Prestige 324 Intelligent Broadband Sharing Gateway User’s Guide Version 3.
Prestige 324 Intelligent Broadband Sharing Gateway Copyright Copyright © 2003 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation.
Prestige 324 Intelligent Broadband Sharing Gateway Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Prestige 324 Intelligent Broadband Sharing Gateway Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective operation and safety requirements. The Industry Canada label does not guarantee that the equipment will operate to a user's satisfaction.
Prestige 324 Intelligent Broadband Sharing Gateway Declaration of Conformity We, the Manufacturer/Importer, ZyXEL Communications Corp. No. 6, Innovation Rd. II, Science-Based Industrial Park, Hsinchu, Taiwan, 300 R.O.C declare that the product Prestige 324 is in conformity with: STANDARD STANDARD ITEM VERSION EN 55022 Radio disturbance characteristics – Limits and method of measurement.
Prestige 324 Intelligent Broadband Sharing Gateway ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Prestige 324 Intelligent Broadband Sharing Gateway Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Information in Menu 24.2.1 –System Information. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. METHOD E-MAIL SUPPORT/SALES TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL LOCATION WORLDWIDE Support@zyxel.com.
Prestige 324 Intelligent Broadband Sharing Gateway Table of Contents Copyright.................................................................................................................................................... ii Federal Communications Commission (FCC) Interference Statement...................................................... iii Information for Canadian Users ................................................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway 4.2 Wizard Setup: Screen 2............................................................................................................ 4-2 4.3 Wizard Setup: Screen 3............................................................................................................ 4-7 4.4 Basic Setup Complete ............................................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 10 IP Static Route Setup........................................................................................................... 10-1 10.1 IP Static Route Setup .........................................................................................................10-2 Chapter 11 Network Address Translation (NAT)................................................................................... 11-1 11.1 Introduction..........................
Prestige 324 Intelligent Broadband Sharing Gateway 14.3 Installing UPnP in Windows Example .............................................................................. 14-4 14.4 Using UPnP in Windows XP Example.............................................................................. 14-6 Chapter 15 SNMP Configuration...........................................................................................................15-1 15.1 About SNMP ......................................................
Prestige 324 Intelligent Broadband Sharing Gateway 19.3 Remote Management and the Firewall...............................................................................19-4 19.4 Remote Management and NAT .........................................................................................19-4 19.5 System Timeout .................................................................................................................19-5 Chapter 20 Call Scheduling ..........................................
Prestige 324 Intelligent Broadband Sharing Gateway List of Figures Figure 1-1 Internet Access Application....................................................................................................... 1-5 Figure 2-1 Prestige Rear Panel Connections ............................................................................................... 2-1 Figure 2-2 Front Panel ................................................................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway Figure 7-6 Menu 3.2 — TCP/IP and DHCP Ethernet Setup........................................................................7-7 Figure 7-7 Menu 3.2.1 — IP Alias Setup.....................................................................................................7-9 Figure 8-1 Internet Access Setup (Ethernet)................................................................................................8-2 Figure 8-2 Internet Access Setup (PPTP) .......
Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-14 NAT Example 1................................................................................................................. 11-21 Figure 11-15 Menu 4 — Internet Access & NAT Example.................................................................... 11-21 Figure 11-16 NAT Example 2................................................................................................................. 11-22 Figure 11-17 NAT Example 3.................
Prestige 324 Intelligent Broadband Sharing Gateway Figure 14-1 Configuring UPnP ..................................................................................................................14-3 Figure 15-1 Menu 22 — SNMP Configuration .........................................................................................15-2 Figure 16-1 Menu 24 — System Maintenance ..........................................................................................16-1 Figure 16-2 Menu 24.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 18-1 Command Mode in Menu 24................................................................................................. 18-1 Figure 18-2 Valid Commands ................................................................................................................... 18-2 Figure 18-3 Call Control ...........................................................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway List of Diagrams Diagram 1 Single-PC per Modem Hardware Configuration........................................................................... 2 Diagram 2 Prestige as a PPPoE Client............................................................................................................ 3 Diagram 3 Transport PPP frames over Ethernet .............................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway List of Tables Table 1-1 Internet Access Configuration Checklist .................................................................................... 1-5 Table 2-1Prestige Rear Panel Connections ................................................................................................. 2-2 Table 2-2 LED Descriptions .......................................................................................................................
Prestige 324 Intelligent Broadband Sharing Gateway Table 9-2 Fields in Menu 11.1 (PPTP Encapsulation).................................................................................9-4 Table 9-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only)........................................................9-6 Table 9-4 Remote Node Network Layer Options Menu Fields ...................................................................9-8 Table 9-5 Menu 11.1 — Remote Node Profile (Traffic Redirect Field)........
Prestige 324 Intelligent Broadband Sharing Gateway Table 18-1 Budget Management ............................................................................................................... 18-3 Table 18-2 Call History Fields .................................................................................................................. 18-4 Table 18-3 Time and Date Setting Fields.................................................................................................. 18-6 Table 19-1 Menu 24.
Prestige 324 Intelligent Broadband Sharing Gateway Preface Congratulations on your purchase of the Prestige 324 Broadband Sharing Gateway with four-port switch. Don’t forget to register your Prestige (fast, easy online registration at www.zyxel.com) for free future product updates and information. Your Prestige is easy to install and to configure. The embedded web configurator is a convenient platformindependent GUI (Graphical User Interface) that allows you to access the Prestige’s management settings.
Prestige 324 Intelligent Broadband Sharing Gateway Syntax Conventions • Mouse action sequences are denoted using a comma. For example, click Start, Settings, Control Panel, Network means first you click Start, move the mouse pointer over Settings, then move the mouse pointer over Control Panel and finally click Network • “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to select one from the predefined choices.
Getting Started Part I: Getting Started This section helps you connect, install and setup your Prestige to operate on your network and access the Internet.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 1 Getting to Know Your Prestige This chapter introduces the main applications of the Prestige as well as a list of key features. 1.1 Intelligent Broadband Sharing Gateway The Prestige is a dual Ethernet Broadband Sharing Gateway with an integrated 4-port switch and robust network management features for Internet access via external Cable/xDSL modem.
1.2.2 Firmware Features Full Network Management Your Prestige offers you a variety of options for network management. It supports password protected local and remote network management via the console port or a telnet connection using SMT (System Management Interface). Your Prestige includes an intuitive web configurator that makes setup and configuration easy. Included with the web configurator is embedded help designed to assist you during setup/configuration.
Prestige 324 Intelligent Broadband Sharing Gateway DHCP Support DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server capability, enabled by default, which means it can assign IP addresses, an IP default gateway and DNS servers to Windows 9x, Windows NT, Windows 2000 and other systems that support the DHCP client.
Time and Date Setting This feature (menu 24.10) allows you to get the current time and date from an external server when you power up your Prestige. The real time is then displayed in the Prestige Menu 24.1- System Status and error logs. If you do not choose a time service protocol that your timeserver will send when the Prestige powers up you can enter the time manually but each time the system is booted, the time and date will be reset to 1/1/2000 0:0:0.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 1-1 Internet Access Application 1.4 Internet Access Configuration Checklist The following table shows the minimum SMT menu configurations you’ll need to make (without changing the default Prestige values) in order to access the Internet.
Table 1-1 Internet Access Configuration Checklist SMT # 4 FIELD Encapsulation PPTP PPPoE IP Address Assignment ACTION Choose PPPoE if you have a dial-up connection to the Internet (or PPTP if you reside in France or Austria); otherwise choose Ethernet. Choose from RRManager, RR-Telstra or RR- Toshiba if your ISP is Time Warner's RoadRunner; otherwise choose Standard. You need to know your login name, password and connection ID/Name.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 2 Hardware Installation & Initial Setup This chapter shows you how to connect hardware and perform the initial setup. 2.1 Front Panel Prestige. Panel CON/AUX 2.2 Console/ Auxiliary Green On The port is in console mode (CON/AUX switch set to CON) and is connected to a management computer.
Table 2-1Prestige Rear Panel Connections CONNECTION Power 9V AC DESCRIPTION AND FUNCTION Connect the included power adaptor to the power supply and connect the other end of the power adaptor cable to this socket. Do this step last. Use only the included power adapter! See the Power Adapter Specification Appendix for regional specifications. Power 9V AC Connect the end of the included power adaptor (use only this adapter) to this power socket.
Prestige 324 Intelligent Broadband Sharing Gateway CON/AUX switch CON/AUX port Just connect this port if you want to configure the Prestige using the SMT via console port or set up a backup WAN connection. Set this switch to the “CON” side to use the CON/AUX port as a regular console port for local device configuration and management. Connect the 9-pin male end of the console cable to the console port of the Prestige and the other end to a serial port (COM1, COM2 or other COM port) of your computer.
2.4 Front Panel LEDs The LEDs on the front panel indicate the operational status of the Prestige. Figure 2-2 Front Panel The following table describes the LED functions. Table 2-2 LED Descriptions LED PWR CON/AUX 10M LAN1,2,3,4 FUNCTION COLOR STATUS Power Green On The Prestige is receiving power. Off The system is not ready or failed. Flashing The system is performing system tests. Green On The port is in console mode (CON/AUX switch set to CON) and is connected to a management computer.
