ZyXEL Communications 310 Network Router User Manual
Contents
1. DIA PT PT CAL LCP CHA PC CCP BAC PC PC LING dev a ch 0 OUTGOING CALL phone p p P Start tunnel setup send SCCRQ P OCRQ sent L CONNECT speed lt 10000000 gt type lt 10 gt chan lt 0 gt opened P login to remote OK P negotiation started stopped P stopped P neg Primary DNS 202 xxx XXX X P opened Figure 3 9 Internet Setup Test Example 3 5 Basic Setup Complete Well done You have successfully connected installed and set up your Prestige to operate on your network and access the Internet Internet Access 3 13 Advanced Applications Part Il Advanced Applications This section describes the advanced applications of your Prestige such as Remote Node Setup IP l Static Route Setup and NAT i Prestige 310 Broadband Sharing Gateway Chapter 4 Remote Node Setup This chapter shows you how to configure a remote node A remote node is required for placing calls to a remote gateway A remote node represents both the remote gateway and the network behind it across a WAN connection Note that when you use menu 4 to set up Internet access you are actually configuring a remote node We will show you how to configure the following menus e Menu 11 1 Remote Node Profile e Menu 11 3 Remote Node Network Layer Options e Menu 11 5 Remote Node Filter 4 1 Remote Node Profile From the main menu ente2. Encapsulation PPPoE 400000020 PPPoE User Name 1 lt Str gt N A 400000021 PPPoE User Name 2 lt Str gt N A 400000022 PPPoE Password N A Encapsulation PPTP 400000023 PPTP User Name 1 lt Str gt N A 400000024 PPTP User Name 2 lt Str gt N A 400000025 PPTP Password N A M4 common 400000026 IP Address Assignment lt 0 Static 1 Dynamic gt 400000027 Ether IP Address 192 168 66 88 400000028 Ether IP Subnet Mask Bits 24 400000029 Ether Gateway IP Address 0 0 0 0 400000030 Rem Subnet Mask Bits 0 400000031 My WAN Addr 0 0 0 0 400000032 Rem IP Address 0 0 0 0 400000011 Idle Timeout sec 300 256 denots that no filter is applied here This is your Roadrunner password in ASCII format This password is 1234 when read in clear text Appendix D Prestige 310 Broadband Sharing Gateway 400000033 Network Address Translation lt 0 disable 1 1 Enable gt 400000034 NAT Selection lt 255 SUA 1 NAT set 1 gt 255 This is your password in Menu 23 1 System Security Change Password ASCII format 2301000001 Root Password 31323334 Appendix D M Prestige 310 Broadband Sharing Gateway Appendix E Boot Commands The BootModule AT commands execute from within the router s bootup software when debug mode is selected before the main router firmware ZyNOS is started When you start up yo
3. 13 2 What NAT does sse 6 2 Remote Node o Filter 4 10 Filters ee eee ere ca 7 18 Oneto Oe nai tei odii 6 5 Profiler 25d mee Seen 4 1 P Profile Traffic Redirect Field 4 12 Rem Node Name Field 4 2 Packet Filtering rn etie 1 4 Nin 2 7 4 1 Packet Trigo dina 9 7 Required Fields ire 2 6 BA 4 5 Resetting the Prestige esses 2 10 PassWord corte ne dee INE 2 5 8 2 Restore Configuration sssssssss 10 7 Default tette trees 2 5 REC 1466 ein Rt han hs 3 3 How to Change it 2 10 RECAM 3 3 My Password Field 3 9 nilo E 3 6 4 8 4 9 SCIGenu ees Des ore eir ied 2 5 RIP Routing Information Protocol Setup 3 3 Ping ceo ete REP S rege EU 9 12 A A 3 3 Port Forwarding sse 1 2 RIP 2 5 edere ertt E apisia 3 3 Power Adapter esses 2 4 RI PH 2B ii ses ced tner 3 3 Specifications Appendix P RIP 2M iiie es is 3 3 PPP LOB eate EEG 9 7 RoadRunner Support sss 1 3 A 3 8 3 11 RR Manager esee 1 5 3 9 4 2 Appendix liane coire REA rne ne F RR Telstr iiec 1 5 3 9 4 2 Encapsulation sss 3 11 4 4 4 10 RR Toshiba sss 1 5 3 9 4 2 SU 1 3 Rule Abbreviations ssseeeeee 7 6 PPP 1 5 3 8 S APPendix ost etn ciere nno doas H Client Configuration ssssssse 3 10 Schedu
4. SdcmdSyslogSend SYSLOG FILLOG SYSLOG NOTICE String String IP Src xx xx xx xx Dst xx xx xx xx prot spo xxxx dpo xxxx S042 R01mD IP is the packet header and S04 RO1mD means filter set 4 S and rule 1 R match m drop D 9 8 System Information and Diagnosis Prestige 310 Broadband Sharing Gateway Filter log Message Format Src Source Address Dst Destination Address prot Protocol TCP UDP ICMP spo Source port dpo Destination port Mar 03 10 39 43 202 132 155 97 ZyXEL GEN fffffffffffnordffO080 5052 RO1mF Mar 03 10 41 29 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 505 RO1mF Mar 03 10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 gt RO1mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 75052 RO1mF Mar 03 12 00 31 202 132 155 97 ZyXEL GEN fffffffffffnordffO080 5052 RO1mF Mar 03 12 00 52 202 132 155 97 ZyXEL GEN ffffffffffff 080 SO5 gt RO1mF Mar 03 12 00 57 202 132 155 97 ZyXEL GEN 00a0c5f502010080 SO5 gt RO1mF Mar 03 12 01 01 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 504 gt R01mF Mar 03 12 01 06 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 504 gt R01mF 4 PPP log PPP Log Message Format sdcmdSyslogSend SYSLOG_PPPLOG SYSLOG NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto C
5. Pin1 O O O O Q OO O Q Pin 9 Pin 6 Diagram 8 Pin Numbering WAN LAN CABLE PIN LAYOUT STRAIGHT THROUGH CROSSOVER Switch Adapter Switch Switch 1 IRD 1 OTD 1 IRD 1 IRD 2 IRD 2 OTD 2 IRD 2 IRD 3 OTD 3 IRD 3 OTD 3 OTD 6 OTD 6 IRD 6 OTD 6 OTD Appendix G Q Prestige 310 Broadband Sharing Gateway A Rear Patniel nte 2 2 Console Port 2 3 9 3 9 4 9 5 Q About This User s Guide sess XX COP Mist il About Your Gateway sss XX Customer Support essere vii Advanced Applications sess II D INS 1 4 Applying Schedule Sets to Remote Nodes 14 3 Default Password esse 2 5 AT command ssssssseeeee 10 1 Device Filters id 7 1 Authentication 4 5 DHCP iu Du onem 9 11 B Configuration esses 3 1 SUDDOTL cedet eet rne e eere 1 2 Backup esce ice batis 10 2 Diagnostic cese eene 9 11 Backup Configuration 10 2 10 5 DNS DI Eq d 3 6 Backup Via Console Port ssse 10 6 Domain Name eee 6 13 9 3 9 4 Boot commands coocooonoccconononcnoncconcnonononcnnnrnnnonnnnnos N DSL Modem nin moe nm e 15 2 Budget Management sss 11 2 11 3 Dynamic DNS ss 1 2 2 11 2 12 C DYNDNS Wildcard sss 2 11 E Gall Gontrol tii 1 3 11 2 Call History civic
6. sss 2 16 Internet Access sssssssesseeeee 15 2 Standard ica RES 1 5 3 9 4 2 LAN Interface ce tee cece 15 1 SUA Single User Account See NAT Password gie een 15 3 Subnet Mask 3 2 3 6 3 10 4 7 4 9 5 3 Problems Starting Up the Prestige 15 1 Syntax Conventions sss xxi Remote Management sssssss 15 3 SYSlO Ge ei cevesich winch te ees See UNIX Syslog WAN Interface coooooonconocnnccnooncoonconcconccnnnonnos 15 2 Syslog IP Address 9 7 Turning on Your Prestige sessessss 2 4 System Information sss 9 3 9 4 U System Maintenance 9 1 9 2 9 3 9 4 9 5 9 6 9 7 9 11 9 12 10 2 10 5 10 13 10 14 UNIX Syslog see 9 6 9 7 11 1 11 2 11 3 11 5 Uplink Button Usage ssee 2 3 System Name sisemisse iiinis iieii 2 12 Upload Firmware eee 10 10 System Parameter Table Generator 12 1 WARM 8 echter erre erede 10 10 System Status essere eene 9 1 System Timeout esssseseeeeere 13 4 w T WAN DHCP asociaron a 9 11 9 12 WAN Setup ienee tte E E es 15 2 TCP IP 3 6 4 6 4 10 7 7 7 9 7 11 7 16 Watt vi AAA a ee S 13 1 A TCP IP Filter Rule ets 1oriieeeas 1 1 ds Tel a ES 13 1 XMODEM Protocol cce 10 2 Telnet Configuration eee 13 1 Xmodem Upload
7. sess 10 17 Telnet Under NAT sse 13 1 Text File Format esses 12 1 Z TFTP ZVNOS ti ee atte 9 3 9 4 10 1 10 2 And FTP Over WAN see 13 4 ZyNOS F W Version ee 9 3 9 4 10 1 Command Example sss 10 5 ZYXEL MIB ettet cir ees 8 2 File Transfer seed ete 10 13 Over WAN deberet testet drerit nete edi dena 10 4 Restrictions oooooconnnoncccnononcnonananononos 10 4 13 4 Third Part Clients sss 10 5 Index U
8. essere eere nne nene nennen trennen 6 15 6 5 2 Example 2 Internet Access with an Inside Server sse 6 16 6 5 3 Example 3 Multiple Public IP Addresses With Inside Servers sss 6 17 6 5 4 Example 4 NAT Unfriendly Application Programs 6 21 60 0 Trigger Port Eorwardihg unte tpe RII e tte Oe Ped FRU en vete taa 6 22 6 6 1 Two Points To Remember About Trigger Ports sse 6 23 6 6 2 Trigger Port Forwarding Process c ccsccssceseceseeeseeeecaeeeneeeeeseeeeeceseenseceaecaeensecseeeaeeeaeeaes 624 PART III ADVANCED MANAGEMENT eene een een euet teen oe toto neto sts tn sete en sete sone soe te sone sns n sense teen see en m Chapter 7 Filter ConM uration c 7 1 Fol A A Pe ects cat oi adios mateo Hea teret metu 7 1 X Table of Contents Prestige 310 Broadband Sharing Gateway 7 1 1 The Filter Structure of the Prestige sse ener 7 2 TZ Configuring a Filter Set ete EN eO EGRE GT pete a e tes 7 4 7 2 1 Filter Rules Summary Menu sees enne enne enne nnns 7 5 72 2 Gonfig rmg a Filter Rule eset et tee eere e eie es 7 7 72 9 PEPP Filter Role iii A het e ten ERR 7 7 7 24 Generic Filter Rule 20 tb ree 7 11 Ta ExamplefFilter a ee e ee e tee e e eee aa 7 13 VA Filter Types and NAT eee tee e c he e eee ded 7 16 7 5 Applying a Filter and Factory Defaults
9. sss 7 17 7 5 1 LAN Trial A E are rit eee hee ted 7 17 7 5 2 Remote Node Filters neret e erheben de 7 18 Chapter 8 SNMP Configuration eerie esee sette ee eene teen nete nets antenne tons setas etos seen sess e ite etse netta sete Von 8 1 Sl About SNMP oce A aae ge ote am eem ita 8 1 8 2 Supported MIBS estne e etit e ee ettet tei i 8 2 8 3 SSNMPB Gonfig ration z uon edd entered seo m e edge Rod 8 2 8 4 SNMP Traps P 8 3 Chapter 9 System Information and Diagnosis sseseoeseossesssesseessoesooesooesocsseossosssessessceseoseeoesooesosssosssesssese 9 1 9 1 System Stats i NN 9 1 9 1 1 To get tothe System Status ii A a ea PR oe acia h 9 1 9 2 System Information and Console Port Speed 9 3 9 2 1 System Information A quee Ra tee er E 9 4 9 22 Console Port Speedo niente des eedem eie edes dive 9 5 9 3 Los and Traces e tst Gente e t oie n ii Re I DIE 9 5 9 3 1 Viewing Error Log niet aa 9 5 9 32 UNDIX Syslog iiic A Shed iic eee te E 9 6 9 3 3 Call Triggering Packet tacet REOR RO MAN UTOR 9 10 94 Diagnostie ise linda 9 11 9 4 WAN DEG Bis ch foetal Ge nd IIT ut Mod E meda 9 11 Chapter 10 Firmware and Configuration Maintenance eeeeeeeee eee eese tenente atten testa setas tns 10 1 IOT Filename Conventions asse ol vets 10 1 10 2 Backup Configura 10 2 10 2 1 Backup Configuration 5 eet A EAE 10 2 10 2 2 Using the FTP Command fro
10. Internet Access 3 1 Prestige 310 Broadband Sharing Gateway DNS Server Address Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for example the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it There are two ways that an ISP disseminates the DNS server addresses 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter them in the DNS Server fields in DHCP Setup 2 Leave the DNS Server fields in DHCP Setup blank for example 0 0 0 0 The Prestige acts as a DNS proxy when this field is blank Table 3 1 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192 168 1 2 192 168 1 32 192 168 1 65 192 168 1 254 Subnet mask 255 255 255 0 Gateway or default route 192 168 1 1 Prestige LAN IP 3 1 3 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the
11. Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is the starting local IP address ILA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs N A then put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to One and Server types Global IP Start This is the starting global IP address IGA If you have a dynamic 0 0 0 0 IP enter 0 0 0 0 as the Global IP Start Note that Global IP Start can be set to 0 0 0 0 only if the types are Many to One or Server End This is the ending global IP address IGA This field is N A for One N A to One Many to One and Server types Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel 6 4 NAT Server Sets Port Forwarding ANAT server set is a list of inside behind NAT on the LAN servers for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world Use Menu 15 NAT Setup to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example w
12. n vii A ERE xiv LASb OF blgnrlgee E xviii Preface PART I GETTING STARTED scere oett eene ev aS Pe He nura rura ia ineo ro ts teoste e Soer eseis ro EE Enea erae cia eben e ee tesies I Chapter 1 Getting to Know Your Prestige eee eee eee eee essen seen sentent n sense tn satus tasto seta seta sea sna n 1 1 1 1 The Prestige 310 Broadband Sharing Gateway essen 1 1 1 2 keat res of the Prestige Oi ote tee tette a tae e ne 1 1 1 2 1 10 100MB Auto negotiation Ethernet Fast Ethernet Interface sssssseeess 1 1 12 SNMP 455 Ica E UR e EE sath Ge ANON hess tet ugs 1 1 1 2 3 NAT Network Address Translation 1 1 1 22 Trafic Redirect A De ene m PE eA pr 1 2 1 2 5 Port Forwarding ise Ed WU deni dti 1 2 1 2 6 Trigger Port Forwarding ieseni eere en rris 1 2 1 27 intemal SPTGEN s nie en e Ut e ed tte is 1 2 1 2 8 DH GCE SUppPOrbys vse PEIUS 1 2 1 2 9 Dynamic DNS Support r e o a r a E E A E E a e 1 2 1 2 10 E Multicast it rete do RUE e e RE p da ae oe Rite chal 1 2 I 2 11 PPPOE SUPPO eni eet teet En iet E a E taken 1 3 1 2 12 PPTP Supports riie a A AAA A eee E einen 1 3 1 2 13 PADAS NO ee ee ede 1 3 1244 Call Schedule 1 3 12315 Call Control a A op dee PEOR PRO eb 1 3 1 2 16 Full Network Management esee eee e vH e e ere e edes 1 3 12 17 RoadRunner Support eee eenee cede eee e e eee e ded 1 3 12 18 Timeand Date Setting eaae GER RR UTE Re ER dd 1 3 12 19 L
13. 00 00 FE 06 FB 20 CO A8 01 01 00 OD 05 B8 DO 00 00 00 00 00 20 00 EO 6A 00 00 02 04 02 00 continue Figure 9 9 Call Triggering Packet Example 9 10 System Information and Diagnosis Prestige 310 Broadband Sharing Gateway 9 4 Diagnostic The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly Menu 24 4 allows you to choose among various types of diagnostic tests to evaluate your system as shown next Menu 24 4 System Maintenance Diagnostic TCP IP 1 Ping Host 2 WAN DHCP Release 3 WAN DHCP Renewal 4 Internet Setup Test System 11 Reboot System Enter Menu Selection Number Host IP Address N A Figure 9 10 Menu 24 4 System Maintenance Diagnostic Follow the procedure below to get to Menu 24 4 System Maintenance Diagnostic Step 1 From the main menu enter 24 to open Menu 24 System Maintenance Step 2 From this menu enter 4 to display Menu 24 4 System Maintenance Diagnostic 9 4 1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in Figure 9 11 The Prestige can act either as a WAN DHCP client IP Address Assignment field in menu 4 or menu 11 3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet or none i e you have a static IP The WAN Release and Renewal fields in menu 24 4 conveniently allow you to release and or renew the assigned WAN
14. List of Figures XV Prestige 310 Broadband Sharing Gateway Figure 9 1 Menu 24 System Maintenance 0 ce ceeecsescceseeseesecseesecsevsccnaeeeceaeceeesecaeverceaseceaecaeeaeeaeeeeeneees 9 1 Figure 9 2 Menu 24 1 System Maintenance Status essere nennen ener 9 2 Figure 9 3 Menu 24 2 System Information and Console Port Speed sse 9 4 Figure 9 4 Menu 24 2 1 System Maintenance Information ooononcnicncnnncnnnconnnnnononononcnn nono eene rene 9 4 Figure 9 5 Menu 24 2 2 System Maintenance Change Console Port Speed sss 9 5 Figure 9 6 Examples of Error and Information Messages sscsssscssssescesseeceseceeesecaeeetcnaeeeceaecaeenevseeeaeeeees 9 6 Figure 9 7 Examples of Error and Information Messages eese enne 9 6 Figure 9 8 Menu 24 3 2 System Maintenance UNIX Syslog eene 9 7 Figure 9 9 Call Triggering Packet Example eese enne enne nne 9 10 Figure 9 10 Menu 24 4 System Maintenance Diagnostic coo ooconoccnoconoconononononncnn nono nonnonanono nono rn eene 9 11 Figure 9 21 1 WAN amp LAN DHCP oc eet ro Re te ee e e aeree s 9 12 Figure 10 1 Telnet in Mem 24 iii A rot ep e p epa eqs 10 3 Figure 10 2 FTP Session Example eere A E hts 10 4 Figure 10 3 System Maintenance Backup Configuration ooonccnocnonnnnnoncnncnncnncononnnononnnonnon crono erre 10 6 Figure 10 4 System Ma
15. bin to set transfer mode to binary Step 6 Use get to transfer files from the Prestige to the computer for example get rom 0 config rom transfers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt Firmware and Configuration Maintenance 10 3 Prestige 310 Broadband Sharing Gateway Example of FTP Commands from the DOS Prompt 331 Enter PASS command Password 230 Logged in ftp gt bin 200 Type I OK ftp gt get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 16384 bytes sent in 1 10Seconds 297 89Kbytes sec ftp gt quit Figure 10 2 FTP Session Example Third Party FTP Clients The following table describes some of the commands that you may see in third party FTP clients Table 10 2 General Commands for Third Party FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user I D and password is automatically supplied to the server for anonymous access Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Initial
16. Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection Figure 9 3 Menu 24 2 System Information and Console Port Speed 9 2 1 System Information System Information gives you information about your system as shown below More specifically it gives you information on your routing protocol country code Ethernet address IP address etc Menu 24 2 1 System Maintenance Information Name P310 www zyxel com Routing IP ZyNOS F W Version V2 51 2 17 2000 LAN Ethernet Address 00 a0 c5 21 8c a2 IP Address 192 168 1 10 IP Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Figure 9 4 Menu 24 2 1 System Maintenance Information Table 9 2 Fields in System Maintenance FIELD DESCRIPTION Name This is the Prestige s system name domain name assigned in menu 1 for example System Name Prestige Domain Name zyxel com Name P310 zyxel com Routing Refers to the routing protocol used ZyNOS F W Version Refers to the version of ZyXEL s Network Operating System software 9 4 System Information and Diagnosis Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION Ethernet Address Refers to the Ethernet MAC Media Access Control address of your Prestige IP Address This is the IP address of the Prestige in dotted decimal notation IP Mask This shows the subnet mask of the
17. Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Starting XMODEM download CRC mode Cccccccccc Figure 10 10 System Maintenance Starting Xmodem Download Screen Step 3 Run the HyperTerminal program by clicking Transfer then Receive File as shown in the following screen Firmware and Configuration Maintenance 10 9 Prestige 310 Broadband Sharing Gateway Send File El E Type the configuration file s location or click Folder C Program Files Dreta sea for le Filename C Product contig rom Browse Protocol Choose the Xmodem modem protocol ancel Then click Send Figure 10 11 Restore Configuration Example Step 4 After a successful restoration you will see the following screen Press any key to restart the Prestige and return to the SMT menu Save to ROM Hit any key to start system reboot Figure 10 12 Successful Restoration Confirmation Screen 10 4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files You can upload configuration files by following the procedure in the previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload Router Configuration File for console port WARNING DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE 10 4 1 Firmware File Upload FTP is the pre
18. 192 168 1 33 192 168 1 1 Fus x 2B i 9 52 Prestige 3 Q gt Computer o O IP addressz 7 C Q D 192168 1 34 os oO 5920 Computer Z p IP address CL 19 168 1 35 Computer IP address IP address assigned 192 168 1 36 by ISP Figure 6 11 Multiple Servers Behind NAT Example 6 14 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway 6 5 General NAT Examples 6 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where all your ILAs Inside Local addresses map to one dynamic IGA Inside Global Address assigned by your ISP Inside Local One Dynamic PC 3 L L1 Addresses ILA Inside Global Addresses IGA Assigned by ISP Figure 6 12 NAT Example 1 Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server IP N A IP Address Assignment Dynamic IP Address N A I Mas N A Gateway IP Address N A Ta a A Press ENTER to Confirm or ESC to Cancel Figure 6 13 Menu 4 Internet Access and NAT Example Network Address Translation NAT 6 15 Prestige 310 Broadband Sharing Gateway From menu 4 shown above simply choose the SUA Only option from the Network Address Translation field This is the Many to One mapping discussed in section 6 5 The SUA Only read only option from the Network Address Translation field in menus 4
19. 2 5 1 Main Menu After you enter the password the SMT displays the Main Menu as shown next 2 6 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway Copyright c 1994 2002 ZyXEL Communications Corp Prestige 310 Main Menu Getting Started Advanced Management 1 General Setup 21 Filter Set Configuration 2 WAN Setup 22 SNMP Configuration 3 LAN Setup 23 System Password 4 Internet Access Setup 24 System Maintenance Advanced Applications 26 11 Remote Node Setup 12 Static Routing Setup 15 NAT Setup Schedule Setup 99 Exit Enter Menu Selection Number Figure 2 5 Prestige 310 Main Menu 2 5 2 System Management Terminal Interface Summary Table 2 4 Main Menu Summary NO MENU TITLE FUNCTION 1 General Setup Use this menu to set up routing bridging and general information 2 WAN Setup Use this menu to clone a MAC address from a computer on your LAN 3 LAN Setup Use this menu to configure LAN DHCP and TCP IP settings as well as apply LAN filters 4 Internet Access Setup Configure your Internet Access setup Internet address gateway login etc with this menu 11 Remote Node Setup Use this menu to configure detailed remote node settings your ISP is also a remote node as well as apply WAN filters 12 Static Routing Setup Configure static routes for bridging and IP in this menu 15 NAT Setup Use this menu to configure Network A
20. IP address subnet mask and default gateway in a fashion similar to winipcfg System Information and Diagnosis 9 11 Prestige 310 Broadband Sharing Gateway DHCP LAN WAN Server Client Relay None None Prestige Figure 9 11 WAN 8 LAN DHCP The following table describes the diagnostic tests available in menu 24 4 for your Prestige and the connections Table 9 4 System Maintenance Menu Diagnostic NUMBER FIELD DESCRIPTION 1 Ping Host Enter 1 to ping any machine with an IP address on your LAN or WAN Enter its IP address in the Host IP Addres field mentioned in the last row of this table 2 WAN DHCP Release Enter 2 to release your WAN DHCP settings 3 WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings The renewal timeout is 32 seconds 4 Internet Setup Test Enter 4 to test the Internet Setup You can also test the Internet Setup in menu 4 Internet Access Please refer to the chapter Internet Access for more details 11 Reboot System Enter 11 to reboot the Prestige Host IP Address If you entered 1 above then enter the IP address of the machine you want to ping in this field 9 12 System Information and Diagnosis Prestige 310 Broadband Sharing Gateway Chapter 10 Firmware and Configuration Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file 10 1 Filename Con
21. Once it is successfully configured the address will be copied to the rom file ZyNOS configuration file It will not change unless you change the setting in menu 2 or upload a different rom file The following table contains instructions on how to configure your WAN setup 2 14 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway Table 2 7 WAN Setup Menu Fields FIELD DESCRIPTION EXAMPLE MAC Address Assigned By Press the SPACE BAR to choose one of two methods to assign a IP Address MAC Address Choose Factory default to select the factory assigned attached on default MAC Address Choose IP Address attached on LAN to use LAN the MAC Address of that workstation whose IP you give in the following field IP Address This field is applicable only if you choose the IP Address attached 192 168 1 33 on LAN method in the Assigned By field above Enter the IP address of the workstation on the LAN whose MAC you are cloning When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Your Prestige WAN Port is always set at half duplex mode as most cable modems only support half duplex mode If your cable modem supports full duplex mode then you will be able to manually set it at half duplex mode If the Prestige is set at half duplex mode and the cable modem is set at full duplex mode the
22. Step 2 Fill in the required fields Refer to the table shown next for more information about these fields Table 2 5 General Setup Menu Fields FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes It is P310 recommended you enter your computer s Computer name in this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Domain Name Enter the domain name if you know it here If you leave this field zyxel com tw blank the ISP may assign a domain name via DHCP You can go to menu 24 8 and type sys domainname to see the current domain name used by your gateway If you want to clear this field just press the SPACE BAR The domain name entered by you is given priority over the ISP assigned domain name Edit Dynamic Press the SPACE BAR to select Yes or No default Select Yes to No DNS configure Menu 1 1 Configure Dynamic DNS discussed next When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 2 7 3 Configuring Dynamic DNS To configure Dynamic DNS go to Menu 1 General Setup and press select Yes in the Edit Dynamic DNS field Press ENTER to display Menu 1 1 Configure Dynamic DNS as shown next 2 12 Hardware Installation and Initial Setup Prestige 3
23. bin is the generic 200 Type I OK name for the ZyNOS firmware on P RIA ftp gt bye the Prestige 3 Upload your rom t file from your computer to the Prestige using the put command M VA computer to the Prestige 4 Exit this FTP application Figure 12 3 Internal SPTGEN FTP Upload Example 12 4 Internal SPTGEN Prestige 310 Broadband Sharing Gateway Chapter 13 Remote Management This chapter covers remote management SMT menu 24 11 13 1 Telnet The only way to configure the Prestige for remote management is through an SMT session using the console port Once your Prestige is configured you can use telnet to configure it remotely as shown next User telnets into the LAN via the Prestige Figure 13 1 Telnet Configuration on a TCP IP Network 13 2 FTP You can upload and download Prestige firmware and configuration files using FTP please see Chapter 10 for details To use this feature your computer must have an FTP client 13 3 Web You can use the Prestige s embedded web configurator for configuration and file management See the Read Me First to learn how to access the web configurator 13 4 SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network Refer to the SVMP chapter for more infor
24. then the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a 0 0 0 0 dynamic IP enter 0 0 0 0 as the Global Start IP Global End IP This is the ending global IP address IGA N A Type These are the mapping types discussed above see Server Table 6 2 Server allows us to specify multiple servers of different types behind NAT to this machine See later for some examples Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel Network Address Translation NAT 6 9 Prestige 310 Broadband Sharing Gateway User Defined Address Mapping Sets Now let s look at option 1 in menu 15 1 Enter 1 to bring up this menu We ll just look at the differences from the previous menu Note the extra Action and Select Rule fields mean you can configure rules in this screen Note also that the in the Set Name field means that this is a required field and you must enter a name for the set If the Set Name field is left blank the entire set will be deleted Menu 15 1 1 Address Mapping Rules Set Name NAT_SET 2 3 4 D 6 T 8 9 0 p Action Edit Select Rule N A Press ENTER to Confirm or ESC to Cancel Figure 6 8 Menu 15 1 1 First Set The Type Local and Global Start End IPs are configured in m
25. to choose PPTP You must also go to PPTP menu 11 3 to check the IP Address setting once you have Remote Node Setup 4 3 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE selected the encapsulation method My IP Addr Enter the IP address of the WAN Ethernet port 10 0 0 140 Server IP Addr Enter the IP address of the ANT modem 10 0 0 138 Connection Enter the connection ID or connection name in the ANT It N My ISP ID Name must follow the c id and n name format This field is optional and depends on the requirements of your xDSL Modem Schedules You can apply up to four schedule sets here For more details please refer to the Call Schedule Scheduling chapter Nailed Up Use the SPACE BAR to select Yes if you want to make the No Connections connection to this remote node a nailed up connection Nailed Up Connection A nailed up connection is a dial up line where the connection is always up regardless of traffic demand The Prestige does two things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the Prestige will try to bring up the connection at power on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no
26. with your network Setting up Your Windows 95 98 Me Computer Installing TCP IP Components 1 Click Start Settings Control Panel and double click the Network icon The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter a In the Network window click Add b Select Adapter and then click Add c Select the manufacturer and model of your network adapter and then click OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add Appendix A A Prestige 310 Broadband Sharing Gateway b Select Client and then click Add c Select Microsoft from the list of manufacturers d Select Client for Microsoft Networks from the list of network clients and then click OK e Restart your computer so the changes you made take effect Configuring TCP IP 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab e If your IP address is dynamic select Obtain an IP address automatically e Ifyou have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask
