ZyXEL Prestige 1600 Universal Access Concentrator Configuration and Management Guide

ZyXEL Prestige 1600 Universal Access Concentrator Configuration and Management Guide

Below you will find brief information for Universal Access Concentrator Prestige 1600. The Prestige 1600 is a high-performance Universal Access Concentrator designed to provide high-speed Internet access for multiple users. This device is ideal for use in high-rise buildings, campus networks, and ISPs.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

ZyXEL Universal Access Concentrator Prestige 1600 Configuration and Management Guide | Manualzz
Prestige 1600
Universal Access Concentrator
ZyNOS Version 3.20
Dec. 2000
Configuration and Management Guide
Prestige 1600 Universal Access Concentrator
Prestige 1600
Universal Access Concentrator
Copyright
Copyright © 2000 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval
system, translated into any language, or transmitted in any form or by any means, electronic, mechanical,
magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL
Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described
herein. Neither does it convey any license under its patent rights nor the patents rights of others. ZyXEL further
reserves the right to make changes in any products described herein without notice. This publication is subject to
change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their
respective owners.
ii
Copyright
Prestige 1600 Universal Access Concentrator
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to two (2) years from the date of purchase. During the warranty period, and upon
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL
will, at its discretion, repair or replace the defective products or components without charge for either parts or labor,
and to whatever extent it shall deem necessary to restore the product or components to proper operating condition.
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be
solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with,
damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is
in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a
particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind
of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty Card for
your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended
that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated
warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor.
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid
(USA and territories only). If the customer desires some other return destination beyond the U.S. borders, the
customer shall bear the cost of the return shipment. This warranty gives you specific legal rights, and you may also
have other rights which vary from state to state.
ZyXEL Limited Warranty
iii
Prestige 1600 Universal Access Concentrator
Customer Support
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL Communications
Corporation offices worldwide, in one of the following ways:
When Contacting Customer Support Representative
When you contact your customer support representative, have the following information ready:
♦ Prestige model and serial number
♦ Information in Menu 24.2.1 -System Information
♦ Warranty information
♦ Date you received your Prestige
♦ Brief description of the problem and the steps you took to solve it.
Method
E-MAIL - Support/ Sales
Telephone/Fax
Web Site/ FTP Site
Regular Mail
[email protected]
+886-3-578-3942
www.zyxel.com
ZyXEL Communications
Corp., 6 Innovation Road II,
Science-Based Industrial
Park, HsinChu, Taiwan 300,
R.O.C.
Location
Worldwide
[email protected]
North
America
Scandinavia
Austria
Germany
iv
www.europe.zyxel.
com
[email protected]
+886-3-578-2439
ftp.europe.zyxel.co
m
[email protected]
+1-714-632-0882
www.zyxel.com
800-255-4101
[email protected]
+1-714-632-0858
ftp.zyxel.com
[email protected]
+45-3955-0700
www.zyxel.dk
[email protected]
+45-3955-0707
ftp.zyxel.dk
[email protected]
+43-1-4948677-0
www.zyxel.at
[email protected]
+43-1-4948678
ftp.zyxel.at
[email protected]
+49-2405-6909-0
www.zyxel.de
[email protected]
+49-2405-6909-99
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860
Soeborg, Denmark.
ZyXEL Communications
Services GmbH.
Thaliastrasse 125a/2/2/4 A1160 Vienna, Austria
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A4 D-52146
Wuerselen, Germany
Customer Support
Prestige 1600 Universal Access Concentrator
Table of Contents
Prestige 1600 ............................................................................................................................................................ii
Customer Support ....................................................................................................................................................iv
Table of Contents ......................................................................................................................................................v
List of Figures ...........................................................................................................................................................xi
List of Tables............................................................................................................................................................xv
Preface .................................................................................................................................................................. xvii
What is DSL?.......................................................................................................................................................... xix
Chapter 1
Getting to Know Your Concentrator...................................................................................................................1-1
1.1 Overview of the Prestige 1600 ...................................................................................................................... 1-1
1.2 Key Benefits .................................................................................................................................................. 1-2
1.3 Detailed Features of the Prestige 1600......................................................................................................... 1-3
1.4 Prestige 1600 and Prestige DSL Clients ....................................................................................................... 1-5
Chapter 2
Prestige 1600 Applications .................................................................................................................................2-1
2.1 Multi Purpose Concentrator........................................................................................................................... 2-1
2.2 Prestige 1600 Deployment Scenarios ........................................................................................................... 2-1
2.2.1 Deployed at a High-rise for High-Speed Internet Access ..................................................................... 2-1
2.2.2 Campus Connectivity ............................................................................................................................ 2-2
2.2.3 Deployed at ISPs and Other Service Providers ..................................................................................... 2-2
2.2.4 Configuration Example One.................................................................................................................. 2-3
2.2.5 Configuration Example Two................................................................................................................. 2-3
2.2.6 Configuration Example Three............................................................................................................... 2-4
2.2.7 Configuration Example Four................................................................................................................. 2-4
Chapter 3
Initial Setup...........................................................................................................................................................3-1
3.1 Initial Screen.................................................................................................................................................. 3-1
3.1.1 Password ............................................................................................................................................... 3-1
3.2 Navigating the SMT Interface........................................................................................................................ 3-2
3.3 SMT Menus At A Glance............................................................................................................................... 3-2
3.3.1 P1600 Main Menu - Primary................................................................................................................. 3-4
3.3.2 Secondary and Standalone Main Menu................................................................................................. 3-5
3.4 Changing the System Password ................................................................................................................... 3-5
3.5 Resetting the Prestige ................................................................................................................................... 3-6
3.6 General Setup ............................................................................................................................................... 3-6
3.6.1 DNS Server Address ............................................................................................................................. 3-6
Chapter 4
WAN Port Setup ...................................................................................................................................................4-1
4.1 Configuring The WAN Port For PPP over HDLC .......................................................................................... 4-1
4.2 Configuring The WAN Port For Frame Relay................................................................................................ 4-2
Table of Contents
v
Prestige 1600 Universal Access Concentrator
4.2.1 Standards ............................................................................................................................................... 4-2
4.2.2 How To Configure The WAN Port For Frame Relay ........................................................................... 4-3
4.3 How To Configure Frame Relay for Internet Access ..................................................................................... 4-3
4.3.1 Encapsulation ........................................................................................................................................ 4-3
4.3.2 DLCI...................................................................................................................................................... 4-4
4.3.3 CIR (Committed Information Rate) ...................................................................................................... 4-4
4.3.4 EIR (Excess Information Rate) ............................................................................................................. 4-4
4.3.5 How To Configure Frame Relay for Internet Access............................................................................ 4-4
4.4 How To Configure Frame Relay For A Remote Node ................................................................................... 4-5
Chapter 5
Internet Access .................................................................................................................................................... 5-1
5.1 Introduction .................................................................................................................................................... 5-1
5.1.1 IP Address assignment .......................................................................................................................... 5-1
5.1.2 Standalone IP Pool ................................................................................................................................ 5-3
5.2 TCP/IP Parameters ....................................................................................................................................... 5-3
5.2.1 IP Address and Subnet Mask................................................................................................................. 5-3
5.2.2 RIP Setup............................................................................................................................................... 5-3
5.2.3 IP Multicast ........................................................................................................................................... 5-3
5.3 IP Policies ...................................................................................................................................................... 5-4
5.4 TCP/IP Ethernet Setup .................................................................................................................................. 5-4
5.5 Collecting Internet Account Information......................................................................................................... 5-5
5.6 Internet Access using the Prestige 1600 Primary ......................................................................................... 5-5
Chapter 6
DSL Port Setup .................................................................................................................................................... 6-1
Port Usage............................................................................................................................................................. 6-3
6.1.1 Example IDSL Port Setup ..................................................................................................................... 6-4
6.1.2 User Authentication............................................................................................................................... 6-5
6.1.3 PAP/CHAP............................................................................................................................................ 6-5
Chapter 7
Remote Node Configuration ............................................................................................................................... 7-1
7.1 Remote Node Setup ...................................................................................................................................... 7-1
7.2 Outgoing Authentication Protocol .................................................................................................................. 7-3
7.3 Editing PPP Options ...................................................................................................................................... 7-3
7.4 Edit IP Parameters ........................................................................................................................................ 7-4
Chapter 8
Static Route.......................................................................................................................................................... 8-1
8.1.1 Basics..................................................................................................................................................... 8-1
8.1.2 Static Route Setup ................................................................................................................................. 8-1
Chapter 9
Network Address Translation (NAT) .................................................................................................................. 9-1
9.1 Introduction .................................................................................................................................................... 9-1
9.1.1 NAT Definitions.................................................................................................................................... 9-1
9.1.2 What NAT Does .................................................................................................................................... 9-1
vi
Table of Contents
Prestige 1600 Universal Access Concentrator
9.1.3 How NAT works ................................................................................................................................... 9-2
9.1.4 NAT Mapping Types ............................................................................................................................ 9-2
9.1.5 SUA (Single User Account) Versus NAT............................................................................................. 9-3
9.2 SMT Menus ................................................................................................................................................... 9-3
9.2.1 Applying NAT in the SMT Menus ....................................................................................................... 9-3
9.2.2 Configuring NAT .................................................................................................................................. 9-5
9.2.3 Address Mapping Sets and NAT Server Sets:....................................................................................... 9-5
9.2.4 Ordering Your Rules ............................................................................................................................. 9-7
9.3 NAT Server Sets............................................................................................................................................ 9-9
9.3.1 Multiple Servers behind NAT ............................................................................................................... 9-9
9.3.2 Configuring Inside Servers.................................................................................................................... 9-9
9.4 Examples..................................................................................................................................................... 9-10
9.4.1 Internet Access Only ........................................................................................................................... 9-10
9.4.2 Example 2 - Internet Access with a Default Inside Server.................................................................. 9-11
9.4.3 Example 3 - General Case................................................................................................................... 9-12
9.4.4 NAT Unfriendly Application Programs .............................................................................................. 9-14
9.4.5 Example 4 - Remote Management ...................................................................................................... 9-14
9.4.6 Applying NAT to the Ethernet Port .................................................................................................... 9-14
Chapter 10 Filter Configuration............................................................................................................................................10-1
10.1
About Filtering ......................................................................................................................................... 10-1
10.2
The Filter Structure of the Prestige ......................................................................................................... 10-1
10.3
Configuring a Filter Set............................................................................................................................ 10-3
10.3.1
Filter Rules Summary Menu ........................................................................................................... 10-4
10.4
Configuring a Filter Rule.......................................................................................................................... 10-5
10.5
Filter Types and NAT ............................................................................................................................... 10-5
10.5.1
TCP/IP Filter Rule........................................................................................................................... 10-6
10.5.2
Device Filter Rule ........................................................................................................................... 10-9
10.6
Applying a Filter..................................................................................................................................... 10-11
10.6.1
Ethernet traffic .............................................................................................................................. 10-11
10.6.2
Remote Node Filters ..................................................................................................................... 10-12
10.7
Filter Example........................................................................................................................................ 10-12
10.7.1
Configuring a FTP_WAN Filter Rule........................................................................................... 10-12
Chapter 11 SNMP Configuration ..........................................................................................................................................11-1
11.1
About SNMP............................................................................................................................................ 11-1
11.2
Supported MIBs....................................................................................................................................... 11-2
11.3
SNMP Configuration................................................................................................................................ 11-2
11.4
SNMP Traps ............................................................................................................................................ 11-3
Table of Contents
vii
Prestige 1600 Universal Access Concentrator
Chapter 12 System Security................................................................................................................................................. 12-1
12.1
Changing the System Password ............................................................................................................. 12-1
12.2
RADIUS Support...................................................................................................................................... 12-2
12.2.1
About RADIUS ............................................................................................................................... 12-2
12.2.2
Using RADIUS Authentication....................................................................................................... 12-2
12.3
RADIUS Authentication ........................................................................................................................... 12-2
12.3.1
Installing a RADIUS Server ............................................................................................................ 12-2
12.3.2
The Key Field.................................................................................................................................. 12-3
12.3.3
Adding Users to the RADIUS Database ......................................................................................... 12-3
12.3.4
RADIUS Server Configuration ...................................................................................................... 12-3
12.4
RADIUS Accounting ................................................................................................................................ 12-4
Chapter 13 Remote Management......................................................................................................................................... 13-1
13.1
About Telnet............................................................................................................................................. 13-1
13.2
Telnet Behind NAT ................................................................................................................................... 13-1
13.3
Telnet Capabilities.................................................................................................................................... 13-2
13.3.1
Single Administrator ....................................................................................................................... 13-2
13.3.2
System Timeout............................................................................................................................... 13-2
13.4
Remote Management Through NAT........................................................................................................ 13-2
Procedure to Set Up NAT for Remote Management....................................................................................... 13-3
Chapter 14 System Information and Maintenance ............................................................................................................. 14-1
14.1
System Status.......................................................................................................................................... 14-1
14.1.1
WAN/LAN Status ........................................................................................................................... 14-2
14.1.2
DSL Port Status ............................................................................................................................... 14-3
14.1.3
Route Status..................................................................................................................................... 14-4
14.2
System Information.................................................................................................................................. 14-5
14.2.1
14.3
Console Port Speed ......................................................................................................................... 14-6
Log and Trace.......................................................................................................................................... 14-6
14.3.1
Viewing Error Log .......................................................................................................................... 14-6
14.3.2
Syslog And Accounting................................................................................................................... 14-7
14.4
Diagnostic ................................................................................................................................................ 14-8
14.5
Boot Module Commands ......................................................................................................................... 14-9
14.6
Command Interpreter Mode .................................................................................................................... 14-9
14.7
Time and Date Setting ........................................................................................................................... 14-10
Chapter 15 Configuration & Firmware Maintenance .......................................................................................................... 15-1
15.1
Filenames ................................................................................................................................................ 15-1
15.2
Backup Configuration .............................................................................................................................. 15-3
viii
15.2.1
Backup using FTP ........................................................................................................................... 15-3
15.2.2
Backup using TFTP......................................................................................................................... 15-3
Table of Contents
Prestige 1600 Universal Access Concentrator
15.2.3
15.3
Backup using the Console Port ....................................................................................................... 15-3
Restore Configuration ............................................................................................................................. 15-4
15.3.1
Restore using FTP ........................................................................................................................... 15-4
15.3.2
Restore using TFTP......................................................................................................................... 15-5
15.3.3
Restore using the Console Port ....................................................................................................... 15-5
15.4
Upload Firmware ..................................................................................................................................... 15-6
15.4.1
Dual Firmware Block Structure ...................................................................................................... 15-6
15.4.2
Upload Prestige Firmware using FTP ............................................................................................. 15-6
15.4.3
Example - Using the FTP command from the DOS Prompt ........................................................... 15-7
15.4.4
Upload Prestige Firmware using TFTP........................................................................................... 15-8
15.4.5
Third Party TFTP Clients - General Commands............................................................................. 15-8
15.4.6
Upload Prestige Firmware via the Console Port ............................................................................. 15-8
15.5
Upload Prestige Configuration File.......................................................................................................... 15-9
15.5.1
Upload Prestige Configuration File using FTP ............................................................................... 15-9
15.5.2
Upload Prestige Configuration File using TFTP........................................................................... 15-10
15.5.3
Upload Prestige Configuration File using the Console Port ......................................................... 15-10
Chapter 16 IP Policy Routing ...............................................................................................................................................16-1
16.1
Introduction.............................................................................................................................................. 16-1
16.1.1
Benefits ........................................................................................................................................... 16-1
16.1.2
Routing Policy................................................................................................................................. 16-1
16.2
IP Routing Policy Setup........................................................................................................................... 16-1
16.3
Applying an IP Policy............................................................................................................................... 16-4
16.3.1
Ethernet IP Policies ......................................................................................................................... 16-4
16.3.2
DSL IP Routing Policies ................................................................................................................. 16-5
16.4
IP Policy Routing Example ...................................................................................................................... 16-5
Chapter 17 Troubleshooting.................................................................................................................................................17-1
17.1
Problems Starting Up the Prestige 1600 ................................................................................................. 17-1
17.2
Problems With the xDSL Port.................................................................................................................. 17-1
17.3
Problems with the WAN Port ................................................................................................................... 17-1
17.4
Problems with the LAN Interface............................................................................................................. 17-2
17.5
Problems Connecting to a Remote Node or ISP..................................................................................... 17-2
17.6
General Instructions ................................................................................................................................ 17-2
CI Commands .......................................................................................................................................................... A
Glossary .................................................................................................................................................................... I
Index.........................................................................................................................................................................O
Table of Contents
ix
Prestige 1600 Universal Access Concentrator
List of Figures
Figure 1-1 Remote Configuration ...............................................................................................................................................1-4
Figure 2-1 Deployed at a High-rise .............................................................................................................................................2-1
Figure 2-2 Campus Deployment .................................................................................................................................................2-2
Figure 2-3 Deployed at an ISP ....................................................................................................................................................2-3
Figure 2-4 A Very High Capacity Concentrator ..........................................................................................................................2-3
