Prestige 128L User’s Manual Version 1.
ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two (2) years from the date of purchase.
you specific legal rights, and you may also have other rights which vary from state to state. Copyright © 1997 by ZyXEL The contents of this book may not be reproduced (in any part or as a whole) or transmitted in any form or by any means without the written permission of the publisher. Published by ZyXEL Communications Corporation. All rights reserved. Note: ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
company. The equipment must also be installed using an acceptable method of connection. In some cases, the company’s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly. The customer should be aware that the compliance with the above conditions may not prevent degradation of service in some situations. Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier.
Outside North America, you can dial +886-3-5783942 EXT 252 between 8:00AM and 5:00PM Taiwan time (GMT +8:00). • Fax: ZyXEL in North America: (714) 693-8811 or Taiwan: +8863-5782439 • E-mail: • • Sales inquiries: sales@zyxel.com in North America. sales@zyxel.com.tw outside North America. Technical support: support@zyxel.com in North America. support@zyxel.com.tw outside North America. • Product information: Visit our site on the World Wide Web: http://www.zyxel.com.
Contents ZyXEL Limited Warranty............................................................ ii Copyright © 1997 by ZyXEL......................................................iii Acknowledgments .......................................................................iii FCC Part 15 Information............................................................ iii Information for Canadian Users .................................................. iv Contacting ZyXEL .....................................................
Collecting General Setup Information...........................................9 Collecting IDSL Information........................................................9 Collecting Ethernet Setup Information........................................10 3 Installation.............................................................15 A Warning On Connection Cables ............................................15 Connecting Your Computer and Your Prestige ........................
6 TCP/IP Configuration...........................................45 IP Subnet Mask.........................................................................45 LAN-to-LAN Application ..........................................................46 Remote Node Setup..................................................................47 Static Route Setup.....................................................................49 7 Novell IPX Configuration .....................................53 IPX Network Environment ..
About SNMP..............................................................................79 Configuring Your Prestige For SNMP Support........................79 11 System Security ...................................................83 Configuring the SMT Password ................................................83 12 Telnet Configuration and Capabilities ...............85 About Telnet Configuration.......................................................85 Telnet Capabilities...................................
15 Index..................................................................
1 Introduction Congratulations on your purchase of the ZyXEL Prestige 128L IDSL Router. The Prestige integrates a Router and Bridge, offering inexpensive yet complete telecommunications and internetworking solutions for your home or branch office. The Prestige is ideal for everything from Internet access, to receiving calls from Remote Dial-in Users, to making LAN-to-LAN connections to Remote Nodes.
ISDN Digital Subscriber Line (IDSL) IDSL uses the 2B1Q line coding standard for ISDN BRI circuits. Used for data-only applications, IDSL can use unshielded twisted pair wire for transmitting data at 64/128Kbps for up to 18,000 feet. The differences between IDSL and ISDN are: 1. ISDN passes through the phone company's central office voice network; IDSL bypasses it by plugging into a special router at the phone company end. Or a pair of Prestige 128L’s can be connected by a single twisted pair cable. 2.
Data Compression The Prestige incorporates Stac data compression and Compression Control Protocol. Applications For Your Prestige Some applications for your Prestige include: Internet Access The Prestige supports TCP/IP protocol. It is also compatible with other IDSL access servers manufactured by vendors such as Ascend. Internet Single User Account (SUA) For a small office environment, the Prestige SUA support. This allows multiple users to access the LAN simultaneously using a single IP address.
• Release notes for firmware upgrades and other information can be accessed through a ZyXEL FTP server site. For ZyXEL contact information see page v. Packing List Before you proceed further, check all items you received with your Prestige 128L against this list to make sure nothing is missing. The complete package should include: • One Prestige 128L. • One power adapter. • One 25 pin female - 9 pin male adapter. • One RS-232 cable. • One LAN crossover cable (red tag).
• IDSL service provided by local phone company (optional). • An Ethernet connection to your computer. • A computer equipped with communications software configured to the following parameters: • VT100 terminal emulation. • 9600 Baud rate. • No parity, 8 Data bits, 1 Stop bit. After the Prestige has been successfully connected to your network, you can make future changes to the configuration by using a Telnet application.
6 Introduction
2 Before You Begin To ensure successful installation of your Prestige, we strongly recommend that you carefully follow the steps outlined in Chapters 2 and 3. These chapters are designed as a guide for you to collect all necessary information about your LAN. Once this information has been collected, it will be used to configure your Prestige. After you have successfully configured your Prestige, see the appropriate chapters to setup your application.