27. 1123 1 Resetting the Time itm ei e ehe ri ec e ea 11 6 Chapter 12 Internal SPTGEN eese eese eese seen setas tns ta stes sens sens essen netu neto seta setas tos tas etas ts sts ones 12 1 12 1 The Configuration Text File Format sese enne nnns 12 1 12 1 1 Internal SPTGEN File Modification Important Points to Remember sss 12 2 12 2 Internal SPTGEN FTP Download Example sese eene 12 3 12 3 Internal SPTGEN FTP Upload Example sse ener 12 4 Chapter 13 Remote Management eeeeeee esee eee eee ense esteso tassa setas tins s sens enses sense suse sn setas tasses sna 13 1 132 A A e cr EROR re CH pede er RTT 13 1 13 2 PA ei ta at ce eite e eti e rita 13 1 NN 13 1 VB Mug 13 1 Mc 13 2 13 6 Remote Management eie cedes esci deserit etae eo det neo eo eee ee esee tette oed een ee Pe Tende ee rere alae 13 2 13 6 1 Remote Management Limitations essere ener nnne enn 13 4 13 7 Remote Management and NAT sssssesssseseeseee eene enne en rennen enne ener nenne 13 4 13 8 System Timeoutc sa eccessivo STO RU LH ri 13 4 Chapter 14 Call Scheduling eee eee eese eee enne en seen sts tanta connconncnnnc nooo neto non ccoo netu setas esta nor nonn conos 14 1 lAl Introduction eet eto ERE ee en aq tesis e etes LAE A Docet 14 1 14 2 Schedule Set p is A nite en ue tO e ed CRI UI eA 14 1 14 34 Schedule Set S
28. 2 NetBIOS LAN 8 3 TEL FTP WEB WAN 9 4 10 5 SNMP_WAN TL 6 12 Enter Filter Set Number to Configure 0 Edit Comments Press ENTER to CONFIRM or ESC to CANCEL Figure 7 3 Menu 21 Filter Set Configuration Step 2 Select the filter set you wish to configure no 1 12 and press ENTER Step 3 Enter a descriptive name or comment in the Edit Comments field and press ENTER Step 4 Press ENTER at the message Press ENTER to confirm to open Menu 21 1 1 Filter Rules Summary Menu 21 1 Filter Rules Summary A Type Filter Rules Mmn I Y LB Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 137 NDN 2 YS ALP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 138 NDN 3 Y IP Pr 6 SA 0 0 0 0 DA 0 0 0 0 DP 139 NDN 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 NDN 5 Y AP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 NDN 6 Y TP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 NDF Enter Filter Rule Number 1 6 to Configure Figure 7 4 NetBIOS_WAN Filter Rules Summary 7 4 Filter Configuration Prestige 310 Broadband Sharing Gateway Menu 21 2 Filter Rules Summary Filter Rules SA 0 0 0 0 SP 137 DA 0 0 0 0 DP 53 Enter Filter Rule Number 1 6 to Configure Menu 21 3 Filter Rules Summary Filter Rules Enter Filter Rule Number 1 6 to Configure Figure 7 6 TEL_FTP_WEB_WAN Filter Rules Summary Menu 21 5 Filter Rules Summary Filter Rules SA 0 0 0 0 DA 0 0 0 0 DP 161 Enter Filter Rule Number 1 6 to Configure Figu
29. 255 255 255 255 Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Figure 6 19 Example 3 Final Menu 15 1 1 Now configure the IGA3 to map to our web server and mail server on the LAN Step 8 Enter 15 from the main menu Step 9 Now enter 2 from this menu and configure it as shown in Figure 6 20 Menu 15 2 NAT Server Setup Rule Start Port No End Port No IP Address Default 80 25 0 026 026 RR Reserved 0 0 0 0 0 0 0 1 Press ENTER to Confirm or ESC to Cancel Figure 6 20 Example 3 Menu 15 2 6 20 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway 6 5 4 Example 4 NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation In this case it is better to use Many One to One mapping as port numbers do not change for Many One to One and One to One NAT mapping types The following figure illustrates this Game Player 1 192 168 1 10 Mapping Rules 1 Game Players 1 to 3 lt gt IGAs 1to 3 Type Many One to One Game Player 2 192 168 1 11 Prestige 10 132 50 1 IGA 1 10 132 50 2 IGA 2 10 132 50 3 IGA 3 Game Player 3 192 168 1 12 Figure 6 21 NAT Example 4 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One and Many O
30. 4 Menu 11 3 Applying NAT to the Remote Node The following table describes the options for Network Address Translation Table 6 3 Applying NAT in Menus 4 and 11 3 FIELD OPTIONS DESCRIPTION Network Full When you select this option the SMT will use Address Mapping Set 1 Address Feature menu 15 1 see section 6 3 1 for further discussion You can configure Translation any of the mapping types described in Table 6 2 Choose Full Feature if you have multiple public WAN IP addresses for your Prestige None NAT is disabled when you select this option SUA Only When you select this option the SMT will use Address Mapping Set 255 menu 15 1 see section 6 3 1 Choose SUA Only if you have just one public WAN IP address for your Prestige 6 3 NAT Setup Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN You can see two NAT Address Mapping sets in menu 15 1 You can only configure Set 1 Set 255 is used for SUA When you select Full Feature in menu 4 or 11 3 the SMT will use Set 1 which supports all mapping types as outlined in Table 6 2 When you select SUA Only the SMT will use the pre configured Set 255 read only Network Address Translation NAT 6 7 Prestige 310 Broadband Sharing Gateway A server set is a list of LAN side servers mapped to external ports To use this set one set for the Prestige 50 a server rule
31. 5 Figure 3 4 Menu 3 2 TCP IP and DHCP Ethernet Setup 0 00 0 eeecceecscsseceseseeeeceeeeceaeeecaecaesaeeaeeeeeneees 3 5 Figure 3 5 Menu 3 2 1 IP Alias Setup ooononnnonconocononocnnnnnononcnnnannonononononrnnonarnnnn tenen teen nenne nne nntnne tnn n tenente ens 3 7 Figure 3 6 Internet Access Setup Ethernet eere 3 9 Figure 3 7 Internet Access Setup PPTP ssssssssssssssssssseseeeeen enne eene nennen enne 3 11 Figure 3 8 Internet Access PPPOE oooooconoconocononooonconoconoconocnnconncon nono nonnnno nn enne enne enne nne nennen nnne enn 3 12 Figure 3 9 Internet Setup Test Example eese enne eene enne conan entren teens 3 13 Figure 4 1 Remote Node Profile for Ethernet Encapsulation eee 4 1 Figure 4 2 Remote Node Profile for PPTP Encapsulation sees 4 3 Figure 4 3 Menu 11 1 Remote Node Profile for PPPoE Encapsulation eene 4 5 Figure 4 4 Remote Node Network Layer Options essere ener nnne nnns 4 7 Figure 4 5 Remote Node Network Layer Options ssssssssssesseseeeeen ener 4 8 Figure 4 6 Remote Node Filter Ethernet Encapsulation sss eene 4 10 Figure 4 7 Remote Node Filter PPTP PPPoE Encapsulation ccssecssssssseecseeeeceeeeeceseeseesecaecaeeaeeneeerenee 4 11 Figure 4 8 Traffic Redirect Hardware SetUP ooooonoononinonnonoocnooncnonconoconoco nono nro nconnrnn nono nono rra n ran n narra nn ran nennen 4
32. Base MIB 8 2 Hardware Specifications sesssss Q Many One to One seen 6 5 Hidden Menus reU 2 6 Many to Many Overload sse 6 5 HTTP iusso eee 6 13 MEN s e ipte E 6 5 HyperTerminal Program 10 6 10 9 huiusce PD 4 7 4 9 5 3 1 Multicast isses 1 2 4 10 My WAN Address sse 4 9 Idle Timeout cies eie 4 4 N IGMP Internet Group Multicast Protocol 3 4 Mii S Nailed Up Connection oooooonoccnocnnononononnnonnnnnnnos 4 4 Installation Requirements Additional 2 4 NAT ia 1 1 4 7 4 9 7 16 Internal SPTGEN esses 1 2 12 1 Application dei eee s 6 3 FTP Download Example 12 3 Applying NAT in the SMT Menus 6 6 FTP Upload Example 12 4 Configuring ert eee eme 6 7 Points to Remember sss 12 2 D finitions nasce Deeds 6 1 Screen Examples Appendix K Examples oasis 6 15 Text Elle eto tette 12 1 How NAT Works see 6 2 Index S Prestige 310 Broadband Sharing Gateway Mapping Types oooocccccoccnocononononnnononncnncnncnnons 6 4 Related Documentation esses XX Non NAT Friendly Application Programs 6 21 Remote Management Limitations 13 4 Ordering Rules ssssssssses 6 10 Remote Management Setup
33. Broadband Sharing Gateway Chapter 11 System Maintenance and Information This chapter leads you through SMT menus 24 8 to 24 11 11 1 Command Interpreter Mode The Command Interpreter CI is a part of the main router firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions The CI can be entered from the SMT by selecting menu 24 8 Access can be either by Telnet or by a serial connection to the console port although some commands are only available with a serial connection See the support CD or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by entering help or at the command prompt Type exit and press ENTER to return to the SMT main menu when finished Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Firmware Update C LB Command Interpreter Mode 9 Call Control 10 Time and Date Setting 11 Remote Management Setup Enter Menu Selection Number Figure 11 1 Command Mode in Menu 24 System Maintenance and Information Prestige 310 Broadband Sharing Gateway Copyright c 1994 2002 ZyXEL Communications Corp ras gt Valid commands are sys exit device poe config ip hdap ras gt Figure 11 2 Valid
34. Confirm to save your configuration or press ESC at any time to cancel 3 2 1 IP Alias Setup Use menu 3 2 to configure the first network and move the cursor to the Edit IP Alias field and press SPACE BAR to choose Yes and press ENTER to configure the second and third network Pressing ENTER opens Menu 3 2 1 IP Alias Setup as shown next Menu 3 2 1 IP Alias Setup IP Alias 1 No P Address N A Subnet Mask N A RIP Direction N A Version N A ncoming protocol filters N A Outgoing protocol filters N A IP Alias 2 No P Address N A P Subnet Mask N A RIP Direction N A Version N A ncoming protocol filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Figure 3 5 Menu 3 2 1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters Internet Access 3 7 Prestige 310 Broadband Sharing Gateway Table 3 5 IP Alias Setup Menu Fields FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the Prestige Yes IP Address Enter the IP address of your Prestige in dotted decimal notation 192 168 2 1 IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on 255 255 255 0 the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the Prestige RIP Direction Press the SPACE BA
35. ID within the WAN call the call reference number which starts from 1 and increments by 1 for each new call str CO1 Outgoing Call dev xx ch xx dev device No ch channel No L02 Tunnel Connected L2TP C02 OutCall Connected xxxx means connected speed xxxxx means Remote Call Number L02 Call Terminated C02 Call Terminated Jul 19 11 19 27 192 168 102 2 ZyXEL board 0 line O channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZyXEL board O line O channel 0 call 1 CO2 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZyXEL board 0 line O channel 0 call 1 C02 Call Terminated 2 Packet triggered Packet triggered Message Format sdcmdSyslogSend SYSLOG_PKTTRI SYSLOG_NOTICE String String Packet trigger Protocol xx Data Xxxxxxxxxxx X Protocol 1 1P 2 IPX 3 IPXHC 4 BPDU 5 ATALK 6 IPNG Data We will send forty eight Hex characters to the server Jul 19 11 28 39 192 168 102 2 ZyXEL Packet Trigger Protocol 1 Data 4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6f70 71727374 Jul 19 11 28 56 192 168 102 2 ZyXEL Packet Trigger Protocol 1 Data 4500002c1b0140001f06b50ec0a86614ca849a7b0427001 700195b3e00000000600220008cd40000020405b4 Jul 19 11 29 06 192 168 102 2 ZyXEL Packet Trigger Protocol 1 Data 45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d1430135004000077600000 3 Filter log Filter log Message Format
36. Not Matched will be No Log Select the logging option from the following None None No packets will be logged Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule parameters will be logged Both All packets will be logged Action Matched Select the action for a matching packet Options are Drop Check Next Rule Forward or Drop Action Not Matched Select the action for a packet not matching the rule Check Next Rule Options are Check Next Rule Forward or Drop Once you have completed filling in Menu 21 1 1 1 TCP IP Filter Rule press ENTER at the message Press Enter to Confirm to save your configuration or press ESC to cancel This data will now be displayed on Menu 21 1 1 Filter Rules Summary The following figure illustrates the logic flow of an IP filter Filter Configuration 7 9 Prestige 310 Broadband Sharing Gateway Packet 7 into IP Filter Filter Active No T Yes Y Apply SrcAddrMask to Src Addr Check Src Pader gt Not Matched Matched Y Apply DestAddrMask to Dest Addr Y _ Check Dest Not Matched IP Addr_ Matched Y gee Check ES ET IP Protocol Not Matched Y Matched 2A Check Si amp 3 Dest Port gt Not Matched Y Matche
37. Once is selected the schedule rule deletes automatically after the scheduled time elapses Once If you select Once in the How Often field above enter the date the 2001 01 01 set should activate in year month day format Date If you select Weekly in the How Often field above this field is N A Weekday If you select Weekly in the How Often field above then choose the N A D day s the set should activate and recur Individual Day default ay parameters are active when their fields read Yes and inactive when their fields read No or N A Start Time Enter the start time that you wish the schedule set to take effect in 12 00 hour minute format Duration Enter the maximum duration allowed in hour minute format for this 10 00 scheduled connection Action Choose an action Choices are Forced On means that the connection is maintained whether or not Forced On there is a demand call on the line and will persist for the time period specified in the Duration field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means that this schedule prevents a demand call on the line 14 4 Applying Schedule Sets to Remote Nodes Once your schedule sets are configured you must apply them to the desired remote node s Enter 11 from the main menu
38. Power Adapter Model AD 1201200DV JAD 121200E Input Power AC230Volts 50Hz 0 2A AC230Volts 50Hz Output Power DC12Volts 1 2A DC12Volts 1 2A Power Consumption 9W Safety Standards TUV CE EN 60950 UNITED KINGDOM PLUG STANDARDS PLUG STANDARDS JAPANESE AC Power Adapter Model AD 1201200DK JOD 48 1124 Input Power AC230Volts 50Hz 0 2A AC100Volts 50 60Hz 27VA Output Power DC12Volts 1 2A DC12Volts 1 2A Power Consumption 9W Safety Standards TUV CE EN 60950 BS7002 T Mark Japan Dentori AUSTRALIAN AND NEW ZEALAND PLUG STANDARDS AC Power Adapter Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 9W Safety Standards NATA AS 3260 Appendix F Prestige 310 Broadband Sharing Gateway Appendix G Hardware Specifications SPECIFICATIONS Power Specification I P AC 120V 60Hz O P DC 12V 1200 mA MTBF 100000 hrs Operation Temperature 0 C 40 degrees Celecius Ethernet Specification for WAN 10Mbit Half Full Manual Setting Ethernet Specification for LAN 10 100 Mbit Half Full Auto negotiation Console Port RS 232 Pin 1 NON Pin 2 DTE RXD Pin 3 DTE TXD Pin 4 DTE DTR Pin 5 GND Pin 6 DTE DSR Pin 7 DTE RTS Pin 8 DTE CTS PIN 9 NON See figure below
39. Prestige 310 Broadband Sharing Gateway List of Tables Table 1 1 Internet Access Configuration Checklist cccccccccessesseesscessceeeeeseceseceaecaecnaecseecaeeeaeeeaeeneeeneeeereeas 1 5 Table2 1 LED Descripttons oer tec PR EUST epe even en tea 2 1 Table 2 2 Ethernet Cable Requirements and the Uplink Button eese 2 3 Table 2 3 Main Men Commands optet rip rede is 2 6 Table 2 4 Main Menu Summary ite ee RE NGA ER NA Eee 2 7 Table 2 5 General Setup Mendo 2 12 Table 2 6 Configure Dynamic DNS Menu Fields sssssssssseseeeeeeeeneenee nennen 2 13 Table 2 7 WAN Setup Menu Fields sssssssssssssssesseseeeeeeen enne nnne nennen 2 15 Table 3 1 Example of Network Properties for LAN Servers with Fixed IP Addresses ssse 3 2 Table 3 2 Private IP Address Ranges nne eren ener ener 3 3 Table 3 3 LAN DHCP Setup Menu Fields sse nennen ener nennen nenne 3 6 Table 3 4 LAN TCP IP Setup Menu Fields sssesssssssssesseeeenenene neret nnne nnns 3 6 Table 3 5 IP Alias Setup Menu Fields sess enne ener nenne nnns 3 8 Table 3 6 Internet Access Setup Menu Fields ssssssssseseseseeee eene 3 9 Table 3 7 New Fields in Menu 4 PPTP Screen ssssssssssssssseseeeer eene enne enne ennt 3 11 Table 3 8 New Fields in Menu 4 PPPoE Screen sse eene 3 12 Table 4 1 Fields in Menu 11 1 Ethernet Encaps
40. Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 6 4 1 Configuring a Server behind NAT Follow these steps to configure a server behind NAT Step 1 Enter 15 in the main menu to go to Menu 15 NAT Setup Step 2 Enter2 to go to Menu 15 2 NAT Server Setup Step 3 Enter a port number in an unused Start Port No field To forward only one port enter it again in the End Port No field To specify a range of ports enter the last port to be forwarded in the End Port No field Step 4 Enter the inside IP address of the server in the IP Address field In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Network Address Translation NAT 6 13 Prestige 310 Broadband Sharing Gateway Step 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel Menu 15 2 NAT Server Setup Rule Start Port No End Port No IP Address Default Default 21 25 0 0 I 2 3 4 5 6 s 8 RR How 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 B 1 m N 026 026 Press ENTER to Confirm or ESC to Cancel Figure 6 10 Menu 15 2 NAT Server Setup The NAT network appears as a single host on the Internet FTP Telnet SMTP server IP add
41. Remote Node Network Layer Options IP Address Assignment Dynamic Rem IP Address N A Rem Subnet Mask N A My WAN Addr N A Network Address Translation Yes Metric 1 Private No RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Figure 4 5 Remote Node Network Layer Options 4 8 Remote Node Setup Prestige 310 Broadband Sharing Gateway The next table gives you instructions about configuring remote node network layer options Table 4 5 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE IP Address If your ISP did not assign you an explicit IP address select Dynamic Dynamic Assignment otherwise select Static and enter the IP address 8 subnet mask in the following fields Rem IP Address If you have a Static IP Assignment enter the IP address assigned to 192 168 1 1 the remote node Rem IP Subnet Mask If you have a Static IP Assignment enter the subnet mask assigned to the remote node 255 255 255 0 My WAN Addr Some implementations especially the UNIX derivatives require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number If this is the case enter the IP address assigned to the WAN port of your Prestige Note that this is the address assigned to your local Prestige not the remote router Network Addre
42. Setup Internet Access 3 5 Prestige 310 Broadband Sharing Gateway Follow the instructions in the following table on how to configure the DHCP fields Table 3 3 LAN DHCP Setup Menu Fields FIELD DESCRIPTION EXAMPLE DHCP This field enables disables the DHCP server If it is set to Server Server your Prestige will act as a DHCP server If set to None DHCP default service will be disabled and you must have another DHCP sever on your LAN or else the workstation must be manually configured When DHCP is set to Server the following four items need to be set The Prestige can now also act as a surrogate DHCP server Relay where it relays IP address assignment from the actual real DHCP server to the clients Configuration Client IP Pool Starting This field specifies the first of the contiguous addresses in the IP 192 168 1 33 Address address pool Size of Client IP Pool This field specifies the size or count of the IP address pool 32 Primary DNS Server Enter the IP addresses of the DNS servers The DNS servers are Secondary DNS passed to the DHCP clients along with the IP address and the Server subnet mask Leave these entries at 0 0 0 0 if they are provided by a WAN DHCP server DHCP Server Address The Prestige acts as a surrogate DHCP server when you select N A Relay from the DHCP field This field is N A when the DHCP field is Server or None Follow the instructions in the following table on h
43. WAN Setup 200000014 Assign MAC Address by lt 0 default 1 Fake 0 IP s MAC Addr gt 200000015 Fake IP 0 0 0 0 200000016 Fake Mac 00 16 07 20 00 16 Menu 3 1 General Ethernet Setup 301000000 Configured lt 0 No 1 Yes 256 None gt 301000001 Input Protocol filters Set 1 2 301000005 Input device filters Set 1 3 301000009 Ouput protocol filters Set 1 4 301000013 Ouput device filters Set 1 Menu 3 2 TCP I P and DHCP Ethernet Setup 302000000 Configured lt 0 No 1 Yes gt 302000001 DHCP lt 0 None 1 Server 2 Relay 302000002 Client IP Pool Starting Address 92 168 54 33 302000003 Size of Client IP Pool 32 302000004 Primary DNS Server 202 132 154 1 302000005 Secondary DNS Server 0 0 0 0 302000006 Relay Server Address 0 0 0 0 302000007 IP Address 192 168 54 1 302000008 IP Subnet Mask Bits 24 302000009 RIP Direction lt 0 None 1 Both 2 In Only 1 A lt Str gt or string requires that after the sign you should enter numbers letters or a combination of both These numbers denote applied filter rules configured in SMT menu 21 They are used here as examples only Appendix D Prestige 310 Broadband Sharing Gateway 3 Out Only gt 302000010 RIP Version O
44. concern 4 2 1 PPPoE Encapsulation The Prestige supports PPPoE Point to Point Protocol over Ethernet PPPoE is an IETF Draft standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem i e xDSL cable wireless etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius For the user PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for specific users Operationally PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific 4 4 Remote Node Setup Prestige 310 Broadband Sharing Gateway configuration of the broadband modem at the customer site By implementing PPPoE directly on the Prestige rather than individual computers the computers on the LAN do not need PPPoE software installed since the Prestige does that part of the task Furthermore with NAT all of the LANs computers will have access Enable PPPoE in menu 11 1 by pressing the SPACE BAR to select PPPoE in the Encapsulati
45. dao eH qs 7 6 Table 7 3 TCP IP Filter R le Menu EFields 53e ete ote eT m o Rees 7 1 Table 7 4 Generic Filter Rule Menu Fields neii nennen nnns 7 11 Table 8 1 SNMP Configuration Menu Fields sess eee enne nnns 8 3 Table 8 2 SNMP Traps cete tice ic 8 4 Table 9 1 System Maintenance Status Menu Fields essere 9 2 xviii List of Tables Prestige 310 Broadband Sharing Gateway Table 9 2 Fields in System Maintenance sse eene enne ener nennen nnns 9 4 Table 9 3 System Maintenance Menu Syslog Parameters cccsccsccesecsseeseeeeeeseceeeeeeceeceaecaecaeeeeeaeeeneeaes 9 7 Table 9 4 System Maintenance Menu Diagnostic sse enne eren enne 9 12 Table 10 1 Filename Conventions nae Re en a tede inertes 10 2 Table 10 2 General Commands for Third Party FTP Clients 10 4 Table 10 3 General Commands for Third Party TFTP Clients eessseseeeeeenenn 10 6 Table 11 1 Budget Management ai 11 3 Table 11 2 Call History Fields isn a 11 4 Table 11 3 Time and Date Setting Fields ico ee iere eee een 11 5 Table 13 1 Menu 24 11 Remote Management Control ooooonooonincnocononononccononnnono nono corn nnnnnon oro eene 13 3 Table 14 1 Schedule Set Setup Fields ocio nei d 14 2 Table 15 1 Troubleshooting the Start Up of your Prestige sess 15 1 Table 15 2 Troubleshooting the LAN Interface oooooonicnnconoconoooconnconconnco
46. distinct WAN networks More examples follow at the end of this chapter Network Address Translation NAT 6 3 Prestige 310 Broadband Sharing Gateway Corporation B Server in 3z Admin Network N P zIP 1 IGA 1 as 8 3 3 gt n S 2 220 d 2 7 LAN 192 168 1 X e o o o o a a a a Network Server Corporation A Admin 192 168 1 1 PC 1 PC1 Server in PC2 LAN2 192 168 2 X Sales Network PC2 Network Server zIP2 IGA 2 Sales 192 168 2 1 PC3 PC3 NT Server 492 168 2 1 N 9 a Server in 3 3 3 33 R amp D Network ZIP3 IGA 3 3 LAN3 192 168 3 X w Network Server R amp D 192 168 3 1 WAN Addresses LAN Addresses D efault IP s IGA 1 gt 192168 1 1 IGA 2 gt 192168 2 1 IGA 3 192168 3 1 Figure 6 2 NAT Application With IP Alias 6 1 5 NAT Mapping Types NAT supports five types of IP port mapping They are 1 One to One In One to One mode the Prestige maps one local IP address to one global IP address 2 Many to One In Many to One mode the Prestige maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers 3 Many to Many Overload In Many to Many Overload mode the Prestige maps the multiple local IP addresses to shared global IP addresses 4 Many One
47. fields 3 Click the DNS Configuration tab e If you do not know your DNS information select Disable DNS e f you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in 4 Click the Gateway tab e Ifyou were not given a gateway IP address remove previously installed gateways e Ifyou have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying TCP IP Properties 1 Click Start and then Run 2 Inthe Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway B Appendix A Prestige 310 Broadband Sharing Gateway Setting up Your Windows NT 2000 Computer Configuring TCP IP 1 6 7 8 Click Start Settings Network and Dial up Connections and right click Local Area Connection or the connection you want to configure and click Properties Select Internet Protocol TCP IP you may need to scroll down and click Properties The Internet Protocol TCP IP Properties window opens If your IP address is dynamic click Obtain an IP address automatically If you have a static IP address click Use the following IP Add
48. figure Call Filtering ctive Data No Built in User defined default Call Filters Initiate call Call Filters if applicable if line not up Y T i Outgoing Data match Packet Filtering i J i J E Send packet and reset Match Idle Timer Drop Drop packet Drop packet packet if line not up if line not up Or Or Send packet Send packet but do not reset but do not reset Idle Timer Idle Timer Figure 7 1 Outgoing Packet Filtering Process For incoming packets your Prestige applies data filters only Packets are processed depending upon whether a match is found The following sections describe how to configure filter sets Filter Configuration 7 1 Prestige 310 Broadband Sharing Gateway 7 1 1 The Filter Structure of the Prestige A filter set consists of one or more filter rules Usually you would group related rules for example all the rules for NetBIOS into a single set and give it a descriptive name The Prestige allows you to configure up to twelve filter sets with six rules in each set for a total of 72 filter rules in the system You cannot mix device filter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules yo
49. for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 2 Map the second IGA to our second inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping Rule 4 You also map your third IGA to the web server and mail server on the LAN Type Server allows you to specify multiple servers of different types to other computers behind NAT on the LAN The example situation looks somewhat like this Network Address Translation NAT 6 17 Prestige 310 Broadband Sharing Gateway Other Computers on the LAN Web Server 192 168 1 21 Mapping Rules 1 FTP 1 lt gt IGA 1 Type 1 1 2 FTP 2 lt gt IGA 2 Type 1 1 3 Other LAN traffic gt IGA 3 Type M 1 Outgoing Traffic 4 IGA 3 gt Internal web server and mail server Incoming Traffic Prestige Mail Server 192 168 1 20 10 132 50 1 IGA 1 10 132 50 2 IGA 2 10 132 50 3 2 IGA 3 FTP Server 1 192 168 1 10 FTP Server 2 192 168 1 11 Figure 6 16 NAT Example 3 Step 1 In this case you need to configure Address Mapping Set 1 from Menu 15 1 Address Mapping Sets Therefore you must choose the Full Feature option from the Network Address Translation field in menu 4 or menu 11 3 in Figure 6 17 Step 2 Then enter 15 from the main menu Step 3 Enter 1 to configure the A
50. have just one public WAN IP address for your Prestige 2 Choose Full Feature if you have multiple public WAN IP addresses for your Prestige 6 2 2 Applying NAT You apply NAT via menus 4 or 11 3 as displayed next The next figure shows you how to apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Internet Access Setup Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server IP N A IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gatewa L_Address A Network Address Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 6 3 Menu 4 Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11 1 Step 1 Enter 11 from the main menu Step 2 Move the cursor to the Edit IP field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options 6 6 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation SUA Only fetric N A Private N A RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Figure 6
51. however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Go to menu 3 1 shown below and enter the number s of the filter set s that you want to apply as appropriate You can choose up to four filter sets from twelve by entering their numbers separated by commas for example 3 4 6 11 Input filter sets filter incoming traffic to the Prestige and Output filter sets filter outgoing traffic from the Prestige A factory default set NetBIOS_LAN is inserted in protocol filters field under Input Filter Sets in menu 3 1 to block NetBIOS traffic to the Prestige from the LAN Menu 3 1 LAN Port Filter Setup Input Filter Sets Apply protocol filters 2 m factory device filters Output Filter Sets default Protocol filters filters device filters here Press ENTER to Confirm or ESC to Cancel Figure 7 16 Filtering LAN Traffic Filter Configuration 7 17 Prestige 310 Broadband Sharing Gateway 7 5 2 Remote Node Filters Go to menu 11 5 shown next note that call filter sets are only present for PPPoE encapsulation and enter the number s of the filter set s as appropriate You can cascade up to four filter sets by entering their numbers separated by commas The factory default filter set NetBIOS WAN can be applied in menu 11 5 to block local NetBIOS traffic from triggering calls to the ISP when you are using PPPoE or PPTP encapsulation only Ente
