Zyxel 792H - Manual

Prestige 792H G.SHDSL Router ZyXEL Limited Warranty v ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proo...

Prestige 792H G.SHDSL Router vi Customer Support Customer Support Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took ...

Prestige 792H G.SHDSL Router Table of Contents vii Table of Contents Copyright .........................................................................................................................................................ii Federal Communications Commission (FCC) Interference Statement .....

Prestige 792H G.SHDSL Router xiv Table of Contents 27.4.3 Example 3: Multiple Public IP Addresses With Inside Servers ............................................. 27-14 27.4.4 Example 4: NAT Unfriendly Application Programs.............................................................. 27-18 Chapter ...

Prestige 792H G.SHDSL Router List of Figures xvii List of Figures Figure 1-1 Internet Access Application .......................................................................................................... 1-5 Figure 1-2 LAN-to-LAN Application .....................................................

Prestige 792H G.SHDSL Router xxvi List of Tables List of Tables Table 2-1 Password ......................................................................................................................................... 2-4 Table 3-1 Wizard Screen: WAN Setup............................................

Prestige 792H G.SHDSL Router Preface xxxi Preface Congratulations on your purchase of the Prestige 792H G.SHDSL Router. Use the web configurator, System Management Terminal (SMT) or command interpreter interface to configure your Prestige. Not all features can be configured through all interfaces. P...

Prestige 792H G.SHDSL Router xxxii Preface • The Prestige 792H may be referred to as the Prestige in this user’s guide. • Images of Prestige 792H are used throughout this document unless otherwise specified. The following section offers some background information on DSL. Skip to Chapter 1 if you wi...

Prestige 792H G.SHDSL Router Introduction to DSL xxxiii Introduction to DSL DSL (Digital Subscriber Line) technology enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. While the wire itself can hand...

Getting Started I P P a a r r t t I I : : GETTING STARTED This part covers Getting to Know Your Prestige, Hardware Installation, Initial Setup, WAN, LAN and Internet Access.

Prestige 792H G.SHDSL Router Getting to Know Your G.SHDSL Router 1-1 Chapter 1 Getting to Know Your G.SHDSL Router This chapter covers the key features and main applications of your Prestige. The Prestige 792H is high-performance G.SHDSL Router with four port switch for Internet/LAN access via a tel...

Prestige 792H G.SHDSL Router 1-2 Getting to Know Your G.SHDSL Router SUPPORTED TRANSMISSION SPEEDS Min (Kbps) Max (Kbps) SDSL 72 136 G.HDSL (G.991.2) 200 2312 IPSec VPN Capability Establish a Virtual Private Network (VPN) to connect with business partners and branch offices using data encryption and...

Prestige 792H G.SHDSL Router Getting to Know Your G.SHDSL Router 1-6 1.2 Application Scenarios for the Prestige This section provides examples on how your Prestige can be used. 1.2.1 Internet Access Figure 1-1 Internet Access Application Your Prestige can act as either of the following: • A bridge f...

Prestige 792H G.SHDSL Router Initial Setup 2-1 Chapter 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The embedded web configurator (ewc) allows you to manage the Prestige from anywhere through a browser such a...

Prestige 792H G.SHDSL Router 2-2 Initial Setup Figure 2-1 Password Screen Step 6. You should now see the Site Map screen. The Prestige automatically times out after five minutes of inactivity. Simply log back into the Prestige if this happens to you. 2.3 Navigating the Prestige Web Configurator The ...

Prestige 792H G.SHDSL Router Initial Setup 2-3 Figure 2-2 Web Configurator SITE MAP Screen Click the HELP icon (located in the top right corner of most screens) to view embedded help. 2.4 Configuring Password It is highly recommended that you change the password for accessing the Prestige. To change...

Prestige 792H G.SHDSL Router 2-4 Initial Setup Figure 2-3 Password The following table describes the labels in this screen. Table 2-1 Password LABEL DESCRIPTION Old Password Type the default password or the existing password you use to access the system in this field. New Password Type the new passw...

Prestige 792H G.SHDSL Router Initial Setup 2-5 of 9600bps with 8 data bit, no parity, one stop bit and flow control set to none. The password will be reset to “1234”, also. 2.5.1 Using The Reset Button Step 1. Make sure the SYS LED is on (not blinking). Step 1. Press the RESET button for five second...

Prestige 792H G.SHDSL Router WAN 3-1 Chapter 3 Wizard Setup This chapter provides information on the Wizard Setup screens in the web configurator. 3.1 Wizard Setup Introduction Use the Wizard Setup screens to configure your system for Internet access settings and fill in the fields with the informat...

Prestige 792H G.SHDSL Router 3-2 WAN 3.2.3 Transfer Rates The Prestige supports the following symmetrical multi-rate data transmission speeds: 72, 136, 200, 264, 392, 520, 776, 1032, 1160, 1544, 1736, 2056 and 2312Kbps. You can increase the capacity of the Internet connection (within certain limitat...

Prestige 792H G.SHDSL Router 3-4 WAN is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on the number of simultaneous VCs. 3.5 VPI and VCI Be sure to use the correct Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers ass...

Prestige 792H G.SHDSL Router 3-6 WAN Figure 3-2 Wizard Screen: Internet Access The following table describes the labels in this screen. Table 3-2 Wizard Screen: Internet Access LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to ...

Prestige 792H G.SHDSL Router WAN 3-7 Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not exp...

Prestige 792H G.SHDSL Router 3-8 WAN 3.8.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 3.8.3 IP Assignment with ENET ENCAP Encapsulation In this case you c...

Prestige 792H G.SHDSL Router WAN 3-9 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Managem...

Prestige 792H G.SHDSL Router 3-10 WAN Figure 3-3 Internet Connection with PPPoA The following table describes the labels in this screen. Table 3-3 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain w...

Prestige 792H G.SHDSL Router WAN 3-13 Figure 3-5 Internet Connection with ENET ENCAP The following table describes the labels in this screen. Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is ...

Prestige 792H G.SHDSL Router 3-14 WAN Table 3-5 Internet Connection with ENET ENCAP LABEL DESCRIPTION Network Address Translation Select None , SUA Only or Full Feature from the drop-sown list box. Refer to the NAT chapter for more details. Back Click Back to go back to the first wizard screen. Next...

Prestige 792H G.SHDSL Router WAN 3-15 Table 3-6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name Type the name of your PPPoE service here. User Name Configure User Name and Password fields for PPPoA and PPPoE encapsulation only. Enter the user name exactly as your ISP assigned. If assig...

Prestige 792H G.SHDSL Router 3-16 WAN disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 3.12.1 IP Pool Setup The Prest...

Prestige 792H G.SHDSL Router WAN 3-17 Figure 3-7 Wizard Screen: LAN COnfiguration If you want to change your Prestige LAN settings, click Change LAN Configuration to display the screen as shown next. Figure 3-8 Wizard: LAN Configuration The following table describes the labels in this screen. Table ...

Prestige 792H G.SHDSL Router 3-18 WAN Table 3-7 Wizard: LAN Configuration LABEL DESCRIPTION DHCP Server From the DHCP Server drop-down list box, select On to allow your Prestige to assign IP addresses, an IP default gateway and DNS servers to computer systems that support the DHCP client. Select Off...

Prestige 792H G.SHDSL Router WAN 3-19 Figure 3-9 Wizard Screen: Connection Tests 3.15 Test Your Internet Connection Launch your web browser and navigate to www.zyxel.com . Internet access is just the beginning. Refer to the rest of this User’s Guide for more detailed information on the complete rang...

Prestige 792H G.SHDSL Router LAN Setup 4-1 Chapter 4 LAN Setup This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually t...

Prestige 792H G.SHDSL Router 4-2 LAN Setup before you can access it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. The first is for ...

Prestige 792H G.SHDSL Router 4-4 LAN Setup RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages...

Prestige 792H G.SHDSL Router WAN 5-1 Chapter 5 WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. See the Wizard Setup chapter for more information on the fields in the WAN screens. 5...

Prestige 792H G.SHDSL Router 5-2 WAN If you want the dial-backup route to take first priority over the traffic-redirect route or even the normal route, all you need to do is set the dial-backup route’s metric to "1" and the others to "2" (or greater). IP Policy Routing overrides the ...

Prestige 792H G.SHDSL Router WAN 5-3 5.4 Traffic Shaping Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network. This agreement helps eliminate congestion, which is important for transmission of re...

Prestige 792H G.SHDSL Router 5-4 WAN Figure 5-1 Example of Traffic Shaping 5.5 Configuring WAN Setup To change your Prestige’s WAN remote node settings, click WAN , WAN Setup . The screen differs by the encapsulation.

Prestige 792H G.SHDSL Router WAN 5-5 Figure 5-2 WAN Setup The following table describes the labels in this screen.