Figure 2-1 Installation Guide Completing the Worksheet Before you continue, locate the worksheet at the end of this chapter. This information worksheet has been provided to help you get through setup and installation of your Prestige as easily as possible. Ordering Your IDSL Line There is no need to order an IDSL line if you are using a pair of Prestige 128Ls directly connected by a twisted pair cable.
Collecting General Setup Information Your Prestige requires the following system information. You can obtain all the pertinent information from your network administrator. Record this information into the worksheet as it becomes available. This worksheet will later be referred to as you configure your Prestige. • System Name - This is the name given to your Prestige for identification purposes. This name should be no more than 8 alphanumeric characters. Spaces are not allowed, but “-” and “_” are accepted.
Collecting Ethernet Setup Information This section assumes that you are setting up your Prestige for a TCP/IP connection. If you want to configure the Prestige for other protocols (e.g., IPX), refer to the appropriate chapters. • Ethernet Interface - The first step is to determine the type of Ethernet interface you will be using. There are two options: AUI or UTP. Record the interface type onto the worksheet. If you have a 10Base2 (BNC), you should choose AUI.
IP Subnet Mask 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.
Prestige Setup and Installation Worksheet General Setup Information • System Name (for identification purposes): _______________________________________ • Protocol Routing: ___TCP/IP ___IPX ___Bridging IDSL Setup Information • Service Type (check one): ___Client ___Server • Transfer Type (check one): ___Leased 128 ___Leased 64 Ethernet Setup Information • Ethernet Interface (check one): ___AUI 12 Before You Begin
___UTP • IP Address: _______._______._______._______ • IP Subnet Mask: _______._______._______.
14 Before You Begin
3 Installation This chapter outlines how to connect your Prestige to the LAN and IDSL line. Refer to the diagram below to identify all of the ports on your device when you attempt to make the various connections. Figure 3-1 Rear Panel Diagram A Warning On Connection Cables The IDSL line and Ethernet cable, are very similar to each other. It is important that you use the correct cable for each connection; otherwise, your Prestige could be damaged.
Connecting Your Computer and Your Prestige For the initial setup of your Prestige, use the provided RS-232 cable and communications software to configure your Prestige. After your Prestige has been successfully installed, you can modify the configuration through a remote Telnet connection. See Chapter 12 for detailed instructions on using Telnet to configure your Prestige. Connecting the RS-232 Cable to your Prestige One 9-25 pin adapter is included with your Prestige.
The UTP port is used to connect to a 10Base-T network. 10Base-T networks use Unshielded Twisted Pair (UTP) cable and RJ-45 connectors that look like a bigger telephone plug with 8 pins. Two types of gray Ethernet cables come with the package: • O NOTE: Straight through cable (white tag): Connect your Prestige 128L to a 10Base-T hub. • Crossover cable (red tag): Connect your Prestige to your computer directly without a hub. IF THIS CABLE IS USED TO CONNECT IDSL, IT MAY DAMAGE YOUR PRESTIGE.
Figure 3-2 Front Panel PWR - Comes on as soon as you connect your Prestige to the power supply and switch it to the I (on) position. TST - Should be blinking if your Prestige is functioning properly. Line: LNK - Indicates that your Prestige has an ISDN line connected to the WAN interface and it has been successfully initialized. 64K and 128K - The 64K LED will light to indicate a line speed of 64K. The 64K and 128K LED will light to indicate a line speed of 128K.
Figure 3-3 Power on Messages If you press ENTER, your Prestige will display a login screen and ask you to enter the password as shown below: Figure 3-4 Login Screen Enter the default password, 1234 to get into the Main Menu of System Management Terminal (SMT). Note that once you are in the SMT and if there is no activity for longer than 5 minutes, your Prestige will automatically log you out and will display a blank screen. If you see a blank screen, press ENTER to bring up the password screen.
Navigating Through the System Management Terminal Interface Use the SMT to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed below: • Moving Forward to Another Menu. To move forward to a submenu below the current one, type in the number of the sub-menu and press ENTER. • Moving Backward to a Previous Menu. Press the Escape key to move back to the previous menu.
• Saving Your Configuration. You can save your configuration by pressing ENTER at the message: Press ENTER to confirm or ESC to cancel: Saving the data on the screen will take you in most cases to the previous menu.
# Menu Title Description Remote Nodes. 12 Static Routing Setup Setup static route for different protocols. There are four static routes for each protocol. 21 Filter Set Setup filters to be used in Menu 3 and Configuration Menu 11 to provide security, call control, etc. 22 SNMP Configuration Setup SNMP related parameters. 23 System Security Setup security related parameters. 24 System Maintenance Provide system status, diagnostics, firmware upload, etc.