52. in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts RIP Version Press the SPACE BAR to select the RIP direction from Both None In Only or Out Only Please see the RIP Setup section for more information on RIP The default for RIP on the WAN side is None It is recommended that you do not change this setting Press the SPACE BAR to select the RIP version Options are RIP 1 RIP 2B RIP 2M or None None None Multicast IGMP Internet Group Multicast Protocol is a session layer protocol used to establish membership in a Multicast group The Prestige supports both IGMP version 1 IGMP v1 and version 2 IGMP v2 Press SPACE BAR to enable IP Multicasting or select None to disable it See the previous Part for more information on this feature IGMP v2 Once you have completed filling in the Network Layer Options Menu press ENTER to return to menu 11 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 4 3 1 Editing TCP IP Options with PPTP Encapsulation Make sure that Encapsulation is set to PPTP in menu 11 1 Move the cursor to the Edit IP field in menu 11 1 and then press the SPACE BAR to select Yes Press ENTER to open Menu 11 3 Network Layer Options Menu 11 3
53. is reached the call will be dropped and further outgoing calls to that remote node will be blocked After each period the total budget is reset The default for the total budget is 0 minutes and the period is 0 hours meaning no budget control You can reset the accumulated connection time in this menu by entering the index of a remote node Enter 0 to update the screen The budget and the reset period can be configured in menu 11 1 for the remote node Table 11 1 Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you 1 want to reset just one in this case Connection Time Total This is the total connection time that has gone by 5 10 means that 5 Budget within the allocated budget that you set in menu minutes out of a 11 1 total allocation of 10 minutes have lapsed Elapsed Time Total The period is the time cycle in hours that the 0 5 1 means that Period allocation budget is reset see menu 11 1 The 30 minutes out of elapsed time is the time used up within this period the 1 hour time period has lapsed Enter 0 to update the screen or press ESC to return to the previous screen 11 2 2 Call History Menu 24 9 System Maintenance Call Control displays information about past incoming and outgoing calls Enter 2 from Menu 24 9 System Maintenance Call Control to bring up the following menu System Maintenance and Information 11 3 Pr
54. must be set up inside the NAT Address Mapping set Please see section 6 4 for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Menu 15 NAT Setup Address Mapping Sets Server Set Enter Menu Selection Number Figure 6 5 Menu 15 NAT Setup 6 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Sets Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only Enter Menu Selection Number Figure 6 6 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen The fields in this menu cannot be changed 6 8 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Menu 15 1 255 Address Mapping Rules Set Name SUA Idx Local Start IP m Server dis 3 4 Be 6 Ts 8 9s ORs H Press ENTER to Confirm or ESC to Cancel Figure 6 7 Menu 15 1 255 SUA Address Mapping Rules The fields in Menu 15 1 255 are read only Table 6 4 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in menu 15 1 or SUA enter the name of a new set you want to create ldx This is the index or rule number 1 Local Start IP Local Start IP is the starting local IP address ILA 0 0 0 0 Local End IP Local End IP is the ending local IP address ILA If the 255 255 255 255 rule is for all local IPs
55. node network layer options Table 4 4 Remote Node Network Layer Options Menu Fields FIELD DESCRIPTION EXAMPLE IP Address If your ISP did not assign you an explicit IP address select Dynamic Assignment Dynamic otherwise select Static and enter the IP address amp subnet mask in the following fields IP Address If you have a static IP address enter the IP address assigned to you by your ISP IP Subnet If you have a static IP assignment enter the subnet mask assigned Mask to you Gateway IP If you have a static IP assignment enter the gateway IP address Addr assigned to you Network Use the SPACE BAR to select either Full Feature None or SUA SUA Only Address Only See the NAT chapter for a full discussion of this feature Translation Metric This field is valid only for PPTP PPPOE encapsulation The metric 3 represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This field is valid only for PPTP PPPOE encapsulation This Yes parameter determines if the Prestige will include the route to this Remote Node Setup 4 7 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE remote node
56. restart the router N Warning Proceeding with the upload will erase the current router firmware Do You Wish To Proceed Y N Figure 10 16 Menu 24 7 1 as seen using the Console Port Step 2 After the Starting Xmodem upload message appears activate the Xmodem protocol on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Send dE ES Type the firmware file s Folder C Program Files location or click Browse to look for it Filename C Product firmware bin Browse Protocol Choose the Xmodem modern r protocol Send f Com Cance Mhenlehick Send Figure 10 17 Example Xmodem Upload After the firmware upload process has completed the Prestige will automatically restart Uploading a Configuration File Via Console Port Step 1 Select 2 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 2 System Maintenance Upload Router Configuration File Follow the instructions as shown in the next screen 10 14 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Menu 24 7 2 System Maintenance Upload Router Configuration File To upload router configuration file Enter y at the prompt below to go into debug mo
57. sse eene enne nennen nnne ener 6 14 Figure 6 11 Multiple Servers Behind NAT Example sssssssssseeeeeeeneneneneenen eene 6 14 Figure 6 12 NAT Example Tica A eth e E T EROR 6 15 Figure 6 13 Menu 4 Internet Access and NAT Example sese 6 15 Figure 6 14 NAT Example cgi treo eet ean dn Ote 6 16 Figure 6 15 Menu 15 2 Specifying an Inside Server sss 6 17 Figure 6 16 NAT Example 3 ee peo Ret Ha Henne 6 18 Fig re 6 17 Example 3 gt Menu lidia ruri rae dee s 6 19 Figure 6 18 Example 3 Menu 15 1 1 1 isses ener nrennennene nnne inneren tnn E 6 19 Figure 6 19 Example 3 Final Menu 15 1 1 1 eene nre nennen etre enne 6 20 Figur 6 20 Example 3 Menu 15 2 niacin tates ratae cbe epo cuasbsedlasbhoud a estado sd abs 6 20 Figure 6 21 NAT Example Gui i eid te aset iive tei eed 6 21 Figure 6 22 Example 4 Menu 15 1 1 1 Address Mapping Rule sse 6 22 Figure 6 23 Example 4 Menu 15 1 1 Address Mapping Rules sse 6 22 Figure 6 24 Menu 15 3 Trigger Port Setup ssssssssessseeeee eene nere 6 23 Figure 6 25 Trigger Port Forwarding Process Example sse 624 Figure 7 1 Outgoing Packet Filtering Process eeeseeeeeeeeeen eene nenne nennen nre enne 7 1 Figure 7 2 Filter Rule ProCESS ciuda siii cdo ile caidas do rape Rao sa ees 7 3 Figure 7 3 Menu 21 Filter Set Configuration essen nennen nre nnenrenn
58. systems that support DHCP client capability 3 1 1 Factory LAN Defaults The LAN parameters of the Prestige are preset in the factory with the following values 1 IP address of 192 168 1 1 with subnet mask of 255 255 255 0 24 bits 2 DHCP server enabled with 32 client IP addresses starting from 192 168 1 33 These parameters should work for the majority of installations If your ISP gives you explicit DNS server address es skip to the DNS Server Address section to see how to enter the DNS server address es 3 1 2 DHCP Configuration DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the Prestige as a DHCP server or disable it When configured as a server the Prestige provides the TCP IP configuration for the clients If set to None DHCP service will be disabled and you must have another DHCP server on your LAN or else the workstation must be manually configured The Prestige can also act as a surrogate DHCP server DHCP Relay where it relays IP address assignment from the actual real DHCP server to the clients IP Pool Setup The Prestige is pre configured with a pool of 32 IP addresses starting from 192 168 1 33 to 192 168 1 64 This configuration leaves 31 IP addresses excluding the Prestige itself in the lower range for other server computers for example server for mail FTP Telnet web etc that you may have
59. the download upload and you don t have to rename the files see section 10 1 Please note that terms download and upload are relative to the computer Download means to transfer from the Prestige to the computer while upload means from your computer to the Prestige 10 2 1 Backup Configuration Follow the instructions as shown in the next screen 10 2 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Menu 24 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Locate the rom 0 file 4 Type get rom 0 to back up the current router configuration to your workstation For details on FTP commands please consult the documentation of your FTP client program For details on backup using TFTP note that you must remain in this menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 10 1 Telnet in Menu 24 5 10 2 2 Using the FTP Command from the DOS Prompt Step 1 Launch the FTP client on your computer Step 2 Enter open followed by a space and the IP address of your Prestige Step 3 Press ENTER when prompted for a username Step 4 Enter your password as requested the default is 1234 Step 5 Enter
60. the TCP IP Control Panel Appendix A Prestige 310 Broadband Sharing Gateway Appendix B PPPoE PPPOE in Action An ADSL modem bridges a PPP session over Ethernet PPP over Ethernet RFC 2516 from your PC to an ATM PVC Permanent Virtual Circuit which connects to a xDSL Access Concentrator where the PPP session terminates see the next figure One PVC can support any number of PPP sessions from your LAN PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN amp ISDN the switching fabric is already in place 3 It allows the ISP to use the existing dial up model to authenticate and optionally to provide differentiated services Traditional Dial up Scenario The following diagram depicts a typical hardware configuration where the PCs use traditional dial up networking TN EU Um TI iM T it it gi mit ISP 1 ISP 2 L O A n or Os Q ig O O Diagram 1 Single PC per Modem Hardware Configuration F Appendix B Prestige 310 Broadband Sharing Gateway How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP
61. to One In Many One to One mode the Prestige maps the each local IP addresses to unique global IP addresses 6 4 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway 5 Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Port numbers do not change for One to One and Many One to One NAT mapping types The following table summarizes these types Table 6 2 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION One to One ILA1 lt gt IGA1 1 1 Many to One SUA PAT ILA1 lt gt IGA1 M 1 ILA2 amp IGA1 Many to Many Overload ILA1 IGA1 M M Ov ILA2 IGA2 ILA3 5 IGA1 ILA4 IGA2 Many One to One ILA1 IGA1 M 1 1 ILA2 IGA2 ILA3 lt gt IGA3 Server Server 1 IP lt gt IGA1 Server Server 2 IP IGA1 Server 3 IP IGA1 6 2 Using NAT 6 2 1 SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of mapping Many to One and Server See section 6 3 1 for a detailed description of the NAT set for SUA Network Address Translation NAT 6 5 Prestige 310 Broadband Sharing Gateway The Prestige also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 6 2 1 Choose SUA Only if you
62. tots 3 4 3 2 TCP IP and DHCP Ethernet Setup ecce eere EE eei ee RH dte ne ees Pte Pe EUR 3 5 3 2 1 IP Alias Setup cte eR ete ae ee OR e nte a ee IA ER Urs 3 7 O Setupo a e e Reset ie Soak ie et PM de rete A SoGuaiensabewuss eee ETIN tarts 3 8 3 3 1 Ethernet Encapsulation is otn dert te ge epe ipee tiet dg 3 8 33 22 PPTP Encapsu lation eot ttt ore etel quest espe Redes irent aeta qd 3 10 3 3 3 Configure PPTP CHENI e iden 3 10 3 3 4 PPPoE Encapsulation dde 3 11 Table of Contents ix Prestige 310 Broadband Sharing Gateway 34 US RS AAA RR 3 13 3 5 gt Basic Setup Complete 4 se e a O ERGO ENG 3 13 PART II ADVANCED APPLICATIONS eerie tette ete rent bueno senes beoe ta ente even ote enu Fe keen uoa t eva ni toese I Chapter 4 Remote Node Setup eee eee eee eee esee ee stent en senten sense tn seta seta setas tassa ncn coca seta sens ense en seen ae 4 1 4 l R mote Node Profile eee eve EUH ER ro RED e i Ter ERAS 4 1 4 1 1 Ethernet Encapsulation iii ee ie iet e De Ua 4 1 42 PPTP Encapsulation Hee ei e tede dee e e v eee eie a 4 3 4 2 1 PPPoE Encapsulation 5 e eode dee edere e re e D CR 4 4 4 3 Editing TCP IP Options with Ethernet Encapsulation ssesssssseseeeeeeneeneene 4 6 4 3 1 Editing TCP IP Options with PPTP Encapsulation ssssseeeeeennens 4 8 4 3 2 Editing TCP IP Options with PPPoE Encapsulation cccccesseesseeeeesceeeeeeeeeeeenseenseenae
63. 0 4 11 Voltage dips short interruptions and voltage variations immunity tests 1994 Declaration of Conformity V Prestige 310 Broadband Sharing Gateway ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent 1t shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of thi
64. 0 Broadband Sharing Gateway 4 6 7 8 The Internet Protocol TCP IP Properties window opens e If you have a dynamic IP address click Obtain an IP address automatically e f you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields To configure advanced static address settings for a local area connection click Advanced and do one or more of the following to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished In the Internet Protocol TCP IP Properties window s General tab e Click Obtain DNS server address automatically if you do not know your DNS server IP address es e If you know your DNS server IP address es click Use the following DNS server addresses type them in the Preferred DNS server and Altern
65. 10 Broadband Sharing Gateway Menu 1 1 Configure Dynamic DNS Service Provider WWW DynDNS ORG Active Yes DDNSType DynamicDNS Host me ddns org EMAIL mail mailserver USER username Password ockckckckck ck kk Enable Wildcard No Offline N A Press ENTER to confirm or ESC to cancel Figure 2 10 Configure Dynamic DNS Follow the instructions in the next table to configure Dynamic DNS parameters Table 2 6 Configure Dynamic DNS Menu Fields FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS service provider WWW DynDNS ORG default Active Press SPACE BAR to select Yes and then press ENTER to Yes make dynamic DNS active DDNS Type Press SPACE BAR and then ENTER to select DynamicDNS DynamicDNS if you have a dynamic IP address es Select StaticDNS if you defautl have a static IP address s Select CustomDNS to have dyns org provide DNS service for a domain name that you already have from a source other than dyndns org At the time of writing dyndns org provides the basic DynamicDNS and StaticDNS services along with a limited number of hostnames for free but charges a fee for CustomDNS See www dyndns org for details Host Enter the domain name assigned to your Prestige by your me dyndns org Dynamic DNS provider EMAIL Enter your e mail address mail mailserver USER Enter your user name Password Enter the password assigned to yo
66. 10 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE Session Options This field leads to another hidden menu Use the SPACE Yes e BAR to select Yes and press ENTER to open menu 11 5 Edit Filter sets to edit the filter sets See the Remote Node Filter section for more details Once you have configured the Remote Node Profile Menu press ENTER to return to menu 11 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 4 2 PPTP Encapsulation If you change the Encapsulation to PPTP in menu 11 1 then you will see the next screen See the PPTP Appendix for information Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Encapsulation PPTP Edit IP No Service Type Standard Telco Option Service Name N A Allocated Budget min 0 Outgoing Period hr 0 My Login 1234 Schedules My Passwords Nailed up Connections Authen CHAP PAP PPTP Session Options IP Addr Edit Filter Sets No Server IP Addr Idle Timeout sec 300 Connection ID Name Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 4 2 Remote Node Profile for PPTP Encapsulation The next table shows how to configure the new fields in the Remote Node Profile menu Table 4 2 Fields in Menu 11 1 PPTP Encapsulation FIELD DESCRIPTION EXAMPLE Encapsulation Press the SPACE BAR
67. 11 Figure 4 9 Menu 11 1 Remote Node Profile eee 4 12 Figure 4 10 Menu 11 6 Traffic Redirect Setup sse enne 4 13 Figure 5 1 Example of Static Routing Topology ccccceccccssesssecssecseeeseeeneceseceseceaecaecaecseeceeeseeeseeeserenseeereens 5 1 Figure 5 2 Menu 12 IP Static Route Setup oooonnonoccocnnocononononanononncnnonncnnononono no non non nrnnon nono none enntn nnne 5 2 Figure 5 3 Menu 12 1 Edit IP Static Route cicera anaana ro noo nona rana acne eiiiai 5 2 Figure 6 1 How NAT Works n p pop em t A Op eH heh 6 3 Figure 6 2 NAT Application With IP Alias sees nrennenren enne rennen enne 6 4 Figure 6 3 Menu 4 Applying NAT for Internet Access cocooccccconcnononcnononncononnconononono canon non nennen 6 6 xiv List of Figures Prestige 310 Broadband Sharing Gateway Figure 6 4 Menu 11 3 Applying NAT to the Remote Node eese 6 7 Figure 6 5 Menw T5 NAP Setup eei reet eiii ss DES RUD tet eh ERR 6 8 Figure 6 6 Menu 15 1 Address Mapping Sets cccccccesscssscssscesseeseeeseeeseeeeeeeeeeenseenseceaeeaecaeceeeseeeseeaes 6 8 Figure 6 7 Menu 15 1 255 SUA Address Mapping Rules sse ens 6 9 Figure 6 8 Menu 15 1 T Eirst Set 5m eee og neret e et e ect ts 6 10 Figure 6 9 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set esses 6 11 Figure 6 10 Menu 15 2 NAT Server Setup
68. 11 3 11 4 Encapsulation Call Scheduling 1 3 14 1 PPP over Ethernet crecio tiritas F Maximum Number of Schedule Sets 14 1 Error Ot c ERE 9 5 PPPOE adiciones 14 3 Ethernet Cable Requirements 2 3 Pr c dence oerte 14 1 Ethernet Encapsulation 3 8 4 1 4 3 4 6 6 12 Precedence Example See precedence Ethernet Setups cci d mee Rer nn 3 5 Call Trigerring Packet ssssse 9 10 F A EE 9 7 CHA Praia iria 4 5 F G Frame Ground 2 4 Command Interpreter Mode 11 1 Factory Default sss 2 15 COMUN ue Reo hoe Rede a tns 8 2 Factory LAN Defaults ssssssss 3 1 Computer Name esses 2 11 Fall Tolerancia 4 13 Connecting the Features of the Prestige 310 n se 1 1 Prestige Console Port usse 2 3 Filename Conventions sss 10 1 Prestige Ground optional 2 4 Filter ene ed as 4 10 Prestige to a Modem 2 3 Applying actio ec Reed deg 7 17 Prestige to the LAN ssssseeeeee 2 3 Configuring cete RICOH 7 4 Prestige s Power Adapter 2 4 Filter log eerte tre 9 7 Prestige s Power Adapter to a Power Source Generic Filter Rule 7 11 ia 2 4 SITUCLUTe till R Index Prestige 310 Broadband Sharing Gateway Filter Configuration sese 7 1 Internal Tests
69. 6 1 12 press ENTER and then type in a name for the set Press ENTER to display Menu 26 1 Schedule Set Setup as shown next Menu 26 1 Schedule Set Setup Active Yes Start Date yyyy mm dd 2000 07 01 How Often Once Once Date yyyy mm dd 2001 01 01 Weekdays Sunday N A Monday N A Tuesday N A Wednesday N A Thursday N A Friday N A Saturday N A Start Time hh mm 12 00 Duration hh mm 10 00 Action Forced On Press ENTER to Confirm or ESC to Cancel Figure 14 2 Schedule Set Setup If a connection has been already established your Prestige will not drop it Once the connection is dropped manually or it times out then that remote node can t be triggered again until the time period configured in the Duration field expires Table 14 1 Schedule Set Setup Fields FIELD DESCRIPTION EXAMPLE Active Choose Yes to activate and No to deactivate the schedule set Yes default Start Date Enter the start date that you wish the set to take effect in year 2000 07 01 month day format Valid dates are from the present to February 5 2036 How Often Should this schedule set recur weekly or be used just once Once Choose Once or Weekly Both these options are mutually default exclusive If Once is selected then all weekday settings are N A 14 2 Call Scheduling Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE When
70. A eon ect Em 2 4 2 42 Entering the Pass word ui RE e eH edi eee ete 2 5 2 5 Navigating the SMT Interface enceinte e ei qe e e E dei fe e eed 2 5 2 5 1 Main Men epe tetra ieu ae t p Ue nd 2 6 2 5 2 System Management Terminal Interface Summary esee 2 7 2 5 3 SMT Men s at a Glance miocarditis 2 8 2 6 Changing the System Password eerie ioone n ea E o E A E RE 2 10 2 6 1 Resetting the Prestige 2i e EAE REIS O eae 2 10 Qh General Setup xac a a titi 2 11 2 7 1 Dynamic DNS aabt he 2 11 2 7 2 Procedure For Configuring Menu 1 ooooonnocincnnncnnonnoonconnconncon nono nonn nono nonn rro n ran rn nr ener nnne 2 12 2 7 3 Configuring Dynamic DNS ninine a ea a ener nennen nennen 2 12 2 8 WAN lla eri ee e ose ter Hi ee Tt T eL IR e eis 2 14 229 EIER 2 15 2 9 1 BAN Port Filter Setup uetus ettet das Aus 2 16 Chapter 3 Internet ACCESS 3 1 3 1 TEPIP and DHCP Or TAN io tein eere Ee Det etuer WD Wet ederet 3 1 3 1 1 Factory LAN Defaults E e EE eR e ee Ute Ped 3 1 3 12 DHCP Configuration i a5 etta eee BH tente iti ae Pee RU oe ek 3 1 3 1 3 IP Address and Subnet Mask nrbes di 3 2 Blea Private TP Ads te ee deett tate Ded tastes atis ne A Recens cotati gh abs 3 3 3 1 9 CRIP Setups estne IE eee erue GEHE oc Ie RI ers eres 3 3 JO HEP Multi Casts as crac Eee e nter tees c tc nea UR ci MT T Le s Td fte 3 4 O A et RIETI ue RERO RR ROI Ge PRIM
71. C 1213 and RFC 1215 MIBs let administrators collect statistics and monitor status and performance 8 3 SNMP Configuration To configure SNMP enter 22 from the main menu to display Menu 22 SNMP Configuration as shown next The community for Get Set and Trap fields is SNMP terminology for password 8 2 SNMP Configuration Prestige 310 Broadband Sharing Gateway Menu 22 SNMP Configuration SNMP Get Community public Set Community public Trusted Host 0 0 0 0 Trap Community public Destination 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Figure 8 2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters Table 8 1 SNMP Configuration Menu Fields FIELD DESCRIPTION EXAMPLE Get Community Type the Get Community which is the password for the incoming Public Get and GetNext requests from the management station Set Community Type the Set community which is the password for incoming Set Public requests from the management station Trusted Host If you enter a trusted host your Prestige will only respond to SNMP Blank messages from this address A blank default field means your Prestige will respond to all SNMP messages it receives regardless of source Trap Community Type the trap community which is the password sent with each Public trap to the SNMP manager Blank Trap Destination Type the IP address of the station to
72. Commands 11 2 Call Control Support The Prestige provides two call control functions budget management and call history Please note that this menu is only applicable when Encapsulation is set to PPPoE or PPTP in menu 4 or menu 11 1 The budget management function allows you to set a limit on the total outgoing call time of the Prestige within certain times When the total outgoing call time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked Call history chronicles preceding incoming and outgoing calls To access the call control menu enter 9 in menu 24 to display Menu 24 9 System Maintenance Call Control as shown in the next table Menu 24 9 System Maintenance Call Control 1 Budget Management 2 Call History Enter Menu Selection Number Figure 11 3 Call Control 11 2 1 Budget Management Menu 24 9 1 shows the budget management statistics for outgoing calls Enter 1 from Menu 24 9 System Maintenance Call Control to bring up the following menu 11 2 System Maintenance and Information Prestige 310 Broadband Sharing Gateway Menu 24 9 1 Budget Management Remote Node Connection Time Total Budget Elapsed Time Total Period 1 ChangeMe No Budget No Budget Reset Node 0 to update screen Figure 11 4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node When this limit
73. ECTIVE ACTION Cannot access the Prestige Verify that the Prestige Uplink button is in the correct position and that you are using the correct Ethernet cable LAN Cannot ping any computer on the Check the 10M 100M LEDs on the front panel One of these LEDs should be on If they are both off check the cables between your Prestige and hub or the station Verify that the IP addresses and subnet mask are consistent between the Prestige and computers Troubleshooting 15 1 Prestige 310 Broadband Sharing Gateway 15 3 Problems with the WAN Interface Table 15 3 Troubleshooting the WAN interface PROBLEM CORRECTIVE ACTION Cannot get WAN IP address from The WAN IP address is provided when the ISP recognizes the user the ISP as an authorized user after verifying the MAC address or Host Name or User ID Find out the verification method used by your ISP If the ISP checks the LAN MAC address tell the ISP the WAN MAC address of the Prestige The WAN MAC can be obtained from menu 24 1 In case the ISP does not allow you to use a new MAC you can clone the MAC from the LAN as the WAN MAC and send it to the ISP using Menu 2 WAN Setup We recommend you configure this menu anyway even if your ISP presently does not require MAC address authentication If the ISP checks the Host Name enter host name in the System Name field in Menu 1 General Setup when you connect the Prestige to a cab
74. ESCRIPTION UNIX Syslog Active Press the SPACE BAR to turn on or off syslog Syslog IP Address Enter the IP Address of the server that will log the CDR Call Detail Record and system messages i e the syslog server Log Facility Press the SPACE BAR to toggle between the 7 different Local options The log facility allows you to log the message to different files in the server Please refer to your UNIX manual for more detail Types CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog server when this field is set to Yes Filter log No filters are logged when this field is set to No Filters with the individual filter Log Filter field set to Yes menu 21 x x are logged when this field is set to Yes PPP log PPP events are logged when this field is set to Yes When finished viewing press ESC or ENTER to exit Your Prestige sends five types of syslog messages Some examples not P310 specific of these syslog messages with their message formats are shown next System Information and Diagnosis 9 7 Prestige 310 Broadband Sharing Gateway 1 CDR CDR Message Format SdcmdSyslogSend SYSLOG_CDR SYSLOG_INFO String String board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel
75. IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in IGMP The address 224 0 0 2 is assigned to the multicast routers group The Prestige supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the Prestige queries all directly connected networks to gather group membership After that the Prestige periodically updates this information IP Multicasting can be enabled disabled on the Prestige LAN and or WAN interfaces using menus 3 2 LAN and 11 3 WAN Select None to disable IP Multicasting on these interfaces 3 1 7 IP Alias IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with the Prestige itself as the gateway for each LAN network Prestige Pres
76. ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the Prestige The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number while the last number identifies an individual workstation on that network Once you have decided on the network number pick an IP address that is easy to remember for example 192 168 1 1 for your Prestige but make sure that no other device on your network is using that IP The subnet mask specifies the network number portion of an IP address Your Prestige will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise 3 2 Internet Access Prestige 310 Broadband Sharing Gateway 3 1 4 Private IP Addresses Every computer on the Internet must have a u
77. LAN or WAN will not work when 1 A filter in menu 3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the client IP address If it does not match the Prestige will disconnect the session immediately There is an SMT console session running There is already another remote management session of the same type web FTP or Telnet running You may only have one remote management session of the same type running at one time 6 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not begin if there already is a web session 13 7 Remote Management and NAT When NAT is enabled gt Use the Prestige s WAN IP address when configuring from the WAN gt Use the Prestige s LAN IP address when configuring from the LAN 13 8 System Timeout There is a system timeout of five minutes 300 seconds for either the console port or Telnet web FTP connections Your Prestige will automatically log you out if you do nothing in this timeout period except when it is continuously updating the status in menu 24 1 or when sys stdio has been changed on the command line 13 4 Remote Management Prestige 310 Broadband Sharing Gateway Chapter 14 Call Scheduling This chapter shows you how to setup cal
78. NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrates this 6 2 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway NAT Table Inside Local Inside Global IP Address IP Address LAN 192 168 1 10 IGA 1 WAN 192 168 1 11 IGA2 192 168 1 12 IGA 3 IP Address 192 168 1 13 IGA 4 192 168 1 13 IP Address 192 168 1 12 Prestige Peer de m Inside Local Inside Global Addresses ILA Addresses IGA IP Address 192 168 1 10 Figure 6 1 How NAT Works 6 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the Prestige can communicate with three
79. NTER to Confirm or ESC to Cancel to save your configuration or press ESC to cancel 11 3 1 Resetting the Time The Prestige resets the time in three instances 1 On leaving menu 24 10 after making changes ii When the Prestige starts up if there is a time server configured in menu 24 10 iii 24 hour intervals after starting 11 6 System Maintenance and Information Prestige 310 Broadband Sharing Gateway Chapter 12 Internal SPTGEN Internal SPTGEN System Parameter Table Generator is a configuration text file useful for efficient configuration of multiple Prestiges Internal SPTGEN lets you configure save and upload multiple menus at the same time using just one configuration text file eliminating the need to navigate and configure individual SMT menus for each Prestige 12 1 The Configuration Text File Format All Internal SPTGEN text files conform to the following format lt field identification number field name parameter values allowed input gt where lt input gt is your input conforming to lt parameter values allowed The figure shown next is an example of an Internal SPTGEN text file Internal SPTGEN 12 1 Prestige 310 Broadband Sharing Gateway This is the name This is the Field Name column One sign followed by of the menu This is the name of the field as one space must precede seen in the corresponding SMT everything you input screen Example Configured Me
80. Operation is subject to the following two conditions e This device may not cause harmful interference e This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help Notice Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Certifications Refer to the product page at www zyxel com FCC iii Prestige 310 Broadband Sharing Gatew
81. P Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 137 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port Port Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 7 8 Menu 21 1 1 TCP IP Filter Rule The following table describes how to configure your TCP IP filter rule Table 7 3 TCP IP Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Active Yes activates and No deactivates the filter rule Yes IP Protocol Protocol refers to the upper layer protocol for example 0 255 Filter Configuration 7 7 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE TCP is 6 UDP is 17 and ICMP is 1 This value must be between 0 and 255 IP Source Route If Yes the rule applies to packet with IP source route option else the packet must not have source route option The majority of IP packets do not have source route No Destination IP Address Enter the destination IP Address of the packet you wish to filter This field reads don t care if it is 0 0 0 0 IP address IP Mask Enter the IP mask that will be used to mask the bits of the IP address given in the Destination IP Address field IP mask Port Enter the destination port of the packets that you wish to filter The ran
82. P address select Dynamic otherwise Internet Access Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION select Static and enter the IP address amp subnet mask in the following fields IP Address Enter the fixed IP address assigned to you by your ISP Static IP Address Assignment is selected in the previous field IP Subnet Mask Enter the subnet mask associated with your static IP Gateway IP Address Enter the gateway IP address associated with your static IP Network Address Refer to the following chapter for a more detailed discussion on the Single Translation User Account and NAT Options are SUA only Full Feature or None Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel 3 3 2 PPTP Encapsulation Point to Point Tunneling Protocol PPTP is a network protocol that enables transfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet The P310 supports one PPTP server connection at any given time 3 3 3 Configure PPTP Client To configure a PPTP client you must configure My Login and Password fields for PPP connection and PPTP parameters for PPTP connection After c
83. P client The Prestige can now also act as a surrogate DHCP server DHCP Relay where it relays IP address assignment from the actual real DHCP server to the clients 1 2 9 Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS client 1 2 10 IP Multicast Deliver IP packets to a specific group of hosts using IP multicast IGMP Internet Group Management Protocol is the protocol used to support multicast groups The latest version is version 2 see RFC 2236 the Prestige supports both versions 1 and 2 1 2 Getting to Know Your Prestige Prestige 310 Broadband Sharing Gateway 1 2 11 PPPoE Support PPPoE facilitates the interaction of a host with a broadband modem to achieve access to high speed data networks via a familiar dial up networking user interface 1 2 12 PPTP Support Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network VPN using a TCP IP based network PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet 1 2 13 IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface 1 2 14 C
84. Prestige DHCP This field shows the DHCP setting of the Prestige 9 2 2 Console Port Speed You can change the speed of the console port through Menu 24 2 2 Console Port Speed Your Prestige supports 9600 default 19200 38400 57600 and 115200 bps for the console port Use the SPACE BAR to select the desired speed in menu 24 2 2 as shown next Menu 24 2 2 System Maintenance Change Console Port Speed Console Port Speed 115200 Press ENTER to Confirm or ESC to Cancel Figure 9 5 Menu 24 2 2 System Maintenance Change Console Port Speed 9 3 Log and Trace There are three logging facilities in the Prestige The first is the error logs and trace records that are stored locally The second is the UNIX syslog facility for message logging 9 3 1 Viewing Error Log The first place you should look for clues when something goes wrong is the error trace log Follow the procedure below to view the local error trace log Step 1 Enter 24 from the main menu to open Menu 24 System Maintenance Step 2 From menu 24 enter 3 display Menu 24 3 System Maintenance Log and Trace Step 3 Enter from Menu 24 3 System Maintenance Log and Trace to display the error log in the system After the Prestige finishes displaying you will have the option to clear the error log System Information and Diagnosis 9 5 Prestige 310 Broadband Sharing Gateway 1 View Error Log 2 UNIX Syslog 4 Cal
85. Prestige 310 Broadband Sharing Gateway User s Guide Version 3 50 January 2002 ZyXEL TOTAL INTERNET ACCESS SOLUTION Prestige 310 Broadband Sharing Gateway Copyright Copyright O 2002 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners i Copyright Prestige 310 Broadband Sharing Gateway Federal Communications Commission FCC Interference Statement This device complies with Part 15 of FCC rules
86. R to select the RIP direction None Options are None Both In Only or Out Only Version Press the SPACE BAR to select the RIP version RIP 1 Options are RIP 1 RIP 2B or RIP 2M Incoming Enter the filter set s you wish to apply to the incoming traffic Protocol Filters between this node and the Prestige Outgoing Enter the filter set s you wish to apply to the outgoing traffic between Protocol Filters this node and the Prestige When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 3 3 Internet Access Setup You will see three different menu 4 screens depending on whether you chose Ethernet PPTP or PPPoE encapsulation In the Encapsulation field in menu 4 choose e Ethernet when the WAN port is used as a regular Ethernet e PPTP or PPPOE if you have a dial up connection to the Internet 3 3 4 Ethernet Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet If you choose Ethernet in menu 4 you will see the next screen 3 8 Internet Access Prestige 310 Broadband Sharing Gateway Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server IP N A IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network A
87. RECTIVE ACTION Cannot access the Refer to the Remote Management Limitations section of the Remote Management Prestige from the chapter for scenarios that may disallow remote management LAN or WAN When NAT is enabled gt Use the Prestige s WAN IP address when configuring from the WAN gt Use the Prestige s LAN IP address when configuring from the LAN Refer to section 15 2 for instructions on checking your LAN connection Refer to section 15 3 for instructions on checking your WAN connection Troubleshooting 15 3 Prestige 310 Broadband Sharing Gateway Appendix A TCP IP All computers must have a 10M or 100M Ethernet adapter card and TCP IP installed Use straight through Ethernet cables to connect your computer s Ethernet adapter to a hub or switch and to connect the hub or switch to the Prestige s LAN port Otherwise connect your computer s Ethernet adapter directly to the LAN port with a crossover Ethernet cable Windows 95 98 Me NT 2000 XP Macintosh OS 7 and later operating systems and all versions of UNIX LINUX include the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate
88. Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path TFTP and FTP over WAN TFTP FTP and Telnet over the WAN will not work when 1 You have disabled Telnet service in menu 24 11 2 You have applied a filter in menu 3 1 LAN or in menu 11 5 WAN to block Telnet service 3 The IP you entered in the Secured Client IP field in menu 24 11 does not match the client IP If it does not match the Prestige will disconnect the Telnet session immediately 4 You have an SMT console session running 10 4 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway 10 2 3 Backup Configuration Using TFTP The Prestige supports the up downloading of the firmware and the configuration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next Step 1 Use telnet from your computer to connect to the Prestige and log in Because TFTP does not have any security checks the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter command sys stdio 0 to disable the SMT timeo
89. Rip 1 1 Rip 2B 2 Rip 2M 0 gt 302000011 IP Multicast lt 0 IGMP V2 1 IGMP V1 2 2 None gt Menu 3 2 1 IP Alias Setup 302010000 IP Address lt IP Alias 1 gt 192 168 54 100 302010001 IP Subnet Mask Bits 24 302010002 RIP Direction lt 0 None 1 Both 2 In Only 0 3 Out Only gt 302010003 Version lt 0 Rip 1 1 Rip 2B 2 Rip 2M gt 0 302010004 Incoming procotol filters Set 1 lt 256 None gt 6 302010008 Outgoing procotol filters Set 1 lt 256 None gt 7 302010012 IP Address IP Alias 2 0 0 0 0 302010013 IP Subnet Mask Bits 0 302010014 RIP Direction lt 0 None 1 Both 2 In Only 0 3 Out Only 302010015 Version O Rip 1 1 Rip 2B 2 Rip 2M gt 0 302010016 Incoming procotol filters Set 1 256 None gt 256 302010020 Outgoing procotol filters Set 1 256 None gt 256 Menu 4 Internet Access Setup 400000000 Configured 0 No l Yes 1 400000012 Active 0 No l Yes 1 400000013 ISP Node 0 No 1 Yes gt 1 400000001 ISP s Name lt Str gt TestISP 400000014 encapsulation lt 2 PPPoE 8 ETHER 15 PPTP gt 8 Encapsulation Ether 400000015 RoadRunner Type lt 0 Standard 10 RR_TOSHIBA 11 RR_MANAGER gt 400000016 RoadRunner Server IP 400000017 RoadRunner User Name 1 lt Str gt 400000018 RoadRunner User Name 2 lt Str gt 400000019 RoadRunner Password
90. SITE FTP SITE www zyxel com www europe zyxel com ftp europe zyxel com www zyxel com ftp zyxel com www zyxel dk ftp zyxel dk www zyxel at ftp zyxel at REGULAR MAIL ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park HsinChu Taiwan 300 R O C ZyXEL Communications Inc 1650 Miraloma Avenue Placentia CA 92870 U S A ZyXEL Communications A S Columbusvej 5 2860 Soeborg Denmark ZyXEL Communications Services GmbH Thaliastrasse 125a 2 2 4 A 1160 Vienna Austria ZyXEL Deutschland GmbH Adenauerstr 20 A4 D 52146 Wuerselen Germany GERMANY support y sales zyxel de support zyxel com my MALAYSIA 603 795 44 688 www zyxel com my Lot B2 06 PJ Industrial Park Section 13 Jalan Kemajuan sales zyxel com my 603 795 34 407 46200 Petaling Jaya Selangor Darul Ehasn Malaysia Customer Support vii Prestige 310 Broadband Sharing Gateway Table of Contents TTNA A A O NO ii Federal Communications Commission FCC Interference Statement ccsscscsscssscssseesseeseseeseeseees iii Information for Canadian Users eeeee eee sees esee eese enses stantia conoce nono netos sse tasto se seen conce rose Seose issos iv Declaration of Conformity P M v ZyXEL Limited Warranty P vi CUStOMEF SUPDOFL c
91. Screen Step 3 Run the HyperTerminal program by clicking Transfer then Receive File as shown in the following screen 10 6 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Type a location for storing the configuration Receive File file or click Browse to Place received file in the following folder look for one C Product contig ror Browse Choose the Xmodem protocol Use receiving protocol Then click Receive Receive Figure 10 5 Backup Configuration Example Step 4 After a successful backup you will see the following screen Press any key to return to the SMT menu Backup Configuration completed OK Hit any key to continue Figure 10 6 Successful Backup Confirmation Screen 10 3 Restore Configuration This section shows you how to restore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk FTP and TFTP are the preferred methods for restoring your current computer configuration to your Prestige since FTP and TFTP are faster Please note that you must restart the system after the file transfer is complete WARNING Do not interupt the file transfer process as this may PERMANENTLY DAMAGE YOUR PRESTIGE When the Restore Configuration process is
92. Select Rule When you choose Edit Insert Before or Delete in the previous 1 field the cursor jumps to this field to allow you to select the rule to apply the action in question You must press ENTER at the bottom of the screen to save the whole set You must do this again if you make any changes to the set including deleting a rule No changes to the set take place until this action is taken Selecting Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs An End IP address must be numerically greater than its corresponding IP Start address Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start End N A Global IP Start End N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 6 9 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set Network Address Translation NAT 6 11 Prestige 310 Broadband Sharing Gateway Table 6 6 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press SPACE BAR to toggle through a total of five types These One to One are the mapping types discussed in Table 6 2 Server allows you to specify multiple servers of different types behind NAT to this computer See section 6 5 3 for an example
93. al SPTGEN Prestige 310 Broadband Sharing Gateway 2 Enter bin The command bin sets the transfer mode to binary The name bin is the generic name for the ZyNOS firmware on the Prestige 3 Get rom t file The command get transfers files from the Prestige to your computer The name rom t is the configuration filename on the Prestige 12 2 Internal SPTGEN FTP Download Example 1 Launch your FTP application c Mftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom t ftp gt bye c ledit rom t edit the rom t text file by a text editor and save it 4 Edit the rom t file using a text editor do not use a word processor You must leave this FTP screen to edit Figure 12 2 Internal SPTGEN FTP Download Example You can rename your rom t file when you save it to your computer but it must be named rom t when you upload it to your Prestige Internal SPTGEN 12 3 Prestige 310 Broadband Sharing Gateway 12 3 Internal SPTGEN FTP Upload Example ae c ftp 192 168 1 1 1 Launch your FTP application 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22 12 2000 User 192 168 1 1 none 331 Enter PASS command 2 Enter bin The command bin Password 230 Logged in sets the transfer mode to binary Loba The name
94. all Scheduling Configure call time periods to restrict and allow access for users on remote nodes 1 2 15 Call Control The Prestige provides budget management for outgoing calls and chronicles incoming and outgoing calls 1 2 16 Full Network Management Your Prestige offers you a variety of options for network management It supports password protected local and remote network management via the console port or a telnet connection using SMT System Management Interface It also supports FTP File Transfer Protocol server for remote management TFTP Trivial FTP SNMP Simple Network Management Protocol and CI Command Interpreter mode 1 2 17 RoadRunner Support In addition to standard cable modem services the Prestige supports Time Warner s RoadRunner Service 1 2 18 Time and Date Setting This new feature menu 24 10 allows you to get the current time and date from an external server when you power up your Prestige The real time is then displayed in the Prestige Menu 24 1 System Status and error logs If you do not choose a time service protocol that your timeserver will send when the Prestige powers up Getting to Know Your Prestige 1 3 Prestige 310 Broadband Sharing Gateway you can enter the time manually but each time the system is booted the time amp date will be reset to 1 1 1970 0 0 0 1 2 19 Logging and Tracing e Built in message logging and packet tracing e Unix syslog facility support 1 2 20 Embedd
95. all of the LAN s computers will have access If you enable PPPoE in menu 4 you will see the next screen For more information on PPPoE please refer to the PPPoE Appendix Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation PPPoE Service Type N A My Login My Password x x x Idle Timeout 300 IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 3 8 Internet Access PPPoE Table 3 8 New Fields in Menu 4 PPPoE Screen FIELD DESCRIPTION EXAMPLE Encapsulation Press the SPACE BAR and then press ENTER to choose PPPoE The encapsulation method influences your choices for IP Address PPPoE Idle Timeout This value specifies the time in seconds that elapses before the Prestige automatically disconnects from the PPPoE server 300 default 3 12 Internet Access Prestige 310 Broadband Sharing Gateway 3 4 Internet Test Setup After configuring the menu 4 fields when you press ENTER to confirm you will see the message Do you wish to perform the Internet Setup Test y n if you have chosen PPTP or PPPoE as your encapsulation method Enter y to test your setup An example of Internet Setup Test is shown next Start dialing for node lt ChangeMe gt Hit any key to continue
96. am Protocol two hours when using TCP IP Transfer Control Protocol Internet Protocol 6 24 Network Address Translation NAT Advanced Management Part III Advanced Management i This section provides information on Filter Configuration SNMP Configuration System Information and Diagnosis Firmware and Configuration File Maintenance System Maintenance Internal SPTGEN Remote Management and Call scheduling Prestige 310 Broadband Sharing Gateway Chapter 7 Filter Configuration This chapter shows you how to create and apply filter s 7 1 About Filtering Y our Prestige uses filters to decide whether to allow passage of a data packet and or to make a call There are two types of filter applications data filtering and call filtering Filters are subdivided into device and protocol filters which are discussed later Data filtering screens the data to determine if the packet should be allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering is used to determine if a packet should be allowed to trigger a call Remote node call filtering is only applicable when using PPTP or PPPoE encapsulation refer to the Remote Node Setup chapter Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following
97. and using the SPACE BAR select PPPoE or PPTP in the Encapsulation field Enter your target remote node index number s in the Schedules field as shown next Call Scheduling 14 3 Prestige 310 Broadband Sharing Gateway Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes F Edit IP No ervice Type Standard Telco Option Service Name Allocated Budget min 0 Outgoing Period hr 0 Rem Login Schedules _1 3 4 Rem Password Nailed Up Connection 0 Outgoing My Login Session Options My Passwords Edit Filter Sets No Authen CHAP PAP Idle Timeout sec 100 Press ENTER to Confirm or ESC to Cancel Figure 14 3 Applying Schedule Sets to a Remote Node Example PPPoE Encapsulation You can apply up to four schedule sets separated by commas for one remote node Enter the schedule set numbers for specific remote nodes in the Schedules field In the examples shown previously and next schedule sets 1 3 and 4 are applied Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Edit IP No ervice Type Standard Telco Option Service Name Allocated Budget min 0 Outgoing Period hr O Rem Login Schedules 1 3 4 Rem Password Tailed Up Connectio 0 Athen CHAP PAP Session Options Edit Filter Sets No Idle Timeout sec 100 PPTP My IP Addr Server IP Addr Connection ID Name Authen CHAP PAP Press ENTER to Confi
98. and 11 3 is specifically pre configured to handle this case 6 5 2 Example 2 Internet Access with an Inside Server Inside Local One Dynamic PC 3 El O Addresses ILA Inside Global Addresses IGA Assigned by ISP Inside Server IP 192 168 1 10 Figure 6 14 NAT Example 2 In this case you do exactly as above use the convenient pre configured SUA Only set and also go to menu 15 2 to specify the Inside Server behind the NAT as shown in the next figure 6 16 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Menu 15 2 NAT Server Setup Default Default o 25 rs NOS 0 OE OY 0 50 sa 05 x05 HUooooooooodcn 0 0 0 0 0 0 0 0 0 T Hooooooooo 026 026 Press ENTER to Confirm or ESC to Cancel Figure 6 15 Menu 15 2 Specifying an Inside Server 6 5 3 Example 3 Multiple Public IP Addresses With Inside Servers In this example there are 3 IGAs from our ISP There are many departments but two have their own FTP server All departments share the same router The example will reserve one IGA for each department with an FTP server and all departments use the other IGA Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two uni directional as follows Rule 1 Map the first IGA to the first inside FTP server
99. and are using PPTP or PPPoE encapsulation then the Prestige checks the PPPoE channel or PPTP tunnel to determine if the WAN connection is down Yes Configuration Backup Gateway IP Address Enter the IP address of your backup gateway in dotted decimal notation The Prestige automatically forwards traffic to this IP address if the Prestige s Internet connection terminates 0 0 0 0 Check WAN IP Address Configuration of this field is optional If you do not enter an IP address here the Prestige will use the default gateway IP address Configure this field to test your Prestige s WAN accessibility Enter the IP address of a reliable nearby computer for example your ISP s DNS server address If you are using PPTP or PPPoE Encapsulation enter 0 0 0 0 to configure the Prestige to check the PVC Permanent Virtual Circuit or PPTP tunnel 0 0 0 0 Fail Tolerance Enter the number of times your Prestige may attempt and fail to connect to the Internet before traffic is forwarded to the backup Remote Node Setup 4 13 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE gateway Check Connection Enter how often in seconds the Prestige will check the Internet 3 Every connection Allow more time if your destination IP address handles lots of traffic Timeout Enter the amount of time in seconds that your Prestige will wait for a ping respons
100. are listed as follows Table 7 2 Rule Abbreviations Used ABBREVIATION DESCRIPTION IP Pr Protocol SA Source Address SP Source Port number DA Destination Address DP Destination Port number GEN Off Offset Len Length Refer to the next section for information on configuring the filter rules 7 6 Filter Configuration Prestige 310 Broadband Sharing Gateway 7 2 2 Configuring a Filter Rule To configure a filter rule type its number in Menu 21 1 Filter Rules Summary and press ENTER to open menu 21 1 1 for the rule To speed up filtering all rules in a filter set must be of the same class i e protocol filters or generic filters The class of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the Prestige will warn you and will not allow you to save 7 2 3 TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule TCP IP rules allow you to base the rule on the fields in the IP and the upper layer protocol for example UDP and TCP headers To configure TCP IP rules select press ENTER to open Menu 21 1 1 TCP IP Filter Rule as shown next Menu 21 1 1 TCP IP Filter Rule Filter 1 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 I
101. as shown next 2 4 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway Copyright c 1994 2002 ZyXEL Communications Corp initialize ch 0 ethernet address 00 a0 c5 27 84 52 initialize ch 1 ethernet address 00 a0 c5 27 84 53 Press ENTER to continue Figure 2 3 Initial Screen 2 4 2 Entering the Password The login screen appears after you press ENTER prompting you to enter the password as shown next For your first login enter the default password 1234 As you type the password the screen displays an X for each character you type Note that if there is no activity for longer than five minutes after you log in your Prestige will automatically log you out and display a blank screen If you see a blank screen press ENTER to display the login screen again Enter Password XXXX Figure 2 4 Password Screen 2 5 Navigating the SMT Interface The SMT System Management Terminal is the interface that you use to configure your Prestige Several operations that you should be familiar with before you attempt to modify the configuration are listed next Hardware Installation and Initial Setup 2 5 Prestige 310 Broadband Sharing Gateway Table 2 3 Main Menu Commands previous menu OPERATION KEYSTROKE DESCRIPTION Move down to ENTER To move forward to a submenu type in the number of the desired another menu submenu and press ENTER Move
102. ate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Turn on your Prestige and restart your computer if prompted Verifying TCP IP Properties 1 Click Start All Programs Accessories and then Command Prompt 2 Inthe Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then the Support tab D Appendix A Prestige 310 Broadband Sharing Gateway Setting up Your Macintosh Computer Configuring TCP IP Properties 1 Ts xc 5 6 7 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Select Ethernet from the Connect via list For dynamically assigned settings select Using DHCP Server from the Configure list For statically assigned settings do the following a From the Configure box select Manually b Type your IP Address in the IP Address box c Type your Subnet mask in the Subnet mask box d Type the IP address of your Prestige in the Router address box Close the TCP IP Control Panel Click Save if prompted to save changes to your configuration Turn on your Prestige and restart your computer 1f prompted Verifying TCP IP Properties Check your TCP IP properties in
103. ay Information for Canadian Users The Industry Canada label identifies certified equipment This certification means that the equipment meets certain telecommunications network protective operation and safety requirements The Industry Canada label does not guarantee that the equipment will operate to a user s satisfaction Before installing this equipment users should ensure that it is permissible to be connected to the facilities of the local telecommunications company The equipment must also be installed using an acceptable method of connection In some cases the company s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment For their own protection users should ensure that the electrical ground connections of the power utility telephone lines and internal metallic water pipe system if present are connected together This precaution may be particularly important in rural areas Caution Users should not attempt to make such connections
104. complete the Prestige will automatically restart Firmware and Configuration Maintenance 10 7 Prestige 310 Broadband Sharing Gateway 10 3 1 Restore Using FTP or TFTP For details about backup using T FTP please refer to earlier sections on FTP and TFTP file upload in this chapter Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Type put backupfilename rom 0 where backupfilename is the name of your backup configuration file on your workstation and rom spt is the remote file name on the router This restores the configuration to your router 4 The system reboots automatically after a successful file transfer For details on FTP commands please consult the documentation of your FTP client program For details on backup using TFTP note that you must remain in this menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 10 7 Telnet into Menu 24 6 Launch the FTP client on your computer Enter open followed by a space and the IP address of your Prestige Press ENTER when prompted for a username Enter your password as requested the default i