Figure 2-5 High Capacity Concentrator ......................................................................................................................................2-4
Figure 2-6 Medium Capacity Concentrator.................................................................................................................................2-4
Figure 2-7 Low Capacity Concentrator .......................................................................................................................................2-4
Figure 3-1 Power-On Display .....................................................................................................................................................3-1
Figure 3-2 Login Screen..............................................................................................................................................................3-1
Figure 3-3 Primary Main Menu...................................................................................................................................................3-4
Figure 3-4 Secondary and Standalone Main Menu .....................................................................................................................3-5
Figure 3-5 Menu 23 - System Security........................................................................................................................................3-5
Figure 3-6 Menu 23.1 - System Security - Change Password .....................................................................................................3-6
Figure 3-7 Menu 1 - General Setup (Primary).............................................................................................................................3-7
Figure 3-8 Menu 1 - General Setup (Secondary/Standalone)......................................................................................................3-7
Figure 4-1 Menu 2 - WAN Port Setup.........................................................................................................................................4-1
Figure 4-2 Configuring The WAN Port for PPP over HDLC......................................................................................................4-2
Figure 4-3 Configuring The WAN Port For Frame Relay ...........................................................................................................4-2
Figure 4-4 Menu 2.1.2 - Frame Relay Setup ...............................................................................................................................4-3
Figure 4-5 Menu 4 - Internet Access Setup .................................................................................................................................4-4
Figure 4-6 Menu 4.2 - Internet Setup Frame Relay Options .......................................................................................................4-5
Figure 4-7 Menu 11.1 - Remote Node Profile .............................................................................................................................4-6
Figure 4-8 Menu 11.4 - Remote Node Frame Relay Options......................................................................................................4-6
Figure 5-1 Menu 3.2 - TCP/IP Ethernet Setup ............................................................................................................................5-4
Figure 5-2 Menu 4 - Internet Access Setup .................................................................................................................................5-6
Figure 6-1 Menu 14 - IDSL Port setup........................................................................................................................................6-1
Figure 6-2 DSL Port Setup ..........................................................................................................................................................6-2
Figure 6-3 Menu 6.1 - Port Usage ...............................................................................................................................................6-3
Figure 6-4 Example IDSL Port Setup Configuration ..................................................................................................................6-5
Figure 6-5 Example IDSL Port Setup Scenario...........................................................................................................................6-5
Figure 7-1 Menu 11 – Remote Node Setup .................................................................................................................................7-1
Figure 7-2 Menu 11.1 - Remote Node Profile .............................................................................................................................7-1
Figure 7-3 Menu 11.2 - Remote Node PPP Options....................................................................................................................7-3
Figure 7-4 Menu 11.3- Remote Node TCP/IP Options ...............................................................................................................7-4
Figure 8-1 An Example of Static Routing Topology...................................................................................................................8-1
Figure 8-2 Menu 12 - IP Static Route Setup ...............................................................................................................................8-2
List of Figures
xi
Prestige 1600 Universal Access Concentrator
Figure 8-3 Menu 12.1 - Edit IP Static Route............................................................................................................................... 8-3
Figure 9-1 How NAT Works ....................................................................................................................................................... 9-2
Figure 9-2 Applying NAT for Internet Access............................................................................................................................ 9-4
Figure 9-3 Applying NAT to the Remote Node .......................................................................................................................... 9-4
Figure 9-4 Menu 15 NAT Setup.................................................................................................................................................. 9-5
Figure 9-5 Menu 15.1 Address Mapping Sets............................................................................................................................. 9-5
Figure 9-6 SUA Address Mapping Rules ................................................................................................................................... 9-6
Figure 9-7 First Set in Menu 15.1.1 ............................................................................................................................................ 9-7
Figure 9-8 Editing an Individual Rule in a Set............................................................................................................................ 9-8
Figure 9-9 Multiple Servers Behind NAT ................................................................................................................................... 9-9
Figure 9-10 Menu 15.2 - NAT Server Setup ............................................................................................................................. 9-10
Figure 9-11 NAT Example 1 ..................................................................................................................................................... 9-11
Figure 9-12 NAT Example for Internet Access......................................................................................................................... 9-11
Figure 9-13 NAT Example 2 ..................................................................................................................................................... 9-11
Figure 9-14 Specifying an Inside Sever .................................................................................................................................... 9-12
Figure 9-15 NAT - Example 3................................................................................................................................................... 9-12
Figure 9-16 Example 3 - Menu 15.1.1.1 ................................................................................................................................... 9-13
Figure 9-17 Example 3 Final Menu 15.1.1 ............................................................................................................................... 9-13
Figure 9-18 Example 3 - Menu 15.2 ......................................................................................................................................... 9-14
Figure 9-19 Ethernet SUA ........................................................................................................................................................ 9-15
Figure 9-20 Applying NAT on the LAN Port ........................................................................................................................... 9-15
Figure 10-1 Outgoing Packet Filtering Process ........................................................................................................................ 10-1
Figure 10-2 Filter Rule Process................................................................................................................................................. 10-2
Figure 10-3 Menu 21 - Filter Set Configuration ....................................................................................................................... 10-3
Figure 10-4 Menu 21.1 - Filter Rules Summary ....................................................................................................................... 10-4
Figure 10-5 Protocol and Device Filter Sets ............................................................................................................................. 10-6
Figure 10-6 Menu 21.1.1 - TCP/IP Filter Rule ......................................................................................................................... 10-7
Figure 10-7 Executing an IP Filter............................................................................................................................................ 10-9
Figure 10-8 Menu 21.1.2 - Device Filter Rule ........................................................................................................................ 10-10
Figure 10-9 Filtering Ethernet Traffic..................................................................................................................................... 10-11
Figure 10-10 Filtering Remote Node traffic............................................................................................................................ 10-12
Figure 10-11 FTP_WAN Filter Configuration ........................................................................................................................ 10-13
Figure 10-12 Filter Rule Configuration .................................................................................................................................. 10-13
Figure 10-13 Filter Rule Configuration .................................................................................................................................. 10-14
Figure 10-14 FTP_WAN Filter Rules Summary..................................................................................................................... 10-14
Figure 10-15 Remote Node Profile ......................................................................................................................................... 10-15
Figure 11-1 SNMP Management Model ................................................................................................................................... 11-1
Figure 11-2 Menu 22 - SNMP Configuration ........................................................................................................................... 11-3
Figure 12-1 Menu 23 - System Security ................................................................................................................................... 12-1
xii
List of Figures
Prestige 1600 Universal Access Concentrator
Figure 12-2 Menu 23.1 - System Security - Change Password .................................................................................................12-1
Figure 12-3 RADIUS Authentication Example.........................................................................................................................12-3
Figure 12-4 Menu 23.2 - System Security - External Server.....................................................................................................12-4
Figure 12-5 Menu 24.3.2 - System Maintenance - Accounting Server .....................................................................................12-5
Figure 12-6 Examples of RADIUS Accounting Message .........................................................................................................12-5
Figure 13-1 Remote Management Using Telnet........................................................................................................................13-1
Figure 13-2 Remote Management Via NAT..............................................................................................................................13-2
Figure 13-3 Pick An Address Mapping Set...............................................................................................................................13-3
Figure 13-4 Address Mapping Rule ..........................................................................................................................................13-3
Figure 13-5 Address Mapping Rule Summary..........................................................................................................................13-4
Figure 13-6 Apply the New NAT Set ........................................................................................................................................13-4
Figure 14-1 Menu 24 - System Maintenance ............................................................................................................................14-1
Figure 14-2 Menu 24.1 - System Maintenance - Status ............................................................................................................14-2
Figure 14-3 Menu 24.1.1 - WAN/LAN Status...........................................................................................................................14-2
Figure 14-4 Menu 24.1.1 With Frame Relay Configured..........................................................................................................14-3
Figure 14-5 Menu 24.1.2 - NM-1 Status ...................................................................................................................................14-4
Figure 14-6 Menu 24.1.5 - Router Status ..................................................................................................................................14-4
Figure 14-7 Menu 24. 2.1 - System Maintenance Information .................................................................................................14-5
Figure 14-8 Menu 24.2.2 - System Maintenance - Change Console Port Speed .....................................................................14-6
Figure 14-9 Examples of Error and Information Messages.......................................................................................................14-7
Figure 14-10 Syslog and Accounting ........................................................................................................................................14-7
Figure 14-11 Menu 24.4 - System Maintenance - Diagnostic ...................................................................................................14-8
Figure 14-12 Boot Module Commands .....................................................................................................................................14-9
Figure 14-13 Command Mode ................................................................................................................................................14-10
Figure 14-14 System Maintenance - Time and Date Setting ...................................................................................................14-10
Figure 15-1 Internal and External Filenames ............................................................................................................................15-2
Figure 15-2 Menu 24.5 as seen using Telnet .............................................................................................................................15-3
Figure 15-3 Menu 24.5 - Menu 24.5 as seen using the Console Port ........................................................................................15-4
Figure 15-4 Backup Example Using HyperTerminal ................................................................................................................15-4
Figure 15-5 Successful Backup Confirmation Screen...............................................................................................................15-4
Figure 15-6 Menu 24.6 as seen using Telnet .............................................................................................................................15-5
Figure 15-7 Menu 24.6 as seen using the Console Port ............................................................................................................15-5
Figure 15-8 Successful Restoration Confirmation Screen.........................................................................................................15-6
Figure 15-9 Menu 24.7 - System Maintenance - Upload Firmware ..........................................................................................15-6
Figure 15-10 Menu 24.7.1 as seen using Telnet ........................................................................................................................15-7
Figure 15-11 FTP Session Example ..........................................................................................................................................15-7
Figure 15-12 Menu 24.7.1 as seen using the Console Port. ......................................................................................................15-9
Figure 15-13 Menu 24.7.2 as seen using Telnet ......................................................................................................................15-10
Figure 15-14 Menu 24.7.2 as seen using the Console Port .....................................................................................................15-10
List of Figures
xiii
Prestige 1600 Universal Access Concentrator
Figure 16-1 Menu 25 - IP Routing Policy Setup....................................................................................................................... 16-2
Figure 16-2 Menu 25 - IP Routing Policy Summary ................................................................................................................ 16-2
Figure 16-3 Menu 25.1.1 - IP Routing Policy........................................................................................................................... 16-3
Figure 16-4 Ethernet IP Policies ............................................................................................................................................... 16-5
Figure 16-5 IDSL IP Routing Policies ...................................................................................................................................... 16-5
Figure 16-6 Example of IP Policy Routing ............................................................................................................................... 16-6
Figure 16-7 IP Routing Policy Example ................................................................................................................................... 16-7
Figure 16-8 IP Policy Routing .................................................................................................................................................. 16-7
Figure 16-9 Applying IP Policies.............................................................................................................................................. 16-8
xiv
List of Figures
Prestige 1600 Universal Access Concentrator
List of Tables
Table 1-1 P1600 DSL Clients......................................................................................................................................................1-5
Table 3-1 Navigating the SMT ....................................................................................................................................................3-2
Table 3-2 Main Menu Summary..................................................................................................................................................3-4
Table 3-3 General Setup Fields ...................................................................................................................................................3-7
Table 4-1 WAN Setup Menu Fields.............................................................................................................................................4-1
Table 4-2 Menu 2.1.2 - Frame Relay Setup.................................................................................................................................4-3
Table 4-3 Data Link Connection Identifiers ................................................................................................................................4-4
Table 4-4 Menu 4.2 - Internet Setup Frame Relay Options.........................................................................................................4-5
Table 5-1 Default DSL IP Address Assignment..........................................................................................................................5-1
Table 5-2 TCP/IP Ethernet Setup Menu Fields ...........................................................................................................................5-4
Table 5-3 Internet Account Information ......................................................................................................................................5-5
Table 5-4 Internet Access Setup Menu Fields .............................................................................................................................5-6
Table 6-1 DSL Port Setup Fields.................................................................................................................................................6-2
Table 6-2 Port Usage Menu Fields ..............................................................................................................................................6-3
Table 6-3 DSL User Authentication ............................................................................................................................................6-5
Table 7-1 Remote Node Profile Menu Fields for Leased Lines ..................................................................................................7-2
Table 7-2 Remote Node PPP Options Menu Fields.....................................................................................................................7-4
Table 7-3 TCP/IP related fields in Menu 11.1 - Remote Node Profile ........................................................................................7-5
Table 7-4 Remote Node TCP/IP Configuration...........................................................................................................................7-5
Table 8-1 Edit IP Static Route Menu Fields ................................................................................................................................8-3
Table 9-1 NAT Mapping Types ...................................................................................................................................................9-3
Table 9-2 Applying NAT in Menus 4 & 11.3 ..............................................................................................................................9-4
Table 9-3 SUA Address Mapping Rules .....................................................................................................................................9-6
Table 9-4 Menu 15.1.1 ................................................................................................................................................................9-7
Table 9-5 Menu 15.1.1.1 - configuring an individual rule...........................................................................................................9-8
Table 9-6 Common Services & Port numbers ...........................................................................................................................9-10
Table 10-1 Abbreviations Used in the Filter Rules Summary Menu.........................................................................................10-4
Table 10-2 Abbreviations Used If Filter Type Is IP...................................................................................................................10-5
Table 10-3 Abbreviations Used If Filter Type Is Dev ...............................................................................................................10-5
Table 10-4 TCP/IP Filter Rule Menu Fields..............................................................................................................................10-7
Table 10-5 Device Filter Rule Menu Fields ............................................................................................................................10-10
Table 11-1 SNMP Configuration Menu Fields..........................................................................................................................11-3
Table 12-1 System Security - Authentication Server Menu Fields............................................................................................12-4
Table 12-2 Menu 24.3.3 System Maintenance - Accounting Server Fields ..............................................................................12-5
Table 12-3 Accounting Attributes .............................................................................................................................................12-6
Table 14-1 System Maintenance - Status Menu Fields..............................................................................................................14-2
Table 14-2 Menu 24.1.1 With Frame Relay Configured ...........................................................................................................14-3
List of Tables
xv
Prestige 1600 Universal Access Concentrator
Table 14-3 NM Status Fields..................................................................................................................................................... 14-4
Table 14-4 Fields in System Maintenance ................................................................................................................................ 14-5
Table 14-5 System Maintenance Menu Syslog Parameters....................................................................................................... 14-7
Table 14-6 System Maintenance Menu Diagnostic................................................................................................................... 14-8
Table 14-7 Time and Date Setting Fields ................................................................................................................................ 14-10
Table 15-1 Filenames ................................................................................................................................................................ 15-2
Table 15-2 Third Party FTP Clients - General Commands ....................................................................................................... 15-7
Table 15-3 Third Party TFTP Clients - General Commands..................................................................................................... 15-8
Table 16-1 IP Routing Policy Summary.................................................................................................................................... 16-3
Table 16-2 IP Routing Policy .................................................................................................................................................... 16-4
Table 17-1 Troubleshooting the Start-Up of your Prestige 1600 .............................................................................................. 17-1
Table 17-2 Troubleshooting an xDSL Port Connection ............................................................................................................ 17-1
Table 17-3 Troubleshooting the WAN Port Connection............................................................................................................ 17-1
Table 17-4 Troubleshooting the LAN Interface ........................................................................................................................ 17-2
Table 17-5 Troubleshooting a Connection to a Remote Node or ISP ....................................................................................... 17-2
xvi
List of Tables
Prestige 1600 Universal Access Concentrator
Preface
Congratulations on your purchase of the Prestige 1600 Universal Access Concentrator.
This preface introduces you to your concentrator and discusses the organization and conventions of this user’s
guide. It also provides information on other related documentation.
About the Prestige
The Prestige 1600 is a scalable access concentration platform, delivering networking services at multiple selectable
speeds. It can be deployed at high rise buildings, Telcos, ISPs and System Integrators with various configurations.
Equipped with one 10/100M Ethernet port, three network module Slots, and one WAN interface and one optional
five-port 10M/100M LAN switch card, the architecture of the Prestige 1600 allows network modules of different
generations to coexist in the same chassis and to inter-operate with the same system module.
Network Modules
IDSL
Each Prestige 1600 IDSL network module (NM) consists of 16 IDSL ports. You can install 2 IDSL NMs in a
Prestige, which is equipped with a 10/100M Ethernet that allows you to daisy chain up to five units (giving a
maximum of 160 IDSL ports).
ADSL
Each Prestige 1600 ADSL network module (NM) consists of 8 ADSL ports. You can install 3 ADSL NMs in a
Prestige, which is equipped with a 10/100M Ethernet that allows you to daisy chain up to five units (giving a
maximum of 120 ADSL ports).
SDSL
Each Prestige 1600 SDSL network module (NM) consists of 8 SDSL ports. You can install 3 SDSL NMs in a
Prestige, which is equipped with a 10/100M Ethernet that allows you to daisy chain up to five units (giving a
maximum of 120 SDSL ports).
Please note that slot 3 may contain an ADSL or SDSL network module type only.
The Prestige can automatically detect the network module type.
Configuring your Prestige
You can use the System Management Terminal (SMT) interface or the CLI (Command Line Interpreter) commands
to configure your Prestige. The SMT is a menu-driven interface that you can access from either a VT100
compatible terminal or a terminal emulation program on a computer via the console port or telnet. Use of CLI/CI
commands are recommended only for advanced users.
About this Guide
This User's Guide covers all operations of the Prestige 1600 and shows you how to get the best out of the multiple
advanced features of your Prestige concentrator. It is designed to help you to configure the Prestige correctly for
various applications using the SMT interface via the console port or telnet. For detailed CI commands please refer
to the section Related Documentation.
Syntax Conventions
“Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means
for you to select one from the predefined choices.
The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold Arial font. A
single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means the Enter, or
carriage return, key; [ESC] means the Escape key.
Preface
xvii
Prestige 1600 Universal Access Concentrator
For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a shorthand for “that is” or “in
other words” throughout this manual.
The Prestige 1600 will also be referred to as the Prestige or the P1600 in this manual.
Related Documentation
Hardware Installation Guide
Support Notes
More detailed information about the Prestige and examples of its use can be found in the Support Notes accessible
through the ZyXEL web pages at zyxel.com.
ZyXEL Web Page and FTP Server Site
You can access release notes as well as firmware upgrades at ZyXEL web and FTP sites. Refer to the Customer
Support page in this User’s Guide for more information.
xviii
Preface
Prestige 1600 Universal Access Concentrator
What is DSL?
DSL stands for Digital Subscriber Line. Local Exchange carriers currently use a single unshielded twisted pair of
wire on the local loop (between Central Office and Customer Premises) for transmitting voice, which requires 3003,400 Hz of bandwidth. The wires are, however, capable of carrying information at much higher rate when modern
digital processing techniques are deployed. The same pair of wires are used successfully worldwide to provide
ISDN services yielding up to 128 Kbps. The explosive growth in Internet access, remote LAN access and
telecommuting demand data rates that are a lot higher than what conventional analog modems can provide over the
existing pair of wires.
SDSL (Symmetric DSL)
SDSL operates on a single copper pair. SDSL allows applications that require symmetric data rates. Because only
one pair is needed in this arrangement, the capacity of the entire local loop infrastructure is greatly magnified. With
this capability, local providers can extract the maximum value from their existing plant, or deploy new capacities
both more quickly and at a lower capital expenditure.