1. System Name - Choose a descriptive name for identification purposes, e.g., p128l. This name should be no more than 8 alphanumeric characters. Spaces are not allowed, but “-” and “_” are accepted. This name can be retrieved remotely via SNMP, used for CHAP authentication, and will be displayed as the prompt in the Command Mode. See Chapter 11 for more information on CHAP; see Chapter 13 for more information on Command Mode. 2.
1. Service Type - There are two options: Client or Server. Server provides clock to synchronize signals transmitted on the line. 2. Transfer Type - There are two options: Leased 128K or Leased 64K, which decide the IDSL line’s baud rate. Ethernet Setup Menu 3 is used to enter Ethernet related information. Depending on the protocols (TCP/IP or IPX) on your LAN, you will need to configure each protocol separately.
General Ethernet Setup This menu determines the type of Ethernet interface you are using as well as the filter sets you wish to implement to monitor your Ethernet traffic. From Menu 3 - Ethernet Setup, enter 1 to go to menu 3.1 General Ethernet Setup. Figure 3-7 Menu 3.1 - General Ethernet Setup 1.
network (looks like a bigger telephone plug). Determine which type you are using and select the appropriate option. 2. Input and Output Filter Sets - Filter sets are used to block certain packets to reduce traffic and to prevent a security breach. Filtering is a very involved subject, so leave these fields blank for the time being. After you have studied filtering in Chapter 9, come back and define the filter sets.
will act as a DHCP server, capable of automatically assigning IP addresses to Windows 95, Windows NT, and other systems that support the DHCP client. When DHCP is used, the following four items need to be set. Do not set this field to Server if there is already a DHCP server on your network. 2. Client IP Pool Starting Address - DHCP can assign IP addresses to hosts dynamically instead of requiring that each system have a fixed IP address.
on the IP address that you assign. Unless you have special need for subnetting, use the default subnet mask calculated by your Prestige. 7. RIP Direction - This parameter determines how your Prestige handles RIP (Routing Information Protocol). If set to Both (default), your Prestige will broadcast its routing table on the LAN, and incorporate RIP broadcasts by other routers into its routing table.
When you are finished, press ENTER at the message: Press ENTER to Confirm... to save your selections, or press ESC at any time to cancel them. Novell IPX Ethernet Setup Refer to the chapter on Novell IPX configuration. Bridge Ethernet Setup Refer to the chapter on Bridging configuration.
30 Installation
4 Configuring for Internet Access Menu 4 of the SMT allows you to configure Internet access on one screen. Before you configure your Prestige for Internet access, you need to collect the following information from your ISP (Internet Service Provider). • IP address of the ISP’s gateway (optional). • Login name (optional). • Password (optional).
IP Addresses and the Internet Conventionally, the Internet (with a capital I) refers the large-scale interconnected networks across the world that was originally developed by the US Department of Defense. The Internet uses exclusively the TCP/IP suite of protocols. The term “internet” (lower case i), however, refers to any interconnected networks using any protocol. An internet can be as simple as two hosts on a LAN, or it can be as complex as the Internet itself.
ALLOCATION FOR PRIVATE INTERNET ’S AND RFC 1466, GUIDELINES FOR MANAGEMENT OF IP ADDRESS SPACE. Once you have determined the IP address range for your local network, you may want to use DHCP (Dynamic Host Configuration Protocol) to assign addresses to individual hosts on the network, as an alternative to manually configuring each host’s IP settings. See the TCP/IP Ethernet Setup and DHCP section on page 26 for more information about DHCP.
3. ISP IP Addr - Enter the IP Address of the remote gateway at the ISP’s site. If you do not have this data, just leave it blank. 4. My Login Name - Enter the login name provided by your ISP. 5. My Password - Enter the password associated with the login name above. Note that this login name/password pair is only for your Prestige to connect to the ISP’s gateway. When you use TCP/IP applications, e.g.
This feature may also be used to connect to TCP/IP remote nodes other than Internet Service Providers. For example this feature can be used to simplify the allocation of IP addresses when connecting branch offices to the corporate network. The IP address for the Single User Account can be either fixed or dynamically assigned by the ISP (or other remote node). In addition, you can also configure a server, e.g., a Web server, on your local network and make it accessible by outside users.