Prestige 324 Intelligent Broadband Sharing Gateway Table 2-2 LED Descriptions LED WAN FUNCTION COLOR STATUS Orange On The Prestige is connected to a 100Mbps LAN port(s). Flashing The 100M LAN port(s) is sending/receiving packets. Off The WAN Link is not ready, or has failed. On The 10M WAN Link is ok. Flashing The 10M WAN link is sending/receiving packets. On The 100M WAN Link is ok. Flashing The 10oM WAN link is sending/receiving packets.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 3 Introducing the Web Configurator This chapter describes how to access the Prestige web configurator. 3.1 Accessing the Prestige Web Configurator Step 1. Make sure your Prestige hardware is properly connected (refer to instructions in the hardware installation chapter). Step 2. Prepare your computer/computer network to connect to the Internet (refer to the Quick Start Guide or the appendices in this guide). Step 3. Launch your web browser.
Change default password. Figure 3-3 Change Password Step 3. You should now see the web configurator MAIN MENU screen. Click WIZARD to begin a series of screens to help you configure your Prestige for the first time. Click a link under SETUP in the navigation panel to configure advanced Prestige features. Click MAINTENANCE in the navigation panel to see Prestige performance statistics, upload firmware and back up, restore or upload a configuration file.
Prestige 324 Intelligent Broadband Sharing Gateway WIZARD Navigation panel LOGOUT Figure 3-4 The MAIN MENU Screen of the Web Configurator icon Follow the instructions you see in the MAIN MENU screen or click the (located in the top right corner of most screens) to view embedded help. The icon does not appear in the MAIN MENU screen. If you forget your password, refer to section 5.3.1 to reset the default configuration file.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 4 Wizard Setup This chapter shows you how to use the Wizard to access the Internet for the first time. 4.1 Introduction to Wizard Screens The Wizard consists of screens to help you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP checklist in the Quick Start Guide to know what to enter in each field.
Click Next to configure the Prestige for internet access. Figure 4-1 Wizard 1 4.2 Wizard Setup: Screen 2 The Prestige offers three choices of encapsulation. They are Ethernet, PPTP or PPPoE. 4.2.1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet.
Prestige 324 Intelligent Broadband Sharing Gateway Table 4-1 Wizard 2: Ethernet Encapsulation Table 4-2 Ethernet Encapsulation FIELD DESCRIPTION ISP Parameters for Internet Access Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Otherwise, choose PPPoE or PPTP for a dial-up connection. Service Type Choose from Standard or a RoadRunner version. The User Name, Password and Login Server IP Address fields are not applicable (N/A) for the latter.
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet. For more information on PPTP, please refer to the appendices The Prestige supports one PPTP server connection at any given time.
Prestige 324 Intelligent Broadband Sharing Gateway Table 4-3 PPTP Encapsulation FIELD DESCRIPTION Encapsulation Select PPTP from the pull-down list box. User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above. Nailed Up Connection Select Nailed Up Connection if you do not want the connection to time out. Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from the PPTP server.
the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users. One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.
Prestige 324 Intelligent Broadband Sharing Gateway Table 4-4 PPPoE Encapsulation FIELD DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose an encapsulation method from the pull-down list box. PPPoE forms a dial-up connection. Service Name (Optional) Type the name of your service provider. User Name Type the user name given to you by your ISP. Password Type the password associated with the user name above.
Table 4-5 Private IP Address Ranges 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 You can obtain your IP address from the IANA, from an ISP or have it assigned by a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Prestige 324 Intelligent Broadband Sharing Gateway Once you have decided on the network number, pick an IP address that is easy to remember, for instance, 192.168.1.1, for your Prestige, but make sure that no other device on your network is using that IP. The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered.
Table 4-6 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254. Subnet mask 255.255.255.0 Gateway (or default route) 192.168.1.1(Prestige LAN IP) Figure 4-4 Wizard 3 Table 4-7 WAN Setup FIELD DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Prestige 324 Intelligent Broadband Sharing Gateway Table 4-7 WAN Setup FIELD DESCRIPTION IP Address Enter your WAN IP address in this field when you selected Use Fixed IP Address. IP Subnet Mask Enter the IP subnet mask in this field if applicable when you selected Use Fixed IP Address. This field is not visible when you chose PPPoE encapsulation in the previous wizard screen. Gateway IP Address Enter the gateway IP address in this field if applicable when you selected Use Fixed IP Address.
4.4 Basic Setup Complete Well done! You have successfully set up your Prestige to operate on your network and access the Internet. The rest of this User’s Guide shows you how to configure the SMT menus except where no SMT menus exist for certain features such as UPnP and the firewall. For web configurator screens that have SMT menu equivalents, read this guide for background information, but refer to the web screen online help for actual screen configuration.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 5 Introducing the SMT and General Setup This chapter shows you how to access the SMT menus via the console port, how to navigate the SMT and how to configure SMT menu 1. 5.1 Accessing the Prestige via the Console Port Make sure you have the physical connection properly set up as described in the hardware installation chapter.
Prestige 324 Intelligent Broadband Sharing Gateway Copyright (c) 1994 - 2002 ZyXEL Communications Corp. initialize ch =0, ethernet address: 00:a0:c5:01:23:45 initialize ch =1, ethernet address: 00:a0:c5:01:23:46 Press ENTER to continue... Figure 5-1 Initial Screen 5.1.2 Entering the Password The login screen appears after you press [ENTER], prompting you to enter the password, as shown next. For your first login, enter the default password 1234.
Prestige 324 Intelligent Broadband Sharing Gateway Table 5-1 Main Menu Commands OPERATION DESCRIPTION Move down to another menu To move forward to a submenu, type in the number of the desired submenu and press [ENTER]. Move up to a previous menu Press the [ESC] key to move back to the previous menu. Move to a “hidden” menu Fields beginning with “Edit” lead to hidden menus and have a default setting of No. Press [SPACE BAR] to change No to Yes, and then press [ENTER] to go to a “hidden” menu.
Prestige 324 Intelligent Broadband Sharing Gateway Copyright (c) 1994 - 2002 ZyXEL Communications Corp. Prestige 324 Main Menu Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 15. NAT Setup Advanced Management 21. Filter and Firewall Setup 22. SNMP Configuration 23. System Password 24. System Maintenance 26. Schedule Setup 99. Exit Enter Menu Selection Number: Figure 5-3 Prestige Main Menu 5.2.
Prestige 324 Intelligent Broadband Sharing Gateway Table 5-2 Main Menu Summary NO. Menu Title FUNCTION 24 System Maintenance From displaying system status to uploading firmware, this menu provides comprehensive system maintenance. 26 Schedule Setup Use this menu to schedule outgoing calls. 99 Exit Use this menu to exit (necessary for remote configuration). 5.3 Changing the System Password The first thing you should do is change the default system password by following the steps shown next.
Prestige 324 Intelligent Broadband Sharing Gateway 5.3.1 Resetting the Prestige If you forget your password or cannot access the SMT menu, you will need to reload the factory-default configuration file or use the RESET button the back of the Prestige. Uploading this configuration file replaces the current configuration file with the factory-default configuration file.
Prestige 324 Intelligent Broadband Sharing Gateway Procedure To Use The RESET Button Make sure the PWR led is on (not blinking) when you begin this procedure. Step 1. Press the RESET button for ten seconds, then release it. If the PWR LED begins to blink, the defaults have been restored and the Prestige restarts. Otherwise, go to step 2. Step 2. Turn the Prestige off. Step 3. While pressing the RESET button, turn the Prestige on. Step 4. Continue to hold the RESET button.
Prestige 324 Intelligent Broadband Sharing Gateway 5.4.1 Dynamic DNS Dynamic DNS (Domain Name System) allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe or other services). You can also access your FTP server or Web site on your own computer using a DNS-like address (for example, myhost.dhs.
Prestige 324 Intelligent Broadband Sharing Gateway Table 5-3 General Setup Menu Field FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes. It is P324_PLUS recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= Yes DDNSType= DynamicDNS Host1= Host2= Host3= EMAIL= USER= Password= ******** Enable Wildcard= No Offline= N/A Edit Update IP Address: Use Server Detected IP= Yes User Specified IP Addr=No IP Addr=N/A Press ENTER to confirm or ESC to cancel: Figure 5-7 Configure Dynamic DNS Follow the instructions in the next table to configure Dynamic DNS parameters.
Prestige 324 Intelligent Broadband Sharing Gateway Table 5-4 Configure Dynamic DNS Menu Fields FIELD DESCRIPTION EXAMPLE Enable Wildcard Your Prestige supports DYNDNS Wildcard. Press [SPACE BAR] and then [ENTER] to select Yes or No This field is N/A when you choose DDNS client as your service provider. No Offline This field is only available when CustomDNS is selected in the DDNS Type field. Press [SPACE BAR] and then [ENTER] to select Yes. When Yes is selected, http://www.dyndns.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 6 WAN Setup and Dial Backup This chapter describes how to configure the WAN using menu 2 and dial-backup using menus 2, 2.1 and 11.1. 6.1 Cloning The MAC Address The MAC address field allows users to configure the WAN port's MAC address by using either the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file).