SDSL allows for rapid and cost effective deployment of intermediate data rate services. Potential uses for this
technology include fractional T1 with a particular advantage in 768 Kbps systems, Work-at-home LAN access,
Distance Learning, Internet Access, and Campus or Large Facility LAN to LAN connectivity. Since SDSL can be
configured at multiple data rates, it can have different capacity and reach limitations.
This also allows for easy, cost-effective implementation of such services as remote cell site support of PCs, remote
LAN access, distance education and training, digital imaging, or any other service, which requires a larger amount
of bandwidth.
ADSL (Asymmetric DSL)
Asymmetric Digital Subscriber Line takes its name from the comparatively high bandwidth in one direction, with
low bandwidth in the opposite direction. ADSL uses a single phone line for transmission. Many service providers
have also come to recognize its potential to support a range of data applications.
Additionally, ADSL’s ability to operate at speeds of up to 8 Mbps positions it to support real-time broadcast
services and pre-recorded interactive video services; and to have multiple video and data activities running
simultaneously. ADSL supports applications with asymmetric traffic demands such as:
!
Web Surfing
!
File Downloads
!
Distance Learning
IDSL (ISDN DSL)
IDSL stands for ISDN Digital Subscriber Line (IDSL). IDSL uses the 2B1Q line coding standard for ISDN BRI
circuits. Used for data-only applications, IDSL operates at 128 Kbps for up to 18,000 feet.
Because IDSL uses the same industry-standard line coding technique as ISDN, customers with ISDN BRI terminal
adapters can use their current TAs, routers and bridges for connecting to IDSL lines. Any of the commonly used
transport protocols such as PPP, MP, or Frame Relay may be used over the IDSL line, allowing rapid and
transparent integration into Internet, remote LAN access and telecommuting.
Quick Reference
xix
Prestige 1600 Universal Access Concentrator
DSL Comparison Chart
Technology
Downstream
Rate
Upstream
Rate
Wires
CO
distance
IDSL
128 Kbps
128 Kbps
1 Copper
Pair
18,000 feet
ADSL
256Kbps to
6.1 Mbps
64 Kbps to
512 Kbps
1 Copper
Pair
18,000 feet
SDSL
144 Kbps to
2320 Kbps
144 Kbps to
2320 Kbps
1 Copper
Pair
11,500 to
22,000 feet
Chart A DSL Comparison Chart
xx
What is DSL?
Prestige 1600 Universal Access Concentrator
Chapter 1
Getting to Know Your Concentrator
This chapter describes the key features, benefits and applications of your Prestige.
The Prestige 1600 is a scalable, high-performance, easy-to-configure access concentrator. It consolidates multiple
traffic streams onto a single backbone network. It can be deployed at either the customer’s premise (CP) or a
service provider’s Central Office (CO).
Equipped with one 10/100M Ethernet port, three network module (NM) slots, one WAN interface and one optional
five-port 10M/100M LAN switch card, the architecture of the Prestige 1600 allows network modules of different
generations to coexist in the same chassis and to inter-operate with the same system module.
With its flexible and scalable architecture, you can start with a single P1600 chassis to address low or medium
density network requirements and expand with up to four additional P1600s. With the optional five-port 10/100M
Ethernet switch installed, you can connect up to five units.
1.1
Overview of the Prestige 1600
Physical Dimensions
!
Chassis: 17.3" (W) x 13.39" (L) x 2.6" (H); 44cm (W) x 34cm (L) x 6.6cm (H)
!
DSL network module: 5.3" (W) x 12.2" (L) x 0.94" (H); 13.5cm (W) x 31cm (L) x 2.4cm (H)
!
Rack-mounting options: EIA 19" or 23" front or mid-mount central-office style
Power Requirement
!
Built-in 100V-240VAC, 50-60 Hz switching power supply
Operating Environment
!
Temperature: 0ºC - 50º C
!
Humidity: 20 - 95%
IDSL Interface
!
Two 16-port IDSL network modules.
!
Up to 160 IDSL ports. 32 IDSL ports in each P1600 chassis.
!
IDSL Server only
ADSL Interface
!
Three 8-port ADSL network modules.
!
Up to 120 ADSL ports (112 if using the 5-port Ethernet switch card). 24 ADSL ports in each P1600
chassis.
SDSL Interface
!
Three 8-port SDSL network modules.
!
Up to 120 SDSL ports (112 if using the 5-port Ethernet switch card). 24 SDSL ports in each P1600 chassis.
Getting to Know Your Prestige
1-1
Prestige 1600 Universal Access Concentrator
Network Address Translation (NAT)
NAT (Network Address Translation - NAT, RFC 1631) allows the translation of an Internet Protocol address used
within one network to a different IP address known within another network.
Internet Protocols
!
IP routing
!
IP packet filtering, including network level and device level filtering
!
RIP-1 and RIP-2
!
Static IP Route
!
MultiNAT for multiple-IP address translation
Ethernet Interface
!
Auto-negotiating 10/100M Fast Ethernet port
WAN Interface
!
FlexWAN port.
PPP Support
!
PPP for WAN connection
Network Management
!
Local and remote console management
!
SNMP manageable
!
Remote secondary management via Telnet using MultiNAT
Security
!
CHAP, PAP and RADIUS authentication
Remote Firmware Upgrades
!
1.2
Console, Telnet, TFTP and FTP Firmware Upgrades
Key Benefits
!
Flexibility, Scalability and High capacity (120 to160 DSL ports with daisy chaining)
!
MultiNAT Support
!
Mix of DSL types on a single access platform using the existing network infrastructure.
!
Reduced network complexity and easy manageability
!
Greater bandwidth efficiency
!
High speed DSL platform
!
Variety of network interfaces and easy upgradability
!
Consolidated access to network services over a single carrier
!
Cost, space and power efficient solution for Internet access
!
SNMP support
1-2
Getting to Know Your Prestige
Prestige 1600 Universal Access Concentrator
!
Monitoring of WAN/LAN status and port status
!
Diagnostics
!
Safety tested and high security
1.3
Detailed Features of the Prestige 1600
Modular Architecture
The P1600 chassis is equipped with three network module slots, one system module and two removable fan
modules.
Configuration Types
The Prestige 1600 can be configured via SMT Menu 1 as a primary, secondary or standalone device.
1.
Primary
The P1600 primary provides concentration, network management, Internet access and routing functions as well as
uses the FlexWan port as the interface to the trunk.
2.
Secondary
The P1600 secondary provides concentration, network management, Internet access and routing functions as well
but only through the LAN interface. A secondary needs to work with a primary device because for WAN access,
you need to connect to a P1600 primary.
3.
Standalone
Standalone SMT configurations are the same as a secondary, but in this configuration mode, it does not have to
work with a primary. You can connect a router directly to its LAN port.
Network Interfaces
The P1600 has two trunk interfaces: one Ethernet and one WAN port (primary mode only). The WAN port supports
RS-232, EIA 530,RS-422, X.21 and V.35 interfaces.
Network Protocol Support
The P1600 supports the following network protocols:
!
TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
!
IP Policy Routing
!
Routing Information Protocol (RIP-1 and RIP-2)
Full Network Management
Your Prestige 1600 offers you a variety of options for network management. It supports password protected local
and remote network management via the console port or a telnet connection. It also supports FTP, TFTP, SNMP
(Simple Network Management Protocol) and CI command.
If you cannot telnet to your Prestige, you can configure your Prestige via a modem connected to the console port
over a phone line as shown in the next figure.
Getting to Know Your Prestige
1-3
Prestige 1600 Universal Access Concentrator
Figure 1-1 Remote Configuration
Please note that for figures in this manual, the “Prestige” refers to the Prestige 1600 and that the
Prestige 1600 clients are not labeled - please see the next section.
Robust Security Features
Your Prestige supports CHAP (Challenge Handshake Authentication Protocol), PAP (Password Authentication
Protocol) and RADIUS (Remote Authentication Dial in User Service). In addition, the SMT is password protected.
You can also configure the LAN, WAN filters to block unwanted incoming and outgoing packets.
Internet Access Sharing
The Prestige 1600 primary support Single User Account (SUA)/Network Address Translation (NAT) which enables
multiple subscribers to access the Internet using a single IP address. The ZyXEL Network Operating System
(ZyNOS) implementation of SUA/NAT allows NetMeeting, CuSeeMe, ICQ and other multimedia application
traffic behind NAT on the client side.
Note that P1600 secondary machine does not support SUA/NAT; only the P1600 primary does on the WAN port.
For a P1600 standalone NAT/SUA is supported over LAN when the Ethernet port is connected to a broadband
modem.
Remote Software Upgrades
The Prestige 1600 uses FLASH memory technology that enables software upgrades without opening the units. The
P1600 can be upgraded via the console port, locally and remotely, as well as via FTP and TFTP.
1-4
Getting to Know Your Prestige
Prestige 1600 Universal Access Concentrator
1.4
Prestige 1600 and Prestige DSL Clients
DSL clients suitable for the Prestige 1600 are shown in the following table.
Table 1-1 P1600 DSL Clients
DSL Network Module
Prestige Client
IDSL
Prestige 100L
Omni 128L
ADSL
Prestige 642
SDSL
Prestige 681
Please note that for figures in this manual, the word “Prestige” refers to the Prestige 1600 and that the
Prestige 1600 clients are not labeled.
Getting to Know Your Prestige
1-5
Prestige 1600 Universal Access Concentrator
Chapter 2
Prestige 1600 Applications
This chapter shows you some applications of the Prestige 1600.
2.1
Multi Purpose Concentrator
The Prestige 1600 is a highly flexible, high-speed Internet access solution. It is an integrated, cost-effective solution
for line concentration, routing and network management. Using the existing infrastructure, service providers (ISPs,
Telcos, SIs) and owners of high-rise buildings can take advantage of the DSL technologies using the P1600
concentrator.
2.2
Prestige 1600 Deployment Scenarios
The P1600 concentrator can be deployed at various offices for high-speed Internet Access, campus connectivity and
remote access. It can be deployed at an ISP site or at remote sites (MDU, Telcos/CLECs) with various
configurations. The P1600 provides two kinds of connection to the ISP: WAN port and Ethernet port. When the
P1600 is installed at an ISP site, traffic from the DSL ports is routed to LAN port. When the P1600 is installed at a
remote site, traffic is routed to WAN port, then to an ISP.
The P1600 supports RS-232, EIA 530, RS-422, X.21 and V.35 interface types on the WAN port. The P1600
supports Ethernet port interfaces such as a broadband modem. A few P1600 deployment scenarios are shown next.
2.2.1
Deployed at a High-rise for High-Speed Internet Access
Figure 2-1 Deployed at a High-rise
Property managers or service providers can install the P1600 in Multiple Dwelling Units (MDU) and provide the
subscribers with high-speed Internet access and other services.
Initial Setup
2-1
Prestige 1600 Universal Access Concentrator
For Internet access with the P1600 in standalone mode, you can connect a broadband device such as a DSL modem
or cable modem to the Ethernet port.
2.2.2
Campus Connectivity
In a campus environment, there are several buildings that need to be interconnected to the computer room. The
P1600 offers a long reach and cost effective solution for universities, corporations, etc. to extend networks to
multiple buildings spread out over large campuses. It can be deployed at a campus for concentration and high-speed
Internet Access, as shown next.
Figure 2-2 Campus Deployment
2.2.3
Deployed at ISPs and Other Service Providers
ISPs and other service providers can offer services to corporate and other customers using the P1600. For example,
the P1600 can be connected to the ISP’s internal LAN and users can access the Internet using the ISP’s router as
shown next.
2-2
Initial Setup
Prestige 1600 Universal Access Concentrator
Figure 2-3 Deployed at an ISP
A few examples of possible configurations for these deployments are shown next.
2.2.4
Configuration Example One
Figure 2-4 A Very High Capacity Concentrator
2.2.5
Configuration Example Two
You can also have any number of P1600 standalones chained to an external Ethernet hub as shown next.
Initial Setup
2-3
Prestige 1600 Universal Access Concentrator
Figure 2-5 High Capacity Concentrator
2.2.6
Configuration Example Three
Depending on your requirement you can vary the number of Prestige 1600 secondaries as shown next.
Figure 2-6 Medium Capacity Concentrator
2.2.7
Configuration Example Four
You can also use the P1600 standalone concentrator for Internet Access.
Figure 2-7 Low Capacity Concentrator
2-4
Initial Setup
Prestige 1600 Universal Access Concentrator
Chapter 3
Initial Setup
This chapter shows you how to perform initial setup using the SMT.
3.1
Initial Screen
When you power on your Prestige 1600, the router performs several internal tests and initializes the ports. After the
initialization, the Prestige asks you to press [ENTER] to continue, as shown below:
Copyright (c) 2000 ZyXEL Communications Corp.
ethernet address: 00:a0:c5:00:50:02
Press ENTER to continue...
Figure 3-1 Power-On Display
3.1.1
Password
After you press [ENTER], the Login screen appears prompting you to enter the password, as shown in the next
figure.
For your first login, enter the default password 1234. As you enter the password, the screen displays an (X) for
each character you type.
Enter Password : XXXX
Figure 3-2 Login Screen
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will automatically log
you out and will display a blank screen. If you see a blank screen, press [ENTER] to bring up the password screen
again.
Initial Setup
3-1
Prestige 1600 Universal Access Concentrator
3.2
Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration are listed in
Table 3-1.
Table 3-1 Navigating the SMT
Operation
Keystrokes
Description
Move down to
another menu
[ENTER]
To move forward to a submenu, type in the number of the
desired submenu and press [ENTER].
Move up to a
previous menu
[Esc]
Press the [Esc] key to move back to the previous menu.
Move to a
“hidden” menu
Press the
[SPACE BAR] to
change No to
Yes, then press
[ENTER].
Fields beginning with “Edit” lead to hidden menus and have
a default setting of No. Press the [SPACE BAR] to change
No to Yes, then press [ENTER] to go to a “hidden” menu.
Move the cursor
[ENTER] or
Within a menu, press [ENTER] to move to the next field.
You can also use the [Up]/[Down] arrow keys to move to
[Up]/[Down] arrow
the previous and the next field, respectively.
keys
Enter information Fill in, or press
You need to fill in two types of fields. The first requires you
the [SPACE BAR] to type in the appropriate information. The second allows
to toggle
you to cycle through the available choices by pressing the
[Space] bar.
3.3
Required fields
<? >
All fields with the symbol <?> must be filled in order be able
to save the new configuration.
N/A fields
<N/A>
Some of the fields in the SMT will show a <N/A>. This
symbol refers to an option that is Not Applicable.
Save your
configuration
[ENTER]
Save your configuration by pressing [ENTER] at the
message “Press ENTER to confirm or ESC to cancel”.
Saving the data on the screen will take you, in most cases
to the previous menu.
Exit the SMT
Type 99, then
press [ENTER].
Type 99 at the Main Menu prompt and press [ENTER] to
exit the SMT interface.
SMT Menus At A Glance
The following chart is an overall view of how the SMT menus are organized.
3-2
Initial Setup
Prestige 1600 Universal Access Concentrator
Initial Setup
3-3
Prestige 1600 Universal Access Concentrator
3.3.1
P1600 Main Menu - Primary
The SMT displays a general Main Menu first. Once you configure the system in Menu 1 - General Setup you can
see the P1600 primary Main Menu, as shown next.
Copyright (c) 2000 ZyXEL Communications Corp.
Prestige 1600 Main Menu (MyPrimary)
Getting Started
1.
2.
3.
4.
6.
General Setup
WAN Setup
Ethernet Setup
Internet Access Setup
Port Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
15. NAT Setup
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Security
24. System Maintenance
25. IP Routing Policy Setup
99. Exit
Enter Menu Selection Number:
Figure 3-3 Primary Main Menu
The following table shows the Main Menu Summary,
Table 3-2 Main Menu Summary
#
3-4
Menu Title
Description
1
General Setup
Use this menu to set up general information and enable routing
or bridging of specific protocols. The name in brackets after
Main Menu is the System Name you assign here.
2
WAN Setup
Use this menu to set up the WAN configuration.
3
Ethernet Setup
Use this menu to set up the Ethernet configuration.
4
Internet Access Setup
A quick and easy way to set up an Internet connection for the
primary 1600.
6
Port Setup
Use this menu to configure DSL port parameters and to choose
authentication options.
11
Remote Node Setup
Use this menu to set up the remote node for LAN-to-LAN
connections, including an Internet connection for the primary
and standalone models.
12
Static Routing Setup
Use this menu to set up static routes for different protocols.
There are eight static routes for each protocol.
15
NAT Setup
Use this menu to configure NAT.
21
Filter Set Configuration Set up filters to be applied in Menu 3 and Menu 11 to provide
security, call control, etc.
22
SNMP Configuration
Use this menu to set up SNMP related parameters
23
System Security
Use this menu to set up security related parameters.
24
System Maintenance
Provides system status, diagnostics, firmware upload, etc.
25
IP Routing Policy Setup Configure your routing policies here.
Initial Setup
Prestige 1600 Universal Access Concentrator
99
3.3.2
Exit
To exit the SMT and return to a blank screen.
Secondary and Standalone Main Menu
The SMT Main Menu for the secondary and standalone Prestige models is as shown next.
Copyright (c) 2000 ZyXEL Communications Corp.
Prestige 1600 Main Menu (MySeconda)
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Security
24. System Maintenance
25. IP Routing Policy Setup
Getting Started
1. General Setup
3. Ethernet Setup
6. Port Setup
Advanced Applications
12. Static Routing Setup
15. NAT Setup
99. Exit
Enter Menu Selection Number:
Figure 3-4 Secondary and Standalone Main Menu
Note: You will see the above screen when you set Configuration Type in Menu 1- General Setup as
secondary or standalone.
3.4
Changing the System Password
The first thing you should do before anything else is to change the default system password by doing the following:
Step 1.
Select option 23 from the Main Menu. This will open Menu 23 - System Security as shown:
Menu 23 - System Security
1. Change Password
2. External Server
Enter Menu Selection Number
Figure 3-5 Menu 23 - System Security
Step 2.
From the System Security Menu, select Change Password to bring up Menu 23.1 - System Security Change Password.
Step 3.