• UDP and TCP datagrams can be routed. In addition, ICMP echo can also be routed. The figure below shows an example of a small office connected to the Internet via a Single User Account using your Prestige. Note that if you enable the Single User Account feature, your local IP address MUST be selected from the list of IP addresses for private networks as defined by the IANA.
static IP address enter that IP address here. You have to use a static IP address if you are using a pair of Prestiges. 3. Single User Account: Server IP Addr - If you want to make a single server, e.g., a Web server, accessible to outside users, enter that server’s IP address here. Press ENTER at the message: Press ENTER to Confirm ... to confirm your selections or press ESC at any time to cancel your selections. At this point, your Prestige will ask if you wish to test the Internet connection.
38 Configuring for Internet Access
5 Remote Node Configuration A Remote Node represents both a remote gateway and the internet behind it, across an IDSL connection. A Remote Node is required for connecting to the remote network directly. Note that when you use Menu 4 to configure the Internet, your Prestige will automatically add a Remote Node for you. Even though you can configure up to four remote nodes, the first active remote node will be used to connect to the remote LAN.
Figure 5-1 Menu 11 - Remote Node Setup Enter the Remote Node number to edit and you will go to the next submenu: 11.1 - Remote Node Profile as shown below: Figure 5-2 Menu 11.1 - Remote Node Profile 1. Rem Node Name - This is a required field. Enter a descriptive name for the Remote Node, e.g., SJHQ. This field can support up to eight characters. This name must be unique from any other Remote Node name or Remote Dial-in User name.
2. Active - Press the space bar to toggle between Yes and No. When a Remote Node is deactivated, it has no effect on the operation of your Prestige, even though it is still kept in the database and can be activated in the future. Deactivated nodes are displayed with a (minus sign) at the beginning of the name in Menu 11. 3. Incoming: Rem Node Login Name - Enter the login name that this Remote Node will use when it calls into your Prestige.
• CHAP/PAP - Your Prestige will try CHAP when CHAP is requested by the Remote Node or PAP when PAP is requested by the Remote Node. • CHAP - Use CHAP only. • PAP - Use PAP only. 8. Route - This field determines the protocols that your Prestige will route. The choices for this field are determined by the features that are enabled. 9. Bridge - Bridging is used for protocols that are not supported or not turned on in the previous Route field, e.g., SNA.
and your Prestige. You can choose from 12 different filter sets. In addition, you can link up to 4 filter sets together for further customization (e.g., 1, 5, 9, 12). Note that spaces and , are accepted in this field. For more information on customizing your filter sets, see Chapter 9. The default is blank, i.e., no filters defined. 14. Session Option: Idle Timeout (sec) - This value specifies the number of idle seconds that elapses before sending a ppp-echo packet to verify whether the line is up.
2. Compression - Turns on Stac Compression. The default for this field is Off. Once you have completed Menu 11.2 - Remote Node PPP Options, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC to cancel your selections.
6 TCP/IP Configuration This chapter shows you how to configure your Prestige for TCP/IP. Depending on your particular applications, you will need to configure different menus. For instance, Internet access is the most common application of TCP/IP. For this application, you should configure Menu 4. We will illustrate the configuration for other applications in the following sections. IP Subnet Mask A subnet mask is a 32-bit quantity that, when logically ANDed with an IP address, yields the network number.
to partition your class C network 204.247.203.0 with subnet mask 255.255.255.0 into 16 subnets (4 bits), the new subnet mask becomes 255.255.255.240. Number of Bits 1 2 3 4 5 6 7 8 Dot Decimal 128 192 224 240 248 252 254 255 LAN-to-LAN Application A typical LAN-to-LAN application is to use your Prestige to call from a branch office to the headquarters, as depicted in the following diagram.
configure Static Routes if some services reside beyond the immediate remote LAN. Remote Node Setup Follow the procedure in Chapter 5 to fill the protocol-independent parameters in Menu 11, Remote Node Profile. For the protocoldependent parameters, follow the instructions below. 1. Route - Make sure IP is among the protocols in the Route field. 2. IP Address - Enter the IP address of the gateway at the remote site (in this case, headquarters).
2. Rem IP Subnet Mask - Enter the subnet mask for the remote network. 3. My WAN Addr - Some implementations, especially the UNIX derivatives, require hosts on both ends of the ISDN link to have separate addresses from the LAN, and that the addresses must have the same network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige. Note that this is the address assigned to the local Prestige, not the remote router. Figure 6-3 Sample IP Addresses 4.
not be precise, but it must be between 1 and 16. In practice, 2 or 3 is usually a good number. 7. Private - This parameter determines if your Prestige will include the route to this Remote Node in its RIP broadcasts. If set to yes, this route is kept private and not included in RIP broadcast. If no, the route to this Remote Node will be propagated to other hosts through RIP broadcasts. 8. RIP - This parameter determines how your Prestige handles RIP (Routing Information Protocol), and the default is Both.
or a Remote Node, a static route is implicitly created by your Prestige. An example is given below. In the example, stations on the 204.5.1.0/24 subnetwork can access the remote stations using the static route. The route will have a destination of 204.5.1.64/26 with the gateway address being that of the Remote Node (204.5.1.150).