Prestige 792H G.SHDSL Router WAN 5-7 Table 5-1 WAN Setup LABEL DESCRIPTION Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535. Login Information (PPPoA and PPPoE encapsulation only) Service Name ...

Prestige 792H G.SHDSL Router 5-8 WAN Table 5-1 WAN Setup LABEL DESCRIPTION Subnet Mask (ENET ENCAP encapsulation only) Enter a subnet mask in dotted decimal notation. Refer to the Subnetting appendix in the to calculate a subnet mask If you are implementing subnetting. ENET ENCAP Gateway (ENET ENCAP...

Prestige 792H G.SHDSL Router WAN 5-9 The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN or DMZ. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN net...

Prestige 792H G.SHDSL Router 5-10 WAN To change your Prestige’s WAN backup settings, click WAN , then WAN Backup . The screen appears as shown. Figure 5-5 WAN Backup The following table describes the fields in this screen.

Prestige 792H G.SHDSL Router 5-12 WAN Table 5-2 WAN Backup LABEL DESCRIPTION Backup Gateway Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates. Dial Backup Active Selec...

Prestige 792H G.SHDSL Router WAN 5-13 peer disconnects right after a successful authentication, make sure that you specify the correct authentication protocol when connecting to such an implementation. 5.9 Configuring Advanced WAN Backup To edit your Prestige’s advanced WAN backup settings, click WA...

Prestige 792H G.SHDSL Router 5-14 WAN Figure 5-6 Advanced WAN Backup

Prestige 792H G.SHDSL Router WAN 5-17 Table 5-3 Advanced WAN Backup LABEL DESCRIPTION PPP Options Encapsulation Select CISCO PPP from the drop-down list box if your backup WAN device uses Cisco PPP encapsulation; otherwise select Standard PPP . Compression Select this check box to enable stac compre...

Prestige 792H G.SHDSL Router 5-18 WAN For ISDN lines, there are many more protocols and operational modes. Please consult the documentation of your TA. You may need additional commands in both “Dial” and “Init” strings. 5.11 DTR Signal The majority of WAN devices default to hanging up the current ca...

Prestige 792H G.SHDSL Router WAN 5-19 Figure 5-7 Advanced Modem Setup The following table describes the fields in this screen. Table 5-4 Advanced Modem Setup LABEL DESCRIPTION AT Command Strings Dial Type the AT Command string to make a call. Example: atdt Drop Type the AT Command string to drop a c...

NAT and Dynamic DNS II Part II: NAT and Dynamic DNS This part covers NAT (Network Address Translation) and dynamic DNS (Domain Name Sever)

Prestige 792H G.SHDSL Router NAT 6-1 Chapter 6 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige . 6.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source addres...

Prestige 792H G.SHDSL Router 6-2 NAT local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed. The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In additio...

Prestige 792H G.SHDSL Router NAT 6-3 Figure 6-2 NAT Application With IP Alias 6.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: 1. One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address. 2. Many to One : In Many-to-One mode, the P...

Prestige 792H G.SHDSL Router 6-4 NAT 5. Server : This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these t...

Prestige 792H G.SHDSL Router NAT 6-5 1. Choose SUA Only if you have just one public WAN IP address for your Prestige. 2. Choose Full Feature if you have multiple public WAN IP addresses for your Prestige. 6.3 SUA Server A SUA server set is a list of inside (behind NAT on the LAN) servers, for exampl...

Prestige 792H G.SHDSL Router 6-6 NAT Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. I...

Prestige 792H G.SHDSL Router NAT 6-7 Figure 6-3 Multiple Servers Behind NAT Example 6.4 Selecting the NAT Mode Click NAT to open the following screen. Figure 6-4 NAT Mode The following table describes the labels in this screen.

Prestige 792H G.SHDSL Router 6-8 NAT Table 6-4 NAT Mode LABEL DESCRIPTION None Select this radio button to disable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your Prestige. The Prestige uses Address Mapping Set 1 in the NAT - Edit SUA/NAT Server Set screen....

Prestige 792H G.SHDSL Router 6-10 NAT Table 6-5 Edit SUA/NAT Server Set LABEL DESCRIPTION End Port No. Enter a port number in this field. To forward only one port, enter the port number again in the Start Port No. field above and then enter it again in this field. To forward a series of ports, enter...

Prestige 792H G.SHDSL Router NAT 6-11 Figure 6-6 Address Mapping Rules The following table describes the labels in this screen. Table 6-6 Address Mapping Rules LABEL DESCRIPTION Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping. Loc...

Prestige 792H G.SHDSL Router 6-12 NAT Table 6-6 Address Mapping Rules LABEL DESCRIPTION Type 1-1 : One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1 : Many-to-One mode maps multiple local IP addresses to ...

Prestige 792H G.SHDSL Router NAT 6-13 The following table describes the labels in this screen. Table 6-7 Address Mapping Rule Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One : One-to-One mode maps one local IP address to one global IP address. Note t...

Prestige 792H G.SHDSL Router Dynamic DNS Setup 7-1 Chapter 7 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 7.1 Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact y...

Firewall and Content Filters III Part III: Firewall and Content Filter This part introduces firewalls in general and the Prestige firewall. It also explains customized services and logs and gives example firewall rules and an overview of content filtering.

Prestige 792H G.SHDSL Router Firewalls 8-1 Chapter 8 Firewalls This chapter gives some background information on firewalls and introduces the Prestige firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one ro...

Prestige 792H G.SHDSL Router 8-2 Firewalls i. Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the application gateway is the only host whose name must be made known to outside systems. ii. Robust authentication and logging pre-authent...

Prestige 792H G.SHDSL Router Firewalls 8-3 Figure 8-1 Prestige Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longe...

Prestige 792H G.SHDSL Router 8-4 Firewalls Table 8-1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 8.4.2 Types of DoS Attacks There are four types of DoS attacks: 1. Those that exploit bugs in a TCP/IP implementation. 2. Those that exploit weaknesses in the TCP/IP specification. 3...

Prestige 792H G.SHDSL Router Firewalls 8-5 Figure 8-2 Three-Way Handshake Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator resp...

Prestige 792H G.SHDSL Router 8-6 Firewalls 2-b In a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries t...

Prestige 792H G.SHDSL Router Firewalls 8-7 The only legal NetBIOS commands are the following - all others are illegal. Table 8-3 Legal NetBIOS Commands MESSAGE: REQUEST: POSITIVE: NEGATIVE: RETARGET: KEEPALIVE: All SMTP commands are illegal except for those displayed in the following tables. Table 8...

Prestige 792H G.SHDSL Router 8-8 Firewalls Allows all sessions originating from the LAN (local network) to the WAN (Internet). Denies all sessions originating from the WAN to the LAN. Figure 8-5 Stateful Inspection The previous figure shows the Prestige’s default firewall rules in action as well as ...

Prestige 792H G.SHDSL Router Firewalls 8-9 4. Based on the obtained state information, a firewall rule creates a temporary access list entry that is inserted at the beginning of the WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets o...

Prestige 792H G.SHDSL Router Firewalls 8-11 8.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneously. In general terms, they usually have a "control connection" which is used for sending commands between endpoints...

Prestige 792H G.SHDSL Router 8-12 Firewalls 1. Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all e...

Prestige 792H G.SHDSL Router Firewalls 8-13 Packet filtering only checks the header portion of an IP packet. When To Use Filtering 1. To block/allow LAN packets by their MAC addresses. 2. To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. 3. To block/allow both inboun...

Prestige 792H G.SHDSL Router Firewall Configuration 9-1 Chapter 9 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 9.1 Remote Management and the Firewall When remote management is configured to allow management (see the Remote Management chapter) and t...

Prestige 792H G.SHDSL Router 9-2 Firewall Configuration 9.3 Configuring E-mail Alerts To change your Prestige’s E-mail log settings, click Advanced Setup , Firewall , and then E-mail . The screen appears as shown. This screen is not available on all models. Use the E-Mail screen to configure to wher...

Prestige 792H G.SHDSL Router Firewall Configuration 9-3 Table 9-1 E-mail LABEL DESCRIPTION E-mail Alerts To Alerts are sent to the e-mail address specified in this field. If this field is left blank, alerts will not be sent via e-mail. Return Address Type an E-mail address to identify the Prestige a...

Prestige 792H G.SHDSL Router Firewall Configuration 9-5 delete half-open sessions as necessary, until the rate of new connection attempts drops below another threshold ( one-minute low ). The rate is the number of new attempts detected in the last one-minute sample period. TCP Maximum Incomplete and...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-1 Chapter 10 Creating Custom Rules This chapter contains instructions for defining both Local Network and Internet rules. 10.1 Rules Overview Firewall rules are subdivided into “Local Network” and “Internet”. By default, the Prestige’s stateful p...