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-1 MAC Address Cloning in WAN Setup Menu FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to choose one of two methods to assign a MAC Address. Choose Factory Default to select the factory assigned default MAC Address. Choose IP address attached on LAN to use the MAC Address of that workstation whose IP you give in the following field.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 2 - WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Dial-Backup: Active= No Phone Number= Port Speed= 115200 AT Command String: Init= at&fs0=0 Edit Advanced Setup= No Press ENTER to Confirm or ESC to Cancel: Figure 6-2 Configuring Dial Backup in Menu 2 The following table contains instructions on how to configure your WAN setup.
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-2 Configuring Dial Backup in Menu 2 FIELD DESCRIPTION EXAMPLE Edit Advanced Setup To edit the advanced setup for the Dial Backup port, move the cursor to this field; press the [SPACE BAR] to select Yes and then press [ENTER] to go to Menu 2.1: Advanced Setup. Yes When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel. 6.2.
Prestige 324 Intelligent Broadband Sharing Gateway To edit the advanced setup for the Dial Backup port, move the cursor to the Edit Advanced Setup field in Menu 2 - WAN Setup, press the [SPACE BAR] to select Yes and then press [ENTER]. Menu 2.
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-3 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT AT Response String: CLID (Calling Line Enter the keyword that precedes the CLID (Calling Line Identification) Identification) in the AT response string. This lets the Prestige capture the CLID in the AT response string that comes from the WAN device. CLID is required for CLID authentication. Called Id Enter the keyword preceding the dialed number.
Prestige 324 Intelligent Broadband Sharing Gateway 6.2.6 Configuring Remote Node Profile (Backup ISP) Enter 2 in Menu 11 Remote Node Setup to open Menu 11.1 Remote Node Profile (Backup ISP) (shown below) and configure the setup for your Dial Backup port connection. Not available on all models. Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Active= Yes Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Pri Phone #= ? Sec Phone #= Edit PPP Options= No Rem IP Addr= 0.0.0.
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD Authen DESCRIPTION EXAMPLE This field sets the authentication protocol used for outgoing calls. CHAP/PAP Options for this field are: CHAP/PAP - Your Prestige will accept either CHAP or PAP when requested by this remote node. CHAP - accept CHAP only. PAP - accept PAP only. Pri Phone # Sec Phone # Enter the first (primary) phone number from the ISP for this remote node.
Prestige 324 Intelligent Broadband Sharing Gateway Table 6-5 Menu 11.1 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Enter the maximum number of minutes that this remote node may be called within the time period configured in the Period field. The default for this field is 0 meaning there is no budget control and no time limit for accessing this remote node. 0 (default) Enter the time period (in hours) for how often the budget should be reset.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 11.2 - Remote Node PPP Options Encapsulation= Standard PPP Compression= No Press ENTER to CONFIRM or ESC to CANCEL: Press Space Bar to Toggle. Figure 6-5 Menu 11.2 - Remote Node PPP Options Table 6-6 Menu 11.2 - Remote Node PPP Options FIELD Encapsulation DESCRIPTION Select the vendor-specific encapsulation for the link. There are two options in this field. Standard PPP - Standard PPP encapsulation is used.
Prestige 324 Intelligent Broadband Sharing Gateway Password: To handle the first prompt, you specify “ogin: ” as the Expect string and “myLogin” as the Send string in set. The reason for leaving out the leading “L” is to avoid having to know exactly whether it is upper or lower case. Similarly, you specify “word: ” as the Expect string and your password as the Send string for the second prompt in set 2.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 11.4 – Remote Node Setup Script Active= No Set 1: Expect= Send= Set 2: Expect= Send= Set 3: Expect= Send= Set 4: Expect= Send= Set 5: Expect= Send= Set 6: Expect= Send= Press ENTER to CONFIRM or ESC to CANCEL: Press Space Bar to Toggle. Figure 6-6 Remote Node Setup Script FIELD DESCRIPTION Active Press the space bar to toggle between Yes and No. Set 1-6: Expect Enter an Expect string to match.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 7 LAN Setup This chapter describes how to configure the WAN using menu 3. 7.1 Introduction From the main menu, enter 3 to display menu 3 (shown next). Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup Enter Menu Selection Number: Figure 7-1 Menu 3 — LAN Setup 7.1.1 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 3.1 – LAN Port Filter Setup Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Press ENTER to Confirm or ESC to Cancel: Figure 7-2 Menu 3.1 — LAN Port Filter Setup Menu 3.2 is discussed in the next part of the manual. Please read on. 7.
Prestige 324 Intelligent Broadband Sharing Gateway IP Pool Setup The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server computers, e.g., server for mail, FTP, telnet, web, etc., that you may have. DNS Server Address The DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa, e.g., the IP address of www.zyxel.
Prestige 324 Intelligent Broadband Sharing Gateway enable the Network Address Translation (NAT) feature of the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let’s say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved).
Prestige 324 Intelligent Broadband Sharing Gateway assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 7.2.5 RIP Setup RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to Both or Out Only, the Prestige will broadcast its routing table periodically.
Prestige 324 Intelligent Broadband Sharing Gateway The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group. The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the Prestige queries all directly connected networks to gather group membership.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup Enter Menu Selection Number: Figure 7-5 Menu 3 — LAN Setup (10/100 Mbps Ethernet) To edit the TCP/IP and DHCP configuration, enter 2 to display Menu 3.2 - TCP/IP and DHCP Ethernet Setup as shown next. Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP= Server Configuration: Client IP Pool Starting Address= 192.168.1.33 Size of Client IP Pool= 32 Primary DNS Server= 0.0.0.
Prestige 324 Intelligent Broadband Sharing Gateway Table 7-3 LAN DHCP Setup Menu Fields FIELD DHCP DESCRIPTION EXAMPLE This field enables/disables the DHCP server. If it is set to Server, your Prestige will act as a DHCP server. If set to None, DHCP service will be disabled and you must have another DHCP sever on your LAN, or else the workstation must be manually configured. When DHCP is set to Server, the following four items need to be set.
Prestige 324 Intelligent Broadband Sharing Gateway FIELD Edit IP Alias DESCRIPTION EXAMPLE The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network. Press the [SPACE BAR] to select Yes, then press [ENTER] to display menu 3.2.1 Yes When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. 7.3.
Prestige 324 Intelligent Broadband Sharing Gateway Table 7-5 IP Alias Setup Menu Fields FIELD IP Address DESCRIPTION Enter the IP address of your Prestige in dotted decimal notation IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the Prestige. EXAMPLE 192.168.2.1 255.255.255.0 RIP Direction Press the [SPACE BAR] to select the RIP direction.
Prestige 324 Broadband Sharing Gateway with 4-Port Switch Chapter 8 Internet Access This chapter shows you how to configure your Prestige for Internet access. 8.1 Internet Access Setup You will see three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE encapsulation. In the Encapsulation field in menu 4, choose: Ethernet when the WAN port is used as a regular Ethernet. PPTP or PPPoE if you have a dial-up connection to the Internet. 8.1.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 4 - Internet Access Setup ISP's Name= myISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation = SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 8-1 Internet Access Setup (Ethernet) The following table describes this screen.
Prestige 324 Broadband Sharing Gateway with 4-Port Switch Table 8-1 Internet Access Setup Menu Fields FIELD IP Address Assignment IP Address IP Subnet Mask Gateway IP Address Network Address Translation DESCRIPTION If your ISP did not assign you a fixed IP address, select Dynamic, otherwise select Static and enter the IP address & subnet mask in the following fields. Enter the (fixed) IP address assigned to you by your ISP (Static IP Address Assignment is selected in the previous field).
Prestige 324 Intelligent Broadband Sharing Gateway Menu 4 - Internet Access Setup ISP's Name= myISP Encapsulation= PPTP Service Type= N/A My Login= My Password= ****** Idle Timeout= 300 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address=N/A Network Address Translation = SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 8-2 Internet Access Setup (PPTP) The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in m
Prestige 324 Broadband Sharing Gateway with 4-Port Switch procedures for Windows users. One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users. Operationally, PPPoE saves significant effort for both the end user and ISP/carrier, as it requires no specific configuration of the broadband modem at the customer site.
Prestige 324 Intelligent Broadband Sharing Gateway Table 8-3 New Fields in Menu 4 (PPPoE) screen FIELD DESCRIPTION EXAMPLE Encapsulation Press the [SPACE BAR] and then press [ENTER] to choose PPPoE. The encapsulation method influences your choices for IP Address. PPPoE Idle Timeout This value specifies the time in seconds that elapses before the Prestige automatically disconnects from the PPPoE server. 300 (default) 8.
Part II: Advanced Applications This section describes the advanced applications of your Prestige, such as NAT, Remote Node Setup and IP Static Route Setup.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 9 Remote Node Setup This chapter shows you how to configure menu 11 and all its sub-menus including traffic redirect. 9.1 Introduction A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node. We will show you how to configure Menu 11.
Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Active= Yes Route= IP Encapsulation= Ethernet Service Type= Standard Service Name= N/A Outgoing: My Login= N/A My Password= N/A Server IP= N/A Edit IP= No Session Options: Edit Filter Sets= No Edit Traffic Redirect= No Press ENTER to Confirm or ESC to Cancel. Figure 9-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation Table 9-1 Fields in Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Table 9-1 Fields in Menu 11.1 (Ethernet Encapsulation) FIELD DESCRIPTION EXAMPLE Service Name This is valid only when you have chosen PPPoE encapsulation. If you are using PPPoE encapsulation, then type the name of your PPPoE service here. poellc Outgoing My Login This field is applicable for PPPoE encapsulation only. Enter the login name assigned by your ISP when the Prestige calls this remote node.
Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Active= Yes Route= IP Encapsulation= PPTP Service Type= Standard Service Name=N/A Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Edit IP= No Telco Option: Allocated Budget(min)= 0 Period(hr)= 0 Schedules= Nailed-up Connections= No PPTP : IP Addr= Server IP Addr= Connection ID/Name= Session Options: Edit Filter Sets= No Idle Timeout(sec)= 300 Edit Traffic Redirect= No Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
Prestige 324 Intelligent Broadband Sharing Gateway Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The Prestige does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The second is that the Prestige will try to bring up the connection at power-on and whenever the connection is down.
Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Active= Yes Route= IP Encapsulation= PPPoE Service Type= Standard Service Name= Outgoing= My Login= My Password= ******** Authen= CHAP/PAP Edit IP= No Telco Option: Allocated Budget(min)= 0 Period(hr)= 0 Schedules= Nailed-up Connections= No Session Options: Edit Filter Sets= No Idle Timeout(sec)= 100 Edit Traffic Redirect= No Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 9-3 Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Table 9-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only) FIELD Schedules You can apply up to four schedule sets here. For more details please refer to the Call Scheduling chapter. Nailed-Up Connection This field specifies if you want to make the connection to this remote node a nailed-up connection. More details are given earlier in this section. Session Options Idle Timeout 9.3 DESCRIPTION This value specifies the idle time (i.e.
Table 9-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE IP Address Assignment If your ISP did not assign you an explicit IP address, select Dynamic; otherwise select Static and enter the IP address & subnet mask in the following fields. Dynamic Rem IP Address If you have a Static IP Assignment, enter the IP address assigned to you by your ISP. Rem IP Subnet Mask If you have a Static IP Assignment, enter the subnet mask assigned to you.
Prestige 324 Intelligent Broadband Sharing Gateway Table 9-4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE Press the [SPACE BAR] to select the RIP direction. Options are: Both, None, In Only, Out Only or None. Please see the RIP Setup section for more information on RIP. The default for RIP on the WAN side is None. It is recommended that you do not change this setting. None (default) Press the [SPACE BAR] to select the RIP version. Options are RIP1, RIP-2B or RIP-2M.
Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= 5 device filters= Output Filter Sets: protocol filters= 1 device filters= Call Filter Sets: protocol filters=1 device filters= Enter here to CONFIRM or ESC to CANCEL: Figure 9-5 Remote Node Filter (Ethernet Encapsulation) Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 9-7 Traffic Redirect WAN Setup The following network topology allows you to avoid triangle route security holes when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
2. Traffic-redirect route. 3. Dial-backup route. For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the Prestige tries the traffic-redirect route next. In the same manner, the Prestige uses the dial-backup route if the traffic-redirect route also fails.
Prestige 324 Intelligent Broadband Sharing Gateway 9.5.2 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the backup gateway using Menu 11.6 — Traffic Redirect Setup. Menu 11.6 - Traffic Redirect Setup Active= Yes Configuration: Backup Gateway IP Address= 0.0.0.0 Metric= 15 Check WAN IP Address= 0.0.0.0 Fail Tolerance= 2 Period (sec)= 5 Timeout (sec)= 3 Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 9-10 Menu 11.
Table 9-6 Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Metric Enter a number from 1 to 15 to set this route’s priority among the Prestige’s routes (see Route Priority and Metric on page 9-11) The smaller the number, the higher priority the route has. 15 (default) Check WAN IP Address Enter the IP address of a reliable nearby computer (for example, your ISP’s DNS server address) to test your Prestige’s WAN accessibility. 0.0.0.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 10 IP Static Route Setup This chapter shows you how to configure static routes with your Prestige. Static routes tell the Prestige routing information what it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN. Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond.
10.1 IP Static Route Setup You configure IP static routes in menu 12. 1, by selecting one of the IP static routes as shown below. Enter 12 from the main menu. Menu 12 - IP Static Route Setup 1. 2. 3. 4. 5. 6. 7. 8. ________ ________ ________ ________ ________ ________ ________ ________ Enter selection number: Figure 10-2 Menu 12 — IP Static Route Setup Now, enter the index number of one of the static routes you want to configure. Menu 12.
Prestige 324 Intelligent Broadband Sharing Gateway Table 10-1 IP Static Route Menu Fields FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12. Route Name Enter a descriptive name for this route. This is for identification purposes only. Active This field allows you to activate/deactivate this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 11 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 11.1 Introduction NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, e.g., the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.
NAT never changes the IP address (either local or global) of an outside host. 11.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back the inside local address before forwarding it to the original inside host.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-1 How NAT Works 11.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow at the end of this chapter.
Figure 11-2 NAT Application With IP Alias 11.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address. 2. Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Prestige 324 Intelligent Broadband Sharing Gateway 3. Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses. 4. Many One-to-One: In Many One-to-One mode, the Prestige maps the each local IP addresses to unique global IP addresses. 5. Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.
Table 11-2 NAT Mapping Types TYPE Many-One-to-One IP MAPPING ILA1ÅÆ IGA1 SMT ABBREVIATION M-1-1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 11.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyXEL implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See section 11.3.1 for a detailed description of the NAT set for SUA.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 4 - Internet Access Setup ISP's Name= myISP Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 11-3 Menu 4 — Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11.1. Step 1.
Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address: N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= 1 Private= No RIP Direction= None Version= N/A Multicast= None Enter here to CONFIRM or ESC to CANCEL: Press Space Bar to Toggle. Figure 11-4 Menu 11.3 — Applying NAT to the Remote Node The following table describes the options for Network Address Translation. Table 11-3 Applying NAT in Menus 4 & 11.
Prestige 324 Intelligent Broadband Sharing Gateway will use Set 1, which supports all mapping types as outlined in Table 11-2. When you select SUA Only, the SMT will use the pre-configured Set 255 (read only). The Server Set is a list of LAN side servers mapped to external ports. To use this set (one set for the Prestige 10), a server rule must be set up inside the NAT Address Mapping set. To configure NAT, enter 15 from the main menu to bring up the following screen. Menu 15 — NAT Setup 1. 2. 3.
Menu 15.1.255 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1 2. 0.0.0.0 Server 3. 4. 5. 6. 7. 8. 9. 10. Press ENTER to Confirm or ESC to Cancel: Figure 11-7 Menu 15.1.255 — SUA Address Mapping Rules The following table explains the fields in this screen. The fields in menu 15.1.255 are read-only.
Prestige 324 Intelligent Broadband Sharing Gateway Table 11-4 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Global Start IP This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP. Global End IP This is the ending global IP address (IGA). Type These are the mapping types discussed above (see Table 11-2). Server allows you to specify multiple servers of different types behind NAT to this machine. See later for some examples.
Menu 15.1.1 - Address Mapping Rules Set Name= ? Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1. 2 3. 4. 5. 6. 7. 8. 9. 10. Action= None Select Rule= N/A Press ENTER to Confirm or ESC to Cancel: Figure 11-8 Menu 15.1.1 — First Set The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here.
Prestige 324 Intelligent Broadband Sharing Gateway Table 11-5 Fields in Menu 15.1.1 FIELD DESCRIPTION Action The default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule. None disables the Select Rule item.
Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= End = N/A Global IP: Start= End = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 11-9 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set Table 11-6 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press the [SPACE BAR] to select one of five types. These are the mapping types discussed in Table 11-2.
Prestige 324 Intelligent Broadband Sharing Gateway Table 11-6 Menu 15.1.1.1 — Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Once you have finished configuring a rule in this menu, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] to cancel.
Table 11-7 Services & Port Numbers SERVICES PORT NUMBER ECHO 7 FTP (File Transfer Protocol) 21 Telnet 23 SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723 Configuring a Server behind NAT Follow these steps to configure a server
Prestige 324 Intelligent Broadband Sharing Gateway Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 0 0 0.0.0.0 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 11-10 Menu 15.
11.3.3 Trigger Port Setup The Prestige records the IP address of a LAN computer that requests a service that you have defined as a “trigger port”. The response from the Internet can then be forwarded directly to the LAN computer. Trigger ports are transient; they only exist while in use or are timed out. The following is a trigger port example Figure 11-12 Trigger Port Forwarding Process: Example 1. Jane requests a file from the Real Audio server (port 7070). 2.