When submenu 23.1- System Security-Change Password appears, as shown below, enter the existing
system password, i.e., 1234, then press [ENTER].
Initial Setup
3-5
Prestige 1600 Universal Access Concentrator
Menu 23.1 - System Security - Change Password
Old Password= XXXX
New Password= XXXX
Retype to confirm= XXXX
Press ENTER to Confirm or ESC to Cancel:
Figure 3-6 Menu 23.1 - System Security - Change Password
Step 4.
Enter your new system password and press [ENTER].
Step 5.
Re-type your new system password for confirmation and press [ENTER].
3.5
Resetting the Prestige
If you forget your password or for some reason cannot access the SMT menu, you will need to reload the
configuration file. Uploading the configuration file replace the current configuration file with the new configuration
file. This means that you will lose all configurations that you had before and the speed of the console port will be
reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control none. The password will be
reset to 1234, also.
To obtain the default configuration file, download it from the FTP site, unzip it and save it in a folder. Turn off and
then on the Prestige and begin a session. When you turn on the Prestige again you will see the initial screen. When
you see the message “Press any key to enter Debug Mode within 3 seconds” press any key to enter debug mode.
3.6
General Setup
Menu 1 - General Setup contains administrative and system-related information as well as DNS server
information.
3.6.1
DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa, e.g.,
the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you
must know the IP address of a machine before you can access it.
Select option 1 from the Main Menu by typing 1 at the menu selection number prompt. If your P1600 is configured
as a primary you will see the following screen. Once you enter the system name it will be displayed in the Main
Menu in brackets.
3-6
Initial Setup
Prestige 1600 Universal Access Concentrator
Menu 1 - General Setup
System Name= MyPrimary
Configuration Type= Primary
Secondary ID= N/A
Location=
Contact Person's Name= JohnDoe
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 3-7 Menu 1 - General Setup (Primary)
When you configure the Prestige as a secondary or standalone model (Configuration Type field), you will see the
following screen.
Menu 1 - General Setup
System Name= MySecondary
Configuration Type= Secondary
Secondary ID= 1
Location=
Contact Person's Name= MaryDoe
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 3-8 Menu 1 - General Setup (Secondary/Standalone)
The Menu 1 - General Setup fields are explained in the next table.
Table 3-3 General Setup Fields
Field
Description
System Name Choose a descriptive name for identification purposes. This name
can be up to 30 alphanumeric characters long. Spaces are not
allowed, but dashes “-” and underscores "_" are accepted. This
name can be retrieved remotely via SNMP and will be displayed
up to the first 9 characters at the prompt in the Command Mode.
Example
MyPrimary
Note: Once you have configured the System Name, you can see it displayed (up to the first 9
characters) in the Main Menu within brackets next to "Prestige 1600 Main Menu”.
Configuration
Type
You can configure the P1600 primary as only Primary. For P1600
Secondary choose Secondary or Standalone.
Secondary ID
State the ID of the P1600 secondary. You may have up to four
secondaries with one primary.
Location
(optional)
Enter the geographic location (up to 31 characters) of your
Prestige 1600.
Contact
Enter the name (up to 30 characters) of the person in charge of
Person's Name this Prestige 1600.
(optional)
Primary DNS
Server
Initial Setup
Primary
1, 2, 3 or 4
Hsinchu
JohnDoe
Enter the IP addresses of the DNS servers. The DNS servers are passed
to the DHCP clients along with the IP address and the subnet mask.
3-7
Prestige 1600 Universal Access Concentrator
Field
Description
Example
Leave these entries at 0.0.0.0 if a WAN DHCP server provides them.
Secondary DNS
Server
3-8
Initial Setup
Prestige 1600 Universal Access Concentrator
Chapter 4
WAN Port Setup
This section describes setting up your WAN port including Frame Relay.
Select option 2 from the Main Menu by typing 2 at the menu selection number prompt. You will see a screen as
shown next.
Menu 2 - WAN Port Setup
Clock Source = External
Port Speed = N/A
Edit Frame Relay Setup= No
Only change the default option
(No) if you wish to configure the
WAN port for frame relay.
Press Enter to Confirm or ESC to Cancel:
Figure 4-1 Menu 2 - WAN Port Setup
Table 4-1 WAN Setup Menu Fields
Field
Description
Example
Clock Source
The device connected to the WAN port controls timing. The
P1600 currently only supports an external clock source.
External
Port Speed
Set by External Device
N/A
Edit Frame Relay To configure the WAN port for frame relay move the cursor
to the Edit Frame Relay Setup= field, press the
Setup
[SPACEBAR] once to display Yes and then press
[ENTER]. This takes you to Menu 2.1.2 - Frame Relay
Setup shown ahead.
4.1
Configuring The WAN Port For PPP over HDLC
The following diagram depicts the configuration scenario for running PPP over HDLC (High-level Data Link
Control).
WAN Port Setup
4-1
Prestige 1600 Universal Access Concentrator
Figure 4-2 Configuring The WAN Port for PPP over HDLC
To run PPP over HDLC directly without frame relay, the Line Type field in Menu 2.1.2 - Frame Relay Setup
must be set to None. To make sure frame relay is disabled, go to menu 2 and then to Menu 2.1.2 – Frame Relay
Setup. If the Line Type field is not None, press [SPACE BAR] to change it before saving the configuration.
4.2
Configuring The WAN Port For Frame Relay
To configure the WAN port for frame relay go to Menu 2 - WAN Port Setup and change the default option (No)
in the Edit Frame Relay Setup field to Yes. Frame relay is a form of packet-switching technology that routes
frames of information from source to destination over a switched network owned by a carrier. Frames are “relayed”
through switches in the network.
Figure 4-3 Configuring The WAN Port For Frame Relay
4.2.1
Standards
The two main groups that create recommendations and standards in the telecommunications field are ITU - T
(International Telecommunication Union - Telecommunications Standardization Sector) and ANSI (American
National Standards Institute). Standards vary slightly for both organizations, so please select the correct standard in
the Link Management field. Your Network Service Provider (NSP) should provide you with this information.
4-2
WAN Port Setup
Prestige 1600 Universal Access Concentrator
4.2.2
How To Configure The WAN Port For Frame Relay
Go to menu 2, then move the cursor to the Edit Frame Relay Setup= field, press the [SPACEBAR] once to
display Yes and then press [ENTER]. This takes you to Menu 2.1.2 - Frame Relay Setup shown next.
Menu 2.1.2 – Frame Relay Setup
Line Type = User
Link Management = ANSI(T1.618)
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 4-4 Menu 2.1.2 - Frame Relay Setup
Table 4-2 Menu 2.1.2 - Frame Relay Setup
Field
Link Type
Link Management
Description
Options
Choose User if the Prestige is on the user side
of the UNI (User Network Interface: defines the
connection between user equipment and the
Frame Relay network), i.e. if your Prestige is
connected to a service provider. Choose None
to disable Frame Relay.
User (default)
Press the [SPACEBAR] and then [ENTER] to
select which standard is compatible with your
Prestige. Both the Prestige and the peer must
use the same standard. The standard defines
functions that are responsible for monitoring the
up/down status and error performance of an
individual link. If failure occurs, recovery actions
are initiated for the restoration of the failed link.
ITU-T(Q.933)
None
ANSI(T1.618)
4.3
How To Configure Frame Relay for Internet Access
4.3.1
Encapsulation
Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.
RFC 1973 (PPP in Frame Relay)
RFC 1973 describes the use of Frame Relay for transporting PPP encapsulated packets. Please refer to RFC 1973
for more information.
RFC 1490
RFC 1490 describes Multiprotocol Interconnect over Frame Relay encapsulation which is an encapsulation method
for carrying network interconnect traffic (both bridging and routing) over a frame relay network. It also describes a
simple fragmentation procedure for carrying large frames over a frame relay network with a smaller MTU
(Maximum Transmission Unit).
WAN Port Setup
4-3
Prestige 1600 Universal Access Concentrator
4.3.2
DLCI
The carrier gives you a DLCI (Data Link Connection Identifier) for each frame relay connection to a destination.
Identifiers can range from 1 to 991 with restrictions as shown in the following table. The default DLCI for the first
connection is 16.
Table 4-3 Data Link Connection Identifiers
DLCI
4.3.3
Usage
0
Channel Signaling
1-15
Reserved
16 - 991
Frame Relay
CIR (Committed Information Rate)
The carrier programs virtual circuits into the network between your sites and charges you for a specific level of
service called the committed information rate (CIR). The CIR is basically a guarantee that the carrier will always
have that bandwidth available. The CIR limit for the Prestige is 8Mbps. The sum of CIRs from all channels in a line
cannot exceed 8Mbps due to the processing limit of the P1600 CPU.
4.3.4
EIR (Excess Information Rate)
This is the burst capability of the connection, i.e., the maximum allowable data transfer rate. EIR must be greater
than or equal to the CIR.
4.3.5
How To Configure Frame Relay for Internet Access
Go to Menu 4 - Internet Access Setup, move the cursor to the Edit Frame Relay Options= field, press the
[SPACEBAR] once to display Yes and then press [ENTER]. This takes you to Menu 4.2 - Internet Setup Frame
Relay Options shown next.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
My Login= 1234
My Password= ********
Network Address Translation= SUA Only
My WAN Addr= 0.0.0.0
Address Mapping Set= N/A
Edit Frame Relay Options= No
Press ENTER to Confirm or ESC to Cancel:
Figure 4-5 Menu 4 - Internet Access Setup
4-4
WAN Port Setup
Prestige 1600 Universal Access Concentrator
Menu 4.2 – Internet Setup Frame Relay Options
Encapsulation= RFC 1490
DLCI = 16
CIR (kbps)= 64
EIR (kbps)= 80
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-6 Menu 4.2 - Internet Setup Frame Relay Options
Table 4-4 Menu 4.2 - Internet Setup Frame Relay Options
Field
Encapsulation
4.4
Description
Options/Examples
Be sure to use the encapsulation method
required by your ISP. The Prestige supports the
following methods. See section 4.3.1 for more
information.
RFC 1973 (PPP)
RFC 1490
DLCI
Enter the DLCI number required by your ISP.
This is a path number of a portion of the PVC
(the DLCI changes for each hop through the
network), not the address of the destination.
The default DLCI for the Prestige is 16 for the
first PVC. See section 4.3.2 for more
information.
16
CIR (Kbps)
Enter the CIR as negotiated with your ISP. See
section 4.3.3 for more information.
64
EIR (Kbps)
Enter the EIR as negotiated with your ISP. See
section 4.3.4 for more information.
80
How To Configure Frame Relay For A Remote Node
Configuring Frame Relay for a remote node is similar to configuring Frame Relay for Internet Access.
Go to Menu 11.1 - Remote Node Profile, move the cursor to the move the cursor to the Edit Frame Relay
Options= field, press the [SPACEBAR] once to display Yes and then press [ENTER]. This takes you to Menu
11.5 - Remote Node Frame Relay Options shown next.
WAN Port Setup
4-5
Prestige 1600 Universal Access Concentrator
Menu 11.1 - Remote Node Profile
Rem Node Name= verio
Active= Yes
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= scci
My Password= ********
Authen= CHAP/PAP
Telco Option:
Edit Frame Relay Options= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Leave name field blank to delete profile
Please enter 0-9, a-z, A-Z, '-', or '_', or leave blank to DELETE profile
Figure 4-7 Menu 11.1 - Remote Node Profile
Menu 11.4 - Remote Node Frame Relay Options
Encapsulation= RFC 1490
DLCI = 16
CIR (kbps)= 64
EIR (kbps)= 80
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-8 Menu 11.4 - Remote Node Frame Relay Options
The fields in this table are the same as described in Table 4-4 above.
4-6
WAN Port Setup
Prestige 1600 Universal Access Concentrator
Chapter 5
Internet Access
This chapter shows you how to configure the Prestige 1600 primary and Prestige 1600 standalone for
Internet access.
5.1
Introduction
Menu 4 - Internet Access Setup of the SMT allows you to configure the Internet access parameters in a single
screen. For Internet access using the Prestige 1600 standalone you need to only set up a default route using Menu
12 - Static Default Route. While configuring your Prestige for Internet access you have to be careful when setting
the IP addresses to avoid IP conflict. The following section shows the various IP networks in the P1600.
5.1.1
IP Address assignment
Table 5-1 Default DSL IP Address Assignment
Configuration
Type (Menu 1)
Primary
P1600 IP
address
192.168.1.1
Port numbers
IP address range assigned to
DSL Clients (Menu 6.1)
Slot
1
IDSL:16 ports
192.168.255.1 ~ 192.168.255.16
ADSL/SDSL:
8 ports
192.268.255.1 ~ 192.168.255.8
Slot
2
IDSL:16 ports
192.168.255.17 ~ 192.168.255.32
ADSL/SDSL:
192.168.255.17 ~ 192.168.255.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.255.33 ~ 192.168.255.40
8 ports
Secondary 1
192.168.1.2
Slot
1
IDSL:16 ports
192.168.254.1 ~ 192.168.254.16
ADSL/SDSL:
8 ports
192.268.254.1 ~ 192.168.254.8
Slot
2
IDSL:16 ports
192.168.254.17 ~ 192.168.254.32
ADSL/SDSL:
192.168.254.17 ~ 192.168.254.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.254.33 ~ 192.168.254.40
8 ports
Secondary 2
Internet Access
192.168.1.3
Slot
1
IDSL:16 ports
192.168.253.1 ~ 192.168.253.16
ADSL/SDSL:
8 ports
192.268.253.1 ~ 192.168.253.8
5-1
Prestige 1600 Universal Access Concentrator
Configuration
Type (Menu 1)
P1600 IP
address
Port numbers
Slot
2
IP address range assigned to
DSL Clients (Menu 6.1)
IDSL:16 ports
192.168.253.17 ~ 192.168.253.32
ADSL/SDSL:
192.168.253.17 ~ 192.168.253.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.253.33 ~ 192.168.253.40
8 ports
Secondary 3
192.168.1.4
Slot
1
IDSL:16 ports
192.168.252.1 ~ 192.168.252.16
ADSL/SDSL:
8 ports
192.268.252.1 ~ 192.168.252.8
Slot
2
IDSL:16 ports
192.168.252.17 ~ 192.168.252.32
ADSL/SDSL:
192.168.252.17 ~ 192.168.252.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.252.33 ~ 192.168.252.40
8 ports
Secondary 4
192.168.1.5
Slot
1
IDSL:16 ports
192.168.251.1 ~ 192.168.251.16
ADSL/SDSL:
8 ports
192.268.251.1 ~ 192.168.251.8
Slot
2
IDSL:16 ports
192.168.251.17 ~ 192.168.251.32
ADSL/SDSL:
192.168.251.17 ~ 192.168.251.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.251.33 ~ 192.168.251.40
8 ports
Standalone
192.168.1.1
Slot
1
IDSL:16 ports
192.168.255.1 ~ 192.168.255.16
ADSL/SDSL:
8 ports
192.268.255.1 ~ 192.168.255.8
Slot
2
IDSL:16 ports
192.168.255.17 ~ 192.168.255.32
ADSL/SDSL:
192.168.255.17 ~ 192.168.255.24
8 ports
Slot
3
IDSL
Not Available
ADSL/SDSL:
192.168.255.33 ~ 192.168.255.40
8 ports
All DSL users who do not have public IP address can get one private IP address from the Prestige IP address pool
according to the configuration type setup in Menu 1. The default IP addresses for the DSL clients are arranged
sequentially as shown in the table above. A port is identified as e.g., "Primary, Slot 3, port 6" or "Secondary 1, Slot
2, port 4", etc.
5-2
Internet Access
Prestige 1600 Universal Access Concentrator
5.1.2
Standalone IP Pool
When the Prestige Configuration Type (Menu 1) is set up as Standalone and Internet access is configured
through the Ethernet port, you have to manually enter Ethernet TCP/IP information using Menu 3. There are no
dynamic default IP address assignments in this scenario. The default route has to be configured in Menu 12.
5.2
TCP/IP Parameters
If you wish to know more about TCP/IP, please read on. Or you can skip to 4.3 TCP/IP Ethernet Setup for the
actual configuration.
5.2.1
IP Address and Subnet Mask
Machines on a LAN share one common network number; once you have decided on the network number, pick an
IP address that is easy to remember, e.g., 192.168.1.1, for your Prestige 1600.
The subnet mask specifies the network number portion of an IP address. Your Prestige 1600 will compute the
subnet mask automatically based on the IP address that you entered. You don’t need to change the subnet mask
computed by the Prestige 1600 unless you are instructed to do otherwise.
5.2.2
RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. The RIP
Direction field controls the sending and receiving of RIP packets. When set to:
1. Both - the Prestige 1600 will broadcast its routing table periodically and incorporate the RIP information that it
receives.
2. In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
3. Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.
4. None - the Prestige will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige 1600 sends
(it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unless you have a unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet
broadcasting while RIP-2M uses multicasting.
5.2.3
IP Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast
(1 sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the
network - not everybody.
IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a
multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1
(RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about
interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP
address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0
is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query
messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the
224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
Internet Access
5-3
Prestige 1600 Universal Access Concentrator
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP-v2. At start up, the Prestige queries all directly
connected networks to gather group membership. After that, the Prestige periodically updates this information by
sending a membership query to 224.0.0.1. IP Multicasting can be enabled/disabled on the Prestige LAN and/or
WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN). Select None to disable IP Multicasting on these
interfaces.
5.3
IP Policies
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a
packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the
packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to
incoming packets on a per interface basis, prior to the normal routing. Create policies using SMT Menu 25 (see the
IP Policy Routing chapter) and apply them on the Prestige LAN and/or WAN interfaces using menus 3.2 (LAN)
and 11.3 (WAN).
5.4
TCP/IP Ethernet Setup
To edit Menu 3.2, select Menu 3 Ethernet Setup in the Main Menu and then the appropriate LAN. Then select the
submenu option 2, and press [ENTER]. The screen now displays Menu 3.2 - TCP/IP Ethernet Setup as shown
next.
Menu 3.2 - TCP/IP Ethernet Setup
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast= IGMP-v2
IP Policies=
Network Address Translation= N/A
Address Mapping Set= N/A
Enter here to Confirm or ESC to Cancel:
Figure 5-1 Menu 3.2 - TCP/IP Ethernet Setup
Follow Table 5-2 to configure TCP/IP parameters for the Ethernet port.