Prestige 792H G.SHDSL Router 10-2 Creating Custom Rules 3. What is the direction connection: from the LAN to the Internet, or from the Internet to the LAN? 4. What IP services will be affected? 5. What computers on the LAN are to be affected (if any)? 6. What computers on the Internet will be affect...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-3 Source Address What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of IPs or a subnet? Destination Address What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a rang...

Prestige 792H G.SHDSL Router 10-4 Creating Custom Rules 10.3.2 WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN). If you wish to allow certain WAN users to have access to your LAN, you will need to create custom rules to allow it. See the following...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-5 Figure 10-3 Firewall Logs The following table describes the labels in this screen. Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE No. This is the index number of the firewall log. 128 entries are available numbered from 0 to 127. Once they ...

Prestige 792H G.SHDSL Router 10-6 Creating Custom Rules Table 10-1 Firewall Logs LABEL DESCRIPTION EXAMPLE Reason This field states the reason for the log; i.e., was the rule matched, not matched, or was there an attack. The set and rule coordinates (<X, Y> where X=1,2; Y=00~10) follow with a ...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-7 Click on Firewall , then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. The ordering of your rules is very important as rules are applied in turn. Fig...

Prestige 792H G.SHDSL Router 10-8 Creating Custom Rules Table 10-2 Firewall Rules Summary: First Screen LABEL DESCRIPTION The default action for packets not matching following rules Use the drop-down list box to select whether to Block (silently discard) or Forward (allow the passage of) packets tha...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-9 defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled “( DNS )”. (UDP/TCP:53) means UDP port 53 and TCP port 53. Up to 128 entries are supported. Custom services may ...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-11 Table 10-3 Predefined Services SERVICE DESCRIPTION SSDP(UDP:1900) Simple Service Discovery Protocol (SSDP) is a discovery service searching for Universal Plug and Play devices on your home network or upstream Internet gateways using UDP port 1...

Prestige 792H G.SHDSL Router 10-12 Creating Custom Rules Figure 10-5 Creating/Editing A Firewall Rule The following table describes the labels in this screen. Table 10-4 Creating/Editing A Firewall Rule LABEL DESCRIPTION Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing o...

Prestige 792H G.SHDSL Router Creating Custom Rules 10-15 10.8.1 Factors Influencing Choices for Timeout Values The factors influencing choices for timeout values are the same as the factors influencing choices for threshold values – see section 9.4.2. Click Timeout for either Local Network or Intern...

Prestige 792H G.SHDSL Router Customized Services 11-1 Chapter 11 Customized Services This chapter covers creating, viewing and editing custom services. 11.1 Introduction to Customized Services Configure customized services and port numbers not predefined by the Prestige (see Figure 10-5) . For a com...

Prestige 792H G.SHDSL Router 11-2 Customized Services Table 11-1 Customized Services LABEL DESCRIPTION Customized Services No. This is the number of your customized port. Click a rule’s number of a service to go to the Firewall Customized Services Config screen to configure or edit a customized serv...

Prestige 792H G.SHDSL Router Customized Services 11-3 Table 11-2 Creating/Editing A Customized Service LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port ( TCP , UDP or TCP/UDP ) that defines your customized port from the drop down list box. Port ...

Prestige 792H G.SHDSL Router Customized Services 11-5 Step 4. Follow the procedures outlined earlier in this chapter to configure all your rules. Configure the rule configuration screen like the one below and apply it. Figure 11-6 Syslog Rule Configuration Example This is your MyService custom port....

Prestige 792H G.SHDSL Router 11-6 Customized Services Step 6. On completing the configuration procedure for these Internet firewall rules, the Rule Summary screen should look like the following. Don’t forget to click Apply when you have finished configuring your rule(s) to save your settings back to...

Prestige 792H G.SHDSL Router Content Filtering 12-1 Chapter 12 Content Filtering This chapter covers how to configure content filtering . 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering giv...

Prestige 792H G.SHDSL Router Content Filtering 12-3 Table 12-1 Content Filter: Keyword LABEL DESCRIPTION Add Keyword Click Add Keyword after you have typed a keyword. Repeat this procedure to add other keywords. Up to 127 keywords are allowed. When you try to access a web page containing a keyword, ...

Prestige 792H G.SHDSL Router 12-4 Content Filtering Table 12-2 Content Filter: Schedule LABEL DESCRIPTION Days to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Block: Use the 24 hour format to configure which t...

Prestige 792H G.SHDSL Router Content Filtering 12-5 Table 12-3 Content Filter: Trusted LABEL DESCRIPTION To Type the ending IP address of a specific range of users on your LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. Back ...

Prestige 792H G.SHDSL Router 12-6 Content Filtering The following table describes the labels in this screen. Table 12-4 Content Filter Logs LABEL DESCRIPTION Page Choose a page of logs from the drop-down list box to display. No. This is the index number of the content filter log. Time This field dis...

VPN/IPSec IV Part IV: VPN/IPSec This part provides information about configuring VPN/IPSec for secure communications.

Prestige 792H G.SHDSL Router Introduction to IPSec 13-1 Chapter 13 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 13.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is ...

Prestige 792H G.SHDSL Router 13-2 Introduction to IPSec Figure 13-1 Encryption and Decryption Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data h...

Prestige 792H G.SHDSL Router Introduction to IPSec 13-3 Figure 13-2 VPN Application 13.2 IPSec Architecture The overall IPSec architecture is shown as follows.

Prestige 792H G.SHDSL Router 13-4 Introduction to IPSec Figure 13-3 IPSec Architecture 13.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (i...

Prestige 792H G.SHDSL Router Introduction to IPSec 13-5 13.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 13-4 Transport and Tunnel Mode IPSec Encapsulation 13.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only af...

Prestige 792H G.SHDSL Router 13-6 Introduction to IPSec A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value...

Prestige 792H G.SHDSL Router VPN Screens 14-1 Chapter 14 VPN Screens This chapter introduces the VPN screens. See the Logs chapter for information on viewing logs and the Reference Guide for IPSec log description 14.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules f...

Prestige 792H G.SHDSL Router 14-2 VPN Screens Table 14-1 AH and ESP ESP AH DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a private (secret) key. DES applies a 56-bit key to each 64-bit block of data. MD5 (default) MD5 (Message Digest 5) produces a 128-...

Prestige 792H G.SHDSL Router VPN Screens 14-3 The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. 14.5 VPN Summary Screen The following figure helps explain the main fields in the web configurator. Figure 14-1 IPSec Summary Fie...

Prestige 792H G.SHDSL Router 14-4 VPN Screens Figure 14-2 VPN Summary The following table describes the labels in this screen. Table 14-2 VPN Summary LABEL DESCRIPTION No. This is the VPN policy index number. Click a number to edit VPN policies. Name This field displays the identification name for t...

Prestige 792H G.SHDSL Router VPN Screens 14-5 Table 14-2 VPN Summary LABEL DESCRIPTION IPSec Algorithm This field displays the security protocols used for an SA. Both AH and ESP increase Prestige processing requirements and communications latency (delay). Secure Gateway IP This is the IP address of ...

Prestige 792H G.SHDSL Router 14-6 VPN Screens With main mode (see section 14.10.1 ), the ID type and content are encrypted to provide identity protection. In this case the Prestige can only distinguish between up to eight different incoming SAs that connect from remote IPSec routers that have dynami...

Prestige 792H G.SHDSL Router VPN Screens 14-7 Table 14-5 Matching ID Type and Content Configuration Example PRESTIGE A PRESTIGE B Local ID type: E-mail Local ID type: IP Local ID content: [email protected] Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Pee...

Prestige 792H G.SHDSL Router VPN Screens 14-13 Table 14-7 VPN IKE LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally c...

Prestige 792H G.SHDSL Router 14-14 VPN Screens Choose a Diffie-Hellman public-key cryptography key group ( DH1 or DH2 ) . Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires. If...

Prestige 792H G.SHDSL Router VPN Screens 14-15 14.10.3 Perfect Forward Secrecy (PFS) Enabling PFS means that the key is transient. The key is thrown away and replaced by a brand new key using a new Diffie-Hellman exchange for each new IPSec SA setup. With PFS enabled, if one key is compromised, prev...

Prestige 792H G.SHDSL Router VPN Screens 14-19 Table 14-8 VPN IKE: Advanced LABEL DESCRIPTION Authentication Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is g...

Prestige 792H G.SHDSL Router 14-20 VPN Screens Current ZyXEL implementation assumes identical outgoing and incoming SPIs. 14.13 Configuring Manual Key You only configure VPN Manual Key when you select Manual in the Key Management field on the VPN IKE screen. This is the VPN Manual Key screen as show...

Prestige 792H G.SHDSL Router VPN Screens 14-21 The following table describes the labels in this screen. Table 14-9 VPN Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any charact...