Prestige 324 Intelligent Broadband Sharing Gateway Enter 3 in menu 15 to display Menu 15.3 — Trigger Port Setup, shown next. Menu 15.3 - Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port ---------------------------------------------------------------------1. Real Audio 6970 7170 7070 7070 2. 0 0 0 0 3. 0 0 0 0 4. 0 0 0 0 5. 0 0 0 0 6. 0 0 0 0 7. 0 0 0 0 8. 0 0 0 0 9. 0 0 0 0 10. 0 0 0 0 11. 0 0 0 0 12.
Table 11-8 Menu 15.3—Trigger Port Setup Description FIELD DESCRIPTION EXAMPLE Rule This is the rule index number. 1 Name Enter a unique name for identification purposes. You may enter up to 15 characters in this field. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-14 NAT Example 1 Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= Ethernet Service Type= Standard My Login= N/A My Password= N/A Login Server IP= N/A IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Press ENTER to Confirm or ESC to Cancel: Figure 11-15 Menu 4 — Internet Access & NAT Example From menu 4 shown above, simply choose the SUA Only option
11.4.2 Example 2: Internet Access with an Inside Server Figure 11-16 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown later. 11.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share the same router.
Prestige 324 Intelligent Broadband Sharing Gateway Rule 4. You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 11-17 NAT Example 3 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets.
Step 4. Select Type as One-to-One (direct mapping for packets going both ways), and enter the local Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Start IP as 10.132.50.1 (our first IGA). (See Figure 11-19). Step 5. Repeat the previous step for rules 2 to 4 as outlined above. Step 6. When finished, menu 15.1.1 should look like as shown in Figure 11-20. Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 11-19 Example 3: Menu 15.1.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1. 192.168.1.10 10.132.50.
Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 0.0.0.0 2. 80 80 192.168.1.21 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 Press ENTER to Confirm or ESC to Cancel: Figure 11-21 Example 3: Menu 15.2 11.4.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 11-22 NAT Example 4 Other applications, for example, gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications still won’t work through NAT even when using One-to-One and Many One-to-One mapping types. Follow the steps outlined in example 3 above to configure these two menus as follows. Menu 15.1.1.1 Address Mapping Rule Type= Many-One-to-One Local IP: Start= 192.168.1.10 End = 192.168.1.
Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -----1. 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M-1-1 2. 3. 4. 5. 6. 7. 8. 9. 10. Action= Edit Select Rule= Press ENTER to Confirm or ESC to Cancel: Figure 11-24 Example 4: Menu 15.1.
Part III: Advanced Management This section provides information on Firewall, Filter Configuration, SNMP Configuration, System Information and Diagnosis, Firmware and Configuration File Maintenance, System Maintenance and Call Scheduling.
Chapter 12 Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 12.1 Introduction What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks.
The Prestige can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN. The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.
12.2 SMT Firewall Menu Enter “21” from the main menu to display the following screen. Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: Figure 12-1 Menu 21 - Filter and Firewall Setup Enter “2” to display the firewall setup menu. You may only enable or disable the firewall in this screen. Use the web configurator to configure the firewall. In the Active field press [SPACE BAR] and select Yes (to enable) or No (to disable) the Prestige firewall.
Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User's Guide for details about the firewall default policies. You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so. Active: Yes You can use the Web Configurator to configure the firewall.
Figure 12-3 Firewall Settings Table 12-1 Firewall Settings FIELD DESCRIPTION Enable Firewall Select this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. LAN to WAN To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen.
Table 12-1 Firewall Settings FIELD Packets to Log DESCRIPTION Choose what LAN to WAN packets to log. Choose from: No Log Log Blocked (blocked LAN to WAN services appear in the Blocked Services textbox in the Services screen (with Enable Services Blocking selected)) Log All (log all LAN to WAN packets) WAN to LAN Packets to Log To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen.
Figure 12-4 Firewall Rule Directions 12.4.1 LAN-to-WAN rules LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all traffic from your local network to the Internet. How can you block certain LAN to WAN traffic? You may choose to block certain LAN-to-WAN traffic in the Services screen (click the Services tab). All services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that block those services originating from the LAN.
what WAN-to-LAN packets to log, you are in fact deciding what WAN-to-LAN and WAN-toWAN/Prestige packets to log. Allow NetBIOS traffic from the WAN to the LAN using the WAN IP web screen or SMT menu 24.8 commands. Forwarded WAN-to-LAN packets are not considered alerts. 12.5 Filter Click on the Filter tab. The screen appears as shown next.
Table 12-2 Firewall Filter FIELD DESCRIPTION Restricted Web Features ActiveX ActiveX is a tool for building dynamic and active Web pages and distributed object applications. When you visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you visit the site again. Java Java is a programming language and development environment for building downloadable Web components or Internet and intranet business applications of all kinds.
12.6 Services Click on the Service tab. The screen appears as shown next. Use this screen to enable service blocking, enter/delete/modify the services you want to block and the date/time you want to block them.
Table 12-3 Firewall Service FIELD DESCRIPTION Enable Services Blocking Select this check box to enable this feature. Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field. Blocked Service This is a list of services (ports) that will be inaccessible to computers on your LAN once you enable service blocking.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 13 Filter Configuration This chapter shows you how to create and apply filter(s). 13.1 About Filtering Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Call Filtering Outgoing Packet Data Filtering Match Drop packet No match No match Built-in default Call Filters User-defined Call Filters (if applicable) Match Drop packet if line not up No match Active Data Initiate call if line not up Send packet and reset Idle Timer Match Drop packet if line not up Or Or Send packet but do not reset Idle Timer Send packet but do not reset Idle Timer Figure 13-1 Outgoing Packet Filtering Process For incoming packets, your Prestige applies data filters o
Prestige 324 Intelligent Broadband Sharing Gateway Start Packet into Filter Fetch First Filter Set Filter Set Fetch Next Filter Set Yes Yes Next Filter Set Available? No Fetch First Filter Rule Fetch Next Filter Rule Next Filter Rule Available? Execute Filter Rule Check Next Rule No Drop Drop Packet Forward Accept Packet Figure 13-2 Filter Rule Process Filter Configuration 13-3
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 13.2 Configuring a Filter Set To configure a filter set, follow the procedure below. Select option 21 from the main menu to display menu 21. Enter “21” from the main menu. Menu 21 - Filter and Firewall Setup 1. Filter Setup 2.
Prestige 324 Intelligent Broadband Sharing Gateway Press [ENTER] at the message: [Press ENTER to confirm] to open Menu 21.1.1 — Filter Rules Summary. Menu 21.1.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -----------------------------------------------------------1 N 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number (1-6) to Configure: Figure 13-5 Menu 21.1.1 – Filter Rules Summary 13.2.1 Filter Rules Summary Menu This screen shows the summary of the existing rules in the filter set.
Table 13-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION m Action Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N“ means to check the next rule. n Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule.
Prestige 324 Intelligent Broadband Sharing Gateway separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filter field or vice versa, the Prestige will warn you and will not allow you to save. 13.2.3 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and TCP headers.
Table 13-3 TCP/IP Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE IP Protocol Protocol refers to the upper layer protocol, e.g., TCP is 6, UDP is 17 and ICMP is 1. This value must be between 0 and 255 0-255 IP Source Route If Yes, the rule applies to packet with IP source route option; else the packet must not have source route option. The majority of IP packets do not have source route. No IP Address Enter the destination IP Address of the packet you wish to filter.
Prestige 324 Intelligent Broadband Sharing Gateway Table 13-3 TCP/IP Filter Rule Menu Fields FIELD More DESCRIPTION If Yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields. EXAMPLE No If the More field is Yes, then Action Matched and Action Not Matched will be No. Log Select the logging option from the following: None None – No packets will be logged.
Packet into IP Filter Filter Active? No Yes Apply SrcAddrMask to Src Addr Check Src IP Addr Not Matched Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Not Matched Matched Check IP Protocol Not Matched Matched Check Src & Dest Port Not Matched Matched More? Yes No Action Matched Drop Drop Packet Action Not Matched Check Next Rule Check Next Rule Drop Forward Forward Check Next Rule Accept Packet Figure 13-7 Executing an IP Filter 13-10 Filter Configuration
Prestige 324 Intelligent Broadband Sharing Gateway 13.2.4 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Table 13-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Generic Filter Rule Filter Type Use the [SPACE BAR] to select a rule. Parameters displayed below each type will be different. Options are: Generic Filter Rule or TCP/IP Filter Rule. Active Select Yes to turn on the filter rule. Offset Enter the starting byte of the data portion in the packet that you wish to compare. The range for this field is from 0 to 255.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 13-9 Filter Example 13.3 Example Filter Let’s look at an example to block outside users from accessing the Prestige via telnet. See the included support CD for more example filters. 1. Enter 21 from the main menu to open Menu 21 - Filter Set Configuration. 2. Enter the index of the filter set you wish to configure (e.g., 7) and press [ENTER]. 3. Enter a descriptive name or comment in the Edit Comments field (e.g.
Menu 21.7.1 - TCP/IP Filter Rule Press [SPACE BAR] to choose this filter rule type. The first filter rule Filter #: 7,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 21 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule type determines all subsequent filter types within a set.