105. d Me More gt Yes v No Y Action Matched Check Next Rule Y Check Next Rule Action Not Matched Drop Forward a A A A Drop Drop Packet PA N Forward e x y Y v Y N N Check Next Rule Accept Packet N Figure 7 9 Executing an IP Filter 7 10 Filter Configuration Prestige 310 Broadband Sharing Gateway 7 2 4 Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets For IP it is generally easier to use the IP rules directly For generic rules the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet You specify the portion of the packet to check with the Offset from 0 and the Length fields both in bytes The Prestige applies the Mask bit wise ANDing to the data portion before comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFFFFFF To configure a generic rule select Generic Filter Rule in the Filter Type field in the menu 21 6 1 and press ENTER to open Menu 21 6 1 Generic Filter Rule as shown next Menu 21 6 1 Generic Filter Rule Filter 6 1 Filter Ty
106. ddress Mapping Sets Step 4 Enter 1 to begin configuring this new set Enter a Set Name choose the Edit Action and then enter 1 for the Select Rule field Press ENTER to confirm Step 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA See Figure 6 18 Step 6 Repeat the previous step for rules 2 to 4 as outlined above Step 7 When finished menu 15 1 1 should look like as shown in Figure 6 19 6 18 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Feature Metricz N7A Private N A RIP Direction None Version N A Enter here to CONFIRM or ESC to CANCEL Figure 6 17 Example 3 Menu 11 3 The following figure shows how to configure the first rule Menu 15 1 1 1 Address Mapping Rule Bin one to one Local IP Start 192 168 1 10 End Global IP Start End Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 6 18 Example 3 Menu 15 1 1 1 Network Address Translation NAT 6 19 Prestige 310 Broadband Sharing Gateway Menu 15 1 1 Address Mapping Rules Global End IP 192 168 1 10 192 168 111 0 0 0 0
107. ddress Translation 21 Filter Set Configuration Use this menu to provide security via filters 22 SNMP Configuration Use this menu to configure SNMP related parameters 23 System Password Change your password in this menu recommended 24 System Maintenance From displaying system status to uploading firmware this menu provides comprehensive system maintenance 26 Schedule Setup Use this menu to schedule outgoing calls 99 Exit Use this menu to exit necessary for remote configuration Hardware Installation and Initial Setup 2 7 Prestige 310 Broadband Sharing Gateway 2 5 3 SMT Menus ata Glance Menu 1 Menu 2 Menu 3 Menu 4 General Setup WAN Setup LAN Setup Internet Access Setup Menu 1 1 Menu 3 1 Menu 3 2 Configure LAN Port TCP IP and Dynamic DNS Filter Setup DHCP Setup Menu 3 2 1 IP Alias Setup Menu 11 Menu 12 Menu 15 Remote Node IP Static NAT Setup Setup Route Setup Menu 11 1 Menu 11 5 Menu 12 1 Menu 15 1 Menu 15 2 Remote Node Remote Node Edit IP Static Address Mapping NAT Server Network Layer Profile Filter Route Sets Stup Menu 15 1 1 Menu 15 3 Address Mapping Trigger Port Rules Setup Menu 11 6 Traffic Redirect Setup Menu 15 1 1 x Address Mapping Rule Figure 2 6 Getting Started and Advanced Application SMT Menus 2 8 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway Menu 23 System Password Menu 21 Menu 22 Filter Set Configuratio
108. ddress Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 3 6 Internet Access Setup Ethernet The following table describes this screen Table 3 6 Internet Access Setup Menu Fields FIELD DESCRIPTION ISP s Name Enter the name of your Internet Service Provider for example myISP This information is for identification purposes only Encapsulation Press the SPACE BAR and the press ENTER to choose Ethernet The encapsulation method influences your choices for IP Address Service Type This is applicable only when you choose Ethernet as your encapsulation method Press the SPACE BAR to select Standard RR Toshiba RoadRunner Toshiba authentication method RR Manager RoadRunner Manager authentication method or RR Telstra RoadRunner Telstra authentication method Choose a RoadRunner flavor if your ISP is Time Warner s RoadRunner otherwise choose Standard Note xDSL users must choose the Standard option only The Server IP My Login IP and My Password fields are not applicable in this case My Login Enter the login name given to you by your ISP My Password Enter the password associated with the login name above Login Server IP The Prestige will find the RoadRunner Server IP if this field is left blank If it does not then you must enter the authentication server IP address IP Address Assignment If your ISP did not assign you a fixed I
109. de 2 Enter atlc after Enter Debug Mode message 3 Wait for Starting XMODEM upload message before activating Xmodem upload on your terminal 4 After successful firmware upload enter atgo to restart the router Warning Proceeding with the upload will erase the current configuration file 2 The router s console port speed Menu 24 2 2 may change when it is restarted please adjust your terminal s speed accordingly The password may change menu 23 also 3 When uploading the DEFAULT configuration file the console port speed will be reset to 9600 bps and the password to 1234 Do You Wish To Proceed Y N Figure 10 18 Menu 24 7 2 as seen using the Console Port Step 2 After the Starting Xmodem upload message appears activate the Xmodem protocol on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar Step 3 Enter atgo to restart the Prestige Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Firmware and Configuration Maintenance 10 15 Prestige 310 Broadband Sharing Gateway C Product config rom Figure 10 19 Example Xmodem Upload After the configuration upload process has completed restart the Prestige by entering atgo 10 16 Firmware and Configuration Maintenance Prestige 310
110. drid s 2 4 Filter Exampl eerte theo 7 13 Internet ACCESS ciclo ita 3 1 Filter Rule Internet Access Configuration Checklist 1 5 Configuration 7 7 Internet Access Setup 3 8 6 6 15 2 liue ii eke tari 7 3 Internet Test Setup eee ere 3 13 Summary Menu ssssseeee 7 5 IP Address ee etes 3 6 Filter Types and NAT eese 7 16 IP Address Assignment 4 7 4 9 Filters IP Aliases tte 1 3 3 4 Executing a Filter Rule 7 2 IP Alias SUD iio 3 7 Logic Flow of an IP Filter 7 9 IP Filter Execution 7 10 Front Panel LEDSs see 2 1 IP Multicast sich certes 3 4 FTP Lees enii n 13 4 IP Static Route 5 1 5 2 5 3 Pile Transfer neat 10 10 IP Static Route Setup 5 1 Over WAN cti 10 4 L Restrictions iineoa 10 4 13 4 SOLVER O 6 18 LAN Port Filter Setup sees 2 16 Full Network Management ees 1 3 LAN Se tip ss sce ete t eaten ee 2 15 G TO 9 5 Log Facility i eee rts 9 7 General Setup inest 2 11 Logging and Tracing sss 1 4 Getting Started cooooooonncnoncnocnconconnconnconccnnoconcnnnonnnos I M Getting to Know Your Prestige 1 1 j H MAC Address esee 2 15 15 2 Main Menu Commands sess 2 6 Hardware Installation and Initial Setup 2 1 Management Information
111. e Prestige 6 1 Introduction NAT Network Address Translation NAT RFC 1631 is the translation of the IP address of a host in a packet for example the source address of an outgoing packet used within one network to a different IP address known within another network 6 1 1 NAT Definitions Inside outside denotes where a host is located relative to the Prestige for example the workstations of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is travelling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes this information Table 6 1 NAT Definitions TERM DESCRIPTION Inside This refers to the host on the LAN Outside This refers to the host on the WAN Local This refers to the packet address source or destination as the packet t
112. e from the IP Address in the Check WAN IP Address field before it times out 10 The WAN connection is considered down after the Prestige times out the number of times specified in the Fail Tolerance field If your network is busy or congested you should increase the value in this field When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 4 14 Remote Node Setup Prestige 310 Broadband Sharing Gateway Chapter 5 IP Static Route Setup This chapter shows you how to configure static routes with your Prestige Static routes tell the Prestige routing information that it cannot learn automatically through other means This can arise in cases where RIP is disabled on the LAN Each remote node specifies only the network to which the gateway is directly connected and the Prestige has no knowledge of the networks beyond For instance the Prestige knows about network N2 in the following diagram through remote node router 1 However the Prestige is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the Prestige about the networks beyond the remote nodes N1 N2 N3 Prestige Router 2 Router 1 Figure 5 1 Example of Stat
113. e previous screen The table shown next describes the fields present in Menu 24 1 System Maintenance Status Note that these fields are read only and are for diagnostic purposes Menu 24 1 System Maintenance Status 1 39 06 Thus Jan 1 1970 Port Status TxPkts RxPkts Cols Tx B s Rx B s Up Time WAN Down 1 0 0 0 0 0 00 00 LAN Down 0 0 0 0 0 0 00 00 Port Ethernet Address IP Address IP Mask DHCP WAN 00 a0 c5 21 8c a3 0 0 0 0 0 0 0 0 Client LAN 00 a0 c5 21 8c a2 192 168 1 1 255 255 255 0 Server System up Time 1 08 22 Name P310 www zyxel com Routing IP ZyNOS F W Version V 251 2 17 2000 Press Command COMMANDS 1 Drop WAN 9 Reset Counters ESC Exit Figure 9 2 Menu 24 1 System Maintenance Status The following table describes the fields present in Menu 24 1 System Maintenance Status Table 9 1 System Maintenance Status Menu Fields FIELD DESCRIPTION Port The WAN or LAN port Status Shows the port speed and duplex setting if you re using Ethernet Encapsulation and Down line is down idle line ppp idle dial starting to trigger a call and drop dropping a call if you re using PPPOE Encapsulation TxPkts The number of transmitted packets on this port RxPkts The number of received packets on this port Cols The number of collisions on this port Tx B s Shows the transmission speed in Bytes per second on this port Rx B s Shows the rec
114. e trennen 7 4 Figure 7 4 NetBIOS WAN Filter Rules Summary eese nennen nennen nennen 7 4 Figure 7 5 NetBIOS LAN Filter Rules Summary seen eene eene nre nennen enne 7 5 Figure 7 6 TEL FTP WEB WAN Filter Rules Summary eese nennen 7 5 Figure 7 7 SNMP WAN Filter Rules Summary eese enne ener nre enne tenent 7 5 Figure 7 8 Menu 21 1 1 TCPAP Filter Rule 5o etie eed RR RUE e REIR egt 7 7 Figure 7 9 Executing an IP Filter 4e id ON o cer e fa REIP eh wn rowan 7 10 Figure 7 10 Menu 21 6 1 Generic Filter Rule sse enne 7 11 Figure EL Filter Example ode e FEDERE esiti i m ROPA cos aat 7 13 Figure 7 12 Example Filter Menu 21 6 1 sse eene ener ener enne nnns 7 14 Figure 7 13 Example Filter Rules Summary Menu 21 3 sse renes 7 15 Figure 7 14 Example Filter Rules Summary essent nennen 7 16 Figure 7 15 Protocol and Device Filter Sets c ccscseseseesssenessnencevecosenenvevenevenencsseesosenvsvnavedenedonnensnoaneres 7 17 Figure 7 16 Filtering LAN Eratfie s onde e Rp e re Rete tn perpe p tegens 7 17 Figure 7 17 Filtering Remote Node Traffic oooonccnconccocononocnnoncnncononnnononnnonconononon non nonnon nre nre tenn ees 7 18 Figure 8 1 SNMP Management Model eese eene entere rre trennen inneren enne 8 1 Figure 8 2 Menu 22 SNMP Configuration nre nreneenren nennen nr enne nre nn enne teen nennen 8 3
115. eb service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers Entry 12 port 1026 is non editable see Figure 6 10 In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default is not defined the service request is simply discarded 6 12 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the included disk for more examples and details on NAT Table 6 7 Services amp Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 Telnet 23 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office
116. ed FTP and TFTP Servers The Prestige s embedded FTP and TFTP servers enable fast firmware upgrades as well as configuration file backups and restoration 1 2 21 Packet Filtering The Packet Filtering mechanism blocks unwanted traffic from entering leaving your network 1 2 22 Upgrade Prestige Firmware via LAN The firmware of your Prestige can be upgraded via the LAN 1 3 Applications for the Prestige 310 1 3 1 Broadband Internet Access via Cable or DSL Modem A cable modem or xDSL modem can connect to the Prestige 310 for broadband Internet access via Ethernet port on the modem A typical Internet access application is shown next Prestige Cable xDSL Modem Figure 1 1 Internet Access Application 1 4 Getting to Know Your Prestige Prestige 310 Broadband Sharing Gateway 1 4 Internet Access Configuration Checklist The following table shows the minimum SMT menu configurations you ll need to make without changing the default Prestige values in order to access the Internet Also refer to the HTML help on the Web Configurator Table 1 1 Internet Access Configuration Checklist SMT FIELD ACTION System Name This field is for identification purposes but because some ISPs check this name you should enter your computer s Computer Name e In Windows 95 98 click Start gt Settings gt Control Panel gt Network Click the Identification tab note the entry for the Computer name field and e
117. ees esses tenent enne tn natuss tn setas tasto sense tosta seta sno P Appendix G Hardware Specifications eese eese eee eee eene eese en sensns tns tn netu setas tuse tn setas tasto assa stes tns sun Q DIS eC R Table of Contents xiii Prestige 310 Broadband Sharing Gateway List of Figures Figure 1 1 Internet Access Application esses ener nennen nnne nns 1 4 Figure 2 1 Front Panel LEDS dea 2 1 Figure 2 2 Prestige 310 Rear Panel Connections ener enne 2 2 Figure 2 3 Initial Screen sci uo oett pee as 2 5 Figure 2 4 Password Screen E pesas 2 5 Figure 2 5 Prestige 310 Mam Menu ads 2 7 Figure 2 6 Getting Started and Advanced Application SMT Menus sse 2 8 Figure 2 7 Advanced Management SMT Menus essere eene ennt nrenne nennen rnnt 2 9 Figure 2 8 Menu 23 System Password eese eene ener trennen tenente ttn thee ttes 2 10 Figure 2 9 Menu 1 General Set p ionic pp e RENE ERU er R E d 2 12 Figure 2 10 Contieure Dynamic DNS leia ia 2 13 Figure 2 11 Menu 2 WAN Setup iii andit eee o n nh e epe ep b de pea RR Ee 2 14 Figure 2 12 Menu 3 LAN latin iia 2 15 Figure 2 13 Menu3 1 LAN Port Filter Set p 5i beoe oa eoe bee aba 2 16 igure 3 1 Physical Networks todas ptem di turi 3 4 Figure 322 Partitioned Logical Networks note nte o eee Or p de 3 4 Figure 3 3 Menu 3 LAN Setup 10 100 Mbps Ethernet esesssssseseeeeeeeereneneeen nenne 3
118. entication method Choose one of the RoadRunner methods if your ISP is Time Warner s RoadRunner otherwise choose Standard Note xDSL users m ust choose the Standard option only The Server IP My Login IP and My Password fields are not applicable in this case Service Name This is valid only when you have chosen PPPoE encapsulation If you are using PPPoE encapsulation then type the name of your PPPoE service here poellc Outgoing My Login My Password Server IP This field is applicable for PPPoE encapsulation only Enter the login name assigned by your ISP when the Prestige calls this remote node Some ISPs append this field to the Service Name field above for example jim poellc to access the PPPoE server Enter the password assigned by your ISP when the Prestige calls this remote node Valid for PPPoE encapsulation only This field is valid for RoadRunner service type only The Prestige will find the RoadRunner Server IP automatically if this field is left blank If it does not then you must enter the authentication server IP address here jim Kkkkk Route This field refers to the protocol that will be routed by your Prestige IP is the only option for the Prestige 10 Edit IP This field leads to a hidden menu Press SPACE BAR to select Yes and press ENTER to go to Menu 11 3 Remote Node Network Layer Options Yes Remote Node Setup Prestige 3
119. enu 15 1 1 1 described later and the values are displayed here Ordering Your Rules Ordering your rules is important because the Prestige applies the rules in the order that you specify When a rule matches the current packet the Prestige takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the new rule will be rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by 1 rule so as old rule 5 becomes rule 4 old rule 6 becomes rule 5 and old rule 7 becomes rule 6 6 10 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway Table 6 5 Fields in Menu 15 1 1 FIELD DESCRIPTION EXAMPLE Set Name Enter a name for this set of rules This is a required field If this NAT_SET field is left blank the entire set will be deleted Action The default is Edit Edit means you want to edit a selected rule Edit see following field Insert Before means to insert a rule before the rule selected The rules after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule None disables the Select Rule item
120. eption speed in Bytes per second on this port 9 2 System Information and Diagnosis Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION Up Time Total amount of time the line has been up LAN Ethernet Address The LAN port Ethernet address IP Address The LAN port IP address IP Mask The LAN port IP mask DHCP The LAN port DHCP role WAN Ethernet Address The WAN port Ethernet address IP Address The WAN port IP address IP Mask The WAN port IP mask DHCP The WAN port DHCP role System up Time The total time the Prestige has been on Name This is the Prestige s system name domain name assigned in menu 1 for example System Name xxx Domain Name baboo mickey com Name xxx baboo mickey com ZyNOS F W Version The ZyNOS Firmware version and the date created You may enter 1 to drop the PPPoE PPTP connection 9 to reset the counters or ESC to return to menu 24 9 2 System Information and Console Port Speed This section describes your system and allows you to choose different console port speeds To get to the System Information and Console Port Speed Step 5 Enter 24 to go to Menu 24 System Maintenance Step 6 Enter 2 to open Menu 24 2 System Information and Console Port Speed Step 7 From this menu you have two choices as shown in the next figure System Information and Diagnosis 9 3 Prestige 310 Broadband Sharing Gateway
121. er is still between the PC and the ISP The various connections in this setup are depicted in the following diagram The drawback of this solution is that it requires one separate ATM VC per destination ATM over ADSL PC ANT ISP PP TP RFC 2364 PPP Diagram 3 Transport PPP frames over Ethernet PPTP and the Prestige When the Prestige is deployed in such a setup it appears as a PC to the ANT ADSL Network Termination In Windows VPN or PPTP Pass Through feature the PPTP tunneling is created from Windows 95 98 and NT clients to an NT server in a remote location The pass through feature allows users on the network to access a different remote server using the Prestige s Internet connection In NAT mode the Prestige is able to pass the PPTP packets to the internal PPTP server i e NT server behind the NAT Users need to forward PPTP packets to port 1723 by configuring the server in Menu 15 2 Server Set Setup In the case above as the PPTP connection is initialized by the remote PPTP Client the user must configure the PPTP clients The Prestige initializes the PPTP connection hence there is no need to configure the remote PPTP clients PPTP Protocol Overview PPTP is very similar to L2TP since L2TP is based on both PPTP and L2F Cisco s Layer 2 Forwarding Conceptually there are three parties in PPTP namely the PNS PPTP Network Server the PAC PPTP H Appendix C Prestige 310 Broadband Sharing Gateway Access Co
122. er rules Generic Filter Device rules and Protocol Filter TCP IP rules Generic Filter rules act on the raw data from to LAN and WAN Protocol Filter rules act on the IP packets Generic and TCP IP filter rules are discussed in more detail in the next section When NAT Network Address Translation is enabled the inside IP address and port number are replaced on a connection by connection basis which makes it impossible to know the exact address and port on the wire Therefore the Prestige applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On the other hand the generic or device filters are applied to the raw packets that appear on the wire They are applied at the point when the Prestige is receiving and sending the packets i e the interface The interface can be an Ethernet port or any other hardware port The following figure illustrates this 7 16 Filter Configuration Prestige 310 Broadband Sharing Gateway Incoming Route Outgoing Figure 7 15 Protocol and Device Filter Sets 7 5 Applying a Filter and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections 7 5 1 LAN Traffic You seldom need to filter LAN traffic
123. ers Getting to Know Your Prestige 1 1 Prestige 310 Broadband Sharing Gateway 1 2 4 Traffic Redirect Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to the Internet thus acting as an auxiliary backup when your regular WAN connection fails 1 2 5 Port Forwarding Use this feature to forward incoming service requests to a server on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server 1 2 6 Trigger Port Forwarding LAN computers dynamically take turns using the mapping based on the trigger port With this feature you needn t reconfigure a new IP address each time you want a different computer as you would with Port Forwarding 1 2 7 Internal SPTGEN Internal SPTGEN System Parameter Table Generator lets you configure save and upload multiple menus at the same time using just one configuration text file eliminating the need to navigate and configure individual SMT menus for each Prestige 1 2 8 DHCP Support DHCP Dynamic Host Configuration Protocol allows the individual clients workstations to obtain the TCP IP configuration at start up from a centralized DHCP server The Prestige has built in DHCP server capability enabled by default which means it can assign IP addresses an IP default gateway and DNS servers to Windows 9X Windows NT and other systems that support the DHC
124. es You can also access your FTP server or Web site on your own computer using a DNS like address for example myhost dhs org where myhost is a name of your choice which will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name To use this service you must register with the Dynamic DNS service provider The Dynamic DNS service provider will give you a password or key The Prestige supports www dyndns org You can apply to this service provider for Dynamic DNS service DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname Hardware Installation and Initial Setup 2 11 Prestige 310 Broadband Sharing Gateway 2 7 2 Procedure For Configuring Menu 1 Step 1 Enter 1 in the Main Menu to open Menu 1 General Setup shown next Menu 1 General Setup System Name xxx Domain Name zyxel com tw Edit Dynamic DNS No Press ENTER to Confirm or ESC to Cancel Figure 2 9 Menu 1 General Setup
125. estige 310 Broadband Sharing Gateway Menu 24 9 2 Call History Phone Number i Rate call Max 1 2 3 4 Sin 6 Ty 8 95 0 m Enter Entry to Delete 0 to exit Figure 11 5 Call History Table 11 2 Call History Fields FIELD DESCRIPTION Phone Number The PPPoE service names are shown here Dir This shows whether the call was incoming or outgoing Rate This is the transfer rate of the call call This is the number of calls made to or received from that telephone number Max This is the length of time of the longest telephone call Min This is the length of time of the shortest telephone call Total This is the total length of time of all the telephone calls to from that telephone number You may enter an entry number to delete it or 0 to exit 11 3 Time and Date Setting There is no Real Time Chip RTC in the Prestige so there is a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige Menu 24 10 allows you to update the time and date settings of your Prestige The real time is then displayed in the Prestige error logs and firewall logs If you do not choose a time service protocol that your timeserver will send when you turn on the Prestige then you can enter the time manually but each time the system is booted the time and date will be reset to 2000 01 01 00 00 00 Select menu 24 i
126. et p xcii agite tae ea end BH ed ae I Ie Re EUER RT eit pns 14 2 14 4 Applying Schedule Sets to Remote Nodes sese ener 14 3 PART IV TROUBLESHOOTING AND ADDITIONAL INFORMATION e eeeeen ette ense enne tnnnue IV Chapter 15 Troubleshooting aeree eee eee eee enne tnnt tn sten sits sins tn sens enne tunes sess en netu seta rotjes vseen ssis 15 1 15 1 Problems Starting Up the Prestige sssessseseeeeeeneenee nennen nennen nnne nennen enne 15 1 15 2 Problems with the LAN Interface 5 oup ede un De AE UD ertet POM ira a 15 1 15 3 Problems with the WAN Interface iiit nte entre eter en Pet nore Mgr en satan 15 2 15 4 Problems with Internet AcCe35 eh A la da ree RES DRE 15 2 15 5 Problems wath the Password dee ho DE dts 15 3 15 6 Problems with Remote Management cooooocononnnonnnonnnonconnconnonn nono nono non ron nono nro nnnm ener enne nennen 15 3 Appendix Wisi dr A vuJibeUagudilm c O F OD uium H Xii Table of Contents Prestige 310 Broadband Sharing Gateway Appendix D Example Internal SPTGEN Screens o cmoococnnononnnonnnnncnnncnnncnnncanoonnconocnocnconnconnoonnoon nooo sense tassa sn K Appendix E Boot Commands eee eee eee eese eese testen sense tasas ttn s tests sensns ense tuse tu seta setas s tn setas een sean N Appendix F Power Adapter Specifications eee eee ee eee s
127. et mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your Prestige over the WAN the gateway must be the IP address of one of the Remote Nodes Metric Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts Once you have completed filling in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel IP Static Route Setup 5 3 Prestige 310 Broadband Sharing Gateway Chapter 6 Network Address Translation NAT This chapter discusses how to configure NAT on th
128. ferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you telnet into the Prestige you will see the following screens for uploading firmware and the configuration file using FTP 10 10 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Menu 24 7 1 System Maintenance Upload System Firmware To upload the system firmware follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your system Then type root and SMT password as requested Type put firmwarefilename ras where firmwarefilename is the name of your firmware upgrade file on your workstation and ras is the remote file name on the system The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 10 13 Telnet Into Menu 24 7 1 Upload System Firmware 10 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below Launch the FTP client on your workstation Ty
129. find a protocol that works The main differences between them are the format Daytime RFC 867 format is day month year time zone of the server System Maintenance and Information 11 5 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None is the default value Enter the time manually Each time you turn on the Prestige the time and date will be reset to 2000 1 1 0 0 0 Time Server IP Enter the IP address or domain name DNS of your time server Address Check with your ISP network administrator if you are unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays an updated date only when you reenter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR to set the time difference between your time zone and Greenwich Mean Time GMT Daylight Saving If you use daylight savings time then choose Yes Start Date If using daylight savings time enter the month and day that it starts on End Date If using daylight savings time enter the month and day that it ends on Once you have filled in this menu press ENTER at the message Press E
130. firm Enter here to CONFIRM or ESC to CANCEL Figure 2 8 Menu 23 System Password Step 2 Type your existing password in the Old Password field and press ENTER Step 3 Type your new system password in the New Password field and press ENTER Step 4 Re type your new system password for confirmation in the Retype to confirm field and press ENTER Note that as you type a password the screen displays an X for each character you type 2 6 1 Resetting the Prestige If you have forgotten your password or cannot access the SMT menus you will need to reinstall the configuration file Uploading the configuration file replaces the current configuration file with the default configuration file you will lose all configurations that you had before and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity and 1 stop bit 8n1 The password will be reset to the default of 1234 Turn off the Prestige and begin a terminal emulation software session with the default console port settings Turn on the Prestige again When you see the message Press Any key to enter Debug Mode within 3 seconds press any key to enter debug mode You should already have downloaded the correct file from your nearest ZyXEL FTP site Refer to the Firmware and Configuration Maintenance chapter for more information on how to transfer the configuration file to your Prestige 2 10 Hardware Installation and In