Table 5-2 TCP/IP Ethernet Setup Menu Fields
Field
Description
IP Address Enter the IP address of your Prestige 1600 in dotted decimal
notation.
192.168.1.1
IP Subnet
Mask
Your Prestige 1600 automatically calculates the subnet mask 255.255.255.0
based on the IP address that you assign. Unless you are
implementing subnetting, use the value computed by the
Prestige 1600.
RIP
Direction
Press [SPACE BAR] to select the RIP direction among
Both/In Only/Out Only/None
Version
Press [SPACE BAR] to select the RIP version among RIP1/RIP-2B/RIP-2M.
Multicast
5-4
Example
Turn on/off IGMP support and select the version from IGMPv2/IGMP-v1/None.
Both
(default)
RIP-1
(default)
IGMP-v2
Internet Access
Prestige 1600 Universal Access Concentrator
Field
IP Policies
Description
Example
You can apply up to four IP Policy sets (from twelve) by
entering their numbers separated by commas, e.g., 3, 4, 6,
11.
Please see the NAT chapter for a more detailed discussion on the
Network
Network Address Translation feature. The choices are Full Feature,
Address
Translation None and SUA Only.
Full Feature
Address
Mapping
Set=
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to
Confirm…” to save your configuration, or press [ESC] at any time to cancel.
Note: When NAT is enabled you can connect the LAN port to any broadband device such
as a cable modem or DSL device. You can also use the LAN port to connect to the ISP’s
internal LAN and access the Internet using the ISP’s router.
5.5
Collecting Internet Account Information
Before you configure your Prestige 1600 for Internet access, you need to collect your Internet account information
from your ISP. Use Table 5-3 to record your Internet Account Information.
Table 5-3 Internet Account Information
5.6
Internet Account Information
Write your account information here
IP Address of the ISP's Gateway
−
Login Name
−
Password
−
Internet Access using the Prestige 1600 Primary
Menu 4 allows you to enter the Internet access parameters in one screen. Menu 4 is actually a simplified setup for
one of the remote nodes that you can access through menu 11. From the Main Menu, enter option 4 to go to Menu
4 - Internet Access Setup, as displayed in the next figure.
Internet Access
5-5
Prestige 1600 Universal Access Concentrator
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
My Login= 1234
My Password= ********
Network Address Translation= SUA Only
My WAN Addr= 0.0.0.0
Address Mapping Set= N/A
Edit Frame Relay Options= No
Press ENTER to Confirm or ESC to Cancel:
Figure 5-2 Menu 4 - Internet Access Setup
Table 5-4 contains instructions on how to configure your Prestige 1600 for Internet access.
Table 5-4 Internet Access Setup Menu Fields
Field
Description
Observation
ISP's Name
Enter the name of your Internet Service Provider. (This
information is for identification purposes only.)
myISP
My Login
Name
Enter the login name assigned to you by your ISP.
(required)
My Password
(required)
Enter the password associated with the login name
above. Note that this login name/password pair is only for
your Prestige 1600 to connect to the ISP's gateway. For
TCP/IP applications, e.g., FTP, you will need a separate
login name and password for each server.
Network
Address
Translation
See the NAT Chapter for more details on this field and
Address Mapping Set below.
My WAN Addr Some implementations, especially the UNIX derivatives,
require the WAN link to have a separate IP network
number from the LAN and each end must have a unique
address within the WAN network number. If this is the
case, enter the IP address assigned to the WAN port of
your Prestige 1600.
Note that this is the address assigned to your local
Prestige 1600, not the remote router.
Address
Mapping Set
See the NAT Chapter
Edit Frame
Please see the WAN Port Setup chapter for a full
Relay Options discussion of this feature.
Press [ENTER] at the message “Press ENTER to Confirm...” to confirm your configuration,
or press [ESC] at any time to cancel.
5-6
Internet Access
Prestige 1600 Universal Access Concentrator
Chapter 6
DSL Port Setup
This chapter explains how to edit DSL Port information.
Use Menu 6 to configure the DSL ports. Select 6 from the Main Menu to enter Menu 6 - Slot Selection.
The Prestige automatically detects which network module is inserted in each slot. The following menu appears
when you have 2 ISDL network modules inserted in slots 1 and 2.
Note that ISDL network modules (32 ports per module) may only be inserted in slots 1 and 2 but not
slot 3. ADSL or SDSL network modules (24 ports per module) may be inserted in either slots 1, 2 or 3.
Combinations of network modules are also allowed.
Menu 6 - Slot Selection
1. Slot 1 Configuration(IDSL NM)
2. Slot 2 Configuration(IDSL NM)
3. Slot 3 Configuration(N/A)
Please enter selection:
Figure 6-1 Menu 14 - IDSL Port setup
Choose a slot to configure by entering its index number. The following screen displays an IDSL module in slot 1 of
a Secondary 3 device.
DSL Port Setup
6-1
Prestige 1600 Universal Access Concentrator
Menu 6 - IDSL Port Setup(Secondary 3, Slot 1)
port #
Active
Type
User Name
1.
Yes
IDSL
________
2.
Yes
IDSL
________
3.
Yes
IDSL
________
4.
Yes
IDSL
________
5.
Yes
IDSL
________
6.
Yes
IDSL
________
7.
Yes
IDSL
________
8.
Yes
IDSL
________
9.
Yes
IDSL
________
10.
Yes
IDSL
________
11.
Yes
IDSL
________
12.
Yes
IDSL
________
13.
Yes
IDSL
________
14.
Yes
IDSL
________
15.
Yes
IDSL
________
16.
Yes
IDSL
________
Enter IDSL Port # to Edit:
Figure 6-2 DSL Port Setup
Table 6-1 DSL Port Setup Fields
Field
Description
port #
Refers to the DSL port number. The port number range
changes according to the configuration type and network
module type.
Active
Indicates whether the DSL port is active or not. You can
configure this in Menu 6.1 Port Usage.
Type
Displays the network module type in this slot.
User Name
Refers to the name of the user. You can configure this in
Menu 6.1 Port Usage.
Option
Yes/No
IDSL
ADSL
SDSL
Your Prestige displays up to 8 characters in this field and if
you have entered a user name with more than 8 characters
a ‘+’ is appended to the eighth character.
6-2
DSL Port Setup
Prestige 1600 Universal Access Concentrator
6.1
Port Usage
Enter a port number to bring up the following menu (for an IDSL module installed).
Menu 6.1 - Port Usage
Active= Yes
Device Type: IDSL
Speed= 128K
Encapsulation= PPP
Authen Method= Local
Protocol= None
User Name=
Password= ********
IP Address Assigned to Client= 192.168.255.1
Start of Public IP Address= 0.0.0.0
IP Count= 0
Multicast= N/A
IP Policies=
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 6-3 Menu 6.1 - Port Usage
The following table describes fields in this menu.
Table 6-2 Port Usage Menu Fields
Field
Active
Description
Option
You can disable this port by setting the field to No.
Press [SPACE BAR] to toggle between Yes and No.
Yes/No
This field will be <N/A> if no network module is
installed.
Device Type
The Prestige automatically detects the types of
network module installed in the slot.
Speed
Press [SPACE BAR] to toggle between speeds.
IDSL
Step-through SDSL speeds are in 64Kbps
increments.
64K
128K
This field will be <N/A> if no network module is
installed.
Encapsulation
1
The Prestige supports PPP encapsulation.
1
ADSL
Up
Stream
64K
128K
256K
512K
Down
Stream
256K
512K
1M
1.5M
SDSL
144K
272K
400K
528K
784K
1168K
1552K
2320K
PPP
RFC 1483 is not supported at the time of writing this manual.
DSL Port Setup
6-3
Prestige 1600 Universal Access Concentrator
Field
Description
Option
Authen(ticatio
n) Method
This field sets the authentication method for
incoming calls. You can choose Local or RADIUS.
The default for this field is Local. Please see the
next section on User Authentication for more details.
Local, RADIUS
Protocol
Press the [SPACE BAR], then [ENTER] to choose
from None, CHAP/PAP, CHAP or PAP. The default
is None.
None, CHAP, PAP, CHAP/PAP
User Name
This will be used as the login name for local
authentication. You can enter a name with up to 31
characters. This will be N/A when you choose
RADIUS as your authentication method.
Password
Enter the password for the remote user. This will be
N/A when you choose RADIUS as your
authentication method.
IP Address
Assigned to
Client
Refers to the IP address assigned to the CPE
(Customer Premises Equipment), i.e., the client
device connected to the Prestige.
Start of Public
IP Address
Refers to the public IP address assigned to the
hosts behind the CPE. The IP range contains
contiguous IP addresses and this field specifies the
first one in the range.
IP Count
In this field enter the number of addresses in the
public IP range. For example, if the starting address
is 202.x.x.1 and the IP count is 6, then the pool will
be from 202.x.x.1 to 202.x.x.6.
Multicast
Turn on/off IGMP support IGMP-v2/IGMP-v1/None.
Please refer to the Multicast section earlier in this
manual for more details about this feature.
IP Policies
You can apply up to four IP policy sets (from twelve)
by entering their numbers separated by commas,
e.g., 3, 4, 6, and 11.
6.1.1
IGMP-v1
IGMP-v2
None
Example IDSL Port Setup
In Menu 6.1, the Start of Public IP Address and IP Count fields are for public IP addresses only. If NAT is not
enabled, and the hosts behind the CPE have been assigned public IPs, then you must enter that information here to
enable proper routing.
6-4
DSL Port Setup
Prestige 1600 Universal Access Concentrator
Menu 6.1 - Port Usage
Active= Yes
Device Type: IDSL
Speed= 128K
Encapsulation= PPP
Authen Method= Local
Protocol= None
User Name=
Password= ********
IP Address Assigned to Client= 192.168.255.2
Start of Public IP Address= a.95.1.100
IP Count= 6
Multicast= N/A
IP Policies=
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 6-4 Example IDSL Port Setup Configuration
Figure 6-5 Example IDSL Port Setup Scenario
In this example, “a” is a number between 0 and 255 and is not acceptable entry for an IP address.
6.1.2
User Authentication
DSL users are authenticated against the DSL user profile in Menu 6 or user information located at the external
RADIUS server. Two options are available: Local and RADIUS.
Table 6-3 DSL User Authentication
6.1.3
Option
Action
Local
Use the user name and password entered in
this menu for authentication.
RADIUS
Use the external RADIUS server to
authenticate the user.
PAP/CHAP
Your Prestige supports both Password Authentication Protocol (PAP) and Challenge Handshake Authentication
Protocol (CHAP). CHAP is more secure than PAP because the password is not sent in clear text.
DSL Port Setup
6-5
Prestige 1600 Universal Access Concentrator
Chapter 7
Remote Node Configuration
This chapter shows you how to configure the profile and TCP/IP parameters of a remote node.
A remote node is required for placing calls to a remote gateway. A remote node represents both the gateway and
the network behind it across a WAN connection. Note that when you use Menu 4 to set up Internet access, you are
actually configuring a remote node.
7.1
Remote Node Setup
Select menu option 11 from the Main Menu to enter Menu11.1 Remote Node Profile as shown next.
Menu 11 - Remote Node Setup
1. ChangeMe (ISP, NAT)
2. ________
3. ________
Enter Node # to Edit:
Figure 7-1 Menu 11 – Remote Node Setup
Enter a remote node index number to bring up the following screen.
Menu 11.1 - Remote Node Profile
Rem Node Name= myISP
Active= Yes
Outgoing:
My Login= scci
My Password= ********
Authen= CHAP/PAP
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Telco Option:
Edit Frame Relay Options= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Leave name field blank to delete profile
Please enter 0-9, a-z, A-Z, '-', or '_', or leave blank to DELETE profile
Figure 7-2 Menu 11.1 - Remote Node Profile
Remote Node Configuration
7-1
Prestige 1600 Universal Access Concentrator
The following table contains the instructions on how to configure the Remote Node Profile Menu for leased lines.
Table 7-1 Remote Node Profile Menu Fields for Leased Lines
Field
Description
Options
Rem Node Name
This is a required field. Enter a descriptive name
for the remote node, e.g., myISP. This field can be
up to eight characters.
Active
Press [SPACE BAR] to toggle between Yes and
No.
Outgoing:
My Login
Name
Enter the login name for your Prestige 1600 when
it calls this remote node.
Outgoing:
My
Password
Enter the password for your Prestige 1600 when it
calls this remote node.
Outgoing:
Authen
This field sets the authentication protocol used for
outgoing calls.
Yes/No
Options for this field are:
CHAP/PAP - Your Prestige 1600 will accept either
CHAP or PAP when requested by this remote
node.
CHAP - accept CHAP only.
CHAP/PAP
(default)
CHAP
PAP - accept PAP only.
PAP
Edit PPP Options
To edit the PPP options for this remote node,
move the cursor to this field, press the [SPACE
BAR] to select Yes and press [ENTER]. This will
bring you to Menu 11.2 - Remote Node PPP
Options. For more information on configuring
PPP options, see the section Editing PPP
Options.
Yes
Rem IP Addr
This is a required field. Enter the IP address of the
remote gateway.
Edit IP
To edit the IP parameters, select Yes and press
[ENTER]. This will bring you to Menu 11.3 Remote Node Network Layer Options. For more
information on this screen, refer to the section
Remote Node TCP/IP Configuration.
Yes
Telco Option:
Edit Frame Relay Options
Please see the WAN Port Setup chapter for a full
discussion of this feature.
Session Options:
In these fields, enter the filter set(s) you wish to
apply to the incoming and outgoing traffic between
this remote node and your Prestige 1600. You can
choose from 12 different filter sets. In addition,
you can link up to 4 filter sets together for further
customization, e.g., 1, 5, 9, 12.
Input Filter Sets, Output
Filter Sets
Default =
Blank
Note that spaces are accepted in this field. For
more information on customizing your filter sets,
see Chapter 8. The default is blank, i.e., no filters
7-2
Remote Node Configuration
Prestige 1600 Universal Access Concentrator
Field
Description
Options
defined.
Once you have completed filling in Menu 11.1.1 - Remote Node Profile, press [ENTER] at the
message “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to
cancel.
7.2
Outgoing Authentication Protocol
Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons.
However, some vendor’s implementation includes specific authentication protocol in the user profile. It will
disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is
stronger than specified. If you encounter the case where the peer disconnects right after a successful authentication,
please make sure that you specify the correct authentication protocol when connecting to such an implementation.
Note: Generally, the authentication option is decided by the server hence, for outgoing calls it is not
necessary for you to configure this field except in cases where you are told by the remote server’s
operator.
7.3
Editing PPP Options
To edit the PPP options of a remote node, move the cursor to the Edit PPP Options field in Menu 11.1 - Remote
Node Profile, and press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.2, as shown.
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP
Compression= No
ENTER here to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 7-3 Menu 11.2 - Remote Node PPP Options
Table 7-2 Remote Node PPP Options Menu Fields describes the Remote Node PPP Options Menu, and contains
instructions on how to configure the PPP options fields.
Remote Node Configuration
7-3
Prestige 1600 Universal Access Concentrator
Table 7-2 Remote Node PPP Options Menu Fields
Field
Encapsulation
Compression
Description
Option
Select the vendor-specific encapsulation for the link.
The default is Standard PPP. Select Cisco PPP only
when the remote gateway is a Cisco machine.
Standard PPP - Standard PPP encapsulation will be
used.
Standard PPP
CISCO PPP - Cisco PPP encapsulation will be used.
CISCO PPP
Turn on/off Stac data compression. The default for this
field is Off.
On/Off
(Default = Off)
Once you have completed filling in Menu 11.2 - Remote Node PPP Options, press
[ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press
[ESC] at any time to cancel.
7.4
Edit IP Parameters
Move the cursor to the Edit IP field in Menu 11.1 - Remote Node Profile, then press [SPACE BAR] to toggle the
value to Yes, and press [ENTER] to edit Menu 11.3 - Network Layer Options.
Menu 11.3 Remote Node Network Layer Options
Rem IP Addr= 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Network Address Translation= SUA Only
Address Mapping Set= N/A
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= IGMP-v2
IP Policies=
Enter here to CONFIRM or ESC to CANCEL
Figure 7-4 Menu 11.3- Remote Node TCP/IP Options
7-4
Remote Node Configuration
Prestige 1600 Universal Access Concentrator
To configure the TCP/IP parameters of a remote node, first configure the two fields in Menu 11 - Remote Node
Profile, as shown.
Table 7-3 TCP/IP related fields in Menu 11.1 - Remote Node Profile
Field
Description
Rem IP Address
Enter the IP address of the remote gateway in
Menu 11.1 Remote Node Profile.
Edit IP
Press [SPACE BAR] to select Yes and press
[ENTER] to go to Menu 11.3 - Remote Node
Network Layer Options.
Option
Yes/No
The following table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer Options.
Table 7-4 Remote Node TCP/IP Configuration
Field
Description
Rem IP
Address
This shows the IP address you entered for this remote node in
the previous menu, Remote Node Profile.
Rem IP
Subnet Mask
Enter the subnet mask for the remote network.
My WAN
Addr
Some implementations, especially the UNIX derivatives, require
the WAN link to have a separate IP network number from the
LAN and each end must have a unique address within the WAN
network number. If this is the case, enter the IP address
assigned to the WAN port of your Prestige 1600.
Option
Note that this is the address assigned to your local Prestige
1600, not the remote router.
Network
Address
Translation
Address
Mapping
Set= N/A
Please see the NAT chapter for a more detailed discussion on
the Network Address Translation feature. The choices are Full
Feature, None and SUA Only.
Full Feature
None and SUA
Only
Enter the address mapping set you are applying to this remote
node. 255 is the default (read-only) SUA Only set.
1 to 4, 255
Metric
The metric represents the “cost” of transmission for routing
purposes. IP routing uses hop count as the measurement of
cost, with a minimum of 1 for directly connected networks. Enter
a number that approximates the cost for this link. The number
need not be precise, but it must be between 1 and 15. In
practice, 2 or 3 is usually a good number.