Prestige 324 Intelligent Broadband Sharing Gateway Menu 21.7 - Filter Rules Summary # 1 2 4 5 6 A Type Filter Rules M m n - ---- --------------------------------------------------------------- - - Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N N N N N Enter Filter Rule Number (1-6) to Configure: 2 This shows you that you have M = N means an action can be taken immediately.
Menu 21.7 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------------------------------------------------------------------1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 3 N 4 N 5 N 6 N Enter Filter Rule Number (1-6) to Configure: Figure 13-12 Example Filter Rules Summary After you’ve created the filter set, you must apply it. 6. Enter 11 from the main menu to display menu 11. 7.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 13-13 Protocol and Device Filter Sets 13.5 Applying a Filter and Factory Defaults This section shows you where to apply the filter(s) after you design it (them). 13.5.1 LAN traffic You seldom need to filter LAN traffic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown below) and enter the number(s) of the filter set(s) that you want to apply as appropriate.
13.5.2 Remote Node Filters Go to menu 11.5 (shown next – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas. Enter 1 in protocol filters under Output Filter Sets when using Ethernet encapsulation, and in the protocol filters field under Call Filter Sets when using PPPoE or PPTP encapsulation. Apply them as shown in the following figure. Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 14 UPnP This chapter introduces the UPnP feature. 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
14.1.3 Cautions with UPnP The automated nature of NAT Transversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 14.
Prestige 324 Intelligent Broadband Sharing Gateway Figure 14-1 Configuring UPnP Table 14-1 Configuring UPnP FIELD DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the Prestige's IP address (although you must still enter the password to access the web configurator).
Table 14-1 Configuring UPnP FIELD Allow UPnP to pass through firewall DESCRIPTION Select this check box to create a static LAN to LAN/Prestige rule that allows forwarding of ports 1900 and 80. Selecting this check box also creates a dynamic firewall rule every time a NAT forwarding port is reserved for UPnP. This setting remains active until you disable UPnP or clear this check box.
Prestige 324 Intelligent Broadband Sharing Gateway In the Communications window, select the Universal Plug and Play check box in the Components selection box. Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 11. Click start and Control Panel. 12. Double-click Network Connections. 13.
Select Networking Service in the Components selection box and click Details. In the Networking Services window, select the Universal Plug and Play check box. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 14.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device.
Prestige 324 Intelligent Broadband Sharing Gateway Auto-discover Your UPnP-enabled Network Device 14. Click start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 15. Right-click the icon and select Properties.
In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. You may edit or delete the port mappings or click Add to manually add port mappings. When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Select Show icon in notification area when connected option and click OK.
Prestige 324 Intelligent Broadband Sharing Gateway Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device. Follow the steps below to access the web configurator. 16. Click start and then Control Panel. 17. Double-click Network Connections. 18.
An icon with the description for each UPnPenabled device displays under Local Network. Right-click on the icon for your ZyXEL device and select Invoke. The web configurator login screen displays. Right-click on the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 15 SNMP Configuration This chapter explains SNMP configuration menu 22. SNMP is only available if TCP/IP is configured. 15.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network.
Table 15-1 SNMP Commands COMMAND DESCRIPTION Get Allows the manager to retrieve an object variable from the agent. GetNext Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. Set Allows the manager to set values for object variables within an agent.
Prestige 324 Intelligent Broadband Sharing Gateway Table 15-2 SNMP Configuration Menu Fields FIELD DESCRIPTION EXAMPLE Get Community Type the Get Community, which is the password for the incoming Get- and GetNext requests from the management station. Public Set Community Type the Set community, which is the password for incoming Set requests from the management station. Public Trusted Host If you enter a trusted host, your Prestige will only respond to SNMP messages from this address.
Table 15-3 SNMP Traps TRAP # TRAP NAME DESCRIPTION 6a For intentional reboot: A trap is sent with the message "System reboot by user!" if reboot is done intentionally, (e.g. download new files, CI command "sys reboot", etc.). 6b For fatal error: A trap is sent with the message of the fatal code if the system reboots because of fatal errors.
A Chapter 16 System Information & Diagnosis This chapter covers SMT menus 24.1 to 24 .4. This chapter covers the diagnostic tools that help you to maintain your Prestige. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below. Menu 24 - System Maintenance 1. System Status 2. System Information and Console Port Speed 3. Log and Trace 4. Diagnostic 5.
P 16.1.1 To get to the System Status: • Enter 24 to display Menu 24 - System Maintenance. • In this menu, enter number 1 to open System Maintenance - Status. • There are three commands in Menu 24.1 - System Maintenance - Status. Entering 1 drops the WAN (PPTP/PPPoE) connection, 9 resets the counters and [ESC] takes you back to the previous screen. The table below describes the fields present in Menu 24.1 - System Maintenance - Status.
A Table 16-1 System Maintenance — Status Menu Fields FIELD DESCRIPTION RxPkts The number of received packets on this port. Cols The number of collisions on this port. Tx B/s Shows the transmission speed in Bytes per second on this port. Rx B/s Shows the reception speed in Bytes per second on this port. Up Time Total amount of time the line has been up. LAN Ethernet Address The LAN port Ethernet address. IP Address The LAN port IP address. IP Mask The LAN port IP mask.
P Enter 24 to go to Menu 24 - System Maintenance. Enter 2 to open Menu 24.2 - System Information and Console Port Speed. From this menu you have two choices as shown in the next figure: Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection: Figure 16-3 Menu 24.2 — System Information and Console Port Speed 16.2.1 System Information Menu 24.2.1 - System Maintenance - Information gives you information about your system as shown below.
A Table 16-2 Fields in System Maintenance FIELD Name DESCRIPTION This is the Prestige's system name + domain name assigned in menu 1. E.G., System Name= Prestige; Domain Name= zyxel.com Name= P324.zyxel.com Routing Refers to the routing protocol used. ZyNOS F/W Version Refers to the version of ZyXEL's Network Operating System software. Ethernet Address Refers to the Ethernet MAC (Media Access Control) address of your Prestige.
P 16.3 Log and Trace There are three logging facilities in the Prestige. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging. UNIX syslog is an external UNIX server used for storing log messages. 16.3.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error/trace log. Follow the procedure below to view the local error/trace log: Step 1.
A 59 Thu Jan 60 Thu Jan 61 Thu Jan 62 Thu Jan 63 Thu Jan Clear Error 1 00:00:03 1 00:05:11 1 00:17:59 1 00:24:40 1 00:35:32 Log (y/n): 1970 1970 1970 1970 1970 PINI PINI PINI PINI PINI INFO INFO INFO INFO INFO SMT SMT SMT SMT SMT Session Session Session Session Session Begin End Begin End Begin Figure 16-7 Examples of Error and Information Messages 16.3.2 UNIX Syslog The Prestige uses the UNIX syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server.
P Table 16-3 System Maintenance Menu Syslog Parameters PARAMETER DESCRIPTION Syslog IP Address Enter the IP Address of the server that will log the CDR (Call Detail Record) and system messages i.e., the syslog server. Log Facility Press the [SPACE BAR] to toggle between the 7 different Local options. The log facility allows you to log the message to different files in the server. Please refer to your UNIX manual for more detail. When finished viewing, press [ESC] or [ENTER] to exit. 16.3.
A IP Frame: ENET0-RECV Size: 44/ 44 Frame Type: Time: 17:02:44.262 IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset = 0x00 Time to Live = 0xFE (254) Protocol = 0x06 (TCP) Header Checksum = 0xFB20 (64288) Source IP = 0xC0A80101 (192.168.1.1) Destination IP = 0x00000000 (0.0.0.
P Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Host IP Address= N/A Figure 16-10 Menu 24.4 — System Maintenance — Diagnostic Follow the procedure below to get to Menu 24.4 - System Maintenance – Diagnostic. Step 4. From the main menu, select option 24 to open Menu 24 - System Maintenance. Step 5. From this menu, select option 4 (Diagnostic). This will open Menu 24.
A Figure 16-11 WAN & LAN DHCP The following table describes the diagnostic tests available in menu 24.4 for your Prestige and the connections. Table 16-4 System Maintenance Menu Diagnostic NUMBER FIELD DESCRIPTION 1 Ping Host Enter 1 to ping any machine (with an IP address) on your LAN or WAN. Enter its IP address in the Host IP Address field mentioned in the last row of this table. 2 WAN DHCP Release Enter 2 to release your WAN DHCP settings.
Chapter 17 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 17.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a rom filename extension.
The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, that is, on your computer, local network or ftp site and so the name (but not the extension) will vary. After uploading new firmware see the ZyNOS F/W Version field in Menu 24.2.1 - System Maintenance - Information to confirm that you have uploaded the correct firmware version.
Please note that terms “download” and “upload” are relative to the computer. Download means to transfer from the Prestige to the computer, while upload means from your computer to the Prestige. Follow the instructions as shown in the next screen. Menu 24.5 - System Maintenance - Backup Configuration To transfer the configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router.
Example of FTP Commands from the DOS Prompt 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit Figure 17-2 FTP Session Example FTP GUI Clients The following table describes some of the commands that you may see in FTP GUI clients.