Prestige 792H G.SHDSL Router 14-24 VPN Screens Table 14-9 VPN Manual Key LABEL DESCRIPTION Apply Click Apply to save your changes back to the Prestige. Cancel Click Cancel to begin configuring this screen afresh. Delete Click Delete to remove the current rule. 14.14 Viewing SA Monitor Click VPN and ...

Prestige 792H G.SHDSL Router VPN Screens 14-25 Figure 14-7 SA Monitor The following table describes the labels in this screen. Table 14-10 SA Monitor LABEL DESCRIPTION No This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulatio...

Prestige 792H G.SHDSL Router 14-26 VPN Screens Table 14-10 SA Monitor LABEL DESCRIPTION Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the Prestige. Refresh Click Refresh to display the current active VPN connection(s). 14.15 Configuring Global Setti...

Prestige 792H G.SHDSL Router VPN Screens 14-27 14.16 Configuring IPSec Logs To view IPSec logs in this screen, click Advanced Setup , VPN , and then Logs to open the screen shown next. Figure 14-9 VPN Logs The following table describes the labels in this screen. Table 14-12 VPN Logs LABEL DESCRIPTIO...

Prestige 792H G.SHDSL Router 14-28 VPN Screens Double exclamation marks (!!) denote an error or warning message. The following table shows sample log messages during IKE key exchange. Table 14-13 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION Cannot find outbound SA for rule <#d> The pac...

Prestige 792H G.SHDSL Router VPN Screens 14-29 Table 14-13 Sample IKE Key Exchange Logs LOG MESSAGE DESCRIPTION !! Local / remote IPs of incoming request conflict with rule <#d> If the security gateway is “0.0.0.0”, the Prestige will use the peer’s “Local Addr” as its “Remote Addr”. If this IP...

Prestige 792H G.SHDSL Router 14-30 VPN Screens Table 14-14 Sample IPSec Logs During Packet Transmission LOG MESSAGE DESCRIPTION !! Inbound packet authentication failed The authentication configuration settings are incorrect. Please check them. !! Inbound packet decryption failed The decryption confi...

Prestige 792H G.SHDSL Router VPN Screens 14-31 14.17 Telecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The Prestige at headquarters h...

Prestige 792H G.SHDSL Router 14-32 VPN Screens 14.17.2 Telecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this). With aggressive negotia...

Prestige 792H G.SHDSL Router VPN Screens 14-33 Table 14-17 Telecommuters Using Unique VPN Rules Example HEADQUARTERS TELECOMMUTERS Local ID Content: [email protected] Peer ID Type: E-mail Peer ID Content: [email protected] Headquarters Prestige Rule 1: Telecommuter A (telecommutera.dydns.org) ...

Remote Management and UPnP V Part V: Remote Management and UPnP This part contains Remote Management and UPnP

Prestige 792H G.SHDSL Router Remote Management 15-1 Chapter 15 Remote Management Configuration This chapter provides information on configuring remote management 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which Prestige interface (if...

Prestige 792H G.SHDSL Router Remote Management 15-2 Use the Prestige’s WAN IP address when configuring from the WAN. Use the Prestige’s LAN IP address when configuring from the LAN. 15.1.3 System Timeout There is a system timeout of five minutes (three hundred seconds) for either the console port or...

Prestige 792H G.SHDSL Router Remote Management 15-3 15.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 15-2 Remote Management The following table describes the labels in this screen. Table 15-1 Remote Management LABEL DESCRIPTION Server Type Each of these...

Prestige 792H G.SHDSL Router Remote Management 16-1 Chapter 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple ...

Prestige 792H G.SHDSL Router Remote Management 16-3 Figure 16-1 Configuring UPnP Table 16-1 Configuring UPnP FIELD DESCRIPTION Enable the Universal Plug and Play (UPnP) Service Select this checkbox to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's log...

Prestige 792H G.SHDSL Router Remote Management 16-4 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. Step 1. Click Start and Control Panel . Double-click Add/Remove Programs . Step 2. Click on the Windows Setup tab and select Communication in the Components sel...

Prestige 792H G.SHDSL Router UPnP 16-5 Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Step 1. Click start and Control Panel. Step 2. Double-click Network Connections . Step 3. In the Network Connections window, click Advanced in the main menu and select Optio...

Prestige 792H G.SHDSL Router UPnP 16-6 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Prestige. Make sure the computer is connected to a LAN port of the Prestige. Tur...

Prestige 792H G.SHDSL Router UPnP 16-7 Step 3. In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Step 4. You may edit or delete the port mappings or click Add to manually add port mappings. When the UPnP-enabled device is disconne...

Prestige 792H G.SHDSL Router UPnP 16-8 Step 6. Double-click on the icon to display your current Internet connection status. Web Configurator Easy Access Example With UPnP, you can access the web-based configurator on the Prestige without finding out the IP address of the Prestige first. This comes h...

Prestige 792H G.SHDSL Router UPnP 16-9 Step 4. An icon with the description for each UPnP-enabled device displays under Local Network . Step 5. Right-click on the icon for your Prestige and select Invoke . The web configurator login screen displays. Step 6. Right-click on the icon for your Prestige ...

Prestige 792H G.SHDSL Router Troubleshooting 17-1 Part VI: Maintenance This part covers the maintenance screens.

Prestige 792H G.SHDSL Router Maintenance 17-1 Chapter 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview Use the maintenance screens to view system information, upload new firmware, manage configura...

Prestige 792H G.SHDSL Router 17-2 Maintenance Figure 17-1 System Status The following table describes the labels in this screen.

Prestige 792H G.SHDSL Router Maintenance 17-3 Table 17-1 System Status LABEL DESCRIPTION System Status System Name This is the name of your Prestige. It is for identification purposes. ZyNOS F/W Version This is the ZyNOS firmware version and the date created. ZyNOS is ZyXEL's proprietary Network Ope...

Prestige 792H G.SHDSL Router 17-4 Maintenance 17.2.1 System Statistics Click Show Statistics in the System Status screen to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)&...

Prestige 792H G.SHDSL Router Maintenance 17-5 Table 17-2 System Status: Show Statistics LABEL DESCRIPTION WAN Port Statistics This is the WAN port. Link Status This is the status of your WAN link. Transfer Rate This is the transfer rate in kbps. Upstream Speed This is the upstream speed of your Pres...

Prestige 792H G.SHDSL Router 17-6 Maintenance Table 17-2 System Status: Show Statistics LABEL DESCRIPTION above. Stop Click this button to halt the refreshing of the system statistics. 17.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients ...

Prestige 792H G.SHDSL Router Maintenance 17-7 Table 17-3 DHCP Table LABEL DESCRIPTION MAC Address This field displays the MAC (Media Access Control) address of the computer with the displayed host name. Every Ethernet device has a unique MAC address. The MAC address is assigned at the factory and co...

Prestige 792H G.SHDSL Router 17-8 Maintenance Figure 17-5 Diagnostic General The following table describes the labels in this screen. Table 17-4 Diagnostic General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection. Ping Click this ...

Prestige 792H G.SHDSL Router Maintenance 17-9 Table 17-4 Diagnostic General LABEL DESCRIPTION Back Click this button to go back to the main Diagnostic screen. 17.4.2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to open the screen shown next. Figure 17-6 Diagnostic DSL Line The follo...

Prestige 792H G.SHDSL Router 17-10 Maintenance Table 17-5 Diagnostic DSL Line “Start to reset xDSL... Reset xDSL Line Successfully!” Back Click this button to go back to the main Diagnostic screen. 17.5 Firmware Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model nam...

Prestige 792H G.SHDSL Router Maintenance 17-11 The following table describes the labels in this screen. Table 17-6 Firmware Upgrade LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin...

SMT General Configuration VII P P a a r r t t V V I I I I : : SMT General Configuration This part covers System Management Terminal configuration for general setup, LAN setup, wireless LAN setup, Internet access, remote nodes, remote node TCP/IP, static routing and NAT. See the web configurator part...

Prestige 792H G.SHDSL Router Introducing the SMT 19-1 Chapter 18 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 18.1 SMT Introduction T he Prestige’s SMT (System Management Terminal) is a menu-driven interface t...

Prestige 792H G.SHDSL Router 19-2 Introducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your Prestige will automatically log you out. Figure 18-1 Login Screen 18.1.4 Prestige SMT Menu Overview The following figure gives you an overview of the var...

Prestige 792H G.SHDSL Router Introducing the SMT 19-3 Menu 3 LAN Setup Menu 4 Internet Access Setup Menu 12 Static Routing Setup Menu 11.5 Remote Node Filter Menu 11 Remote Node Setup Menu 11.3 Remote Node Network Layer Options Menu 3.2 TCP/IP and DHCP Setup Prestige 650HW Main Menu Menu 1 General S...