Figure 6-5 Menu 12 - Static Route Setup - Main Menu Figure 6-6 IP Static Route Setup 1. Route Name - Enter a descriptive name for this route. This is for identification purpose only. 2. Active - This fields allows you to activate/deactivate this static route. 3. Destination IP Address - This parameter specifies the IP network address of the final destination. Routing is always based on network number.
use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID. 4. IP Subnet Mask - Enter the subnet mask for this destination. Follow the discussion on IP subnet mask in this chapter. 5. Gateway IP Address - Enter the IP address of the gateway. The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination.
7 Novell IPX Configuration This chapter shows you how to configure your Prestige for IPX. Depending on your particular applications, you will need to configure different menus. We will illustrate the configuration for some applications in the following sections. IPX Network Environment Frame Type The stations on an IPX network (both clients and servers) can run on four different frame types existing on one physical Ethernet cable. These frame types include 802.2, 802.3, Ethernet II (DIX), and SNAP.
Figure 7-1 Prestige Operating in IPX Environment Prestige on LAN with Server When your Prestige is being connected to a LAN with an existing NetWare server station, you will not need to configure it as a seed router, and hence the network number parameter in the Ethernet Setup Menu. Rather, your Prestige will learn the network number of the network it is attached to through the regular RIP broadcasts sent by the server and add this route to its routing table.
IPX Ethernet Setup The first step is to set up your Prestige on the LAN. From menu 3, select option 3 to go to Menu 3.3 - Novell IPX Ethernet Setup as seen below: Figure 7-2 Menu 3.3 - Novell IPX Ethernet Setup 1. Seed Router - Determine if your Prestige is to act as a seed router. This value depends on the existing network. If there is a NetWare server providing the network number, select No. If there is no NetWare server providing the network number, select Yes. 2.
• SNAP 3. IPX Network # - If you selected your Prestige to act as a seed router, you need to provide a unique network number to be associated with the network that it has joined. Keep in mind that this number must not be used anywhere else on the network. Once you have completed filling in the Menu 3.3, press ENTER the save message to save your selections, or press ESC at any time to cancel your selections.
Remote Node Setup Follow the procedure in Chapter 5 to fill the protocol-independent parameters in Menu 11, Remote Node Profile. For the protocoldependent parameters, follow the ensuing instructions. 1. Route - Make sure IPX is among the protocols in the Route field. 2. Edit IP/IPX/Bridge - Press the space bar to change it to Yes and press Enter to go to the network layer options menu. Figure 7-4 Menu 14.1 - Edit Dial-in User 3.
6. Tick Count - This field indicates the time-ticks required to reach the Remote Node. The default is two (2). 7. W/D Spoofing (min) - This field is used for your Prestige on the server side LAN. Your Prestige can spoof a response to a server’s Watch Dog request after an expected drop of connection. In this field, enter in the time (number of minutes) that you want your Prestige to spoof the Watch Dog response. 8.
Figure 7-5 NetWare Servers on Both Sides of the Link This may present a problem if you desire your client station to access a server at a remote site. For example, in the above diagram, suppose that a client station on the network on the left wishes to access the NetWare server on the right (internal network number = 111). However, the SAP broadcasts will receive a response from the server on the left (internal network number = 444).
Figure 7-6 Menu 12.2 - Edit IPX Static Route 1. Server Name - In this field, enter in the name that has been configured for the server. This name must be the exact name configured in the NetWare server. 2. Network # - This field contains the internal network number of the remote server which you wish to access. Do not use 00000000 or FFFFFFFF for this field. 3. Node # - This field contains the address of the node on which the server resides.
The Hop Count and Tick Count fields have the same meaning as those in the Remote Node Setup. Once you have completed filling in the menu, press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
62 Novell IPX Configuration
8 Bridging Configuration This chapter shows you how to configure the Bridging options for your Prestige. Depending on your particular applications, you will need to configure different menus. We will illustrate the configuration for some applications in the following sections. Bridge Ethernet Setup Bridging is used to forward packets of unsupported protocols whose destination is not on the local Ethernet to the WAN.