131. ge of this field is 0 to 65535 This field reads don t care if it is 0 0 65535 Port Comp Select the comparison to apply to the destination port in the packet against the value given in Destination Port field Options are None Less Greater Equal or Not Equal Equal Source IP Address Enter the source IP Address of the packet you wish to filter This field reads don t care if it is 0 0 0 0 IP Address IP Mask Enter the IP mask that will be used to mask the bits of the IP address given in the Source IP Address field IP Mask Port Enter the source port of the packets that you wish to filter The range of this field is 0 to 65535 This field reads don t care if it is 0 0 65535 Port Comp Select the comparison to apply to the source port in the packet against the value given in Source Port field Options are None Less Greater Equal or Not Equal None TCP Estab This field is applicable only when IP Protocol field is 6 TCP If Yes the rule matches only established TCP connections else the rule matches all TCP packets No More If Yes a matching packet is passed to the next filter rule before an action is taken else the packet is disposed of according to the action fields If the More field is Yes then Action Matched and Action No 7 8 Filter Configuration Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE
132. ic Routing Topology IP Static Route Setup 5 1 Prestige 310 Broadband Sharing Gateway 5 1 IP Static Route Setup You configure IP static routes in menu 12 1 by selecting one of the IP static routes as shown below Enter 12 from the main menu Menu 12 IP Static Route Setup T 20 325 4 5 6 Ts 8 Enter selection number Figure 5 2 Menu 12 IP Static Route Setup Now enter the index number of one of the static routes you want to configure Menu 12 1 Edit IP Static Route Route 1 Route Name Active No Destination IP Address IP Subnet Mask Gateway IP Address Metric 2 Private No Press ENTER to CONFIRM or ESC to CANCEL Figure 5 3 Menu 12 1 Edit IP Static Route The following table describes fields in Menu 12 1 Edit IP Static Route Menu 5 2 IP Static Route Setup Prestige 310 Broadband Sharing Gateway Table 5 1 IP Static Route Menu Fields FIELD DESCRIPTION Route This is the index number of the static route that you chose in menu 12 Route Name Enter a descriptive name for this route This is for identification purposes only Active This field allows you to activate deactivate this static route Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subn
133. ield and then press ENTER Table 4 6 Menu 11 1 Remote Node Profile Traffic Redirect Field Redirect Setup FIELD DESCRIPTION EXAMPLE Edit Traffic Press SPACE BAR to select Yes or No Redirect Select No default if you do not want to configure this feature Select Yes and press ENTER to configure Menu 11 6 Traffic Yes Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 4 5 1 Traffic Redirect Setup Configure parameters that determine when the Prestige will forward WAN traffic to the backup gateway using Menu 11 6 Traffic Redirect Setup 4 12 Remote Node Setup Prestige 310 Broadband Sharing Gateway Menu 11 6 Traffic Redirect Setup Active Yes Configuration Backup Gateway IP Address 0 0 0 0 Check WAN IP Address 0 0 0 0 Fail Tolerance 5 Check Connection Every Timeout 10 Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 4 10 Menu 11 6 Traffic Redirect Setup Table 4 7 Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR and select Yes to enable or No to disable traffic redirect setup The default is No When the Active field is Yes you must configure every field in this screen unless you are using PPPoE or PPTP encapsulation except Check WAN IP Address and Timeout If you don t configure these fields
134. ilter rule before No an action is taken else the packet is disposed of according to the action fields If the More field is Yes then Action Matched and Action Not Matched will be No Log Select the logging option from the following None None No packets will be logged Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule parameters will be logged Both All packets will be logged Action Select the action for a matching packet Options are Check Next Check Next Rule Matched Rule Forward or Drop Action Not Select the action for a packet not matching the rule Options are Check Next Rule Matched Check Next Rule Forward or Drop Once you have completed filling in this menu press ENTER at the message Press Enter to Confirm to save your configuration or press ESC to cancel This data will now be displayed on Menu 21 6 Filter Rules Summary 7 12 Filter Configuration Prestige 310 Broadband Sharing Gateway gt Prestige e ENERO use trying to access E the Prestige via Incoming FTP or Telnet Traffic Filter Figure 7 11 Filter Example 7 3 Example Filter Let s look at an example to block outside users from telnetting into the Prestige See the included CD for more example filters Step 1 Step 2 Step 3 Step 4 Step 5 Enter 21 from the main menu to open Menu 21 Filter Set Config
135. ilters 5 device filters Output Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL Figure 4 6 Remote Node Filter Ethernet Encapsulation 4 10 Remote Node Setup Prestige 310 Broadband Sharing Gateway Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 5 device filters Output Filter Sets protocol filters 1 device filters Enter here to CONFIRM or ESC to CANCEL Figure 4 7 Remote Node Filter PPTP PPPoE Encapsulation 4 5 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway on the LAN when the Prestige cannot connect to the Internet thus acting as an auxiliary backup when your regular WAN connection fails Figure 4 8 Traffic Redirect Hardware Setup To configure the parameters for traffic redirect enter 11 from the main menu to display Menu 11 1 Remote Node Profile as shown next Remote Node Setup 4 11 Prestige 310 Broadband Sharing Gateway Menu 11 1 Remote Node Profile Rem Node Name Route IP Active Yes Encapsulation Ethernet Edit IP No Service Type Standard Session Options Service Name N A Outgoing My Login N A My Password N A Server IP N A Figure 4 9 Menu 11 1 Remote Node Profile Edit Filte ets No Edit Traffic Redirect Yes Press ENTER to Confirm or ESC to Cancel To configure traffic redirect properties press SPACE BAR to select Yes in the Edit Traffic Redirect f
136. in a Multicast group The Prestige supports both IGMP version 1 IGMP v1 and version 2 IGMP v2 Press the SPACE BAR to enable IP Multicasting or select None to disable it See the previous Part for more information on this feature Once you have completed filling in the Network Layer Options Menu press ENTER to return to menu 11 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 4 3 2 Editing TCP IP Options with PPPoE Encapsulation Make sure Encapsulation is set to PPPoE in menu 11 1 Move the cursor to the Edit IP field in menu 11 1 The menu and filed are the same as described for PPTP encapsulation 4 4 Remote Node Filter Move the cursor to the field Edit Filter Sets in menu 11 1 then press the SPACE BAR to set the value to Yes Press ENTER to open Menu 11 5 Remote Node Filter Use menu 11 5 to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the Prestige to prevent certain packets from triggering calls You can specify up to 4 filter sets separated by commas for example 1 5 9 12 in each filter field Note that spaces are accepted in this field For more information on defining the filters please refer to the Filters chapter For PPPoE or PPTP encapsulation you can also specify remote node call filter sets Menu 11 5 Remote Node Filter Input Filter Sets protocol f
137. ing the Power Adapter to your Prestige Connect one end of the power adapter to the port labeled Power on the rear panel of your Prestige To prevent damage to the Prestige make sure you have the correct power adapter See the Power Adapter Specification Appendix for regional specifications 2 2 5 Grounding the Prestige Optional Ground the Prestige by connecting a grounded wire to the F G Frame Ground of the Prestige 2 3 Additional Installation Requirements 1 A computer with an installed Ethernet NIC Network Interface Card 2 A computer equipped with communications software called terminal emulation software configured to the following parameters e VT10O0 terminal emulation e 9600 baud e No parity 8 data bits 1 stop bit flow control set to none 3 Acable xDSL modem and an ISP account 2 4 Turning on Your Prestige At this point you should have connected the Console port the LAN port the WAN port and the Power to the appropriate devices or lines Plug the power adapter into a power source The PWR LED turns on The SYS LED will come on after the system tests are complete The WAN LED and one of the LAN LEDs turn on immediately after the SYS LED turns on if the proper connections have been made to the LAN and WAN ports 2 4 1 Initial Screen When you turn on your Prestige it performs several internal tests as well as line initialization After the tests the Prestige asks you to press ENTER to continue
138. ink is sending receiving packets 2 2 Prestige 310 Rear Panel and Connections The following figure shows the rear panel of your Prestige 310 and the related connections FG POWER UPLINK 10 100M CONSOLE NDC Eau Broadband modem Internet Router Internet Service Provider Computer Figure 2 2 Prestige 310 Rear Panel Connections This section outlines how to connect your Prestige 310 to the LAN and the WAN If you want to connect a cable modem you must connect the coaxial cable from your cable service to the threaded coaxial cable connector on the back of the cable modem Connect an xDSL modem to the xDSL wall jack 2 2 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway 2 2 1 Connecting the Console Port Use terminal emulator software on a computer for configuring your Prestige via console port Connect the 9 pin end of the console cable to the console port of the Prestige and the other end choice of 9 pin or 25 pin depending on your computer end to a serial port COM1 COM2 or other COM port of your computer You can use an extension RS 232 cable if the enclosed one is too short After the initial setup you can modify the configuration remotely through Telnet connections 2 2 2 Connecting the Prestige to the Broadband Modem Connecting the Prestige to a Cable Modem Connect the WAN port on the Prestige to the Ethernet port on the cable modem using the cable tha
139. intenance Starting Xmodem Download Screen ess 10 6 Figure 10 5 Backup Configuration Example nre enne enne nne 10 7 Figure 10 6 Successful Backup Confirmation Screen seesssssseeeeeeeeenen eterne 10 7 Figure 10 7 Telnet into Menu 24 6 iii did 10 8 Figure 10 8 Restore Using FTP or TFTP Session Example eese 10 9 Figure 10 9 System Maintenance Restore Configuration eese 10 9 Figure 10 10 System Maintenance Starting Xmodem Download Screen sess 10 9 Figure 10 11 Restore Configuration Example essere eren enne nre 10 10 Figure 10 12 Successful Restoration Confirmation Screen sess 10 10 Figure 10 13 Telnet Into Menu 24 7 1 Upload System Firmware sss 10 11 Figure 10 14 Telnet Into Menu 24 7 2 System Maintenance cooconocnccconcnncononnnononnnoncnnnonnonnonnc eene 10 12 Figure 10 15 FTP Session Example of Firmware File Upload sess 10 13 Figure 10 16 Menu 24 7 1 as seen using the Console Port ccscccsceesseesceeseeesceeeceecceeecseeeseeeseeeeeenetetenes 10 14 Figure 10 17 Example Xmodem Upload 354 re re ettet tut ODER Ee renean 10 15 Figure 10 18 Menu 24 7 2 as seen using the Console Port seseseesseeeeeeeneneneene nennen 10 16 Figure 10 19 Example Xmodem Upload esee ener nnne 10 17 Figure 11 1 Command Mode in Menu ZA oooononoc
140. is set 7 14 Filter Configuration Prestige 310 Broadband Sharing Gateway Menu 21 1 Filter Rules Summary Filter Rules SA 0 0 0 0 DA 0 0 0 0 Enter Filter Rulg Number 1 6 to Configure 2 This shows you that you have M N means an action can be taken configured and activated A immediately The action is to drop the Y a TCP IP filter rule Type packet m D if the action is matched and IP Pr 6 for destination FTP to forward the packet immediately n N if ports DP 21 the action is not matched and there are more rules to be checked there is one more in this example Figure 7 13 Example Filter Rules Summary Menu 21 3 Step 7 Enter 2 in the above menu to configure the second rule Configure this filter rule with port number as 23 Telnet as shown in the next screen after you press ENTER to confirm Filter Configuration 7 15 Prestige 310 Broadband Sharing Gateway Menu 21 1 Filter Rules Summary Filter Rules Enter Filter Rule Number 1 6 to Configure Figure 7 14 Example Filter Rules Summary After you ve created the filter set you must apply it Step 1 Enter 11 from the main menu to display menu 11 Step 2 Go to the Edit Filter Sets field press the SPACE BAR to select No and press ENTER Step 3 This brings you to menu 11 5 Apply the TELNET FTP WAN filter set filter set 7 as shown in Figure 7 17 7 4 Filter Types and NAT There are two classes of filt
141. itial Setup Prestige 310 Broadband Sharing Gateway 2 7 General Setup Menu 1 General Setup contains administrative and system related information shown next The System Name field is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name e In Windows 95 98 click Start gt Settings gt Control Panel gt Network Click the Identification tab note the entry for the Computer name field and enter it as the Prestige System Name e In Windows 2000 click Start gt Settings gt Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the Prestige System Name e In Windows XP click start gt My Computer gt View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the Prestige System Name The Domain Name entry is what is propagated to the DHCP clients on the LAN If you leave this blank the domain name obtained by DHCP from the ISP is used While you must enter the host name System Name on each individual computer the domain name can be assigned from the Prestige via DHCP 2 7 1 Dynamic DNS Dynamic DNS Domain Name System allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe or other servic
142. l Triggering Packet Please enter selection Menu 24 3 System Maintenance Log and Trace Figure 9 6 Examples of Error and Information Messages Examples of typical error and information messages are presented in the figure below 59 Thu Jan 1 00 00 03 1970 P 60 Thu Jan 1 00 05 11 1979 61 Thu Jan 1 00 17 59 1970 62 Thu Jan 1 00 24 40 1970 INFO SMT Session Begin PINI INFO SMT Session End PINI INFO SMT Session Begin PINI INFO SMT Session End PINI INFO SMT Session Begi Figure 9 7 Examples of Error and Information Messages 9 3 2 UNIX Syslog The Prestige uses the UNIX syslog facility to log the CDR Call Detail Record and system messages to a syslog server Enter 2 in menu 24 3 to display and configure Menu 24 3 2 System Maintenance Syslog and Accounting as shown next System Information and Diagnosis Prestige 310 Broadband Sharing Gateway Menu 24 3 2 System Maintenance UNIX Syslog UNIX Syslog Active No Syslog IP Address Log Facility Local 1 Types CDR No Packet triggered No Filter log No PPP log No Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 9 8 Menu 24 3 2 System Maintenance UNIX Syslog Y ou need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log Table 9 3 System Maintenance Menu Syslog Parameters PARAMETER D
143. l time periods for remote nodes 14 1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a remote node should be called and for how long This feature is similar to the scheduler in a video cassette recorder you can record programs at times that you specify You can apply up to four schedule sets in Menu 11 1 Remote Node Profile 14 2 Schedule Setup From the main menu enter 26 to access Menu 26 Schedule Setup as shown next Menu 26 Schedule Setup Schedule Schedule Set Name Set Name ak 7 2 8 3 9 4 10 5 11 6 12 Enter Schedule Set Number to Configure Edit Name Press ENTER to Confirm or ESC to Cancel Figure 14 1 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4 as the Prestige by default applies the lowest numbered set first Set 2 will take precedence over set 3 and 4 and so on You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node Call Scheduling 14 1 Prestige 310 Broadband Sharing Gateway To delete a schedule set enter the set number and press the SPACE BAR in the Edit Name field 14 3 Schedule Set Setup To setup a schedule set select the schedule set you want to setup from menu 2
144. larly put config rom rom 0 transfers the configuration file on your computer config rom to the Prestige and renames it rom 0 Likewise get rom 0 config rom transfers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt FTP Session Example of Firmware File Upload 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp put firmware bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 1103936 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Figure 10 15 FTP Session Example of Firmware File Upload More commands found in third party FTP clients are listed earlier in this chapter Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to work over WAN 10 4 3 TFTP File Upload The Prestige also supports the uploading of firmware files using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To transfer the firmware and the configuration file follow the procedure shown next 10 12 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Step 1 Use telnet from your computer to connect
145. le Set Setup sss 14 2 Encapsulation sess 3 10 4 3 Schedule Sets O 3 11 Duration sese eee 14 2 A rep I ed 1 3 Schedule Setup eie 14 1 A asinos ot uU ohm XX Server 3 6 3 9 4 2 6 5 6 8 6 9 6 12 6 13 Prestige as a PPPoE Client suussss Ge Canaan 6 14 6 16 6 17 11 5 11 6 Prestige Firmware Upgrade Via LAN 1 4 Service Type genes 3 9 4 2 15 2 Pra assent lude esta 4 7 4 9 5 3 Setup A Schedule ssssssssss 14 2 Private IP Addresses sss 3 3 SMT Protocol Filters sse 7 1 Main Mem coi 2 6 Main Menu Summary sss 2 7 i Menus at a Glance ssssssesss 2 8 Rear Panel and Connections se 2 2 Navigating the Interface eee 2 5 T Index Prestige 310 Broadband Sharing Gateway SINR a de ht e et Laie da Nat tet 1 1 Time and Date Setting 1 3 11 4 11 5 INDOUL 5 de t e Mee oe 8 1 A E tet 11 6 CI sese 8 3 Timeo tte nr o ds 3 11 3 12 4 6 Configuration sccis 8 1 A n R ote KRE AEEA 9 5 Configuration ici 8 2 Traffic Redirect sss 1 2 4 11 Gel EE 8 2 NER 4 12 4 13 Manager AAA edet d eene 8 2 Trigger Port Forwarding 1 2 6 22 MIBSz siete Rr Rer 8 2 loc E 6 24 B ro 8 2 Process Example sss 6 24 Trusted Host nee 8 3 Troubleshooting sese 15 1 Specify Filter Sets
146. le xDSL modem If the ISP checks the User ID make sure that you have entered the correct Service Type user name in the My Login field and password in the My Password field in Menu 4 Internet Access Setup Cannot connect to a remote node Check menu 24 1 to verify the line status Contact your service or ISP provider if your line remains down 15 4 Problems with Internet Access Table 15 4 Internet Access PROBLEM CORRECTIVE ACTION Cannot access the Connect your cable xDSL modem with the Prestige using appropriate cable Internet Check with the manufacturer of your Cable xDSL modem about the cable requirement because some devices require a crossover cable and others a straight through cable Verify your settings in menu 3 2 and menu 4 15 2 Troubleshooting Prestige 310 Broadband Sharing Gateway 15 5 Problems with the Password Table 15 5 Troubleshooting the Password PROBLEM CORRECTIVE ACTION Cannot access the The Password field is case sensitive Make sure that you enter the correct Prestige password using the proper casing If you forget your password you will need to restore the factory default configuration file This will restore all of the factory defaults including the password Refer to the Firmware and Configuration Maintenance chapter 15 6 Problems with Remote Management Table 15 6 Troubleshooting Remote Management PROBLEM COR
147. losing ppp Proto Shutdown Proto LCP ATCP BACP BCP CBCP CCP CHAP PAP IPCP IPXCP Jul 19 11 42 44 192 168 102 2 ZyXEL ppp LCP Closing Jul 19 11 42 49 192 168 102 2 ZyXEL ppp IPCP Closing Jul 19 11 42 54 192 168 102 2 ZyXEL ppp CCP Closing System Information and Diagnosis 9 9 Prestige 310 Broadband Sharing Gateway 9 3 3 Call Triggering Packet Call Triggering Packet displays information about the packet that triggered a dial out call in an easy readable format Equivalent information is available in menu 24 1 in hex format An example is shown next This feature is available for PPTP PPPoE Encapsulation only IP Frame ENETO RECV Size Frame Type IP Header Flags Protocol P Header Flags P Version Header Length Type of Service Total Length dentification Fragment Offset Time to Live Header Checksum Source IP Destination IP Source Port Destination Port Sequence Number Ack Number Header Length Window Size Checksum Urgent Ptr Options 0000 RAW DATA 0000 45 0010 00 0020 60 Press any key 02 04 02 00 00 2C 00 02 00 00 04 01 44 44 Time 17 02 44 262 4 20 0x00 0 0x002C 44 0x0002 2 0x00 0x00 OxFE 254 0x06 TCP OxFB20 64288 0xCOA80101 192 168 1 1 0x00000000 0 0 0 0 0x0401 1025 0x000D 13 0x05B8D000 95997952 0x00000000 0 24 0x02 S 0x2000 8192 OxEO6A 57450 0x0000 0
148. m the DOS Prompt sse 10 3 10 2 3 Backup Configuration Using TFTP sssssssssesseeeeeeeeeenneen eene eren nennen 10 5 10 24 TFTP Comand Example ete ete eh a eek eels deed eee tug ite Pod 10 5 10 2 5 Backup Via Console Port ice te eod ter Abo Tte GER eo eta Ede reda 10 6 10 3 Restore Configuration oe Hee UR cod RENI Aen ea oe RE E ED a eae 10 7 10 3 1 Restore Using FTP or T E e ar a an en enne 10 8 10 3 2 Restore Via Console POIt oath oer er RD EE De RR EE ERU REPRE AREE Aid 10 9 10 4 Uploading Firmware and Configuration Files sse 10 10 10 4 1 Firmware File Upload ssessseseeeeeeeneennenen nennen ener nnns 10 10 Table of Contents xi Prestige 310 Broadband Sharing Gateway 10 4 2 Configuration File Upload sese nere 10 11 10 43 D SA D A COo COY Te ERE EE E rr er teet e tete ete 10 13 10 4 4 Uploading Via Console Port ssseseseseeeeereeneennenee nennen eren 10 14 Chapter 11 System Maintenance and Information eese eese eee e ette entente ntn neta seen n sea setas seno 11 1 11 1 Command Interpreter Mode sssssssssssesseeeeeeenenenen eene enne ennt nennen enne 11 1 11 2 Call Controla ide 11 2 11 2 1 Budget Management E nono nono ron ron ron n enne enne nnne terree EA 11 2 1122 Call History cui teret tee e edi ee ie P e bata 11 3 11 3 Time and Date Setting eee eet e e RR e e e Ee 11 4
149. management software module that resides in a managed device the Prestige An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations e Get Allows the manager to retrieve an object variable from the agent e GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1l when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations e Set Allows the manager to set values for object variables within an agent e Trap Used by the agent to inform the manager of some events 8 2 Supported MIBs The Prestige supports MIB II defined in RF
150. mapping based on the trigger port There is no need to reconfigure a new IP address each time you want a different computer as you would with Port Forwarding to use the application 6 6 1 Two Points To Remember About Trigger Ports 1 Trigger events only happen on data coming from inside the Prestige to the outside 2 Ifan application needs a continuous data stream that port range will be tied up so that another computer on the LAN can t trigger it Only one LAN computer can use a trigger port range at a time Enter 3 in menu 15 to display Menu 15 3 Trigger Port Setup shown next Menu 15 3 Trigger Port Setup Incoming Trigger Start Port End Port Start Port End Port Real Audio 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 OoOooooo000000 Q Ooo0o0o0oo00o0o0god Press ENTER to Confirm or ESC to Cancel Figure 6 24 Menu 15 3 Trigger Port Setup Table 6 8 Menu 15 3 Trigger Port Setup Description FIELD DESCRIPTION EXAMPLE Rule This is the rule index number 1 Name Enter a unique name for identification purposes You may enter up to 15 Real Audio characters in this field All characters are permitted including spaces Incoming Incoming is a port range that accepts WAN traffic It is the listening port of the client software on LAN computers Start Port Enter a port number or the starting port number in a range of port numbers 6970 Network Address Translati
151. mask in the IP address and IP Subnet Mask fields Once these key fields have been configured you should be able to enjoy super fast Internet access with your Prestige Getting to Know Your Prestige 1 5 Prestige 310 Broadband Sharing Gateway Chapter 2 Hardware Installation and Initial Setup This chapter shows you how to connect hardware and perform the initial setup 2 1 Front Panel LEDs and Rear Panel Ports 2 1 1 Front Panel LEDs The LEDs on the front panel indicate the operational status of the Prestige PRESTIGE 300 series Figure 2 1 Front Panel LEDs Table 2 1 LED Descriptions LED FUNCTION COLOR STATUS MEANING PWR Power Green On The Prestige is receiving power SYS System Off The system is not ready or failed On The system is ready and running Flashing The system is rebooting 10M LAN LAN Green Off The 10M LAN is not connected On The Prestige is connected to a 10M LAN Flashing The 10M LAN is sending receiving packets 100M LAN Orange Off The 100M LAN is not connected On The Prestige is connected to a 100Mbps LAN Flashing The 100M LAN is sending receiving packets Hardware Installation and Initial Setup 2 1 Prestige 310 Broadband Sharing Gateway LED FUNCTION COLOR STATUS MEANING WAN WAN Green Off The WAN Link is not ready or has failed On The WAN Link is ok Flashing The 10M WAN l
152. mation Remote Management 13 1 Prestige 310 Broadband Sharing Gateway 13 5 DNS Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for example the IP address of www zyxel com is 204 217 0 2 Refer to the Internet Access chapter for more information 13 6 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to bring up Menu 24 11 Remote Management Control Remote Management Setup Remote management setup is for managing Telnet FTP Web SNMP and DNS services You can customize the service port access interface and the secured client IP address to enhance security and flexibility You may manage your Prestige from a remote location via the Internet WAN only the LAN only All LAN and WAN or Disable neither gt WAN only Internet gt ALL LAN and WAN gt LAN only gt Disable Neither If you enable remote management of a service but have applied a filter to block the service then you will not be able to remotely manage the service Enter 11 from menu 24 to display Menu 24 11 Remote Management Control shown next 13 2 Remote Management Prestige 310 Broadband Sharing Gateway Menu 24 11 Remote Management Control TELNET Server Port 23 Access LAN only Secured C 0 0 0 0 FTP Server Port 21 Access LAN only Secured C 0 0 0 0 Web Se
153. n ANT Appendix C Prestige 310 Broadband Sharing Gateway PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE General Routing Encapsulation RFC 1701 1702 The individual calls within a tunnel are distinguished using the Call ID field in the GRE header J Appendix C Prestige 310 Broadband Sharing Gateway Appendix D Example Internal SPTGEN Screens The following are examples of screens you see when you configure your Prestige using Internal SPTGEN Menu 1 General Set Up 00000000 Configured lt 6 1 Yes gt 00000001 System Nal P310 00000004 Route IP 0 No 1 Yes gt 1 00000007 Domain Name Configured lt 0 No 1 Yes gt 1 00000009 Domain Name Manual lt 0 No 1 Yes gt 0 00000010 Domain Name lt Str gt Menu 1 Configure Dynamic DNS 01000000 Configured lt 0 No 1 Yes gt 1 01000001 Active lt 0 No 1 Yes gt 0 01000002 Enable Wildcard lt 0 No 1 Yes gt 0 01000003 Service Provider lt 2 www dyndns org gt 2 01000004 Host Name lt Str gt 01000005 Email Address lt Str gt 01000006 User Name lt Str gt 01000007 Password 00 01000008 Host IP Address 0 0 0 0 01000009 Last Update Time mm dd yyyy 1 1 1970 01000010 DDNS Server Type lt 0 Dynamic 1 Static 2 0 Custom gt 01000011 Offline lt 0 No 1 Yes gt 0 Menu 2
154. n SNMP Configuration Menu 21 1 Filter Set Configuration Menu 21 1 x Filter Rules Summary Menu 21 1 x y Menu 21 1 x y Generic Filter Rule TCP IP Filter Rule Menu 24 Menu 24 4 Menu 24 10 Menu 26 System Maintenance System Maintenance System Maintenance Schedule Setup Diagnostic Time and Date Setting Menu 24 11 Menu 24 1 Menu 24 5 ystem Maintenance System Maintenance SystemiMantenance sian e System Status Backup Configuration Dui an d enedute Set setup Menu 24 2 1 System Information Menu 24 6 Menu 24 2 System Maintenance System Information Menu 24 2 2 Restore Configuration and Console Port Console Speed Port Speed Menu 24 7 System Maintenance Menu 24 7 2 Menu 24 3 1 Upload Firmware Upload Router View Error Log Configuration File Menu 24 7 1 Upload Router Firmware Menu 24 3 System Maintenance Menu 24 3 2 Menu 24 8 Log and Trace UNIX Syslog Command Interpreter Menu 24 9 1 Menu 24 3 4 Mode Budget Management Call Triggering Packet Menu 24 9 System Maintenance Menu 24 9 2 Call Control Call History Figure 2 7 Advanced Management SMT Menus Hardware Installation and Initial Setup 2 9 Prestige 310 Broadband Sharing Gateway 2 6 Changing the System Password Change the default system password by following the steps shown next Step 1 Enter 23 in the main menu to open Menu 23 System Password as shown next Menu 23 System Password Old Password New Password Retype to con
155. n the Allocated Budget min is 10 minutes and the Period hr is 1 hour Schedules You can apply up to four schedule sets here For more details please refer to the Call Scheduling chapter Nailed Up This field specifies if you want to make the connection to Connections this remote node a nailed up connection More details are given earlier in this section Session Options Idle Timeout This value specifies the idle time i e the length of time there is no traffic from the Prestige to the remote node in seconds that can elapse before the Prestige automatically disconnects the PPPoE connection This option only applies when the Prestige initiates the call 300 seconds default 4 3 Editing TCP IP Options with Ethernet Encapsulation Move the cursor to the Edit IP field in Menu 11 1 then press the SPACE BAR to set the value to Yes Press ENTER to open Menu 11 3 Network Layer Options 4 6 Remote Node Setup Prestige 310 Broadband Sharing Gateway Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation SUA only Metric N A Private N A RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Figure 4 4 Remote Node Network Layer Options The next table gives you instructions about configuring remote