Prestige 792H G.SHDSL Router 19-4 Introducing the SMT 18.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the ...

Prestige 792H G.SHDSL Router Introducing the SMT 19-5 Figure 18-3 SMT Main Menu 18.2.1 System Management Terminal Interface Summary Table 18-2 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information. 3 LAN Setup Use this menu to set up your wireles...

Prestige 792H G.SHDSL Router 19-6 Introducing the SMT Table 18-2 Main Menu Summary # MENU TITLE DESCRIPTION 26 Schedule Setup Use this menu to schedule outgoing calls. 27 VPN/IPSec Setup Use this menu to configure VPN connections on the Prestige 650H/HW. 99 Exit Use this to exit from SMT and return ...

Prestige 792H G.SHDSL Router WAN 19-1 Chapter 19 General Setup Menu 1 - General Setup contains administrative and system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification pur...

Prestige 792H G.SHDSL Router 19-2 WAN Figure 19-1 Menu 1 General Setup Fill in the required fields. Refer to the table shown next for more information about these fields. Table 19-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Enter a descriptive name for identification purposes. This ...

Prestige 792H G.SHDSL Router WAN 19-3 19.2.1 Configuring Dynamic DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. To configure Dynamic DNS, go to Menu 1 — General Setup and select Yes in the Edit Dynamic DNS field. Press [ ENTER ] to display Menu 1.1— Configure Dynamic DNS ...

Prestige 792H G.SHDSL Router 20-4 WAN Chapter 20 WAN Setup This chapter shows you how to configure the WAN settings of your Prestige . 20.1 WAN Setup Use Menu 2 – WAN Setup to configure G.SHDSL settings for your WAN line. Different telephone companies deploy different types of G.SHDSL service. If yo...

Prestige 792H G.SHDSL Router Dial Backup 21-1 Chapter 21 Dial Backup This chapter shows you how to configure Dial Backup for your Prestige . 21.1 Dial Backup Overview To set up the auxiliary port (Dial Backup or CON/AUX) for use in the event that the regular WAN connection is dropped, first make sur...

Prestige 792H G.SHDSL Router 21-2 Dial Backup Table 21-1 Menu 2: Dial Backup Setup FIELD DESCRIPTION EXAMPLE Dial-Backup: Active Use this field to turn the dial-backup feature on ( Yes ) or off ( No ). No Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the connection betwe...

Prestige 792H G.SHDSL Router Dial Backup 21-3 Figure 21-2 Advanced WAN Setup Table 21-2 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT AT Command Strings: Dial Enter the AT Command string to make a call. atdt Drop Enter the AT Command string to drop a call. “~” represents a on...

Prestige 792H G.SHDSL Router 21-4 Dial Backup Table 21-2 Advanced WAN Port Setup: AT Commands Fields FIELD DESCRIPTION DEFAULT Speed Enter the keyword preceding the connection speed. CONNECT Table 21-3 Advanced WAN Port Setup: Call Control Parameters FIELD DESCRIPTION DEFAULT Call Control Dial Timeo...

Prestige 792H G.SHDSL Router Dial Backup 21-7 Table 21-4 Remote Node Profile (Backup ISP) FIELD DESCRIPTION EXAMPLE Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. 21.2.1 Editing PPP Option...

Prestige 792H G.SHDSL Router 21-8 Dial Backup Move the cursor to the Edit IP field in menu 11.1, then press [SPACE BAR] to select Yes . Press [ENTER] to open Menu 11.3 - Network Layer Options . Figure 21-6 Remote Node Network Layer Options Table 21-5 Remote Node Network Layer Options FIELD DESCRIPTI...

Prestige 792H G.SHDSL Router Dial Backup 21-9 Table 21-5 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Private This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and not included in RIP ...

Prestige 792H G.SHDSL Router LAN 22-1 Chapter 22 LAN Setup This chapter shows you how to configure the LAN settings for your Prestige . 22.1 Ethernet Setup This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup . From the main menu, enter 3 to open the menu as follows. Fi...

Prestige 792H G.SHDSL Router 22-2 LAN If you need to define filters, please read the Filter Configuration chapter first, then return to this menu. 22.1.2 IP Alias Setup Use Menu 3.2 to configure the first network. To edit Menu 3.2 , enter 3 from the main menu to display Menu 3 — Ethernet Setup . Whe...

Prestige 792H G.SHDSL Router LAN 22-3 Figure 22-4 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. Table 22-1 IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the Prestige. Yes IP Address Enter the IP address...

Prestige 792H G.SHDSL Router 22-4 LAN Figure 22-5 General Setup 22.1.4 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to configure your Prestige for TCP/IP. To edit Menu 3.2 , enter 3 from the main menu to display Menu 3 — Ethernet Setup . When menu 3 appears, press 2 and press [ENTER] to display Menu ...

Prestige 792H G.SHDSL Router LAN 22-5 Table 22-2 TCP/IP and DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE DHCP Setup DHCP If set to Server , your Prestige can assign IP addresses, an IP default gateway and DNS servers to Windows 95, Windows NT and other systems that support the DHCP client. If set t...

Prestige 792H G.SHDSL Router Internet Access 23-1 Chapter 23 Internet Access This chapter shows you how to configure your Prestige for Internet Access . 23.1 Internet Access Overview This section provides information on configuring your Prestige for Internet access. It includes information on encaps...

Prestige 792H G.SHDSL Router 23-2 Internet Access Table 23-1 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP’s Name Enter the name of your Internet Service Provider. This information is for identification purposes only. ChangeMe Encapsulation Press [ SPACE BAR ] to select the method of encapsula...

Advanced Applications VIII P P a a r r t t V V I I I I I I : : ADVANCED APPLICATIONS This part shows how to configure Remote Nodes, Static Routes, Bridging and NAT.

Prestige 791R G.SHDSL Router Remote Node TCP/IP Configuration 24-1 Chapter 24 Remote Node Configuration This chapter covers remote node configuration. 24.1 Remote Node Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls t...

Prestige 791R G.SHDSL Router 24-2 Remote Node TCP/IP Configuration Figure 24-1 Remote Node Setup 24.2.1 Encapsulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. For LAN-to-LAN applications, for example, between a branch ...

Prestige 791R G.SHDSL Router Remote Node TCP/IP Configuration 24-3 Figure 24-2 Remote Node Profile Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Node Name Type a unique, descriptive name of up to eight characters for this node. myISP Active Press [SPACE BAR] and then [ENTER] to select...

Prestige 791R G.SHDSL Router 24-4 Remote Node TCP/IP Configuration Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Rem Password Type the password used when this remote node calls your Prestige. Outgoing: My Login Type the login name assigned by your ISP when the Prestige calls this remote n...

Prestige 791R G.SHDSL Router Remote Node TCP/IP Configuration 24-5 Table 24-1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation. You can apply up to four schedule sets here. For more details please refer to the Call Schedule S...

Prestige 791R G.SHDSL Router 24-6 Remote Node TCP/IP Configuration Figure 24-3 Remote Node Network Layer Options Table 24-2 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE IP Options IP Address Assignment Press [SPACE BAR] and then [ENTER] to select Dynamic if the remote node is using a ...

Prestige 791R G.SHDSL Router Remote Node TCP/IP Configuration 24-7 Table 24-2 Remote Node Network Layer Options FIELD DESCRIPTION EXAMPLE Private This determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and not inclu...

Prestige 791R G.SHDSL Router 24-8 Remote Node TCP/IP Configuration Figure 24-4 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection 24.4 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11.1, then press [SPACE BAR] to select Yes . Press [ENTER] to display Menu 11.5 – Remote...

Prestige 791R G.SHDSL Router Remote Node TCP/IP Configuration 24-9 Figure 24-6 Remote Node Filter (RFC1483 or ENET ENCAP Encapsulation) 24.5 Editing ATM Layer Options Follow these steps to edit Menu 11.6 – Remote Node ATM Layer Options . Step 1. In Menu 11.1, move the cursor to the Edit ATM Options ...

Prestige 791R G.SHDSL Router 24-10 Remote Node TCP/IP Configuration 24.5.2 LLC-based Multiplexing or PPP Encapsulation For LLC-based multiplexing or PPP encapsulation, one VC carries multiple protocols with protocol identifying information being contained in each packet header. Figure 24-8 Menu 11.6...

Prestige 791R G.SHDSL Router Static Route Setup 25-1 Chapter 25 Static Route Setup This chapter shows how to setup IP static routes. 25.1 Static Route Overview Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RI...

Prestige 791R G.SHDSL Router 25-2 Static Route Setup Step 1. To configure an IP static route, use Menu 12 – Static Route Setup (shown next). See the bridging chapter for more information on Bridge Static Routes. Figure 25-2 Static Route Setup Step 2. From Menu 12, select 1 to open Menu 12.1 – IP Sta...