There is a SMT console session running. 17.2.2 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log in.
where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige IP address, “get” transfers the file source on the Prestige (rom-0 name of the configuration file on the Prestige) to the file destination on the computer and renames it config.rom. TFTP GUI Clients The following table describes some of the fields that you may see in some TFTP GUI clients.
Ready to backup Configuration via Xmodem. Do you want to continue (y/n): Figure 17-3 System Maintenance — Backup Configuration Step 1. The following screen indicates that the Xmodem download has started. You can enter ctrl-x to terminate operation any time. Starting XMODEM download... Figure 17-4 System Maintenance — Starting Xmodem Download Screen Step 2. Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen.
** Backup Configuration completed. OK. ### Hit any key to continue.### Figure 17-6 Successful Backup Confirmation Screen 17.3 Restore Configuration This section shows you how to restore a previously saved configuration. Note that this function erases the current configuration before restoring a previous back up configuration; please do not attempt to restore unless you have a backup configuration file stored on disk.
Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested. 3. Type "put backupfilename rom-0" where backupfilename is the name of your backup configuration file on your workstation and rom-spt is the remote file name on the router.
Restore Using FTP or TFTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Figure 17-8 Restore Using FTP or TFTP Session Example Refer to the TFTP and FTP over WAN Will Not Work When section to read about configurations that disallow TFTP and FTP to work over WAN. 17.3.
Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 17-11 Restore Configuration Example Step 6. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu. Save to ROM Hit any key to start system reboot. Figure 17-12 Successful Restoration Confirmation Screen 17.
WARNING! DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 17.4.1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the Prestige, you will see the following screens for uploading firmware and the configuration file using FTP. Menu 24.7.1 - System Maintenance - Upload System Firmware To upload the system firmware, follow the procedure below: 1.
Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Type "put configurationfilename rom-0" where "configurationfilename" is the name of your system configuration file on your workstation, which will be transferred to the "rom-0" file on the system. 4.
FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit Figure 17-15 FTP Session Example of Firmware File Upload More commands (found in third party FTP clients), are listed earlier in this chapter.
Step 34. Use the TFTP client (see the example below) to transfer files between the Prestige and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the Prestige in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
Menu 24.7.1 - System Maintenance - Upload Router Firmware To upload router firmware: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atur" after "Enter Debug Mode" message. 3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal. 4. After successful firmware upload, enter "atgo" to restart the router. Warning: Proceeding with the upload will erase the current router firmware. Do You Wish To Proceed:(Y/N) Figure 17-16 Menu 24.7.
Uploading a Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 System Maintenance - Upload Router Configuration File. Follow the instructions as shown in the next screen. Menu 24.7.2 - System Maintenance - Upload Router Configuration File To upload router configuration file: 1. Enter "y" at the prompt below to go into debug mode. 2. Enter "atlc" after "Enter Debug Mode" message. 3.
Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem protocol. Then click Send. Figure 17-19 Example Xmodem Upload Step 2. 17-18 After the configuration upload process has completed, restart the Prestige by entering “atgo”.
Chapter 18 System Maintenance & Information This chapter leads you through SMT menus 24.8 to 24.11. 18.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. The CI can be entered from the SMT by selecting menu 24.8.
Copyright (c) 1994 - 2002 ZyXEL Communications Corp. ras> ? Valid commands are: sys exit ether ip ras> Figure 18-2 Valid Commands 18.2 Call Control Support The Prestige provides two call control functions: budget management and call history. Please note that this menu is only applicable when Encapsulation is set to PPPoE or PPTP in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times.
18.2.1 Budget Management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Menu 24.9.1 - Budget Management Remote Node 1. ChangeMe Connection Time/Total Budget No Budget Elapsed Time/Total Period No Budget Reset Node (0 to update screen): Figure 18-4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
18.2.2 Call History This is the second option in Menu 24.9 - System Maintenance - Call Control. It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control to bring up the following menu. Menu 24.9.2 - Call History Phone Number 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
18.3 Time and Date Setting Time and Date Setting is a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24.10 allows you to update the time and date settings of your Prestige. The real time is then displayed in the Prestige error logs and firewall logs.
Menu 24.10 - System Maintenance - Time and Date Setting Use Time Server when Bootup= NTP (RFC-1305) Time Server Address= time-b.nist.gov Current Time: New Time (hh:mm:ss): 00 : 17 : 12 00 : 17 : 10 Current Date: New Date (yyyy-mm-dd): 2000 - 01 - 01 2000 - 01 - 01 Time Zone= GMT Daylight Saving= No Start Date (mm-dd): End Date (mm-dd): 01 - 01 01 - 01 Press ENTER to Confirm or ESC to Cancel: Figure 18-7 Menu 24.
Table 18-3 Time and Date Setting Fields FIELD DESCRIPTION Time Zone Press [SPACE BAR] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings. If you use daylight savings time, then choose Yes.
Chapter 19 Remote Management This chapter covers remote management (SMT menu 24.11). 19.1 Introduction You may restrict a service that can be used to remotely manage the Prestige using SMT menu 11 and submenus. 19.1.1 Telnet First configure your Prestige for remote management through an SMT session using the console port. Once your Prestige is configured, you can configure it remotely using Telnet as shown next. Figure 19-1 Telnet Configuration on a TCP/IP Network 19.1.
19.1.3 Web You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 19.1.4 SNMP (Simple Network Management Protocol) Simple Network Management Protocol is a member of TCP/IP protocol suite that is used for exchanging management information between network devices. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. 19.1.
If you enable remote management of a service, but have applied a filter to block the service, then you will not be able to remotely manage the service. To disable remote management of a service, select Disable in the corresponding Server Access field. Enter 11 from menu 24 to bring up Menu 24.11 – Remote Management Control. If you just wish to block certain users from using these services, then use Menu 24.11 - Remote Management Control TELNET Server: Port = 23 Access = WAN only Secured Client IP = 0.0.0.
Table 19-1 Menu 24.11 – Remote Management Control FIELD DESCRIPTION EXAMPLE Server Access Select the access interface (if any) by pressing [SPACE BAR], then [ENTER] to choose from: LAN only, WAN only, ALL or Disable. LAN only Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige. Enter an IP address to restrict access to a client with a matching IP address. 0.0.0.
Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 19.5 System Timeout A management session (either via the web configurator or SMT) can be left idle for 5 minutes (default) before the session times out. After it times out you have to log in with your password again. You may adjust the timeout by configuring Administrator Inactivity Timer in the web configurator or sys stdio in the command line interface (SMT 24.8).
Chapter 20 Call Scheduling This chapter shows you how to setup call time periods for remote nodes. 20.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a video-cassette recorder (you can record programs at times that you specify). You can apply up to four schedule sets in Menu 11.1 Remote Node Profile. 20.
Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts. For example, if sets 1, 2, 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2, 3 and 4 as the Prestige, by default, applies the lowest numbered set first. Set 2 will take precedence over set 3 and 4, and so on. You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node.
Table 20-1 Schedule Set Setup Fields FIELD DESCRIPTION EXAMPLE Active Choose Yes to activate and No to deactivate the schedule set. Yes (default) Start Date Enter the start date that you wish the set to take effect in year month-day format. Valid dates are from the present to February 5, 2036. 2000 – 07 – 01 How Often Should this schedule set recur weekly or be used just once? Choose Once or Weekly. Both these options are mutually exclusive. If Once is selected, then all weekday settings are N/A.
20.4 Applying Schedule Sets to Remote Nodes Once your schedule sets are configured, you must apply them to the desired remote node(s). Enter 11 from the main menu and, using the [SPACE BAR], select PPPoE or PPTP in the Encapsulation field. Enter your target remote node index number(s) in the Schedules field, as shown next. Menu 11.
Menu 11.
Prestige 324 Intelligent Broadband Sharing Gateway Chapter 21 Troubleshooting This chapter covers the potential problems and possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem. See the included CD for further information. 21.
Prestige 324 Intelligent Broadband Sharing Gateway PROBLEM CORRECTIVE ACTION Cannot ping any computer on the LAN. Check the 10M/100M LEDs on the front panel. One of these LEDs should be on. If they are both off, check the cables between your Prestige and hub or the station. Verify that the IP addresses and subnet masks of the Prestige and the computers on the LAN are on the same subnet. 21.
Prestige 324 Intelligent Broadband Sharing Gateway Part IV: Appendices and Index This section provides some Appendices and an Index.
Appendix A PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP. Benefits of PPPoE PPPoE offers the following benefits: 1.
Prestige 324 Intelligent Broadband Sharing Gateway Diagram 1 Single-PC per Modem Hardware Configuration How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP. The L2TP tunnel is capable of carrying multiple PPP sessions.
The Prestige as a PPPoE Client When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
Prestige 324 Intelligent Broadband Sharing Gateway Appendix B PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
When the Prestige is deployed in such a setup, it appears as a PC to the ANT (ADSL Network Termination). In Windows VPN or PPTP Pass-Through feature, the PPTP tunneling is created from Windows 95, 98 and NT clients to an NT server in a remote location. The pass-through feature allows users on the network to access a different remote server using the Prestige's Internet connection. In NAT mode, the Prestige is able to pass the PPTP packets to the internal PPTP server (i.e. NT server) behind the NAT.