Figure 8-7 Remote Node Bridging Configuration 3. Ethernet Addr Timeout (min) - In this field, enter the time (number of minutes) that you wish your Prestige to retain the Ethernet Addr information in its internal tables while the line is down. If this information is retained, then your Prestige will not have to re-negotiate the protocol and recompile the tables when the line is brought back up. Once you have completed filling in the Network Layer Options Menu, press ENTER to return to Menu 11.
Figure 8-8 Menu 12.4 - Bridge Static Route 1. Route Name - For identification purposes enter a name for the bridge static route. 2. Active - Indicates whether the static route is active or not. 3. Ether Address -Enter the MAC address of the destination device that you wish to bridge your packets to. 4. IP Address - If available, enter the IP address of the destination device that you wish to bridge your packets to. 5.
66 Bridging Configuration
9 Filter Configuration About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call over the ISDN line. There are two types of filters involved: incoming data filters and outgoing data filters. Data filters screen the data to determine if the packet should be allowed to pass. Figure 9-1 Outgoing packet filtering Process For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether a match is made.
Prestige’s Filter Structure You can configure up to twelve filter sets with six rules in each set. Therefore, your Prestige allows you to customize up to 72 filter rules (12 x 6). When implementing these filter sets, you can link up to four of the filter sets together to screen the data packet. Therefore, with each filter set having up to six rules, you can have a maximum of 24 rules active for a single filtering application.
Figure 9-2 Menu 21 - Filter Set Configuration Once you press ENTER, you will be taken to Menu - 21.1 - Filter Rules Summary as seen below. The information displayed in this menu is read-only. From here, you can examine the parameters of each rule that you have configured for that set. The following is a brief description of the abbreviations used in this menu. • # - Refers to the filter rule number (1-6). • A - Refers to Active. Y means the filter rule is active and N means the filter rule is inactive.
• m - Refers to Action Matched. F means to forward the packet, D means to drop the packet, and N means check the next rule. • n - Refers to Action Not Matched. F means to forward the packet, D means to drop the packet, and N means check the next rule. Figure 9-3 Menu 21.1 - Filter Rules Summary If the filter type is IP (TCP/IP), the following abbreviations will be used: • Pr - Protocol. • SA - Source Address. • SP - Source Port number. • DA - Destination Address. • DP - Destination Port number.
• PT - IPX Packet Type. • SS - Source Socket. • DS - Destination Socket. For more information on configuring the filter rule parameters, refer to the next section. To configure a specific filter rule, simply select the number of the filter rule (1-6) you wish to configure and press ENTER. This will take you to Menu 21.1.1 - TCP/IP Filter Rule (next section). Configuring a Filter Rule There are four types of filter rules that you can configure.
Figure 9-4 Menu 21.1.1 - TCP/IP Filter Rule 1. Active - In this field, you can make the filter rule active or inactive. There are two options: • Yes. • No. 2. IP Protocol - Protocol refers to the IP specific number of the protocol. The range for this value should be between 0 and 255. For example, 6 refers to the TCP protocol. 3. IP Source Route - Determine, Yes or No, to check the source route. 4. Destination: IP Addr - In this field, enter the destination IP Address of the packet you wish to filter.
6. Destination: Port # - Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535. 7. Destination: Port # Comp - In this field, you can select what comparison quantifier you wish to enable to compare to the value given in Destination: Port #. There are five options for this field: • None. • Less. • Greater. • Equal. • Not Equal. 8. Source: IP Addr - In this field, enter the source IP Address of the packet you wish to filter.
(TCP protocol). In this field you determine what type of TCP packets to filter. There are two options: • • Yes - filter matches only established TCP connections. No - filter matches both initial and established TCP connections. 13. More - In this field, you can determine if you want to pass the packet through the next filter rule before any action is taken. There are two options for this field: • Yes. • No. If More is Yes, then Action Matched and Action Not Matched will be N/A. 14.
16. Action Not Matched - If the conditions for the filter rule are not met, you can specify what to do with the packet. There are three options for this field: • Check Next Rule. • Forward. • Drop. Once you have completed filling in Menu 21.1.1 - TCP/IP Filter Rule, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
1. Offset - Offset refers to the value of the byte that you want to use as your starting offset. That is, in the data packet, at what point do you want to begin the comparison. The range for this field is from 0 to 255. Default = 0 2. Length - This field refers to the length (in bytes) of the data in the packet that your Prestige should use for comparison and masking. The starting point of this data is determined by Offset. The range for this field is 0 to 8. Default = 0 3.