Prestige 791R G.SHDSL Router Static Route Setup 25-3 Figure 25-4 Edit IP Static Route Table 25-1 Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12.1. Route Name Type a descriptive name for this route. This is for identification purp...

Prestige 791R G.SHDSL Router Bridging Setup 26-1 Chapter 26 Bridging Setup This chapter shows you how to configure the bridging parameters of your Prestige. 26.1 Bridging Overview Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on ...

Prestige 791R G.SHDSL Router 26-2 Bridging Setup Figure 26-1 Remote Node Bridging Options Table 26-1 Remote Node Bridging Options FIELD DESCRIPTION Bridge (menu 11.1) Make sure this field is set to Yes . Edit IP/Bridge (menu 11.1) Press [SPACE BAR] to select Yes and press [ENTER] to display menu 11....

Prestige 791R G.SHDSL Router Bridging Setup 26-3 Figure 26-2 Bridge Static Route Setup Choose a static route to edit in menu 12.3. You configure bridge static routes in menu 12.3.1 as shown next. Figure 26-3 Edit Bridge Static Route Table 26-2 Edit Bridge Static Route FIELD DESCRIPTION Route # This ...

Prestige 791R G.SHDSL Router NAT 27-1 Chapter 27 Network Address Translation (NAT) This chapter discusses how to configure NAT on the Prestige. 27.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to...

Prestige 791R G.SHDSL Router 27-2 NAT Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= N/A NAT= SUA Only Address Mapping Set= N/A Metric= 2 Private= No...

Prestige 791R G.SHDSL Router NAT 27-3 Menu 15 — NAT Setup 1. Address Mapping Sets 2. NAT Server Sets Enter Menu Selection Number: Table 27-1 Applying NAT to the Remote Node FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP addresse...

Prestige 791R G.SHDSL Router 27-4 NAT Menu 15.1 - Address Mapping Sets 1. 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Enter Menu Selection Number: Enter Menu Selection Number: Figure 27-4 Address Mapping Sets Enter 255 to display the next screen (see also section 27.1) . The fields in this menu cannot...

Prestige 791R G.SHDSL Router NAT 27-5 Table 27-2 Address Mapping Rules - SUA FIELD DESCRIPTION EXAMPLE Local Start IP Local End IP Local Start IP is the starting local IP address (ILA) Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 a...

Prestige 791R G.SHDSL Router 27-6 NAT Figure 27-6 Address Mapping Rules If the Set Name field is left blank, the entire set will be deleted. The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Ordering Your Rules Ordering your...

Prestige 791R G.SHDSL Router NAT 27-7 FIELD DESRIPTION EXAMPLE Set Name Enter a name for this set of rules. This is a required field. If this field is left blank, the entire set will be deleted. NAT_SET Action The default is Edit . Edit means you want to edit a selected rule (see following field). I...

Prestige 791R G.SHDSL Router 27-8 NAT Figure 27-7 Editing/Configuring an Individual Rule in a Set Table 27-4 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. Server allows you to specify multiple s...

Prestige 791R G.SHDSL Router NAT 27-9 27.3.2 Configuring a Server behind NAT Follow these steps to configure a server behind NAT: Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup. Step 2. Enter 2 to display Menu 15.2 - NAT Server Sets as shown next. Figure 27-8 NAT Server Sets Step 3. ...

Prestige 791R G.SHDSL Router 27-10 NAT Figure 27-9 NAT Server Setup Step 4. Enter a port number in an unused Start Port No field. To forward only one port, enter it again in the End Port No field. To specify a range of ports, enter the last port to be forwarded in the End Port No field. Step 5. Ente...

Prestige 791R G.SHDSL Router NAT 27-11 Figure 27-10 Multiple Servers Behind NAT Example 27.4 General NAT Examples This section provides some examples with Network Address Translation. 27.4.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your I...

Prestige 791R G.SHDSL Router 27-12 NAT Figure 27-11 NAT Example 1 Figure 27-12 Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= ChangeMe Encapsulation= RFC-1483 Multiplexing= LLC-based VPI #= 1 VCI #= 1 ATM QoS Type= UBR Peak Cell Rate (PCR)= 5500 Sustained Cell Rate (SCR...

Prestige 791R G.SHDSL Router NAT 27-13 From menu 4, choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in section 27.4. The SUA Only read-only option from the Network Address Translation field in menus 4 and 11.3 is specifically pre-confi...

Prestige 791R G.SHDSL Router 27-14 NAT Figure 27-14 NAT Example 2 - Menu 15.2.1 27.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share the same router. The ...

Prestige 791R G.SHDSL Router 27-16 NAT Step 5. In menu 15.1.1.1, select Type as One-to-One (direct mapping for packets going both ways) , and set the local Start IP as 192.168.1.10 (the IP address of FTP Server 1) and the global Start IP as 10.132.50.1 (our first IGA). See the figure below. Figure 2...

Prestige 791R G.SHDSL Router 27-18 NAT Figure 27-19 Example 3- Menu 15.2 27.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping, as port numbers do...

Prestige 791R G.SHDSL Router NAT 27-19 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream. These applications won’t work through NAT even when using One-to-One and Many-to-Many No Overload mapping types. Follow the steps ou...

Advanced Management IX Part IX: ADVANCED MANAGEMENT This part discusses Filter Configuration, SNMP, System Maintenance and IP Policy Routing, Call Scheduling and Remote Management.

Prestige 791R G.SHDSL Router Filter Configuration 28-1 Chapter 28 Filter Configuration This chapter shows you how to create and apply filters. 28.1 About Filtering Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call. There are two types of filt...

Prestige 791R G.SHDSL Router 28-2 Filter Configuration Figure 28-1 Outgoing Packet Filtering Process Two sets of factory filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls. A summary of their filter rules is shown in the figures that follow. The following f...

Prestige 791R G.SHDSL Router Filter Configuration 28-3 Start Fetch First Filter Set Fetch First Filter Rule Active? Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available? Fetch Next Filter Set Next Filter Set Available? Accept Packet Drop Packet Yes No Yes No Yes Packet intoFilter Fi...

Prestige 791R G.SHDSL Router 28-4 Filter Configuration For incoming packets, your Prestige applies data filters only. Packets are processed depending on whether a match is found. The following sections describe how to configure filter sets. The Filter Structure of the Prestige A filter set consists ...

Prestige 791R G.SHDSL Router Filter Configuration 28-5 Filter rule sets 11 and 12 are used by the web configurator. Your custom configurator may be lost if you use rule 11 or 12. Step 3. Type a descriptive name or comment in the Edit Comments field and press [ ENTER ]. Step 4. Press [ENTER] at the m...

Prestige 791R G.SHDSL Router 28-6 Filter Configuration Figure 28-6 Telnet_WAN Filter Rules Summary Figure 28-7 PPPoE Filter Rules Summary Menu 21.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0....

Prestige 791R G.SHDSL Router Filter Configuration 28-7 Figure 28-8 FTP_WAN Filter Rules Summary Figure 28-9 Web Set1 Filter Rules Summary Menu 21.5 - Filter Rules Summary # A Type Filter Rules M m n - - ---- -------------------------------------------------------------- - - - 1 Y IP PR=6, SA=0.0.0.0...

Prestige 791R G.SHDSL Router 28-8 Filter Configuration Figure 28-10 Web Set2 Filter Rules Summary 28.2.1 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in menus 21.1 and 21.2. Table 28-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION # ...

Prestige 791R G.SHDSL Router Filter Configuration 28-9 FIELD DESCRIPTION n Action Not Matched. “F” means to forward the packet immediately and skip checking the remaining rules. “D” means to drop the packet. “N” means to check the next rule. The protocol dependent filter rules abbreviation are liste...

Prestige 791R G.SHDSL Router 28-10 Filter Configuration 28.3.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers. To configure TCP/IP rules, s...

Prestige 791R G.SHDSL Router Filter Configuration 28-13 Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check S...

Prestige 791R G.SHDSL Router 28-14 Filter Configuration 28.3.2 Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the...

Prestige 791R G.SHDSL Router Filter Configuration 28-15 Table 28-4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Filter # This is the filter set, filter rule coordinates, for instance, 2, 3 refers to the second filter set and the third rule of that set. 5,1 Filter Type Press [SPACE BAR] ...

Prestige 791R G.SHDSL Router 28-16 Filter Configuration 28.4 Filter Types and NAT There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on IP packets. When NAT (...

Prestige 791R G.SHDSL Router Filter Configuration 28-17 Figure 28-15 Sample Telnet Filter Step 1. Enter 21 from the main menu to open Menu 21 — Filter Set Configuration . Step 2. Enter the index number of the filter set you want to configure (in this case 3) . Step 3. Type a descriptive name or comm...