Prestige 324 Intelligent Broadband Sharing Gateway Each PPTP session has distinct control connection and PPP data connection. Call Connection The control connection runs over TCP. Similar to L2TP, a tunnel control connection is first established before call control messages can be exchanged. Please note that a tunnel control connection supports multiple call sessions. The following diagram depicts the message exchange of a successful call setup between a PC and an ANT.
Appendix C Boot Commands The BootModule AT commands execute from within the router’s bootup software, when debug mode is selected before the main router firmware (ZyNOS) is started. When you start up your Prestige, you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen. In debug mode you have access to a series of boot module commands, for example ATUR (for uploading firmware) and ATLC (for uploading the configuration file).
Prestige 324 Intelligent Broadband Sharing Gateway ======= Debug Command Listing ======= AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.
Appendix D NetBIOS Filter Commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PPTP, NetBIOS packets cause unwanted calls. You can configure NetBIOS filters to: • Block or forward NetBIOS packets from being sent from the LAN to the WAN.
Prestige 324 Intelligent Broadband Sharing Gateway The filter types and their default settings are as follows. NAME DESCRIPTION EXAMPLE LAN to WAN This field displays whether NetBIOS packets are blocked or forwarded from the LAN to the WAN. Block WAN to the LAN This field displays whether NetBIOS packets are blocked or forwarded from the WAN to the LAN. Block IPSec Packets This field displays whether NetBIOS packets sent through a VPN connection are blocked or forwarded.
This command blocks LAN to WAN NetBIOS packets Command: sys filter netbios config 1 off This command forwards WAN to the LAN NetBIOS packets Command: sys filter netbios config 2 on This command blocks IPSec NetBIOS packets Command: sys filter netbios config 3 off This command stops NetBIOS commands from initiating calls.
Prestige 324 Intelligent Broadband Sharing Gateway Appendix E Log Descriptions Configure centralized logs using the embedded web configurator; see the online help for details. This appendix describes some of the log messages. Chart 1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
Chart 2 System Maintenance Logs TELNET Login Successfully Someone has logged on to the router via telnet. TELNET Login Fail Someone has failed to log on to the router via telnet. FTP Login Successfully Someone has logged on to the router via ftp. FTP Login Fail Someone has failed to log on to the router via ftp. NAT Session Table is Full! The maximum number of NAT session table entries has been exceeded and the table is full.
Prestige 324 Intelligent Broadband Sharing Gateway Chart 4 Content Filtering Logs IP/Domain Name JAVBLK The Prestige blocked access to this IP address or domain name because of a forbidden service such as: ActiveX, a Java applet, a cookie, or a proxy.
Chart 5 ICMP Type and Code Explanations TYPE CODE 11 DESCRIPTION Time Exceeded 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 13 Pointer indicates the error Timestamp 0 14 Timestamp request message Timestamp Reply 0 15 Timestamp reply message Information Request 0 16 Information request message Information Reply 0 Log Descriptions Information reply message 15
Prestige 324 Intelligent Broadband Sharing Gateway Appendix F Power Adapter Specifications North American Plug Standards AC Power Adapter Model: MW41-0901000A AC Power Adapter Model: DV-9750-4 Input Power: AC120Volts/60Hz/13W Input Power: AC120Volts/60Hz/15W Output Power: AC 9Volts/1.0A Output Power: AC 9Volts/1.0A Power Consumption: 10 W Power Consumption: 10 W Safety Standards: UL, CUL (UL 1310, CSA C22.2 No.223) Safety Standards: UL, CUL (UL 1310, CSA C22.2 No.
Appendix G Hardware Specifications SPECIFICATIONS Power Specification I/P AC 120V / 60Hz ; O/P DC 12V 1200 mA MTBF (Mean Time Between Failure) 100000 hrs Operation Temperature 0º C ~ 40 degrees Celsius Ethernet Specification for WAN 10Mbit Half / Full Manual Setting Ethernet Specification for LAN 10/100 Mbit Half / Full Auto-negotiation Cable Pin Assignments In a serial communications connection, generally a computer is DTE (Data Terminal Equipment) and a modem is DCE (Data Circuit-terminating Equ
Prestige 324 Intelligent Broadband Sharing Gateway Appendix H Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
1. Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. 2. The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: a. In the Network window, click Add. b. Select Adapter and then click Add. c. Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: a. In the Network window, click Add.
Prestige 324 Intelligent Broadband Sharing Gateway d. Select Client for Microsoft Networks from the list of network clients and then click OK. e. Restart your computer so the changes you made take effect. In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties. 1. Click the IP Address tab. -To have your computer assigned a dynamic IP address, select Obtain an IP address automatically.
2. Click the DNS Configuration tab. -If you do not know your DNS information, select Disable DNS. -If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). 3. Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. 4. Click OK to save and close the TCP/IP Properties window.
Prestige 324 Intelligent Broadband Sharing Gateway 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your Prestige and restart your computer when prompted. Checking/Modifying Your Computer’s IP Address 1. Click Start and then Run. 2. In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3. Select your network adapter. You should see your computer's (static) IP address, subnet mask and default gateway in this screen.
Windows 2000/NT/XP 1. In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. In Windows XP, click Network Connections. In Windows 2000/NT, click Network and Dial-up Connections. Setting up Your Computer’s IP Address 3. Right-click Local Area Connection and then click Properties.
Prestige 324 Intelligent Broadband Sharing Gateway 4. 24 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties.
5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced to go to the Advanced TCP/IP Settings screen shown next.
Prestige 324 Intelligent Broadband Sharing Gateway 6. -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add. -In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. -Repeat the above two steps for each IP address you want to add.
7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you wish to have more than two DNS servers, click Advanced, the DNS tab and then configure them using Add. 8.
Prestige 324 Intelligent Broadband Sharing Gateway Macintosh OS 8/9 1. 28 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel.
2. Select Ethernet built-in from the Connect via list. 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box. -Type the IP address of your Prestige in the Router address box. 5. Close the TCP/IP Control Panel. 6. Click Save if prompted, to save changes to your configuration. 7.
Prestige 324 Intelligent Broadband Sharing Gateway 1. Click the Apple menu, and click System Preferences to open the System Preferences window. 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually.
Appendix I Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See other appendices for information on the command structure. Chart 7 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
Prestige 324 Intelligent Broadband Sharing Gateway Appendix J Triangle Route The Ideal Setup When the firewall is on, your Prestige acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the Prestige to protect your LAN against attacks. Diagram 10 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
Diagram 11 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your Prestige supports up to three logical LAN interfaces with the Prestige being the gateway for each logical network. By putting your LAN and Gateway B in different subnets, all returning network traffic must pass through the Prestige to your LAN.
Prestige 324 Intelligent Broadband Sharing Gateway Diagram 12 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your Prestige to your LAN. Therefore your LAN is protected. Diagram 13 Gateways on the WAN Side How To Configure Triangle Route: Step 1. 34 From the SMT main menu, enter 24.
Step 2. Enter “8” in menu 24 to enter CI command mode. Step 3. Use the following commands to allow/disallow triangle route. sys firewall ignore triangle all off This command allows triangle route. sys firewall ignore triangle all on This command disallows triangle route.
Index 1 CHAP ......................................................6-8, 9-6 10/100 MB Auto-negotiation ..........................1-1 Cloning the MAC address............................... 6-1 A Command Interpreter Mode.......................... 18-1 Active..............................................................6-7 Community ................................................... 15-2 Address Assignment ............................... 4-7, 4-9 compression ..........................................
Header DYNDNS Wildcard........................................ 5-8 Front Panel LEDs ........................................... 2-4 E FTP ...................................................... 12-2, 19-4 Restrictions............................................... 19-4 FTP File Transfer ....................................... 17-12 Edit IP ............................................................. 6-8 EMAIL.......................................................... 5-10 E-mail Address .................
IP Alias Setup .................................................7-9 IP Multicast............................................. 1-3, 7-5 Internet Group Management Protocol (IGMP) ................................................................1-3 IP Network Number ........................................7-3 Ordering Rules ....................................... 11-12 What NAT does........................................ 11-2 NAT Transversal ........................
Header Q Quick Start Guide ........................................... 3-1 R Read Me First ............................................... xxiii Rear Panel....................................................... 2-1 Related Documentation................................. xxiii Rem Node Name............................................. 6-7 Server7-3, 7-8, 8-2, 9-2, 9-3, 11-5, 11-6, 11-9, 1111, 11-14, 11-16, 11-17, 11-22, 11-23, 18-6 Service...............................................................
System Timeout ............................................19-5 Universal Plug and Play (UPnP)..........14-1, 14-3 T UNIX Syslog ................................................ 16-7 TCP/IP 7-2, 7-6, 7-7, 7-8, 9-7, 13-7, 13-9, 13-12, 13-16, 19-1 Upload Firmware ........................................ 17-11 TCP/IP filter rule...........................................13-7 Telnet Configuration .....................................19-1 Telnet Under NAT ........................................