156. n the WAN port will not function properly Your Prestige supports full duplex mode on the LAN side 2 9 LAN Setup This section describes how to configure the LAN using Menu 3 LAN Setup From the main menu enter 3 to display menu 3 shown next lie 2 Enter Menu Selection Number Menu 3 LAN Setup LAN Port Filter Setup TCP IP and DHCP Setup Figure 2 12 Menu 3 LAN Setup Hardware Installation and Initial Setup 2 15 Prestige 310 Broadband Sharing Gateway 2 9 1 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic You seldom need to filter the LAN traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters 2 device filters Output Filter Sets protocol filters device filters Press ENTER to Confirm or ESC to Cancel Figure 2 13 Menu 3 1 LAN Port Filter Setup Menu 3 2 is discussed in the next part of this User s Guide Please read on 2 16 Hardware Installation and Initial Setup Prestige 310 Broadband Sharing Gateway Chapter 3 Internet Access This chapter shows you how to configure the LAN as well as the WAN of your Prestige for Internet access 3 1 TCP IP and DHCP for LAN The Prestige has built in DHCP server capability that assigns IP addresses and DNS servers to
157. n the main menu to open Menu 24 System Maintenance as shown next 11 4 System Maintenance and Information Prestige 310 Broadband Sharing Gateway Menu 24 System Maintenance qs System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Restore Configuration 7 Upload Firmware 8 Command Interpreter Mode 9 Ca Ontro 11 Remote Management Setup Enter Menu Selection Number Figure 11 6 Menu 24 System Maintenance Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your Prestige as shown in the following screen Menu 24 10 System Maintenance Time and Date Setting Use Time Server when Bootup None Time Server IP Address N A Current Time 00 00 00 New Time hh mm ss 11 23 16 Current Date 2000 01 01 New Date yyyy mm dd 2001 03 01 Time Zone GMT Daylight Saving No Start Date mm dd 01 01 End Date mm_dd 01 01 Press ENTER to Confirm or ESC to Cancel Figure 11 7 Menu 24 10 System Maintenance Time and Date Setting Table 11 3 Time and Date Setting Fields FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup Prestige Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to
158. ncentrator and the PPTP user The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel The PAC is the box that dials answers the phone calls and relays the PPP frames to the PNS The PPTP user is not necessarily a PPP client can be a PPP server too Both the PNS and the PAC must have IP connectivity however the PAC must in addition have dial up capability The phone call is between the user and the PAC and the PAC tunnels the PPP frames to the PNS The PPTP user is unaware of the tunnel between the PAC and the PNS Diagram 4 PPTP Protocol Overview Microsoft includes PPTP as a part of the Windows OS In Microsoft s implementation the PC and hence the Prestige is the PNS that requests the PAC the ANT to place an outgoing call over AALS to an RFC 2364 server Control amp PPP connections Each PPTP session has distinct control connection and PPP data connection Call Connection The control connection runs over TCP Similar to L2TP a tunnel control connection is first established before call control messages can be exchanged Please note that a tunnel control connection supports multiple call sessions The following diagram depicts the message exchange of a successful call setup between a PC and an ANT Start Control Connection Request Start Control Connection Reply Outgoing Call Request Outgoing Call Reply PPP Frames PPP Frames Diagram 5 Example Message Exchange between PC and a
159. ne to One mapping types Follow the steps outlined in example 3 to configure these two menus as follows Network Address Translation NAT 6 21 Prestige 310 Broadband Sharing Gateway Menu 15 1 1 1 Address Mapping Rule Type Many One to One Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Press ENTER to Confirm or ESC to Cancel Figure 6 22 Example 4 Menu 15 1 1 1 Address Mapping Rule After you ve configured your rule you should be able to check the settings in menu 15 1 1 as shown next Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP m 192 168 1 10 192 168 1 12 10 132 50 1 10 132250 3 2s Ors 4 5 6 T 8 os 0 j Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Figure 6 23 Example 4 Menu 15 1 1 Address Mapping Rules 6 6 Trigger Port Forwarding The Prestige monitors outgoing data for a specific port number and protocol trigger When there is a match the Prestige records the IP address of the computer on the LAN that sent the matching data When the requested data comes back the Prestige applies the port mapping rules and uses the recorded IP address to get the data back to the proper computer 6 22 Network Address Translation NAT Prestige 310 Broadband Sharing Gateway LAN computers dynamically take turns using the
160. nique IP address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks Table 3 2 Private IP Address Ranges 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or have it assigned by a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 1 5 RIP Setup RIP Routing Information Protocol RFC1058 and RFC 1389 allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets When set to Both or Out Only the Prestige will broadcast its routing table periodically When set
161. nncon ccoo nono nonn non nor rra nro n rro nn corr ene 15 1 Table 15 3 Troubleshooting the WAN interface 15 2 Table 154 Internet ACCESS ede oa chsstolelanvious ete tea Eae stb do AS 15 2 Table 15 5 Troubleshooting the Password ccccscccssessseesseeseeescesceeeenseceaecaeecseceaeeeeeeeeeseeeeseaeensecereenaeenaes 15 3 Table 15 6 Troubleshooting Remote Management sesessessesseeeeeeneeen nennen nnne 15 3 List of Tables xix Prestige 310 Broadband Sharing Gateway Preface About Your Gateway Congratulations on your purchase of the Prestige 310 Broadband Sharing Gateway Don t forget to register your Prestige fast easy online registration at www zyxel com for free future product updates and information The Prestige 310 is a dual Ethernet broadband gateway integrated with network management features that allows access to the Internet via cable xDSL modem It is designed for e Home offices and small businesses with cable and xDSL modem via Ethernet port as Internet access media e Multiple office department connections via access devices Your Prestige 310 is easy to install and to configure The embedded web configurator is a convenient platform independent GUI Graphical User Interface that allows you easy access the Prestige s management settings All functions of the Prestige 310 are also software configurable via the SMT System Management Terminal interface The SMT is a menu driven inte
162. nter it as the Prestige System Name e In Windows 2000 click Start gt Settings gt Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the Prestige System Name e In Windows XP click start gt My Computer gt View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the Prestige System Name MAC Address Assigned By The default is Factory Default which is the factory assigned default MAC Address We recommend you choose IP Address attached on LAN and enter the IP address of the workstation on the LAN whose MAC you are cloning Encapsulation Choose PPPoE if you have a dial up connection to the Internet or PPTP if you reside in France or Austria otherwise choose Ethernet Choose from RR Manager RR Telstra or RR Toshiba if your ISP is Time Warner s RoadRunner otherwise choose Standard PPTP You need to know your login name password and connection ID Name The latter may not be obligatory for some ISPs but if it is you must follow the c id and n name format PPPoE You need to know your login name password and service name The latter may not be obligatory for some ISPs IP Address If your ISP did not assign you a fixed IP address select Dynamic otherwise select Assignment Static and enter the IP address amp subnet
163. nu 1 General Setup 100000000 Configured 0 No 1 Yes gt System Name Route IP 1 Yes gt 100000007 Domain Name Configured i 1 Yes gt 100000009 Domain Name Manual B 1 Yes gt 100000010 Domain Name This is the Field This is the Parameter Values The Input column Identification Number Allowed column Input values to the column This column defines acceptable right of the This column parameters Parameters are usually sign numerically identifies numbers but can sometimes be Make sure one the Field Name column strings lt Str gt indicates a string All equal sign entries parameters should be entered in the followed by one Example 100000000 Input column space precedes Example lt 0 No 1 Yes gt your input Figure 12 1 Configuration Text File Format Column Descriptions DO NOT alter or delete any field except parameters in the Input column For more text file examples refer to the Internal SPTGEN appendix 12 1 1 Internal SPTGEN File Modification Important Points to Remember e Entries in the Input column must not exceed 40 characters per line If your input exceeds this limit make sure you press ENTER to start a new line 6699 e Each parameter you enter must be preceded by one sign and one space e Some parameters are dependent on others For example if you disable the Configured field in menu 1 see Figure 12 1 then you disable every field in this menu 12 2 Intern
164. ococononononcnnnonnnonnnonnnnnnonnnonn nro eene nennen enne enn ener enne 11 1 Figure 11 2 Valid Commards RR ete eei tee P TE RR A e iii 11 2 Figure 11 3 Call Comte 11 2 Figure 11 4 Budget Management 4e Ra tete iaa 11 3 Figure T1 5 CallElistory s iei toe e RO e ete e ed ROLL Une abla Fac UG pene npe leiden 11 4 Figure 11 6 Menu 24 System Maintenance ococococononannnonnononnnnnnononononnonnnnonnnnn nono no rre non trennen nnne tnnt tentes 11 5 Figure 11 7 Menu 24 10 System Maintenance Time and Date Setting sess 11 5 Figure 12 1 Configuration Text File Format Column Descriptions eene 12 2 Figure 12 2 Internal SPTGEN FTP Download Example sese nennen rennen 12 3 Figure 12 3 Internal SPTGEN FTP Upload Example sese 12 4 Figure 13 1 Telnet Configuration on a TCP IP Network essere 13 1 xvi List of Figures Prestige 310 Broadband Sharing Gateway Figure 13 2 Menu 24 11 Remote Management Control eese 13 3 Figure 1421 Schedule Setup cc i e eer e o dC 14 1 Figure 14 2 Schedule Set Setup esse eese eere tene nene nne nre ree n nr anne enerennrenens 14 2 Figure 14 3 Applying Schedule Sets to a Remote Node Example PPPoE Encapsulation 14 4 Figure 14 4 Applying Schedule Sets to a Remote Node Example PPTP Encapsulation 14 4 List of Figures xvii
165. ogging and Ma 1 4 1 220 Embedded FTP and TETP Servers ee Ra 1 4 12 21 Packet Filtering desee ERR TUN TO e d ee Od 1 4 1 2 22 Upgrade Prestige Firmware via LAN cccccccssccsseesseeceeseeeseeeseeeeceecnecnseenseenaecaecaecaeeeneeenes 1 4 L3 Applications for the Prestige Flia ic 1 4 1 3 1 Broadband Internet Access via Cable or DSL Modem see 1 4 14 Internet Access Configuration Checklist essere ERE 1 5 Chapter 2 Hardware Installation and Initial Setup eee eee eeee eee essetis enne tn aetas ense tn setas tnan 2 1 viii Table of Contents Prestige 310 Broadband Sharing Gateway 2 1 Front Panel LEDs and Rear Panel Ports 2 1 2 1 1 Front Panel LEDS der E De RF PER ae des 2 1 2 2 Prestige 310 Rear Panel and Connections sesssesesseseeeeeeeeeneenee eene enn 2 2 2 2 1 Connecting the Console Port nece teer e eio ete teens 2 3 2 22 Connecting the Prestige to the Broadband Modem sssssssssseeeee 2 3 2 2 3 Connecting the Prestige to the LAN eese eiie e Re ee ier deed 2 3 2 24 Connecting the Power Adapter to your Prestige sess 2 4 2 2 5 Grounding the Prestige Optional sess 2 4 2 3 Additional Installation Requirements ooooccnnccoonnocnnonnonnconccnnonn nono nonnnonnnonn non rra n rn ron nennen nennen 2 4 2 4 Turning on Your Prestige ste ecd de beri e ee dee eee e e e ae eed 2 4 2 4 1 Initial Ri
166. on NAT 6 23 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE End Port Enter a port number or the ending port number in a range of port numbers 7170 Trigger Trigger is a port range your Prestige checks to remember a computer IP address on the LAN when it sends traffic from the LAN to the WAN It is the listening port of the server on the WAN side Start Port Enter a port number or the starting port number in a range of port numbers 7070 End Port Enter a port number or the ending port number in a range of port numbers 7070 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 6 6 2 Trigger Port Forwarding Process The following is an example of trigger port forwarding Real Audio server Figure 6 25 Trigger Port Forwarding Process Example 1 Jane requests a file from the Real Audio server Port 7070 is a trigger port the Prestige uses to remember Jane s computer IP address The Real Audio server responds using a port number ranging between 6970 7170 dq The Prestige associates this incoming port with the trigger port remembers Jane s computer IP address and then forwards the traffic to her computer 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The Prestige will time out in three minutes when using UDP User Datagr
167. on field Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Encapsulation PPPoE Edit IP No Service Type Standard Telco Option Service Name Outgoing Period hr 0 My Login Schedules My Passwords Nailed up Connections Authen CHAP PAP Session Options Edit Filter Sets No Idle Timeout sec 100 Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Allocated Budget min 0 Figure 4 3 Menu 11 1 Remote Node Profile for PPPoE Encapsulation The next table describes the fields NOT already described in Table 4 1 Table 4 3 Table 4 3 Fields in Menu 11 1 PPPoE Encapsulation Specific Only FIELD DESCRIPTION EXAMPLE Authen This field sets the authentication protocol used for outgoing calls Options for this field are CHAP PAP Your Prestige will accept either CHAP or PAP when requested by this remote node CHAP accept CHAP only PAP accept PAP only CHAP PAP Remote Node Setup 4 5 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE Telco Option Allocated Budget The field sets a ceiling for outgoing call time for this 10 min remote node The default for this field is O meaning no budget control Period hr This field is the time period that the budget should be 1 reset For example if we are allowed to call this remote node for a maximum of 10 minutes every hour the
168. onfiguring the User Name and Password for PPP connection press SPACE BAR in the Encapsulation field in Menu 4 Internet Access Setup to choose PPTP as your encapsulation option If you choose PPTP in menu 4 you will see the next screen 3 10 Internet Access Prestige 310 Broadband Sharing Gateway Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation PPTP Service Type N A My Login username My Password Idle Timeout 300 IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 3 7 Internet Access Setup PPTP The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4 Table 3 7 New Fields in Menu 4 PPTP Screen FIELD DESCRIPTION EXAMPLE Encapsulation Press the SPACE BAR and then press ENTER to choose PPTP PPTP The encapsulation method influences your choices for IP Address Idle Timeout This value specifies the time in seconds that elapses before 300 the Prestige automatically disconnects from the PPTP server default Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel 3 3 4 PPPoE Encapsulation The Prestige supports PPPoE Point to Point Protocol o
169. ork management features for Internet access via external cable xDSL modem Equipped with 10Mbps Ethernet WAN port for WAN an auto negotiating 10 100Mbps Ethernet port for LAN and the Network Address Translation NAT feature the Prestige is uniquely suited as a broadband Internet access sharing gateway for small offices and home offices 1 2 Features of the Prestige 310 The following are the main features of the Prestige 310 1 2 1 10 100MB Auto negotiation Ethernet Fast Ethernet Interface This auto negotiation feature allows the Prestige to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network 1 2 2 SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige supports SNMP version one SNMPv1 1 2 3 NAT Network Address Translation NAT Network Address Translation NAT RFC 1631 allows the translation of an Internet Protocol address used within one network to a different IP address known within another network The Prestige can now map multiple global IP addresses to local IP addresses of clients or serv
170. over it while the modem bridges the Ethernet frames to the Access Concentrator AC Between the AC and an ISP the AC is acting as a L2TP Layer 2 Tunneling Protocol LAC L2TP Access Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as opposed to all the way to the ISP However the PPP negotiation is between the PC and the ISP The Prestige as a PPPoE Client When using the Prestige as a PPPoE client the PCs on the LAN see only Ethernet and are not aware of PPPoE This alleviates the administrator from having to manage the PPPoE clients on the individual PCs ADSL Prestige Modern thernet Ethernet Concentrator Diagram 2 Prestige as a PPPoE Client Appendix C Appendix B G Prestige 310 Broadband Sharing Gateway Appendix C PPTP What is PPTP PPTP Point to Point Tunneling Protocol is a Microsoft proprietary protocol RFC 2637 for PPTP is informational only to tunnel PPP frames How can we transport PPP frames from a PC to a broadband modem over Ethernet A solution is to build PPTP into the ANT ADSL Network Termination where PPTP is used only over the short haul between the PC and the modem over Ethernet For the rest of the connection the PPP frames are transported with PPP over AALS RFC 2364 The PPP connection howev
171. ow to configure the TCP IP parameters for the LAN port Table 3 4 LAN TCP IP Setup Menu Fields FIELD DESCRIPTION EXAMPLE TCP IP Setup IP Address Enter the IP address of your Prestige in dotted decimal notation 192 168 1 1 default IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the Prestige 255 255 255 0 RIP Direction Press the SPACE BAR to select the RIP direction Options are Both In Only Out Only or None Both default 3 6 Internet Access Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE Version Press the SPACE BAR to select the RIP version RIP 1 Options are RIP 1 RIP 2B or RIP 2M default Multicast IGMP Internet Group Multicast Protocol is a session layer protocol None used to establish membership in a Multicast group The Prestige supports both IGMP version 1 IGMP v1 and IGMP v2 Press the SPACE BAR to enable IP Multicasting or select None default to disable it Edit IP Alias The Prestige supports three logical LAN interfaces via its single Yes physical Ethernet interface with the Prestige itself as the gateway for each LAN network Press the SPACE BAR to select Yes then press ENTER to display menu 3 2 1 When you have completed this menu press ENTER at the prompt Press ENTER to
172. p change baudrate 1 38 4k 2 19 2k 3 9 6k 4 57 6k 5 115 2k set BootExtension Debug Flag y password show the seed of password generator change system time to hour min sec or show current time change system date to year month day or show current date dump RAS stack dump Boot Module Common Area dump memory contents from address x for length y display the 8 bit value of address x display the 16 bit value of address x display the 32 bit value of address x run program at addr x or boot router boot router run Hardware Test Program RAM test level w from address x to y z iterations dump manufacturer related data in ROM download from address x for length y to PC via XMODEM download router configuration to PC via XMODEM upload router firmware to flash ROM upload router configuration file to flash ROM xmodem select x 0 CRC mode default x 1 checksum mode system reboot Diagram 7 List of Debug Commands Appendix E O Prestige 310 Broadband Sharing Gateway Appendix F Power Adapter Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model MW48 1201200 AD48 1201200DUY Input Power AC120Volts 60Hz 22W AC120Volts 60Hz 0 25A Output Power DC12Volts 1 2A DC12Volts 1 2A Power Consumption 9W Safety Standards UL CUL UL1310 CSA C22 2 No 233 M91 EUROPEAN PLUG STANDARDS AC
173. pe Generic Filter Rule Active No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 7 10 Menu 21 6 1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule Menu Table 7 4 Generic Filter Rule Menu Fields Field Description Example Filter This is the filter set filter rule co ordinates i e 2 3 refers to the second filter set and the third rule of that set Filter Type Use the SPACE BAR to select a rule Parameters displayed Generic Filter Rule below each type will be different Options are Generic Filter Rule or TCP IP Filter Rule Filter Configuration 7 11 Prestige 310 Broadband Sharing Gateway Field Description Example Active Select Yes to turn on the filter rule No Offset Enter the starting byte of the data portion in the packet that you 0 wish to compare The range for this field is from O to 255 default Length Enter the byte count of the data portion in the packet that you 0 wish to compare The range for this field is O to 8 default Mask Enter the mask in Hexadecimal to apply to the data portion before comparison Value Enter the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next f
174. pe open and the IP address of your system Then type root and SMT password as requested Type put configurationfilename rom 0 where configurationfilename is the name of your system configuration file on your workstation which will be transferred to the rom 0 file on the system The system reboots automatically after the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 10 14 Telnet Into Menu 24 7 2 System Maintenance To upload the firmware and the configuration file follow these examples Firmware and Configuration Maintenance 10 11 Prestige 310 Broadband Sharing Gateway FTP File Upload Command from the DOS Prompt Example Step 1 Launch the FTP client on your computer Step 2 Enter open followed by a space and the IP address of your Prestige Step 3 Press ENTER when prompted for a username Step 4 Enter your password as requested the default is 1234 Step 5 Enter bin to set transfer mode to binary Step 6 Use put to transfer files from the computer to the Prestige for example put firmware bin ras transfers the firmware on your computer firmware bin to the Prestige and renames it ras Simi
175. r 1 in protocol filters under Output Filter Sets when using Ethernet encapsulation and in the protocol filters field under Call Filter Sets when using PPPoE or PPTP encapsulation Apply them as shown in the following figure Apply factory default Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 5 device filters filters here Output Filter Sets protocol filters 1 device filters Figure 7 17 Filtering Remote Node Traffic 7 18 Filter Configuration Prestige 310 Broadband Sharing Gateway Chapter SNMP Configuration This chapter explains SNMP configuration menu 22 SNMP is only available if TCP IP is configured 8 1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of TCP IP protocol suite Your Prestige supports SNMP agent functionality which allows a manager station to manage and monitor the Prestige through the network The Prestige supports SNMP version one SNMPv1 The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured MANAGER AGENT Managed Device Managed Device Managed Device Figure 8 1 SNMP Management Model SNMP Configuration 8 1 Prestige 310 Broadband Sharing Gateway An SNMP managed network consists of two main components agents and a manager An agent is a
176. r 11 to display Menu 11 1 Remote Node Profile There are three variations of this menu depending on whether you choose Ethernet Encapsulation PPTP or PPPoE Encapsulation 4 1 1 Ethernet Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet The first menu 11 1 screen you see is for Ethernet Encapsulation shown next Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Encapsulation Ethernet Edit IP No Service Type Standard Session Options Service Name N A Edit Filter Sets No Outgoing My Login N A My Password N A Server IP CHAP PAP Press ENTER to Confirm or ESC to Cancel Figure 4 1 Remote Node Profile for Ethernet Encapsulation Remote Node Setup 4 1 Prestige 310 Broadband Sharing Gateway Table 4 1 Fields in Menu 11 1 Ethernet Encapsulation FIELD DESCRIPTION EXAMPLE Rem Node Name Enter a descriptive name for the remote node This field can LAoffice be up to eight characters Active Press SPACE BAR to select Yes activate remote node or Yes No deactivate remote node Encapsulation Ethernet is the default encapsulation Press the SPACE Ethernet BAR if you wish to change to PPPoE or PPTP encapsulation Service Type Press SPACE BAR to select from Standard RR Toshiba Standard RoadRunner Toshiba authentication method RR Manager RoadRunner Manager authentication method or RR Telstra RoadRunner Telstra auth
177. ravels on the LAN Global MAN to the packet address source or destination as the packet travels on the Network Address Translation NAT 6 1 Prestige 310 Broadband Sharing Gateway NAT never changes the IP address either local or global of an outside host 6 1 2 What NAT Does In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outside world If you do not define any servers for Many to One and Many to Many Overload mapping see Table 6 2 NAT offers the additional benefit of firewall protection Ifno server is defined in these cases all incoming inquiries will be filtered out by your Prestige thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 6 1 3 How
178. re 7 7 SNMP_WAN Filter Rules Summary 7 2 1 Filter Rules Summary Menu This screen shows the summary of the existing rules in the filter set The following tables contain a brief description of the abbreviations used in the previous menus Filter Configuration 7 5 Prestige 310 Broadband Sharing Gateway Table 7 1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Active Y means the rule is active N means the rule is inactive Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be taken i e forward the packet drop the packet or check the next rule For the latter the next rule is independent of the rule just checked m Action Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule The protocol dependent filter rules abbreviation
179. ress and fill in the IP address Subnet mask and Default gateway fields In the Internet Protocol TCP IP Properties window e Click Obtain DNS server automatically if you do not know your DNS server IP address es e If you know your DNS server IP address es type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Click Advanced e f you do not know your gateway s IP address remove any previously installed gateways in the IP Settings tab and click OK Click OK to save and close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Turn on your Prestige and restart your computer if prompted Verifying TCP IP Properties 1 2 Click Start Programs Accessories and then Command Prompt In the Command Prompt window type ipconfig and then press ENTER The window will display information about your connection specific DNS suffix IP Address Subnet Mask and Default Gateway Setting up Your Windows XP Computer Configuring TCP IP 1 2 3 Click start Control Panel Network and Internet Connections and then Network Connections Right click the network connection you want to configure and then click Properties Under the General tab select Internet Protocol TCP IP you may need to scroll down and click Properties Appendix A Prestige 31
180. rface that you can access from a terminal emulator through the console port or over a Telnet connection About This User s Guide This user s guide is designed to guide you through the SMT configuration of your Prestige 310 for its various applications There is also HTML help for the embedded web configurator To access the web configurator follow the steps shown in the Accessing The Web Configurator section Regardless of your particular application it is important that you follow the steps outlined in Chapters 1 2 to connect your Prestige to your LAN You can then refer to the appropriate chapters of the user s guide depending on your applications Related Documentation e Support CD More detailed information and examples can be found in our included disk as well as on the zyxel com web site This disk contains information on configuring your ZyWALL for Internet Access general and advanced FAQs Application Notes Troubleshooting a reference for CI Commands and bundled software e Read Me First Our Read Me First is designed to help you get up and running right away It contains a detailed easy to follow connection diagram default settings handy checklists and information on setting up your network and configuring for Internet access Xx Preface Prestige 310 Broadband Sharing Gateway e ZyXEL Web Site The ZyXEL download library at www zyxel com contains additional support documentation e Glossary Please refer to www zy