Prestige 791R G.SHDSL Router 28-18 Filter Configuration Menu 21.1 - Filter Rules Summary # A Type Filter Rules M m n - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N Enter Filter Rule Number (1-6) to C...

Prestige 791R G.SHDSL Router Filter Configuration 28-19 Figure 28-17 Sample Filter Rules Summary — Menu 21.3.1 After you have created the filter set, you must apply it. Step 1. Enter 11 in the main menu to display menu 11 and type the remote node number to edit it. Step 2. Go to the Edit Filter Sets...

Prestige 791R G.SHDSL Router 28-20 Filter Configuration Step 3. This brings you to menu 11.5. Enter the example filter set number in this menu as shown in the following figure. Figure 28-18 Sample Filter Rules Summary — Applying a Remote Node Filter Set 28.6 Applying Filters and Factory Defaults Thi...

Prestige 791R G.SHDSL Router Filter Configuration 28-21 filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by typing their numbers separated by commas, for example, 3, 4, 6, 11. The factory default filter set, NetBIOS_LAN, is inserted in the prot...

Prestige 791R G.SHDSL Router SNMP Configuration 29-1 Chapter 29 SNMP Configuration This chapter explains SNMP Configuration. SNMP is only available if TCP/IP is configured. 29.1 SNMP Overview Simple Network Management Protocol is a protocol used for exchanging management information between network ...

Prestige 791R G.SHDSL Router 29-2 SNMP Configuration An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device i...

Prestige 791R G.SHDSL Router SNMP Configuration 29-3 Figure 29-2 SNMP Configuration Table 29-1 SNMP Configuration FIELD DESCRIPTION EXAMPLE SNMP: Get Community Type the Get Community , which is the password for the incoming Get- and GetNext requests from the management station. public Set Community ...

Prestige 791R G.SHDSL Router 29-4 SNMP Configuration TRAP # TRAP NAME DESCRIPTION 2 warmStart ( defined in RFC-1215 ) A trap is sent after booting (software reboot). 3 linkUp ( defined in RFC-1215 ) A trap is sent with the port number. 4 authenticationFailure ( defined in RFC-1215 ) A trap is sent t...

Prestige 791R G.SHDSL Router System Maintenance 30-1 Chapter 30 System Maintenance This chapter covers the diagnostic tools that help you to maintain your Prestige. 30.1 System Maintenance Overview These tools include updates on system status, port status, log and trace capabilities and upgrades for...

Prestige 791R G.SHDSL Router 30-2 System Maintenance Figure 30-2 System Maintenance — Status Table 30-1 System Maintenance — Status FIELD DESCRIPTION Node-Lnk This is the node index number and link type. Link types are: PPP, ENET, 1483. Status Shows the status of the remote node. TxPkts The number o...

Prestige 791R G.SHDSL Router System Maintenance 30-3 Table 30-1 System Maintenance — Status FIELD DESCRIPTION Rx Pkts The number of received packets from the LAN. Collision Number of collisions. WAN Shows statistics for the WAN. Line Status Shows the current status of the xDSL line which can be Up o...

Prestige 791R G.SHDSL Router 30-4 System Maintenance Figure 30-4 System Maintenance — Information Table 30-2 System Maintenance — Information FIELD DESCRIPTION Name Displays the system name of your Prestige. This information can be changed in Menu 1 – General Setup . Routing Refers to the routing pr...

Prestige 791R G.SHDSL Router System Maintenance 30-5 30.3.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed . Your Prestige supports 9600 (default), 19200 and 38400 bps. Press [ SPACE BAR ] and then [ENTER] to...

Prestige 791R G.SHDSL Router 30-6 System Maintenance Step 3. Enter 1 from Menu 24.3 — System Maintenance — Log and Trace to display the error log in the system. After the Prestige finishes displaying the error log, you will have the option to clear it. Samples of typical error and information messag...

Prestige 791R G.SHDSL Router System Maintenance 30-7 Table 30-3 System Maintenance Menu — Syslog Parameters PARAMETER DESCRIPTION UNIX Syslog: Active Use [SPACE BAR] and then [ENTER] to turn syslog on or off. Syslog IP Address Type the IP address of your syslog server. Log Facility Use [SPACE BAR] a...

Prestige 791R G.SHDSL Router 30-8 System Maintenance Jul 19 11:28:56 192.168.102.2 ZYXEL: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 Jul 19 11:29:06 192.168.102.2 ZYXEL: Packet Trigger: Protocol=1, Data=45000028240140001f...

Prestige 791R G.SHDSL Router System Maintenance 30-9 The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 30-4 System Maintenance Menu — Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to the telephone company. Ping Host Ping th...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-1 Chapter 31 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 31.1 Filename Conventions The configuration...

Prestige 792H G.SHDSL Router 31-2 Firmware and Configuration File Maintenance Table 31-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration File Rom-0 This is the configuration filename on the Prestige. Uploading the rom-0 file replaces the entire ROM file system, i...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-3 31.2.1 Backup Configuration Follow the instructions as shown in the next screen. Figure 31-1 System Maintenance - Backup Configuration 31.2.2 Using the FTP Command from the Command Line Step 1. Launch the FTP client on your com...

Prestige 792H G.SHDSL Router 31-4 Firmware and Configuration File Maintenance Figure 31-2 FTP Session Example 31.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 31-2 General Commands for GUI-based FTP Clients COMMAND DESCR...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-5 4. You have an SMT console session running. 31.2.6 Backup Configuration Using TFTP The Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Althou...

Prestige 792H G.SHDSL Router 31-6 Firmware and Configuration File Maintenance Table 31-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the Prestige. 192.168.1.1 is the Prestige’s default IP address when shipped. Send/Fetch Use “Send” to upload the file ...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-7 Step 3. Run the HyperTerminal program by clicking Transfer , then Receive File as shown in the following screen. Figure 31-5 Backup Configuration Example Step 4. After a successful backup you will see the following screen. Pres...

Prestige 792H G.SHDSL Router 31-8 Firmware and Configuration File Maintenance WARNING! DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR PRESTIGE. 31.3.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload i...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-9 31.3.2 Restore Using FTP Session Example Figure 31-8 Restore Using FTP Session Example Refer to section 31.2.5 to read about configurations that disallow TFTP and FTP over WAN. 31.3.3 Restore Via Console Port Restore configurat...

Prestige 792H G.SHDSL Router 31-10 Firmware and Configuration File Maintenance Figure 31-11 Restore Configuration Example Step 4. After a successful restoration you will see the following screen. Press any key to restart the Prestige and return to the SMT menu. Figure 31-12 Successful Restoration Co...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-11 Figure 31-13 System Maintenance - Upload System Firmware 31.4.2 Configuration File Upload You will see the following screen when you telnet into menu 24.7.2. Figure 31-14 Telnet Into Menu 24.7.2 – System Maintenance To upload ...

Prestige 792H G.SHDSL Router 31-12 Firmware and Configuration File Maintenance 31.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a space and the IP address of your Prestige. Step 3. Press [ENTER] when prompted...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-13 To use TFTP, your computer must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure shown next. Step 1. Use telnet from your computer to connect to the Prestige and log ...

Prestige 792H G.SHDSL Router 31-14 Firmware and Configuration File Maintenance 31.4.8 Uploading Firmware File Via Console Port Step 1. Select 1 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.1 – System Maintenance – Upload System Firmware , then follow the instructions as...

Prestige 792H G.SHDSL Router Firmware and Configuration Maintenance 31-15 31.4.10 Uploading Configuration File Via Console Port Step 1. Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 – System Maintenance – Upload System Configuration File . Follow the instructi...

Prestige 792H G.SHDSL Router 31-16 Firmware and Configuration File Maintenance Figure 31-19 Example Xmodem Upload After the configuration upload process has completed, restart the Prestige by entering “atgo”. Type the configuration file’s location, or click Browse to search for it. Choose the Xmodem...

Prestige 791R G.SHDSL Router System Maintenance and Information 32-1 Chapter 32 System Maintenance and Information This chapter leads you through SMT menus 24.8 to 24.10. 32.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the sam...

Prestige 792H G.SHDSL Router 32-2 System Maintenance and Information Figure 32-2 Valid Commands 32.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1. The budget management function allows you to set a limit on the total outgoing ...

Prestige 791R G.SHDSL Router System Maintenance and Information 32-3 Figure 32-4 Budget Management The total budget is the time limit on the accumulated time for outgoing calls to a remote node. When this limit is reached, the call will be dropped and further outgoing calls to that remote node will ...

Prestige 792H G.SHDSL Router 32-4 System Maintenance and Information 32.3 Time and Date Setting The Prestige keeps track of the time and date. There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your Prestige. Menu 24....