Novell IPX Filter Rule This section will show you how to configure the protocol-dependent parameters for an IPX filter. The fields in the menu are displayed in bold type. Figure 9-6 Menu 21.1.3 - IPX Filter Rule 1. IPX Packet Type - Enter the IPX packet type value of the packet you wish to filter. This value should be two hex-bytes. 2. Destination/Source Network # - Enter the four hex-byte destination/source network numbers of the packet that you wish to filter. 3.
6. Operation - This field is only active if one of the Socket # fields is 0452 or 0453 indicating SAP and RIP packets. There are seven options for this field which determines the operation for the IPX packet. • None. • RIP Request. • RIP Response. • SAP Request. • SAP Response. • SAP Get Nearest Server Request. • SAP Get Nearest Server Response. Once you have completed filling in Menu 21.1.3 - IPX Filter Rule, press ENTER at the message: Press ENTER to Confirm ...
10 SNMP About SNMP The Simple Network Management Protocol (SNMP) is a protocol governing network management and the monitoring of network devices and their functions. The Prestige 128L supports the utilization of SNMP to regulate the communication that occurs between the manager station and the agent stations in a network. Basically, your Prestige, when connected to the LAN, acts as an agent station.
Figure 10-1 Menu 22 - SNMP Configuration 1. From the Main Menu, select option 22. SNMP Configuration. This will bring you to Menu 22 - SNMP Configuration. 2. You will then be prompted to enter the following information. Steps 3 -7 will describe the specific parameters involved in the configuration. The parameters you will have to fill in will be indicated in bold type. 3. Get Community - From this field, you can determine what the Get Community is for your Prestige.
leave the field blank (default), then your Prestige will respond to all SNMP messages it receives, regardless of origin. 6. Trap: Community - In this field, enter the community name that is sent with each trap to the SNMP manager. This should be treated like a password and match what the SNMP manager is expecting. The default is public. 7. Trap: Destination - This field contains the IP address of the station that you wish to send your SNMP traps.
82 SNMP
11 System Security The Prestige 128L incorporates a number of security measures to prevent unauthorized access to your network. For example, your Prestige supports both PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) in authenticating a Remote Node. In addition, your Prestige also implements a user password to get into the SMT screen. You will have three attempts to enter the correct system password. If all three attempts fail, the SMT will log out.
The following steps describe a simple setup procedure for configuring the SMT password. 1. From the Main Menu, select option 23. System Security. This will bring you to Menu 23 - System Security. 2. From this menu, you can select option 1. Change Password. This will bring you to Menu 23.1 - System Security - Change Password. 3. Type in your previous system password and press ENTER. 4. Type in your new system password and press ENTER. 5.
12 Telnet Configuration and Capabilities About Telnet Configuration When you first configure your Prestige, it must be done via a computer connected to the RS-232 port. However, once your Prestige has been initially configured, you can use telnet to configure the device remotely as shown below: Figure 12-1 Telnet Configuration on a TCP/IP Network In order to configure your Prestige in this way, you need to have assigned an IP Address to your device and have connected it to your network.
management. If your Prestige is configured for IPX routing but not IP in menu 1, telnet will still be available provided you assign your Prestige an IP address. Telnet Capabilities Single Administrator To prevent confusion and discrepancy on the configuration, your Prestige will only allow one terminal connection at any time. Your Prestige also gives priority to the RS-232 connection over telnet.
13 System Maintenance The Prestige 128L provides a full range of diagnostic tools to help you monitor and maintain your system. Some of these tools provide updates on system status, ISDN B channel status, log and trace capabilities and upgrades to system software. System Status System Status can be used to monitor your Prestige. Specifically, it will give you information on the status of your system software version, ISDN telephone line, number of packets sent and number of packets received.
Figure 13-2 Example of Menu 24.1 - System Maintenance Status 1. To get to the System Status, select option 24. System Maintenance. This will bring you to Menu 24 - System Maintenance. 2. From this menu, select option 1. System Status. 3. There are two (2) possible commands in Menu 24.1. 3 will reset the counters; and ESC will exit this screen. 4. Items 5 - 22 describes the fields present in Menu 24.1 - System Maintenance - Status.
11. CLU - (Current Line Utilization) - percentage of current bandwidth used on this channel. 12. ALU - (Average Line Utilization) - average CLU for this channel. 13. Up Time - time this channel has been connected to the current Remote Node. 14. Ethernet - shows the current status of the LAN connection on your Prestige. 15. Status - shows the current status of the LAN which may be 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, or 100M/Full Duplex.