1 to 15
Private
This parameter determines if the Prestige 1600 will include the
route to this remote node in its RIP broadcasts. If set to Yes, this
route is kept private and not included in RIP broadcast. If No,
the route to this remote node will be propagated to other hosts
through RIP broadcasts.
Yes/No
RIP
Direction=
Press [SPACE BAR] to select the RIP direction from Both/In
Only/Out Only/None.
Version=
Press [SPACE BAR] to select the RIP version from RIP-1/RIP2B/RIP-2M.
Remote Node Configuration
Both/In
Only/Out
Only/None
RIP-1/ RIP-2B/
RIP-2M
7-5
Prestige 1600 Universal Access Concentrator
Field
Description
Option
IGMP-v2
IGMP-v2
None
Multicast
Turn on/off IGMP support and select the version from IGMPv2/IGMP-v1/None.
IP Policies
You can apply up to four IP Policy sets (from twelve) by entering
their numbers separated by commas, e.g., 3, 4, 6, 11.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to
Menu 11. Press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration,
or press [ESC] at any time to cancel.
7-6
Remote Node Configuration
Prestige 1600 Universal Access Concentrator
Chapter 8
Static Route
This chapter tells you how to configure static routes for the Prestige.
8.1.1
Basics
If you wish to know more about static route basics , please read on. Skip to the Static Route Setup section for the
actual configuration.
Static routes tell a router routing information that it cannot learn automatically through other means. This can arise
in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a
remote node.
Each remote node specifies only the network to which the gateway is directly connected, and a router has no
knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following diagram
through remote node Router 1. However, the Prestige is unable to route a packet to network N3 because it doesn’t
know that there is a route through the same remote node Router 1 (via gateway Router 2). The static routes are for
you to tell the Prestige about the networks beyond the remote nodes.
Figure 8-1 An Example of Static Routing Topology
8.1.2
Static Route Setup
Static routes are required if the DSL client has more than one public IP address. The routing information (static
route) entered in the secondary machine will be passed to the primary machine through RIP. By adding static
routes, the Prestige knows how to route packets belonging to the public IP addresses back to the DSL client’s local
network. The Prestige supports up to 240 static routes. Enter “p” to view a precious page of static routes and “n” to
view the next page.
Static Route
8-1
Prestige 1600 Universal Access Concentrator
To configure an IP static route, use Menu 12 - IP Static Route Setup, as displayed next.
Menu 12 - IP Static Route Setup
No.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Name
________
________
________
________
________
________
________
________
________
________
________
________
No.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
Name
________
________
________
________
________
________
________
________
________
________
________
________
No.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
Name
________
________
________
________
________
________
________
________
________
________
________
________
No.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
Name
________
________
________
________
________
________
________
________
________
________
________
________
Enter Selection Number, 'p' for prev OR 'n' for next page:
Figure 8-2 Menu 12 - IP Static Route Setup
8-2
Static Route
Prestige 1600 Universal Access Concentrator
Choosing a static route to edit produces the following screen.
Menu 12.1 - Edit IP Static Route
Route #: 1
Route Name= ?
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to Confirm or ESC to Cancel:
Figure 8-3 Menu 12.1 - Edit IP Static Route
The following table describes the fields for Menu 12.1 - Edit IP Static Route Setup.
Table 8-1 Edit IP Static Route Menu Fields
Field
Description
Options
Route #
This is the index number of the route as listed in Menu
12 - IP Static Route Setup.
Route Name
Enter a descriptive name for this route. This is for
identification purpose only.
Active
This field allows you to activate/deactivate this static
route.
Destination IP
Address
This parameter specifies the IP network address of the
final destination. Routing is always based on network
number. If you need to specify a route to a single host,
use a subnet mask of 255.255.255.255 in the subnet
mask field to force the network number to be identical to
the host ID.
IP Subnet Mask
Enter the subnet mask for this destination. Follow the
discussion on IP subnet mask in this chapter.
Gateway IP
Address
Enter the IP address of the gateway. The gateway is an
immediate neighbor of your Prestige that will forward the
packet to the destination. On the LAN the gateway must
be a router on the same segment as your Prestige; over
WAN, the gateway must be the IP address of one of the
remote nodes.
Metric
The metric represents the “cost” of transmission for
routing purposes. IP routing uses hop count as the
measurement of cost, with a minimum of 1 for directly
connected networks. Enter a number that approximates
the cost for this link. The number need not be precise,
but it must be between 1 and 15. In practice, 2 or 3 is
usually a good number.
1 to 15
Private
This parameter determines if the Prestige 1600 will
include the route to this remote node in its RIP
broadcasts. If set to Yes, this route is kept private and
not included in RIP broadcast. If No, the route to this
remote node will be propagated to other hosts through
RIP broadcasts.
Yes/No
Static Route
Yes/No
8-3
Prestige 1600 Universal Access Concentrator
Chapter 9
Network Address Translation (NAT)
This chapter discusses how to configure NAT on the Prestige.
9.1
Introduction
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet,
e.g., the source address of an outgoing packet, used within one network to a different IP address known within
another network.
9.1.1
NAT Definitions
Inside/outside denotes where a host is located relative to the Prestige, e.g., the workstations of your subscribers are
the inside hosts, while the web servers on the Internet are the outside hosts. Global/local denotes the IP address of a
host in a packet as the packet traverses across a router, e.g., the local address refers to the IP address of a host when
the packet is in the local network, while the global address refers to the IP address of the host when the same packet
is travelling in the WAN side. Note that inside/outside refers to the location of a host, while global/local refers to
the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a
packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the
same inside host when the packet is on the WAN side. The following table summarizes this information.
Term
Definition
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet travels on the LAN.
Global
This refers to the packet address (source or destination) as the packet travels on the WAN.
Please note that the IP address (either local or global) of an outside host is never changed.
9.1.2
What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local
address) to another (the inside global address) before forwarding the packet to the WAN side. When the response
comes back, NAT translates the destination address (the inside global address) back the inside local address before
forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never
changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you
can designate servers, e.g., a web server and a telnet server, on your local network and make them accessible to the
outside world. If you do not define any servers (for Many-to-One and Many-to-Many Overload mapping - see
below), NAT offers the additional benefit of firewall protection. If no server is defined in these cases, all incoming
inquiries will be filtered out by your Prestige, thus preventing intruders from probing your network. For more
information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
NAT
9-1
Prestige 1600 Universal Access Concentrator
9.1.3
How NAT works
Each packet has two addresses - a source address and a destination address. For outgoing packets, the ILA (Inside
Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the
WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address
on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with
hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Manyto-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The
Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original
values restored. The following diagram illustrates this.
Figure 9-1 How NAT Works
9.1.4
NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
1.
One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
2.
Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is
equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature.
3.
Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared
global IP addresses.
4.
One-to-One (range): In One-to-One (range) mode, the Prestige maps each local IP address to a unique global IP address.
5.
Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside
world.
6.
No-Change: This NAT mapping type allows you to assign global IPs to machines behind NAT.
Port numbers do not change for One-to-One, One-to-One (range) and No-Change NAT mapping types.
The following table summarizes these types.
9-2
NAT
Prestige 1600 Universal Access Concentrator
Table 9-1 NAT Mapping Types
Type
IP Mapping
SMT abbreviation
One-to-One
ILA1"# IGA1
1:1
Many-to-One (SUA/PAT)
ILA1"# IGA1
M:1
ILA2"# IGA1
…
Many-to-Many Overload
ILA1"# IGA1
M:M Ov
ILA2"# IGA2
ILA3"# IGA1
ILA4"# IGA2
…
One-to-One (range):
ILA1"# IGA1
1-1 Ra
ILA2"# IGA2
ILA3"# IGA3
…
Server
Server 1 IP"#
IGA1
Server
Server 2 IP"#
IGA1
Server 3 IP"#
IGA1
No Change
IGA1"# IGA1
No-Ch
IGA2"# IGA2
IGA3"# IGA3
…
9.1.5
SUA (Single User Account) Versus NAT
SUA (Single User Account) in previous ZyNOS versions is a subset of NAT that supports two types of mapping,
Many-to-One and Server. See section 9.2.3 for a detailed description of the NAT set for SUA. The Prestige has
Full Feature NAT support to map local IP addresses to global IP addresses of clients or servers using all mapping
types as outlined in Table 9-1. The Prestige supports NAT sets on a remote node basis. The mapping sets are
reusable, but only one set is allowed for each remote node. Set 255 is for SUA Only which is a convenient, preconfigured, read only Many-to-1 port mapping set, sufficient for users with just one public IP.
9.2
SMT Menus
9.2.1
Applying NAT in the SMT Menus
You apply NAT via menus 4 or 11.3. The next figure shows you how to apply NAT for Internet access in Menu 4.
Enter 4 from the Main Menu to go to Menu 4 - Internet Access Setup.
NAT
9-3
Prestige 1600 Universal Access Concentrator
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
My Login= 1234
My Password= ********
Network Address Translation= SUA Only
My WAN Addr= 0.0.0.0
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 9-2 Applying NAT for Internet Access
The following figure shows how you apply NAT to the remote node in Menu 11.1.
Step 1.
Enter 11 from the Main Menu.
Step 2.
Move the cursor to the Edit IP field, press the [SPACEBAR] to toggle the default No to Yes, then press
[ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Network Address Translation= SUA Only
Address Mapping Set= N/A
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= N/A
IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
Figure 9-3 Applying NAT to the Remote Node
The following table describes the options for Network Address Translation.
Table 9-2 Applying NAT in Menus 4 & 11.3
Field
Network Address
Translation
Description
Full Feature: You can configure any of the 6 mapping types
described in Table 9-1.
SUA Only: When you select this option the SMT will use Address
Mapping Set 255 (Menu 15.1 - see section 9.2.3). It is a convenient,
pre-configured, read only Many-to-1 port mapping set, sufficient for
most purposes (especially for users with just one public IP) and
helpful to people already familiar with SUA in previous ZyNOS
versions. Note that there is also a Server type whose IGA is 0.0.0.0
in this set.
None: NAT is disabled when you select this option.
Address Mapping
Set
9-4
This is the Address Mapping Set that you wish to apply to this node.
Set 255 is reserved for SUA.
NAT
Prestige 1600 Universal Access Concentrator
9.2.2
Configuring NAT
To configure NAT, enter 15 from the Main Menu to bring up the following screen.
Menu 15 – NAT Setup
1.
2.
Address Mapping Sets
Server Set
Enter Menu Selection Number:
Figure 9-4 Menu 15 NAT Setup
9.2.3
Address Mapping Sets and NAT Server Sets:
Use the Address Mapping Sets menus and submenus to create the mapping table for translation. Each remote node
must specify which NAT Address Mapping Set to use. You can only configure set 1 to 4, which supports all
mapping types as outlined in Table 9-1. Set 255 is used for SUA. When you select SUA Only, the SMT will use
the pre-configured Set 255 (read only) - see section 9.1.5.
Enter 1 to bring up Menu 15.1 - Address Mapping Sets.
Menu 15.1 - Address Mapping Sets
1.
2.
3.
4.
255.
NAT_SET1
NAT_SET2
NAT_SET3
NAT_SET4
SUA (read only)
Figure 9-5 Menu 15.1 Address Mapping Sets
Let’s look first at Option 255 (see section 9.1.5). The fields in this menu cannot be changed. Entering 255 brings up
the following screen.
NAT
9-5
Prestige 1600 Universal Access Concentrator
Menu 15.1.255 - Address Mapping Rules
Set Name= SUA
Idx
--1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Local Start IP
--------------0.0.0.0
Local End IP
--------------255.255.255.255
Global Start IP
--------------0.0.0.0
0.0.0.0
Global End IP
---------------
Type
-----M-1
Server
Press ENTER to Confirm or ESC to Cancel:
Figure 9-6 SUA Address Mapping Rules
The following table explains the fields in this screen.
Please note that the fields in this menu are read-only. The Type, Local and Global Start/End IPs are
normally (not for this read-only menu) configured in Menu 15.1.1.1 (described later) and the values
are displayed here.
Table 9-3 SUA Address Mapping Rules
Field
Description
Set Name
This is the name of the set you selected in Menu
15.1 or enter the name of a new set you want to
create.
Idx
This is the index or rule number.
Local Start IP
Local Start IP is the starting local IP address (ILA)
(see Figure 9-1). Local End IP is the ending local IP
address (ILA). If the rule is for all local IPs, then the
Start IP is 0.0.0.0 and the End IP is 255.255.255.255.
Local End IP
Global Start
IP
This is the starting global IP address (IGA). If you
have a dynamic IP, enter 0.0.0.0 as the Global Start
IP.
Global End IP
This is the ending global IP address (IGA).
Type
These are the mapping types discussed above (see
Table 9-1). Type Server allows you to specify a
server of a given service behind NAT. See section
9.4.3 below for some examples.
Options/Example
SUA
1
0.0.0.0
255.255.255.255
0.0.0.0
N/A
Server
Note: For all Local and Global IPs, the End IP address must be numerically greater than the IP Start
address.
Now let’s look at Option 1 in Menu 15.1. Enter 1 to bring up this menu and look at the differences from the
previous menu. Note that, this screen is not read only, so there are extra Action and Select Rule fields. Note also
that the [?] in the Set Name field means that this is a required field and you must enter a name for the set.
9-6
NAT
Prestige 1600 Universal Access Concentrator
Please note that if the Set Name field is left blank, the entire set will be deleted.
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET1
Idx
--1.
2
3.
4.
5.
6.
7.
8.
9.
10.
Local Start IP
---------------
Local End IP
---------------
Action= Edit
Global Start IP
---------------
Global End IP
---------------
Type
------
Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Figure 9-7 First Set in Menu 15.1.1
The Type, Local and Global Start/End IPs are configured in Menu 15.1.1.1 (described later) and the
values are displayed here.
9.2.4
Ordering Your Rules
Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule
matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there
are any empty rules before your new configured rule, your configured rule will be pushed up by that number of
empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure
rule number 9. In the set summary screen, the new rule will be rule 7, not 9.
Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rules 5, 6 and 7 become new rules 4, 5
and 6.
The description of the other fields is as described above. The Type, Local and Global Start/End IPs are configured
in Menu 15.1.1.1 (described later) and the values are displayed here.
Table 9-4 Menu 15.1.1
Field
NAT
Description
Set Name
Enter a name for this set of rules. This is a required field.
Please note that if this field is left blank, the entire set will be
deleted.
Action
There are 4 actions. The default is Edit. Edit means you
want to edit a selected rule (see following field). Insert
Before means to insert a rule before the rule selected. The
rules after the selected rule will then be moved down by one
rule. Delete means to delete the selected rule and then all
the indices of the rules after the selected one will be
decremented by 1. Save Set means to save the whole set
(note when you choose this action, the Select Rule item will
be disabled).
Select Rule
When you choose Edit, Insert Before or Delete in the
previous field the cursor jumps to this field to allow you to
select the rule to apply the action in question.
Option
Edit
Insert Before
Delete
Save Set
9-7
Prestige 1600 Universal Access Concentrator
N.B.: Save Set in the Action field means to save the whole set. You must do this if you make any
changes to the set - including deleting a rule. No changes to the set take place until this action is taken.
Be careful when ordering your rules as each rule is executed in sequence beginning from rule 1.
Selecting Edit in the Action field and then entering a rule number brings up the following menu, Menu 15.1.1.1 - Address
Mapping Rule in which you can edit an individual rule and configure the Type, Local and Global Start/End IPs displayed in
Menu 15.1.1.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start=
End = N/A
Global IP:
Start=
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 9-8 Editing an Individual Rule in a Set
The following table describes the fields in this screen.
Table 9-5 Menu 15.1.1.1 - configuring an individual rule
Field
Description
Option/Example
Type
Press the [SPACEBAR] to toggle through a total of 6
types. These are the mapping types discussed above
(see Table 9-1). Type Server allows you to specify
multiple servers of different types behind NAT to this
machine. See section 9.4.3 below for some examples.
One-to-One
Many-to-One
Many-to-Many Overload
One-to-One (range)
Server
No Change
Local IP
Only local IP fields are N/A for server; Global IP fields
MUST be set for Server.
Start
This is the starting local IP address (ILA).
End
This is the ending local IP address (ILA). If the rule is
for all local IPs, then put the Start IP as 0.0.0.0 and the
End IP as 255.255.255.255. This field is N/A for Oneto-One and Server types.
255.255.255.255
Start
This is the starting global IP address (IGA). If you have
a dynamic IP, enter 0.0.0.0 as the Global IP Start. Note
that Global IP Start can be set to 0.0.0.0 only if the
types are Many-to-One or Server.
0.0.0.0
End
This is the ending global IP address (IGA). This field is
N/A for One-to-One, Many-to-One and Server types.
172.16.23.55
0.0.0.0
Global IP
Note: For all Local and Global IPs, the End IP address must be numerically greater than the Start IP
address.
9-8
NAT
Prestige 1600 Universal Access Concentrator
9.3
NAT Server Sets
A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to the outside
world. Menu 15.2 - NAT Server Sets is used to configure these servers.
9.3.1
Multiple Servers behind NAT
If you wish, you can make inside servers for different services, e.g., web or FTP, visible to the outside users, even
though NAT makes your whole inside network appear as a single machine to the outside world. A service is
identified by the port number, e.g., web service is on port 80 and FTP on port 21.
As an example (see the following figure), if you have a web server at 192.168.1.36 and an FTP server 192.168.1.33,
then you need to specify for port 80 (web) the server at IP address 192.168.1.36 and for port 21 (FTP) another at IP
address 192.168.1.33.
Please note that a server machine can support more than one service, e.g., a machine can provide both FTP and
DNS service, while another provides only web service.
Figure 9-9 Multiple Servers Behind NAT
9.3.2
Configuring Inside Servers
Follow the steps below to configure a server behind NAT:
Step 1.
Enter 15 in the main menu to go to Menu 15 - NAT Setup.
Step 2.
Enter 2 to go to Menu 15.2 - NAT Server Sets.
Step 3.
Enter the service port number in the Port # field and the inside IP address of the server in the IP Address
field.
NAT
9-9
Prestige 1600 Universal Access Concentrator
Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuration after you define all the
servers or press ESC at any time to cancel. The most often used port numbers are shown in the following table.