Prestige 791R G.SHDSL Router System Maintenance and Information 32-5 Table 32-2 Time and Date Setting Fields FIELD DESCRIPTION Enter the time service protocol that your time server sends when you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP...

Prestige 791R G.SHDSL Router IP Policy Routing 33-1 Chapter 33 IP Policy Routing This chapter covers setting and applying policies used for IP routing. 33.1 IP Policy Routing Overview Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a pac...

Prestige 792H G.SHDSL Router 33-2 IP Policy Routing IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote...

Prestige 791R G.SHDSL Router IP Policy Routing 33-3 Figure 33-2 Sample IP Routing Policy Setup Table 33-1 IP Routing Policy Setup Abbreviations ABBREVIATION MEANING Criterion SA Source IP Address SP Source Port DA Destination IP Address DP Destination Port P IP layer 4 protocol number (TCP=6, UDP=17...

Prestige 792H G.SHDSL Router 33-4 IP Policy Routing Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Figure 33-3 IP Routing Policy Table 33-2 IP Routing Policy FIELD DESCRIPTION Policy Set Name This is the po...

Prestige 791R G.SHDSL Router IP Policy Routing 33-5 Table 33-2 IP Routing Policy FIELD DESCRIPTION Len Comp Press [SPACE BAR] and then [ENTER] to choose from Equal , Not Equal , Less , Greater , Less or Equal or Greater or Equal . Source: addr start / end Source IP address range from start to end. p...

Prestige 792H G.SHDSL Router 33-6 IP Policy Routing Figure 33-4 TCP/IP and DHCP Ethernet Setup Go to menu 11.3 (shown next) and type the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by typing their numbers separated by commas. Figure 33-5 Remote No...

Prestige 791R G.SHDSL Router IP Policy Routing 33-7 33.4 IP Policy Routing Example If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure. Figure 33-6 E...

Prestige 792H G.SHDSL Router 33-8 IP Policy Routing Figure 33-7 IP Routing Policy Example Step 3. Check Menu 25.1 — IP Routing Policy Setup to see if the rule is added correctly. Step 4. Create another policy set in menu 25. Step 5. Create a rule in menu 25.1 for this set to route packets from any h...

Prestige 791R G.SHDSL Router IP Policy Routing 33-9 Figure 33-8 IP Routing Policy Step 6. Check Menu 25.1 — IP Routing Policy Setup to see if the rule is added correctly. Step 7. Apply both policy sets in menu 3.2 as shown next. Figure 33-9 Applying IP Policies Menu 3.2 - TCP/IP and DHCP Ethernet Se...

Prestige 791R G.SHDSL Router Call Scheduling 34-1 Chapter 34 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 34.1 Call Scheduling Overview The call scheduling feature allows the Prestige to...

Prestige 792H G.SHDSL Router 34-2 Call Scheduling To delete a schedule set, enter the set number and press [SPACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Sche...

Prestige 791R G.SHDSL Router Call Scheduling 34-3 Table 34-1 Schedule Set Setup FIELD DESCRIPTION EXAMPLE How Often Should this schedule set recur weekly or be used just once only? Press the [SPACE BAR] and then [ENTER] to select Once or Weekly . Both these options are mutually exclusive. If Once is...

Prestige 791R G.SHDSL Router Remote Management 35-1 Chapter 35 Remote Management This chapter covers remote management (SMT menu 24.11). 35.1 Remote Management Overview Remote management setup is for managing Telnet, FTP and Web services. You can customize the service port, access interface and the ...

Prestige 791R G.SHDSL Router 35-2 Remote Management 35.1.3 Remote Management and Web Services You can use the Prestige’s embedded web configurator for configuration and file management. See the online help for details. 35.1.4 Disabling Remote Management To disable remote management of a service, sel...

Prestige 791R G.SHDSL Router Remote Management 35-3 Table 35-1 Remote Management Control FIELD DESCRIPTION EXAMPLE Secured Client IP The default 0.0.0.0 allows any client to use this service to remotely manage the Prestige. Enter an IP address to restrict access to a client with a matching IP addres...

SMT VPN/IPSec and Internal SPTGEN X Part X: SMT VPN/IPSec and Internal SPTGEN This part provides information about configuring VPN/IPSec for secure communications and Internal SPTGEN for configuration of multiple Prestiges. See the web configurator parts of this guide for background information on f...

Prestige 792H G.SHDSL Router VPN/IPSec Setup 36-1 Chapter 36 VPN/IPSec Setup This chapter introduces the VPN SMT menus. 36.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: 1. Define VPN policies in menu 27.1 submenus, including security policies, endpoint IP addresses, peer ...

Prestige 792H G.SHDSL Router 36-2 VPN/IPSec Setup Figure 36-2 Menu 27 VPN/IPSec Setup 36.2 IPSec Summary Screen Type 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary . This is a summary read-only menu of your IPSec rules (tunnels). Edit or create an IPSec rule by selecting an i...

Prestige 792H G.SHDSL Router VPN/IPSec Setup 36-5 Table 36-1 Menu 27.1 IPSec Summary FIELD DESCRIPTION EXAMPLE Select Command Press [SPACE BAR] to choose from None , Edit , Delete , Go To Rule , Next Page or Previous Page and then press [ENTER]. You must select a rule in the next field when you choo...

Prestige 792H G.SHDSL Router VPN/IPSec Setup 36-11 36.4 IKE Setup To edit this menu, the Key Management field in Menu 27.1.1 – IPSec Setup must be set to IKE . Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup ; press [SPACE BAR] to select Yes and then press [ENTER]...

Prestige 792H G.SHDSL Router SA Monitor 37-1 Chapter 37 SA Monitor This chapter teaches you how to manage your SAs by using the SA Monitor in SMT menu 27.2. 37.1 SA Monitor Overview A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This menu (shown next)...

Prestige 792H G.SHDSL Router SA Monitor 37-3 37.3 Viewing IPSec Log To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. The following figure shows a typical log from the initiator of a VPN connection. Figure 37-2 Example VPN Initiator...

Prestige 792H G.SHDSL Router Internal SPTGEN 38-1 Chapter 38 Internal SPTGEN 38.1 Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SPTGEN lets you configure, save and upload mul...

Prestige 792H G.SHDSL Router 38-2 Internal SPTGEN Figure 38-1 Configuration Text File Format: Column Descriptions DO NOT alter or delete any field except parameters in the Input column. For more text file examples, refer to the Example Internal SPTGEN Screens Appendix . 38.2.1 Internal SPTGEN File M...

Prestige 792H G.SHDSL Router Internal SPTGEN 38-3 Figure 38-2 Invalid Parameter Entered: Command Line Example The Prestige will display the following if you enter parameter(s) that are valid. Figure 38-3 Valid Parameter Entered: Command Line Example 38.3 Internal SPTGEN FTP Download Example Figure 3...

Prestige 792H G.SHDSL Router 38-4 Internal SPTGEN You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your Prestige. 38.4 Internal SPTGEN FTP Upload Example Figure 38-5 Internal SPTGEN FTP Upload Example c:\ftp 192.168.1.1 220 PPP FTP...

Appendices and Index XI Part XI: Appendices and Index This part contains the Appendices and Index.

Appendices and Index Troubleshooting 39-1 Chapter 39 Troubleshooting This chapter covers potential problems and the corresponding remedies. 39.1 Problems Starting Up the Prestige Table 39-1 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn o...

Header 39-2 Troubleshooting 39.3 Problems with the WAN Interface Table 39-3 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION The WAN IP is provided when the ISP recognizes the user as an authorized user after verifying the MAC address, Host Name or User ID. Find out the verification metho...

Appendices and Index Troubleshooting 39-3 39.5 Problems with the Password Table 39-5 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the Prestige. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper c...

Appendices and Index PPPoE A Appendix A PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure). On...

Header B PPPoE The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentra...

Appendices and Index Virtual Circuit Topology C Appendix B Virtual Circuit Topology ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel Logical connections between ...

Header D Power Adapter Specifications Appendix C Power Adapter Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV-121AACS Input Power AC120Volts/60Hz/23W max Output Power AC12Volts/1.0A Power Consumption 8 W Safety Standards UL, CUL (UL 1310, CSA C22.2 No.223) NORTH AMERICAN PLUG...

Appendices and Index Product Specifications E EUROPEAN PLUG STANDARDS AC Power Adapter Model DV-121AACCP-5716 Input Power AC230Volts/50Hz/100mA Output Power AC12Volts/1.0A Power Consumption 8W Safety Standards TUV-GS, CE (EN 60950) EUROPEAN PLUG STANDARDS AC Power Adapter Model AA-121ABN Input Power...

Header H TCP/IP Index 10/100 MB Auto-negotiation ........................... 1-3 Action for Matched Packets......................... 10-13 Active.................................................... 21-5, 21-7 Address Assignment ........................................ 4-2 Allocated Budget .............