Figure 13-3 Menu 24.2 -System Maintenance - Change Terminal Baud Rate Log and Trace Log and trace tools allow you to view the error logs and trace records to troubleshoot any errors that may occur. Your Prestige is also able to generate syslogs to send to other machines. 1. To get to the Log and Trace, select option 24. System Maintenance. This will bring you to Menu 24 - System Maintenance. 2. From this menu, select option 3. Log and Trace. This will bring you to Menu 24.
View Error Log Selecting the first option from Menu 24.3 - System Maintenance - Log and Trace will display the system Error Log. The Error Log does not only provide the error messages but it is also a source of information about your Prestige. You can also clear the Error Log on your Prestige. After each display, you are prompted with an option to do so. Enter the appropriate choice and press Enter. Syslog Syslog can be configured in Menu 24.3.2 - System Maintenance Syslog.
2. Syslog IP Address - Input the IP Address that you wish to send your syslog to. The address is usually written in dotted decimal notation such as a.b.c.d where a, b, c, and d are numbers between 0 and 255. 3. Log Facility - Use the space bar to toggle between the 7 different Local options. This feature is used for UNIX application. O NOTE: YOUR PRESTIGE WILL SEND TWO DIFFERENT TYPES OF SYSLOG MESSAGES: ERROR INFORMATION MESSAGES AND SESSION INFORMATION MESSAGES.
3. Items 4 - 7 will describes the four (4) options to test your Prestige and its connections. 4. Internet Setup Test - This test checks to see if your Internet access configuration has been done correctly. When this option is chosen, your Prestige will PING the Internet IP Address. If everything is working properly, you will receive an appropriate response. Otherwise, note the error message and consult your network administrator. 5.
Restore Configuration Selecting option 6 from Menu 24 - Maintenance will restore backup configuration from disk to your Prestige. You need to upload a backup file to your Prestige. Procedure for uploading varies depending on the type of software used to access the Prestige but you must use the XMODEM protocol to restore the configuration. Keep in mind that configuration is stored on flash ROM in your Prestige so even if power failure were to occur, your configuration is safe.
Figure 13-6 Example of uploading RAS using PCPLUS Command Interpreter Mode This option allows the user to enter the command interpreter mode. This mode allows you to diagnose, test, and configure your Prestige using a specified set of commands. A list of valid commands can be found by typing help at the command prompt. For more detailed information, check the ZyXEL Web site or send email to the ZyXEL Support Group.
96 System Maintenance
14 Troubleshooting This chapter contains some problems you may run into when using your Prestige. After each problem description, we have provided some instructions to help you diagnose and solve the problem. Problems Starting Up the Prestige None of the LEDs are on when you power up the Prestige • Check the power cord and the power supply and make sure it is properly connected to your Prestige. If the error persists you may have a hardware problem. In this case you should contact technical support.
Problems With the IDSL Line The IDSL LEDs Not On Check the connection between your two routers. When they are connected, the link and B1/B2 LED should be on if the transfer type is leased 128; and the link and B1 LED are on if the transfer type is leased 64. 1. Check the IDSL line if it is a single line to connect a pair of routers. 2. Check the counter Prestige see whether it is still alive. 3. Check with telephone company if the IDSL line is connected to telephone company.
Problems Connecting to a Remote Node or ISP 1. Check menu 24.1 to verify the IDSL status. If it is down then refer to the section on the IDSL line problems. 2. If you check the error log in menu 24.3.1, this will usually give you some logs regarding where goes wrong. If there is nothing in the log, it may be an IP address configuration error.
100 Troubleshooting
15 Index 10Base2, 10, 17 10Base5. See AUI 10Base-T, 9, 10, 16, 17, 24 Accounting, 91 AUI, 10, 17, 25, 98 BNC. See 10Base2 Bridging, 1, 2, 9, 29, 42, 63, 64 Canadian User Information, iv Challenge Handshake Authentication Protocol.
RIP, 28, 49, 54, 58, 77, 78 Routing Information Protocol. See RIP RS-232, iv, 2, 16, 17, 85, 86, 90, 94, 97 SAP, 58, 59, 77, 78 Simple Network Management Protocol. See SNMP Single User Account, 3, 34, 35, 36, 37 SMT, 19, 20, 21, 22, 31, 34, 83, 84, 97 SNMP, 2, 9, 22, 23, 79, 80, 81 Spoofing, 58 Stac, 3 102 Index SUA. See Single User Account System Management Terminal, 19 TCP/IP, 1, 3, 10, 24, 26, 27, 32, 34, 39, 45, 69, 70, 71, 72, 75, 79, 85, 93 Telnet, 2, 5, 16, 84, 85, 86, 94 Transparent Bridging.