Please refer to RFC 1700 for further information about port numbers. Please also refer to the included disk for more
examples and details on NAT.
Menu 15.2 - NAT Server Sets
Port #
IP Address
-----------------1. (Used by SUA)
0.0.0.0
2.21
3.23
4.25
5.80
6. 0
7. 0
8. 0
9. 0
10. 0
192.168.255.1
192.168. 255.2
192.168. 255.3
192.168. 255.4
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 9-10 Menu 15.2 - NAT Server Setup
Table 9-6 Common Services & Port numbers
Services
Port Number
FTP (File Transfer Protocol)
21
Telnet
23
SMTP (Simple Mail Transfer Protocol)
25
DNS(Domain Name System)
53
HTTP (Hyper Text Transfer protocol or WWW, Web)
80
PPTP (Point-to-Point Tunneling Protocol)
9.4
Examples
9.4.1
Internet Access Only
1723
In this Internet access example, you only need one rule where all the ILAs (Inside Local Addresses) map to one
dynamic IGA (Inside Global Address) assigned by your ISP.
9-10
NAT
Prestige 1600 Universal Access Concentrator
Figure 9-11 NAT Example 1
Menu 4 - Internet Access Setup
ISP's Name= EG1
My Login= 1234
My Password= ********
Network Address Translation= SUA Only
My IP Addr= 0.0.0.0
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 9-12 NAT Example for Internet Access
In Menu 4 choose the SUA Only option for the Network Address Translation field. This is a pre-configured
Many-to-One mapping discussed in section 9.1.4.
9.4.2
Example 2 - Internet Access with a Default Inside Server
Figure 9-13 NAT Example 2
In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu 15.2
to specify the inside server behind the NAT as shown in the next figure. All incoming connections are forwarded to
the default inside server at the IP address specified.
NAT
9-11
Prestige 1600 Universal Access Concentrator
Menu 15.2 - NAT Server Sets
Port #
IP Address
-----------------1. (Used by SUA)
192.168.1.10
2.
3.
4.
5.
6.
7.
8.
9.
10.
0
0
0
0
0
0
0
0
0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 9-14 Specifying an Inside Sever
9.4.3
Example 3 - General Case
In this example, there are 3 IGAs from your ISP. There are many departments but two have their own FTP server.
All departments share the same router. You want to reserve 1 IGA for each department with an FTP server and the
other IGA is used by all. You want to map the FTP servers to the first two IGAs and the other LAN traffic to the
remaining IGA. You also want to map the third IGA to an inside web server and mail server. You need to configure
4 rules as follows.
Rule 1.
You map the first IGA to the first inside FTP server (1: 1 mapping, giving both local and global IP
addresses).
Rule 2.
You map the second IGA to the second inside FTP server (1: 1 mapping, giving both local and global IP
addresses).
Rule 3.
You map all other addresses to IGA3 (Many : 1 mapping).
Rule 4.
You also use the third IGA to open the web server and mail server on the LAN. Type Server allows us
to specify a server, of a given service behind NAT.
The situation looks somewhat like this:
Figure 9-15 NAT - Example 3
9-12
NAT
Prestige 1600 Universal Access Concentrator
Step 1.
You need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you
must choose the Full Feature option from the Network Address Translation field (in Menu 4 or Menu
11.3).
Step 2.
Enter 15 from the Main Menu.
Step 3.
Enter 1 to configure the Address Mapping Sets.
Step 4.
Choose 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then select 1
from Select Rule field. Press [ENTER] to confirm.
Step 5.
Select Type= as One-to-One and enter the local Start IP as 192.168.1.10 (the IP address of FTP Server
1), the global Start IP as 10.132.50.1 (the first IGA). (See Figure 9-16)
Step 6.
Repeat the previous step for rules 2 to 4 as outlined above.
Step 7.
When finished, Menu 15.1.1 should look like as shown in Figure 9-17.
The following figure shows how to configure the first rule.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start= 192.168.1.10
End = N/A
Global IP:
Start= 10.132.50.1
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 9-16 Example 3 - Menu 15.1.1.1
When you have configured all four rules, Menu 15.1.1 should look as follows.
Menu 15.1.1 - Address Mapping Rules
Set Name= Example3
Idx Local Start IP
--- --------------1. 192.168.1.10
2 192.168.1.11
3. 0.0.0.0
4.
5.
6.
7.
8.
9.
10.
Local End IP
---------------
255.255.255.255
Action= Edit
Global Start IP
--------------10.132.50.1
10.132.50.2
10.132.50.3
10.132.50.3
Global End IP
---------------
Type
-----1-1
1-1
M-1
Server
Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Figure 9-17 Example 3 Final Menu 15.1.1
Now you configure IGA3 to map to the web and mail server on the LAN.
Step 8.
NAT
Enter 15 from the Main Menu.
9-13
Prestige 1600 Universal Access Concentrator
Step 9.
Enter 2 from this menu and configure it as shown in Figure 9-18.
Menu 15.2 - NAT Server Sets
Port #
IP Address
-----------------1. (Used by SUA)
0.0.0.0
2.80
3. 25
4. 0
5. 0
6. 0
7. 0
8. 0
9. 0
10. 0
192.168.1.21
192.168.1.20
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 9-18 Example 3 - Menu 15.2
9.4.4
NAT Unfriendly Application Programs
Many applications, e.g., gaming programs are NAT unfriendly because they embed addressing information in the
data stream. In this case it is better to use the No Change NAT mapping type for computers running such
applications behind NAT.
9.4.5
Example 4 - Remote Management
You can remotely manage a secondary P1600 behind NAT on the primary. Please see the Remote Management
chapter.
9.4.6
Applying NAT to the Ethernet Port
You can also apply NAT to the Ethernet port if the Configuration Type in Menu 1 is Standalone. This feature is
useful when you connect a broadband device such as a DSL modem or cable modem via the Ethernet port. NAT in
Menu 3.2 applies solely to the Ethernet port.
9-14
NAT
Prestige 1600 Universal Access Concentrator
Figure 9-19 Ethernet SUA
Menu 3.2 - TCP/IP Setup
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast= N/A
IP Policies=
Network Address Translation= Full Feature
Address Mapping Set= 2
Press ENTER to Confirm or ESC to Cancel:
Figure 9-20 Applying NAT on the LAN Port
To use the Ethernet port for Internet Access, go to Menu 12 - IP Static Route Setup to set up the static default
route using a P1600 standalone. Please refer to the chapter on Remote Node Configuration for more details.
NAT
9-15
Prestige 1600 Universal Access Concentrator
Chapter 10
Filter Configuration
This chapter shows you how to create and apply filter(s).
10.1
About Filtering
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two
types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters,
which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into
incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be
applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet should be allowed to
trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering as shown in the
following figure.
Call Filtering
Active Data
Outgoing
Packet
Data
Filtering
Match
Drop
packet
No
match
No
match
Built-in
default
Call Filters
User-defined
Call Filters
(if applicable)
Match
Drop packet
if line not up
No
match
Initiate call
if line not up
Send packet
and reset
Idle Timer
Match
Drop packet
if line not up
Or
Or
Send packet
but do not reset
Idle Timer
Send packet
but do not reset
Idle Timer
Figure 10-1 Outgoing Packet Filtering Process
The following sections describe how to configure filter sets. Please see the application notes for more information
and examples on creating and configuring filters.
10.2
The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter
sets with six rules in each set, for a total of 72 filter rules in the system.
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set
having up to six rules, you can have a maximum of 24 rules active for a single port.
The following diagram illustrates the logic flow when executing a filter rule.
Filter Configuration
10-1
Prestige 1600 Universal Access Concentrator
Start
Packet into
filter
Fetch First
Filter Set
Filter Set
Fetch Next
Filter Set
Fetch First
Filter Rule
Fetch Next
Filter Rule
Yes
Yes
Next Filter Set
Available?
No
Next filter
Rule
Available?
No
Active?
Yes
No
Check
Next
Rule
Execute
Filter Rule
Forward
Drop
Drop Packet
Accept Packet
Figure 10-2 Filter Rule Process
10-2
Filter Configuration
Prestige 1600 Universal Access Concentrator
10.3
Configuring a Filter Set
To configure a filter sets, follow the procedure below:
Step 1.
Enter 21 from the Main Menu to open Menu 21 - Filter Set Configuration.
Menu 21 - Filter Set Configuration
Filter
Set #
-----1
2
3
4
5
6
Comments
-----------------______________
______________
______________
______________
______________
______________
Filter
Set #
-----7
8
9
10
11
12
Comments
-----------------______________
______________
______________
______________
______________
______________
Enter Filter Set Number to Configure=
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
Figure 10-3 Menu 21 - Filter Set Configuration
Step 2.
Enter the index of the filter set you wish to configure (no. 1-12) and press [ENTER].
Step 3.
Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
Step 4.
Press [ENTER] at the message “Press ENTER to confirm” to open Menu 21.1 - Filter Rules Summary.
Filter Configuration
10-3
Prestige 1600 Universal Access Concentrator
Menu 21.1 - Filter Rules Summary
# A Type
Filter Rules
M m n
- - ---- -------------------------------------------- ------ - - 1 Y IP
Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137
N D N
2 Y IP
Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138
N D N
3 Y IP
Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139
N D N
4 Y IP
Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137
N D N
5 Y IP
Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138
N D N
6 Y IP
Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139
N D F
Enter Filter Rule Number (1-6) to Configure: 1
Edit Comments= NetBIOS_WAN
Press ENTER to Confirm or ESC to Cancel:
Enter Filter Rule Number (1-6) to Configure:
Figure 10-4 Menu 21.1 - Filter Rules Summary
10.3.1 Filter Rules Summary Menu
These screens show a summary of the existing rules in an example filter set. The following tables contain a brief
description of the abbreviations used in Menu 21.1 and Menu 21.2.
Table 10-1 Abbreviations Used in the Filter Rules Summary Menu
Abbreviations
Description
#
Refers to the filter rule number (1-6).
A
Refers to Active.
Display
[Y] means the filter rule is
active.
[N] means the filter rule is
inactive.
Type
Refers to the type of filter rule.
[IP] for TCP/IP
This shows IP for TCP/IP, and Device
[Dev] for Device
Filter Rules
The filter rule parameters are
displayed here (see below).
M
Refers to More.
[Y] means an action can not yet be
taken as there are more rules to check,
which are concatenated with the
present rule to form a rule chain.
When the rule chain is complete an
action can be taken.
[Y] means there are more
rules to check.
[N] means there are no more
rules to check.
[N] means you can now specify an
action to be taken i.e., forward the
packet, drop the packet or check the
next rule. For the latter, the next rule is
independent of the rule just checked.
If More is Yes, then Action Matched
and Action Not Matched will be N/A.
m
10-4
Refers to Action Matched.
[F] means to forward the
Filter Configuration
Prestige 1600 Universal Access Concentrator
Abbreviations
Description
Display
[F] means to forward the packet
immediately and skip checking the
remaining rules if any.
packet.
[D] means to drop the
packet.
[N] means check the next
rule.
n
Refers to Action Not Matched
[F] means to forward the packet
immediately and skip checking the
remaining rules if any.
[F] means to forward the
packet.
[D] means to drop the
packet.
[N] means check the next
rule.
The protocol dependent filter rules abbreviation are listed as follows:
If the filter type is IP, the following abbreviations listed in the following table will be used.
Table 10-2 Abbreviations Used If Filter Type Is IP
Abbreviation
Description
Pr
Protocol
SA
Source Address
SP
Source Port number
DA
Destination Address
DP
Destination Port number
If the filter type is Dev (device), the following abbreviations listed in the following table will be used.
Table 10-3 Abbreviations Used If Filter Type Is Dev
Abbreviation
Description
Off
Offset
Len
Length
Refer to the next section for information on configuring the filter rules.
10.4
Configuring a Filter Rule
To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ENTER] to open
Menu 21.1.1 for the rule.
10.5
Filter Types and NAT
There are two classes of filter rules, Generic Filter (Device) rules and Protocol Filter (TCP/IP) rules. Generic
Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP packets. Generic and
TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address Translation) is
Filter Configuration
10-5
Prestige 1600 Universal Access Concentrator
enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it
impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the
“native” IP address and port number before NAT for outgoing packets and after NAT for incoming packets. On the
other hand, the generic, or device filters are applied to the raw packets that appear on the wire. They are applied at
the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet
port or any other hardware port. The following diagram illustrates this.
Figure 10-5 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same type, i.e., Protocol filters or Device filters. The
class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate
menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters
field or vice versa, the Prestige will warn you and will not allow you to save.
10.5.1 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields
in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open Menu
21.1.1 - TCP/IP Filter Rule, as shown next.
10-6
Filter Configuration
Prestige 1600 Universal Access Concentrator
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6
IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No
Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 10-6 Menu 21.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
Table 10-4 TCP/IP Filter Rule Menu Fields
Field
Description
Option
Filter #
This is the filter set, filter rule co-ordinates, i.e.,
2,3 refers to the second filter set and the third filter
rule of that set.
Filter Type
Press [SPACE BAR] to toggle between types of
rules. Parameters displayed below each type will
be different.
Active
This field activates/deactivates the filter rule.
IP Protocol
Protocol refers to the upper layer protocol, e.g.,
TCP is 6, UDP is 17 and ICMP is 1. This value
must be between 0 and 255. Enter 0 if IP protocol
is don’t care.
IP Source
Route
If Yes, the rule applies to packet with IP source
route option; else the packet must not have
source route option. The majority of IP packets
do not have source route.
Destination: IP
Addr
Enter the destination IP Address of the packet you
wish to filter. This field is a ignored if it is 0.0.0.0.
Destination: IP
Mask
Enter the IP subnet mask to apply to the
Destination: IP Addr. To filter a single host, enter
255.255.255.255 as the mask.
Destination:
Port #
Enter the destination port of the packets that you
wish to filter. The range of this field is 0 to 65535.
This field is ignored if it is 0.
0-65535
Destination:
Port # Comp
Select the comparison to apply to the destination
port in the packet against the value given in
None/Less/Grea
ter/Equal/Not
Filter Configuration
Device Filter
Rule / TCP/IP
Filter Rule
Yes/No
0-255
Yes/No
10-7
Prestige 1600 Universal Access Concentrator
Field
Description
Destination: Port #.
Option
Equal
Source: IP
Addr
Enter the source IP Address of the packet you
wish to filter. This field is a ignored if it is 0.0.0.0.
Source: IP
Mask
Enter the IP subnet mask to apply to the Source:
IP Addr.
Source: Port #
Enter the source port of the packets that you wish
to filter. The range of this field is 0 to 65535. This
field is a ignored if it is 0.
0-65535
Source: Port #
Comp
Select the comparison to apply to the source port
in the packet against the value given in Source:
Port #.
None/Less/Grea
ter/Equal/Not
Equal
TCP Estab
This field is applicable only when IP Protocol field
is 6, TCP. If Yes, the rule matches only
established TCP connections; else the rule
matches all TCP packets.
Yes/No
More
If Yes, a matching packet is passed to the next
filter rule before an action is taken; else the packet
is disposed of according to the action fields.
Yes/N/A
If More is Yes, then Action Matched and Action
Not Matched will be N/A.
Log
Select the logging option from the following:
None - No packets will be logged.
None
Action Matched
Action Matched - Only packets that match the
rule parameters will be logged.
Action Not
Matched
Action Not Matched - Only packets that do not
match the rule parameters will be logged.
Both
Both - All packets will be logged.
Action Matched
Select the action for a matching packet.
Check Next Rule
Forward
Drop
Action Not
Matched
Select the action for a packet not matching the
rule.
Check Next Rule
Forward
Drop
Once you have completed filling in Menu 21.1.1 - TCP/IP Filter Rule, press [ENTER] at
the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to
cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
The next diagram illustrates the logic flow of an IP filter.
10-8
Filter Configuration
Prestige 1600 Universal Access Concentrator
Packet
into IP Filter
Filter Active?
No
Yes
Apply SrcAddrMask
to Src Addr
Check Src
IP Addr
Not Matched
Matched
Apply DestAddrMask
to Dest Addr
Check Dest
IP Addr
Not Matched
Matched
Check
IP Protocol
Not Matched
Matched
Check Src &
Dest Port
Not Matched
Matched
More?
Yes
No
Action Not Matched
Action Matched
Check Next Rule
Check Next Rule
Drop
Drop
Forward
Forward
Drop Packet
Check Next Rule
Accept Packet
Figure 10-7 Executing an IP Filter
10.5.2 Device Filter Rule
This section shows you how to configure a device filter rule. The purpose of device rules is to allow you to filter
non-IP/IPX packets. For IP and IPX, it is generally easier to use the protocol rules directly.
For Device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the
portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies
the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match.
The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a
byte, so if the length is 4, the value in either field will take 8 digits, e.g., FFFFFFFF.
To configure a device rule, select Device Filter Rule in the Filter Type field and press [ENTER] to open Menu
21.1.1 - Device Filter Rule, as shown below.
Filter Configuration
10-9
Prestige 1600 Universal Access Concentrator
Menu 21.1.1 - Device Filter Rule
Filter #: 1,1
Filter Type= Device Filter Rule
Active= No
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No
Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Figure 10-8 Menu 21.1.2 - Device Filter Rule
The following table describes the fields in the Device Filter Rule Menu.
Table 10-5 Device Filter Rule Menu Fields
Field
Description
Option
Filter #
This is the filter set, filter rule co-ordinates, i.e., 2,3
refers to the second filter set and the third filter rule of
that set.
Filter Type
Press [SPACE BAR] to toggle between types of rules.
Parameters displayed below each type will be different.
Active
Select Yes to turn on the filter rule.
Offset
Enter the starting byte of the data portion in the packet
that you wish to compare. The range for this field is
from 0 to 255.
Default = 0
Length
Enter the byte count of the data portion in the packet
that you wish to compare. The range for this field is 0
to 8.
Default = 0
Mask
Enter the mask (in Hexadecimal) to apply to the data
portion before comparison.
Value
Enter the value (in Hexadecimal) to compare with the
data portion.
More
If Yes, a matching packet is passed to the next filter
rule before an action is taken; else the packet is
disposed of according to the action fields.
