structure. Chart 6 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm...
Page 344: Appendix G Triangle Route
Prestige 324 User’s Guide Appendix G Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks.
Page 345 Prestige 324 User’s Guide Diagram G-2 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network.
Page 346 Prestige 324 User’s Guide Diagram G-3 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN.
Page 347 Prestige 324 User’s Guide Step 3. Use the following commands to allow/disallow triangle route. sys firewall ignore triangle all off This command allows triangle route. sys firewall ignore triangle all on This command disallows triangle route. Triangle Route...
Page 348: Appendix H Index
Prestige 324 User’s Guide Appendix H Index Conditions that prevent TFTP and FTP from working over WAN........26-4 Configuration ........5-1, 13-4 Active...........16-6, 16-8, 19-2 Connection ID/Name ........19-6 Address Assignment......3-8, 3-9, 6-1 Content Filtering..........1-2 Allocated Budget ......... 16-7, 19-5 Copyright............ii Applications ............
Page 349 Prestige 324 User’s Guide PPP over Ethernet........A-1 Gateway IP Address ........18-2 Enter ......See Syntax Conventions General Setup ........ 3-1, 4-1, 15-1 Ethernet .......... 3-2, 3-4, 10-2 Global ..............7-1 Ethernet Encapsulation..7-6, 18-1, 19-1, 19-2, 19-9 Hidden Menus..........14-4 Hop Count .............20-2 Factory Default ..........
Page 350 Prestige 324 User’s Guide Mapping Types..........7-4 ........, 17-5 IP Subnet Mask 16-9 Remote............16-9 Non NAT Friendly Application Programs21-16 IPSec standard ..........1-2 Ordering Rules .......... 21-6 IPSec VPN Capability........1-2 Server Sets........... 7-6 ISP’s Name ........... 18-2 What NAT does...........
Page 351 Prestige 324 User’s Guide PPTP Protocol Overview.......B-2 PPTP, What is it?...........B-1 Schedule Sets Prestige as a PPPoE Client......A-3 Duration .............29-2 Private........8-4, 16-10, 19-8, 20-3 Schedules ............19-5 Private IP Address........3-8, 6-2 Select......See Syntax Conventions Protocol Filters..........17-5 Server..4-6, 7-5, 18-2, 19-3, 21-3, 21-4, 21-5, 21- Incoming............
Page 352 Prestige 324 User’s Guide System Information ........25-3 Trigger Port Forwarding ......21-18 System Status..........25-1 Process............7-13 System Information........25-3 System Information & Diagnosis ....25-1 System Maintenance . 12-2, 25-1, 25-2, 25-3, 25- Universal Plug and Play (UPnP).... 9-1, 9-3 11, 26-2, 26-5, 26-11, 27-1, 27-2, 27-3, 27-4, UNIX Syslog ..........

This manual is also suitable for:

Prestige 324

ZyXEL Communications P-324 User Manual

Chapter 1 Getting to Know Your Prestige

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizard Setup

Chapter 4 System Screens

Chapter 5 LAN Screens

Chapter 6 WAN Screens

Chapter 7 Network Address Translation (NAT) Screens

Chapter 8 Static Route Screens

Chapter 9 Upnp

Chapter 10 Firewall

Chapter 11 Remote Management Screens

Chapter 12 Centralized Logs

Chapter 13 Maintenance

Chapter 14 Introducing the SMT

Chapter 15 Menu 1 General Setup

Chapter 16 WAN and Dial Backup Setup

Chapter 17 Menu 3 LAN Setup

Chapter 18 Internet Access

Chapter 19 Remote Node Configuration

Chapter 20 Static Route Setup

Chapter 21 Network Address Translation (NAT)

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications P-324

Summary of Contents for ZyXEL Communications P-324