181. ring Gateway Table 10 3 General Commands for Third Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige 192 168 1 1 is the Prestige s default IP address when shipped Send Fetch Use Send to upload the file to the Prestige and Fetch to back up the file on your computer Local File Enter the path and name of the firmware file bin extension or configuration file rom extension on your computer Remote File This is the filename on the Prestige The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to work over WAN 10 2 5 Backup Via Console Port Backup configuration via console port by following the HyperTerminal procedure shown next Procedures using other serial communications programs should be similar e p Step 1 Display menu 24 5 and enter y at the following screen Ready to backup Configuration via Xmodem Do you want to continue y n Figure 10 3 System Maintenance Backup Configuration Step 2 The following screen indicates that the Xmodem download has started You can enter ctrl x to terminate operation any time Starting XMODEM download Figure 10 4 System Maintenance Starting Xmodem Download
182. rm or ESC to Cancel Figure 14 4 Applying Schedule Sets to a Remote Node Example PPTP Encapsulation 14 4 Call Scheduling Troubleshooting and Additional Information Part IV Troubleshooting and Additional Information Prestige 310 Broadband Sharing Gateway Chapter 15 Troubleshooting This chapter covers the potential problems and possible remedies After each problem description some instructions are provided to help you to diagnose and to solve the problem 15 1 Problems Starting Up the Prestige Table 15 1 Troubleshooting the Start Up of your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs are on when I turn on the Prestige Check the connection between the power adapter and the Prestige If the error persists you may have a hardware problem In this case you should contact your vendor Cannot access the Prestige 1 Check to see if the Prestige is connected to your computer s serial port via the console port 2 Check to see if the communications program is configured correctly The communications software should be configured as follows VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds in case the speed has been changed No parity 8 data bits 1 stop bit data flow set to none 15 2 Problems with the LAN Interface Table 15 2 Troubleshooting the LAN Interface PROBLEM CORR
183. rmation to confirm that you have uploaded the correct firmware version The AT command is the command you enter after you press y when prompted in the SMT menu to go into debug mode Firmware and Configuration Maintenance 10 1 Prestige 310 Broadband Sharing Gateway Table 10 1 Filename Conventions FILE TYPE INTERNAL EXTERNAL DESCRIPTION NAME NAME Configuration Rom 0 rom This is the configuration filename on the File Prestige Uploading the rom 0 file replaces the entire ROM file system including your Prestige configurations system related data including the default password the error log and the trace log Firmware This is the generic name for the ZyNOS firmware on the Prestige 10 2 Backup Configuration The Prestige displays different messages explaining different ways to backup restore and upload files in menus 24 5 24 6 24 7 1 and 24 7 2 when you use the serial console port and when you telnet in Option 5 from Menu 24 System Maintenance allows you to backup the current Prestige configuration to your computer Backup is highly recommended once your Prestige is functioning properly FTP and TFTP are the preferred methods for backing up your current configuration to your computer since FTP and TFTP are faster You can also perform backup and restore using menu 24 through the console port Any serial communications program should work fine however you must use Xmodem protocol to perform
184. rver Port 80 Access LAN only Secured 0 0 0 SNMP Service Port LAN only Secured 0 DNS Service Port LAN only Secured 0 Press ENTER to Confirm or ESC to Cancel Figure 13 2 Menu 24 11 Remote Management Control Table 13 1 Menu 24 11 Remote Management Control FIELD DESCRIPTION EXAMPLE Telnet Server These read only labels denote the kind of server service that you FTP Server may remotely manage Web Server SNMP Service DNS Service Port You may change the service port number for corresponding 23 servers service in this field Access Select the access interface if any by pressing the SPACE BAR LAN only Choices are LAN only WAN only All or Disable The default is LAN only Web SNMP or DNS session is up If it does not match the Secured Client IP The default value for Secured Client IP is 0 0 0 0 which means 0 0 0 0 you don t care which host is trying to use a service Telnet FTP Web SNMP or DNS If you enter an IP address in this field the Prestige will check if the client IP address matches the value here when a Telnet FTP Prestige will disconnect the session immediately Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to save your configuration or press ESC to cancel Remote Management 13 3 Prestige 310 Broadband Sharing Gateway 13 6 1 Remote Management Limitations Remote management over
185. s 1234 Enter bin to set transfer mode to binary Find the rom file on your computer that you want to restore to your Prestige Use put to transfer files from the Prestige to the computer for example put config rom rom 0 transfers the configuration file on the Prestige to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Enter quit to exit the ftp prompt The Prestige will automatically restart after a successful restore process 10 8 Firmware and Configuration Maintenance Prestige 310 Broadband Sharing Gateway Restore Using FTP or TFTP Session Example ftp gt put config rom rom 0 200 Port command okay 150 Opening data connection for STOR rom 0 226 File received OK 221 Goodbye for writing flash ftp 16384 bytes sent in 0 06Seconds 273 07Kbytes sec ftp gt quit Figure 10 8 Restore Using FTP or TFTP Session Example Refer to the TFTP and FTP over WAN section to read about configurations that disallow TFTP and FTP to work over WAN 10 3 2 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next Procedures using other serial communications programs should be similar Step 1 Display menu 24 6 and enter y at the following screen Ready to restore Configuration via Xmodem Do you want to continue y n Figure 10 9 System Maintenance
186. s 4 10 4 4 Remote Node Filter zn A A A AA ie eta 4 10 4 5 Trafic Redirects techie c e Techo ere haeo eere 4 11 4 5 1 Traffic Redirect Setup ee eee eene ee c e ee TTA 4 12 Chapter 5 IP Static Route Setup ssccsccsssssccsscessssccsscesssscesccrsssssscessesssescersesseesccesesssescessscssesocsessssesoes 5 1 Sell AP Static ROQUE SED e t CREE a dett od Oe eh OR eee 5 2 Chapter 6 Network Address Translation NAT eerie eerte ette ee eene eren seen n neta seen naso tasto netten netus senno 6 1 n MEDIUM V s 6 1 6 1 1 NAT Definitions n n ia dap rie ea cars 6 1 6 1 2 What NAT DOES oii tudin p ertet ep aii 6 2 6 1 3 How NAT Works tnter ias 6 2 OVA NAT Application sino et eet eias ted icd Eh rens 6 3 6 1 5 NAT Mapping Pesca erre Pio ER Ri een RI Rive i ete edt 6 4 6 2 Usme NAT oet irt f RE Ier esto pus or en e ib lese oud Pty ere Sixto d 6 5 6 2 1 SUA Single User Account Versus NAT sesssssseseeeee ener 6 5 0 2 2 Applying NAT is uiae etta p e p VUE ER REOR t Re OI EROR Dr neat ss 6 6 OS NEMESIS 6 7 6 3 1 Address Mapping Sets ii ed n eee RU e e ed C OE eR er ete titt 6 8 6 4 NAT Server Sets Port Forwarding sess eren ener nnne 6 12 6 4 1 Configuring a Server behind NAT sse nennen nennen 6 13 60 5 General NAT Examples teens ii dre 6 15 6 5 1 Example 1 Internet Access Only
187. s warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country vi Warranty Prestige 310 Broadband Sharing Gateway Please have the following information ready when you contact customer support e Product model and serial number e Information in Menu 24 2 1 System Information e Warranty information e Date that you received your device Customer Support e Brief description of the problem and the steps you took to solve it METHOD LOCATION WORLDWIDE support zyxel com tw sales zyxel com tw AUSTRIA support sales zyxel a E MAIL SUPPORT SALES zyxel com NORTH ort AMERICA Em les zyxel com SCANDINAVIA ort y D es zyxel dk Zyxel zyxe zyxe dk TELEPHONE FAX 886 3 578 3942 886 3 578 2439 1 714 632 0882 800 255 4101 1 714 632 0858 45 3955 0700 45 3955 0707 43 1 4948677 0 43 1 4948678 49 2405 6909 0 49 2405 6909 99 WEB
188. send your SNMP traps to When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 8 4 SNMP Traps The Prestige will send traps to the SNMP manager when any one of the following events occurs SNMP Configuration 8 3 Prestige 310 Broadband Sharing Gateway Table 8 2 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmsStart defined in RFC 1215 A trap is sent after booting software reboot 4 authenticationFailure defined in A trap is sent to the manager when receiving any SNMP RFC 1215 get or set requirements with wrong community password 6 whyReboot defined in ZYXEL A trap is sent with the reason of restart before rebooting MIB when the system is going to restart warmstart 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done intentionally for example download new files Cl command sys reboot etc 6b For fatal error A trap is sent with the message of the fatal code if the system reboots because of fatal errors 8 4 SNMP Configuration Prestige 310 Broadband Sharing Gateway Chapter 9 System Information and Diagnosis This chapter covers SMT menus 24 1 to 24 4 This chapter covers the diagnos
189. ss Translation Use the SPACE BAR to select either Full Feature None or SUA Only See the NAT chapter for a full discussion on this feature SUA Only Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number 1 to 15 Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts Yes RIP Press the SPACE BAR to select the RIP direction Options are Both None In Only Out Only or None Please see the RIP Setup section for more information on RIP The default for RIP on the WAN side is None It is recommended that you do not change this setting None default Remote Node Setup 4 9 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE Version Press the SPACE BAR to select the RIP version Options are RIP 1 RIP 1 RIP 2B or RIP 2M Multicast IGMP Internet Group Multicast Protocol is a session layer protocol None used to establish membership
190. t came with your cable modem The Ethernet port on a cable modem is sometimes labeled PC or Workstation Connecting the Prestige to an xDSL Modem Connect the WAN port on the Prestige to the Ethernet port on the xDSL modem using the cable that came with your xDSL modem 2 2 3 Connecting the Prestige to the LAN When the correct Ethernet cable is correctly connected to the computer or hub one of the front panel LAN LEDs will turn on For a single computer connect the 10 100M LAN port on the Prestige to the Network Adapter on the computer using a straight through Ethernet cable and push the Uplink button on If you want to use a crossover Ethernet cable for this connection make sure the Uplink button is not pressed off If you have more than one computer you must use an external hub Connect the 10 100M LAN port on the Prestige to a port on the hub using a straight through Ethernet cable and make sure the Uplink button is off If you want to use a crossover Ethernet cable for this connection make sure the Uplink button is pressed on Table 2 2 Ethernet Cable Requirements and the Uplink Button UPLINK BUTTON TYPE OF ETHERNET CABLE FOR STATUS CONNECTING THE PRESTIGE TO A COMPUTER HUB on pressed straight through crossover off not pressed crossover straight through Hardware Installation and Initial Setup 2 3 Prestige 310 Broadband Sharing Gateway 2 2 4 Connect
191. themselves but should contact the appropriate electrical inspection authority or electrician as appropriate Note This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada iv Information for Canadian Users Prestige 310 Broadband Sharing Gateway Declaration of Conformity We the Manufacturer Importer ZyXEL Communications Corporation No 6 Innovation Rd II Science Based Industrial Park Hsinchu Taiwan R O C 300 declare that the product Prestige 310 is in conformity with refer to the specification under which conformity is declared STANDARD STANDARD ITEM VERSION EN 55022 Radio disturbance characteristics Limits and method of measurement 1998 EN 61000 3 2 Disturbance in supply system caused by household appliances and similar 1995 electrical equipment Harmonics EN 61000 3 3 Disturbance in supply system caused by household appliances and similar 1995 electrical equipment Voltage fluctuations EN 61000 4 2 Electrostatic discharge immunity test Basic EMC Publication 1995 EN 61000 4 3 Radiated radio frequency electromagnetic field immunity test 1996 EN 61000 4 4 Electrical fast transient burst immunity test Basic EMC Publication 1995 EN 61000 4 5 Surge immunity test 1995 EN 61000 4 6 Immunity to conducted disturbances induced by radio frequency fields 1996 EN 61000 4 8 1993 EN6100
192. tic tools that help you to maintain your Prestige These tools include updates on system status port status log and trace capabilities and upgrades for the system software Select menu 24 in the main menu to open Menu 24 System Maintenance as shown next Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control Time and Date Setting Remote Management Setup RPwO0O JAUIASYNnNA Ro Enter Menu Selection Number Figure 9 1 Menu 24 System Maintenance 9 1 System Status The first selection System Status gives you information on the version of your system firmware and the status and statistics of the ports as shown in the next figure System Status is a tool that can be used to monitor your Prestige Specifically it gives you information on your system firmware version number of packets sent and number of packets received 9 1 1 To get to the System Status e Enter 24 to display Menu 24 System Maintenance e In this menu enter number 1 to open Menu 24 1 System Maintenance Status System Information and Diagnosis 9 1 Prestige 310 Broadband Sharing Gateway e There are three commands in Menu 24 1 System Maintenance Status Entering 1 drops the WAN PPTP PPPoE connection 9 resets the counters and ESC takes you back to th
193. tige LAN 1 IP Address Menu 3 2 LAN 2 IP Alias 1 Menu 3 21 Ethernet m Interface LAN 3 IP Alias 2 Menu 3 2 1 Figure 3 1 Physical Network Figure 3 2 Partitioned Logical Networks 3 4 Internet Access Prestige 310 Broadband Sharing Gateway Use menu 3 2 1 to configure IP Alias on your Prestige 3 2 TCP IP and DHCP Ethernet Setup From the Main Menu enter 3 to open Menu 3 LAN Setup 10 100 Mbps Ethernet to configure TCP IP RFC 1155 and DHCP Ethernet setup Menu 3 LAN Setup 1 LAN Port Filter Setup 2 TCP IP and DHCP Setup Enter Menu Selection Number Figure 3 3 Menu 3 LAN Setup 10 100 Mbps Ethernet To edit the TCP IP and DHCP configuration enter 2 to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Menu 3 2 TCP IP and DHCP Ethernet Setup DHCP Server First address Configuration in the IP Client IP Pool Starting Address 192 168 1 33 Pool Size of Client IP Pool Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 Size of the IP DHCP Server Address N A Pool TCP IP Setup IP Address 192 68 1 1 IP Subnet Mask 255 255 RIP Direction Both Version RIP 1 Multicast None Edit IP Alias No IP addresses of the DNS servers Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle oe E og This is the IP address of the Prestige Figure 3 4 Menu 3 2 TCP IP and DHCP Ethernet
194. to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets However if one router uses multicasting then all routers on your network must use multicasting also By default RIP Direction is set to Both and the Version set to RIP 1 Internet Access 3 3 Prestige 310 Broadband Sharing Gateway 3 1 6 IP Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a session layer protocol used to establish membership in a Multicast group it is not used to carry user data
195. to the Prestige and log in Because TFTP does not have any security checks the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute console timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the Prestige and the computer The file name for the firmware is ras Note that the Telnet connection must be active and the Prestige in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the Prestige to the computer put the other way around and binary to set binary transfer mode TFTP Upload Command Example The following is an example tftp command TFTP i host put firmware bin ras 66599 where i specifies binary image transfer mode use this mode when transferring binary files host is the Prestige s IP address put
196. transfers the file source on the computer firmware bin name of the firmware on the computer to the file destination on the remote host ras name of the firmware on the Prestige Commands that you may see in third party TFTP clients are listed earlier in this chapter 10 4 4 Uploading Via Console Port FTP or TFTP are the preferred methods for uploading firmware to your Prestige However in the event of your network being down uploading files is only possible with a direct connection to your Prestige via the console port Uploading files via the console port under normal conditions is not recommended since FTP or TFTP is faster Any serial communications program should work fine however you must use the Xmodem protocol to perform the download upload Uploading a Firmware File Via Console Port Step 1 Select 1 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 1 System Maintenance Upload Router Firmware then follow the instructions as shown in the following screen Firmware and Configuration Maintenance 10 13 Prestige 310 Broadband Sharing Gateway Menu 24 7 1 System Maintenance Upload Router Firmware To upload router firmware 1 Enter y at the prompt below to go into debug mode Enter atur after Enter Debug Mode message 3 Wait for Starting XMODEM upload message before activating Xmodem upload on your terminal 4 After successful firmware upload enter atgo to
197. u Enable Wildcard Your Prestige supports DYNDNS Wildcard Press SPACE No BAR and then ENTER to select Yes or No This field is N A when you choose DDNS client as your service provider Offline This field is only available wnen CustomDNS is selected in the Yes Hardware Installation and Initial Setup 2 13 Prestige 310 Broadband Sharing Gateway FIELD DESCRIPTION EXAMPLE DDNS Type field Press SPACE BAR and then ENTER to select Yes When Yes is selected traffic is redirected to a URL that you have previously specified see www dyndns org for details When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel If you have a private WAN IP address then you can not use Dynamic DNS 2 8 WAN Setup This section describes how to configure the WAN using Menu 2 WAN Setup From the main menu enter 2 to display menu 2 ZyXEL recommends you configure this menu even if your ISP does not require MAC address athentication Menu 2 WAN Setup MAC Address Assigned By IP address attached on LAN IP Address 192 168 1 33 Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Figure 2 11 Menu 2 WAN Setup This screen allows you to configure the WAN port s MAC Address by either using the factory default or cloning the MAC address from a workstation on your LAN
198. u can have a maximum of 24 rules active for a single port Three sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnetting and FTP connections from the WAN side A summary of their filter rules is shown in the figures that follow The following figure illustrates the logic flow when executing a filter rule 7 2 Filter Configuration Prestige 310 Broadband Sharing Gateway Packet into Filter y Fetch First Filter Set Fetch Next 2 Fetch First ul Filter Set Filter Rule Yes al Fetch Next Yes Filter Rule Execute Filter ext Filter Rule Next Filter Set Available Available Rule Check Next Rule NO 4 eM emm pem Drop Packet Accept Packet Figure 7 2 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Filter Configuration 7 3 Prestige 310 Broadband Sharing Gateway 7 2 Configuring a Filter Set To configure a filter set follow the procedure below Enter 21 from the main menu to display menu 21 Step 1 Enter 1 to display the following menu Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 NetBIOS WAN Wi
199. ulation sess 4 2 Table 4 2 Fields in Menu 11 1 PPTP Encapsulation ssssseseeseenneenerenen nnne 4 3 Table 4 3 Table 4 3 Fields in Menu 11 1 PPPoE Encapsulation Specific Only sss 4 5 Table 4 4 Remote Node Network Layer Options Menu Fields ccccesccssecsseeseceeeceeeceeeeesecnsecneecseeeneeeneeses 4 7 Table 4 5 Remote Node Network Layer Options Menu Fields sse 4 9 Table 4 6 Menu 11 1 Remote Node Profile Traffic Redirect Field sss 4 12 Table 4 7 Traffic Redirect Setup enne E enn 4 13 Table 5 1 IP Static Route Menu Fields essent ea iaoa nennen enne enne 5 3 Table6 I NAT Definitions ccc reor ERREUR Ra RR EE b Hee Re castes 6 1 Table 6 2 NAT Mapping Types eene nennen nro erinnere enne nn rr enini tenen nennen 6 5 Table 6 3 Applying NAT in Menus 4 and 11 3 enne nnns 6 7 Table 6 4 SUA Address Mapping Rules sess enne nnne nnne nennen nnns 6 9 Table 6 5 Fields in Mente od eta eee om de RR CERE 6 11 Table 6 6 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set sss 6 12 Table 6 7 Services Se Port Numbers oido te oreet Den id on ge a EG 6 13 Table 6 8 Menu 15 3 Trigger Port Setup Description seessssssssesee eene 6 23 Table 7 1 Abbreviations Used in the Filter Rules Summary Menu sse 7 6 Table 7 2 Rule Abbreviations Used i oer hee p
200. up to a ESC Press ESC to move back to the previous menu menu Move to a hidden Press SPACE BAR to change No to Yes then press ENTER Fields beginning with Edit lead to hidden menus and have a default setting of No Press SPACE BAR once to change No to Yes then press ENTER to go to the hidden menu Move the cursor ENTER or UP DOWN arrow keys Within a menu press ENTER to move to the next field You can also use the UP DOWN arrow keys to move to the previous and the next field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields lt gt All fields with the symbol lt gt must be filled in order to be able to save the new configuration N A fields lt N A gt Some of the fields in the SMT will show a lt N A gt This symbol refers to an option that is Not Applicable Save your ENTER Save your configuration by pressing ENTER at the message configuration Press ENTER to confirm or ESC to cancel Saving the data on the screen will take you in most cases to the previous menu Exit the SMT Type 99 then press Type 99 at the main menu prompt and press ENTER to exit the ENTER SMT interface
201. ur Prestige you are given a choice to go into debug mode by pressing a key at the prompt shown in the following screen In debug mode you have access to a series of boot module commands for example ATUR for uploading firmware and ATLC for uploading the configuration file These are discussed in the Firmware and Configuration Maintenance chapter of this User s Guide Bootbase Version V2 02 10 11 2002 13 58 03 RAM Size 8192 Kbytes DRAM Post Testing 8192K OK FLASH Intel 16M ZyNOS Version V324 wa0b05 3 5 2001 18 00 34 Press any key to enter debug mode within 3 seconds Diagram 6 Option to Enter Debug Mode Enter ATHE to view all available Prestige boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the colon in the list of numbers that follows for example ATBA3 will give a console port speed of 9600 Kbps ATSE displays the seed that is used to generate a password to turn on the debug flag in the firmware The ATSH command shows product related information such as boot module version vendor name product model RAS code revision etc ATGO allows you to continue booting the system Most other commands aid in advanced troubleshooting and should only be used by qualified engineers N Appendix E Prestige 310 Broadband Sharing Gateway Command Listing just answer OK print hel
202. uration Enter 1 to open Menu 21 1 Filter Rules Summary Enter the index of the filter set you wish to configure say 6 and press ENTER Enter a descriptive name or comment in the Edit Comments field for example TELNET_WAN and press ENTER Press ENTER at the message Press ENTER to confirm to open Menu 21 6 TCP IP Filter Rule Filter Configuration 7 13 Prestige 310 Broadband Sharing Gateway Menu 21 6 1 TCP IP Filter Rule Press SPACE BAR to choose this filter rule type The first TCP IP Filter Rule filter rule type determines all subsequent filter types within a Filter 6 1 Filter Type Active Yes IP Protocol 6 Destination td 078 set Source gt Select Yes to make the rule IP Mask 0 0 p active Port 0 6 is the TCP protocol Port Comp The port number for FTP is 21 See RFC 1060 for port numbers of well known services TCP Estab No Log None Actior Matched Drop Press Space Bar to Toggle There are no more rules to Select Equal check here as we are looking for packets going to Select Drop here so that port 21 only the packet will be dropped if its destination is the telnet port Select Check Next Rule here so that the next rule in this set will be checked Figure 7 12 Example Filter Menu 21 6 1 Step 6 Press ENTER to confirm and display the next screen Note that there is only one filter rule in th
203. ut so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the Prestige Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the Prestige and the computer The file name for the configuration file is rom 0 rom zero not capital o Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the Prestige to the computer and binary to set binary transfer mode 10 2 4 TFTP Command Example The following is an example tftp command TFTP i host get rom 0 config rom 66599 where 1 specifies binary image transfer mode use this mode when transferring binary files host is the Prestige IP address get transfers the file source on the Prestige rom 0 name of the configuration file on the Prestige to the file destination on the computer and renames it config rom Third Party TFTP Clients The following table describes some of the fields that you may see in third party TFTP clients Firmware and Configuration Maintenance 10 5 Prestige 310 Broadband Sha
204. ventions The configuration file often called the romfile or rom 0 contains the factory default settings in the menus such as password DHCP Setup TCP IP Setup etc It arrives from ZyXEL with a rom filename extension Once you have customized the Prestige s settings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many ftp and tftp clients the filenames are similar to those seen next ftp gt put firmware bin ras This is a sample ftp session showing the transfer of the computer file firmware bin to the Prestige ftp gt get rom 0 config cfg This is a sample ftp session saving the current configuration to the computer file config cfg If your t ftp client does not allow you to have a destination filename different than the source you will need to rename them as the Prestige only recognizes rom 0 and ras Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige that is on your computer local network or ftp site and so the name but not the extension will vary After uploading new firmware see the ZyNOS F W Version field in Menu 24 2 1 System Maintenance Info
205. ver Ethernet You can use PPPoE encapsulation only when you re using the Prestige with an xDSL modem as the WAN device PPPoE is an IETF Draft standard specifying how a host personal computer interacts with a broadband modem i e xDSL cable wireless etc to achieve access to high speed data networks It preserves the existing Microsoft Dial Up Networking experience and requires no new learning or procedures For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius For the user PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users Internet Access 3 11 Prestige 310 Broadband Sharing Gateway One of the benefits of PPPoE is the ability to let end users access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for specific users Operationally PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the Prestige rather than individual computers the computers on the LAN do not need PPPoE software installed since the Prestige does that part of the task Furthermore with NAT
206. xel com for an online glossary of networking terms Syntax Conventions e Enter means for you to type one or more characters and press the carriage return Select or Choose means for you to select one from the predefined choices e The SMT menu titles and labels are in Bold Times font The choices of a menu item are in Bold Arial font A single keystroke is in Arial font and enclosed in square brackets for instance ENTER means the Enter or carriage return key ESC means the escape key and SPACE BAR means the space bar UP and DOWN are the up and down arrow keys e For brevity s sake we will use e g as a shorthand for for instance and i e for that is or in other words throughout this user s guide e The Prestige 310 may be referred to as the Prestige or the P310 in this user s guide Occasionally SMT screens refer to the Prestige as a router Preface Xxi Getting Started Part I Getting Started This section is a step by step guide to help you connect install and setup your Prestige to operate on your network and access the Internet Prestige 310 Broadband Sharing Gateway Chapter 1 Getting to Know Your Prestige This chapter introduces the main features and applications of the Prestige as well as a checklist for fast Internet access 1 1 The Prestige 310 Broadband Sharing Gateway The Prestige 310 is a dual Ethernet broadband gateway integrated with robust netw
Download Pdf Manuals
Related Search