Device Filter
Rule /
TCP/IP Filter
Rule
Yes/No
Yes / N/A
If More is Yes, then Action Matched and Action Not
Matched will be N/A.
Log
Select the logging option from the following:
None - No packets will be logged.
Action Matched - Only packets that match the rule
parameters will be logged.
Action Not Matched - Only packets that do not match
the rule parameters will be logged.
10-10
None
Action
Matched
Action Not
Matched
Filter Configuration
Prestige 1600 Universal Access Concentrator
Field
Description
Both - All packets will be logged.
Action
Matched
Select the action for a matching packet.
Option
Both
Check Next
Rule
Forward
Drop
Action Not
Matched
Select the action for a packet not matching the rule.
Check Next
Rule
Forward
Drop
Once you have completed filling in Menu 21.1.1 - Device Filter Rule, press [ENTER]
at the message “Press ENTER to Confirm” to save your configuration, or press [ESC]
to cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
10.6
Applying a Filter
This section shows you where to apply the filter(s) after you design it (them).
10.6.1 Ethernet traffic
You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reducing
traffic and preventing security breaches. Go to Menu 3.1 (shown below) and enter the number(s) of the filter set(s)
that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers
separated by commas, e.g., 3, 4, 6, 11.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 10-9 Filtering Ethernet Traffic
Filter Configuration
10-11
Prestige 1600 Universal Access Concentrator
10.6.2 Remote Node Filters
Go to Menu 11.1 (shown next) and enter the number(s) of the filter set(s) as appropriate. You can specify up to
four filter sets by entering their numbers separated by commas.
Menu 11.1 - Remote Node Profile
Rem Node Name= ?
Active= Yes
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets:
Protocol filters =
Device filters =
Enter Filter
sets here
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 10-10 Filtering Remote Node traffic
10.7
Filter Example
The Prestige 1600 supports the firmware and configuration files upload using FTP connections via LAN and
WANs. So, it is possible that anyone can make an FTP connection over the Internet to your Prestige. To prevent
outside users from connecting to your Prestige via FTP, you can configure a filter to block FTP connections from
the WAN.
Before configuring a filter, you need to know the following information:
1. The inbound packet type (protocol & port number) - in this case, it is TCP (06) protocol with port 20 or 21.
2. The source IP address - in this case, to block all connections from the outside, the source IP is 0.0.0.0.
The destination IP address is the Prestige's IP address, but it is unknown when SUA is enabled since most WAN IP
addresses are dynamically assigned by the ISP. Therefore, enter 0.0.0.0 as the destination IP in the filter rule. Once
0.0.0.0 is set as the destination IP, no FTP connections can reach the Prestige nor the FTP server on the LAN. For a
LAN-to-LAN connection, enter the Prestige's LAN IP as the destination IP in the filter rule. After you apply the
FTP filter to the remote node, it only blocks the FTP connection to the Prestige but still permits the FTP connection
to the local FTP server.
10.7.1 Configuring a FTP_WAN Filter Rule
Create a filter set in Menu 21, e.g., set 2.
10-12
Filter Configuration
Prestige 1600 Universal Access Concentrator
Menu 21 - Filter Set Configuration
Filter
Set #
-----1
2
3
4
5
6
Comments
-----------------NetBIOS_WAN
_____________
______________
______________
______________
______________
Filter
Set #
-----7
8
9
10
11
12
Comments
-----------------______________
______________
______________
______________
______________
______________
Enter Filter Set Number to Configure= 2
Edit Comments= FTP_WAN
Press ENTER to Confirm or ESC to Cancel:
Figure 10-11 FTP_WAN Filter Configuration
Create two filter rules in Menu 21.2.1 and Menu 21.2.2
Rule 1- block the inbound FTP packet, TCP (06) protocol with port number 20
Menu 21.2.1 - TCP/IP Filter Rule
Filter #: 2,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6
IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 20
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No
Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 10-12 Filter Rule Configuration
Filter Configuration
10-13
Prestige 1600 Universal Access Concentrator
Rule 2- block the inbound FTP packet, TCP (06) protocol with port number 21
Menu 21.2.2 - TCP/IP Filter Rule
Filter #: 2,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6
IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 21
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No
Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 10-13 Filter Rule Configuration
Check if the filter rules have been correctly configured using the Menu 21.2
Menu 21.2 - Filter Rules Summary
# A Type
Filter Rules
M m
- - ---- -------------------------------------------- ------ - 1 Y IP
Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=20
N D
2 Y IP
Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21
N D
n
N
F
Enter Filter Rule Number (1-6) to Configure: 1
Edit Comments= FTP_WAN
Press ENTER to Confirm or ESC to Cancel:
Enter Filter Rule Number (1-6) to Configure:
Figure 10-14 FTP_WAN Filter Rules Summary
Note: Please refer to the Support Notes for more examples.
10-14
Filter Configuration
Prestige 1600 Universal Access Concentrator
Apply the filter set in Menu 11. 1 - Remote Node Profile. Put the filter set number 2 to the Input Protocol Filter
Set for activating the FTP_WAN filter.
Menu 11.1 - Remote Node Profile
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Rem Node Name= ?
Active= Yes
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Input Filter Sets:
Protocol filters = 2
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 10-15 Remote Node Profile
Filter Configuration
10-15
Prestige 1600 Universal Access Concentrator
Chapter 11
SNMP Configuration
This chapter explains how to configure SNMP.
11.1
About SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information
between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige 1600 supports SNMP agent
functionality, which allows a manager station to manage and monitor the Prestige 1600 through the network. The
Prestige 1600 supports SNMP version one (SNMPv1).
Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige 1600.
The next figure illustrates an SNMP management operation.
Figure 11-1 SNMP Management Model
An SNMP managed network consists of two main components: agents and a manager.
An agent is a management software module that resides in a managed device (P1600). An agent translates the local
management information from the managed device into a form compatible with SNMP. The manager is the console
through which network administrators perform network management functions. It executes applications that control
and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be collected
about a device. Examples of variables include such as number of packets received, node port status etc. A
SNMP Configuration
11-1
Prestige 1600 Universal Access Concentrator
Management Information Base (MIB) is a collection of managed objects. SNMP allows manager and agents to
communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request
and the agent returns responses using the following protocol operations:
♦ Get
Allows the manager to retrieve an object variable from the agent.
♦ GetNext
Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a
manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series
of GetNext operations.
♦ Set
Allows the manager to set values for object variables within an agent.
♦ Trap
Used by the agent to inform the manager of some events.
11.2
Supported MIBs
The P1600 supports MIB II that is defined in RFC-1213 and RFC-1215. The P1600 can also respond with specific
data from the ZyXEL private MIB (ZYXEL-MIB). The focus of the MIBs is to let administrators collect statistic
data and monitor status and performance.
The only implement MIBs in P1600 as a SNMP agent. Users must implement their own GUI on SNMP platform
(SNMP manager).
When the user logs in using SMT, the set-request will be ignored for the protection of data.
11.3
SNMP Configuration
To configure SNMP, select option 22 from the Main Menu to open Menu 22 - SNMP Configuration as shown
next. The “community” for Get, Set and Trap fields is SNMP’s terminology for password.
11-2
SNMP Configuration
Prestige 1600 Universal Access Concentrator
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Hgst= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 11-2 Menu 22 - SNMP Configuration
The following table describes the SNMP configuration parameters.
Table 11-1 SNMP Configuration Menu Fields
Field
Description
Option
Get Community
Enter the Get Community, which is the password for the
incoming Get- and GetNext- requests from the management
station.
Public
Set Community
Enter the set community, which is the password for
incoming Set requests from the management station.
Public
Trusted Host
If you enter a trusted host, your Prestige 1600 will only
respond to SNMP messages from this address. If you leave
the field blank (default), your Prestige 1600 will respond to
all SNMP messages it receives, regardless of source.
Blank
Trap: Community
Enter the trap community, which is the password sent with
each trap to the SNMP manager.
Public
Trap: Destination
Enter the IP address of the station to send your SNMP traps
to.
Blank
Once you have completed filling in Menu 22 - SNMP Configuration, press [ENTER] at the
message “Press ENTER to Confirm...” to save your configuration, or press [ESC] to cancel.
11.4
SNMP Traps
P1600 will send traps to the SNMP manager when any one of the following events occurs:
1.
coldStart (defined in RFC-1215) :
When the machine coldstarts, a trap will be sent after booting (power on).
2.
warmStart (defined in RFC-1215) :
When the machine warmstarts, a trap will be sent after booting (software reboot).
3.
linkDown (defined in RFC-1215) :
When any of the links is down, a trap will be sent with the port number. The port number is its interface index under
the interface group.
Port 1 : Ethernet LAN
SNMP Configuration
11-3
Prestige 1600 Universal Access Concentrator
Port 2 : PVC 1
Port 3 : PVC 2
Port 4 : PVC 3
Port 5 : xDSL 1
Port 6 : xDSL 2
…
Port 36 : xDSL 32
Please note that xDSL refers to the type of network module installed, i.e., ADSL, IDSL, SDSL.
4.
linkUp (defined in RFC-1215) :
When a link is up, the trap will be sent with the port number . The port number is its interface index under the
interface group.
5.
authenticationFailure (defined in RFC-1215) :
When receiving any SNMP get or set requirement with wrong community (password), this trap is sent to the
manager.
6.
whyReboot (defined in ZYXEL-MIB) :
When the system is going to restart (warmstart), a trap will be sent with the reason of restart before rebooting.
a. For intentional reboot :
In some cases (download new files, CI command "sys reboot", …), reboot is done intentionally. When this happens,
traps with the message "System reboot by user !" will be sent.
b. For fatal error :
If the system reboots because of some fatal errors, traps with the message of the fatal code will be sent.
11-4
SNMP Configuration
Prestige 1600 Universal Access Concentrator
Chapter 12
System Security
This chapter discusses the system password and RADIUS authentication.
The first step towards ensuring security is changing your system password from the default value to your personal
password.
12.1
Changing the System Password
To change the system password, following steps below:
Step 1.
Select option 23. System Security in the Main Menu to open Menu 23 - System Security as shown in
Figure 12-1.
Menu 23 - System Security
Change Password
External Server
Enter Menu Selection Number:
Figure 12-1 Menu 23 - System Security
Step 2.
From the System Security Menu, select option 1. Change Password to open Menu 23.1 - System
Security - Change Password.
Step 3.
Enter your existing system password and press [ENTER].
Menu 23.1 - System Security - Change Password
Old Password= ********
New Password= ********
Retype to confirm= ********
Enter here to CONFIRM or ESC to CANCEL:
Figure 12-2 Menu 23.1 - System Security - Change Password
Step 4.
Enter your new system password and press [ENTER].
Step 5.
Re-type your new system password for confirmation and press [ENTER].
As you enter the password, the screen displays an (*) for each character you type.
RADIUS Support
12-1
Prestige 1600 Universal Access Concentrator
12.2
RADIUS Support
This section shows you to configure user authentication and accounting using an external RADIUS server.
12.2.1 About RADIUS
RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol that enables remote access
servers to communicate with a central server to authenticate dial-in users. RADIUS allows a company to maintain
user profiles in a central database that all remote servers can share.
12.2.2 Using RADIUS Authentication
12.3
RADIUS Authentication
Your Prestige has a built-in dial-up user list; however, the number of users that can be stored locally is limited due
to memory constraints. If you have more users than what the Prestige can store locally, use an external RADIUS
(Remote Authentication Dial-In User Service) server that provides authentication service for unlimited number of
users.
12.3.1 Installing a RADIUS Server
To use RADIUS authentication, you need to have a UNIX or Windows NT machine on your network as the
RADIUS server, as well as the RADIUS software itself.
You can obtain the RADIUS server software, along with documentation, at
http://www.livingston.com/Tech/FTP/pub-le-radius.shtml or
ftp://ftp.livingston.com/pub/le/radius/
Follow the included instructions to install the software on your server.
After you install the server software, you will need to edit the dictionary file in the RADIUS configuration
directory (usually /etc/raddb). Using any text editor, add the following lines to the dictionary file:
# Zyxel proprietary attributes
ATTRIBUTE Zyxel-Callback-Option 192 int0eger
VALUE
Zyxel-Callback-Option None
0
VALUE
Zyxel-Callback-Option Optional
1
VALUE
Zyxel-Callback-Option Mandatory 2
# Callback
ATTRIBUTE
VALUE
VALUE
phone number source
Zyxel-Callback-Phone-Source
Zyxel-Callback-Phone-Source
Zyxel-Callback-Phone-Source
193 integer
Preconfigured
User
0
1
The message exchange of RADIUS authentication is shown next.
12-2
RADIUS Support
Prestige 1600 Universal Access Concentrator
Figure 12-3 RADIUS Authentication Example
12.3.2 The Key Field
The “key”, or password, must match that in the client file in the RADIUS server’s /etc/raddb directory, as
shown in the following example:
# Client Name
Key
#------------------------192.168.1.1
1234
After you configure a RADIUS server, your Prestige will use it to authenticate all users that it can not find in its
internal dial-up user list .
12.3.3 Adding Users to the RADIUS Database
To add a user to the RADIUS database, edit the users file in the RADIUS server’s /etc/raddb directory, and
add a line similar to the following:
Joeuser Password = “joepassword”
The users file contains an entry for each user that RADIUS will authenticate. The user profile contains user
name and password that the RADIUS server uses for authentication.
Check Menu 6 to make sure that you do not duplicate user names.
12.3.4 RADIUS Server Configuration
To configure the RADIUS server, select option 23, System Security, from the Main Menu to open Menu 23 System Security. Select option 2, External Server from this menu to open Menu 23.2 - System Security External Server, shown next.
RADIUS Support
12-3
Prestige 1600 Universal Access Concentrator
The early deployment of RADIUS was done using the chosen port number 1645. Currently, the officially assigned
port number for RADIUS is 1812. So, check the port number used by your RADIUS server before configuring it in
the Prestige.
You must reboot your Prestige after changing the RADIUS port number for the change to take effect.
Menu 23.2 - System Security - External Server
Authentication Server:
Active= No
Type: RADIUS
Server Address=
Port #= 1645
Key= ********
Accounting Server:
Active= No
Type: RADIUS
Server Address=
Port #= 1646
Key= ********
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 12-4 Menu 23.2 - System Security - External Server
The fields in the System Security - External Server Menu are listed in the following table.
Table 12-1 System Security - Authentication Server Menu Fields
Field
Description
Active
Determines whether the external security facility is
enabled. If No, only the built-in dial-up user list will be
used. If Yes, the built-in dial-up user list will be searched
first, then the external authentication server.
Type
Determines the type of the external authentication
server. At present only RADIUS is supported.
Server Address
The IP address of the RADIUS server.
Port #
The IP port number used by the authentication server.
The default is port 1645.
Key
A “password” used to authenticate your Prestige to the
RADIUS server. Please note that this is between the
Prestige and the server; it has nothing to do with the
dial-in users.
12.4
Default
1645
RADIUS Accounting
This facility logs information about dial-in connections. It can be used independently of RADIUS Authentication. It
allows data to be sent at the start and the end of sessions, indicating the amount of resources (time, packets, bytes
etc.) used during the session. An ISP could use this function for billing needs. The accounting port for RADIUS
Accounting is 1646. The RADIUS accounting server may be located on the same host as the RADIUS
12-4
RADIUS Support
Prestige 1600 Universal Access Concentrator
authentication server, or on a separate host. RADIUS accounting can be configured in Menu 24.3.2 - System
Maintenance - External Server as shown next.
Menu 23.2 - System Security - External Server
Authentication Server:
Active= No
Type: RADIUS
Server Address=
Port #= 1645
Key= ********
Accounting Server:
Active= No
Type: RADIUS
Server Address=
Port #= 1646
Key= ********
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 12-5 Menu 24.3.2 - System Maintenance - Accounting Server
These fields are explained in the following table.
Table 12-2 Menu 24.3.3 System Maintenance - Accounting Server Fields
Field
Description
Active
Determines whether the accounting facility is on or off.
Type
Determines the type of the accounting server. At present only RADIUS is
supported.
Server
Address
The IP address of the accounting server.
Port #
The port number used by the accounting server. The default is port
1646.
Key
The “password” used to authenticate your Prestige to the RADIUS
server. Please note that this is between the Prestige and the server; it
has nothing to do with the dial-in users.
Once the accounting server is enabled and a user is authenticated, the Prestige sends messages to the external
server. Some examples are shown next.
Mon Aug 14 15:20:19 2000
Acct-Status-Type = Start
Acct-Session-Id = "40000000006"
User-Name = "john"
NAS-IP-Address = 192.168.1.1
NAS-Port = 720896
Mon Aug 14 15:20:25 2000
Acct-Status-Type = Stop
Acct-Session-Id = "40000000006"
User-Name = "john"
Acct-Input-Octets = 183
Acct-Output-Octets = 242
Acct-Session-Time = 12
NAS-IP-Address = 192.168.1.1
NAS-Port = 720896
Figure 12-6 Examples of RADIUS Accounting Message
RADIUS Support
12-5
Prestige 1600 Universal Access Concentrator
The following table describes the accounting attributes mentioned in the above example.
Accounting attributes may vary depending on the external server.
Table 12-3 Accounting Attributes
Field
Acct-Status-Type
Description
Account Status Type has four values: Accounting On,
Accounting Off, Start and Stop.
An Accounting On message is sent when the Prestige starts the
RADIUS Accounting service. An Accounting Off message is sent
when the Prestige ends the service.
A Start message is sent when a user session begins. A Stop
message is sent when the session ends.
Acct-Session-Id
Account Session Id is a unique number assigned to each
session to make it easy to match the Start and Stop records in a
detail file, and to eliminate duplicate records.
Note that in the above example this value matches in the Start
and Stop record, indicating that these records correspond to the
same session.
12-6
User-Name
Specifies the user name.
NAS-Port
Refers to the Network Access Server (NAS), i.e., the Prestige,
port used in the connection.
NAS-Port-DNIS
Refers to the called party’s directory number.
Caller Id
Refers to the dial-in user’s directory number.
Acct-Input-Octets
This is the number of inbound bytes.
Acct-Output-Octets
This is the number of outbound bytes.
Acct-Session-Time
This is the length of the session in seconds.
RADIUS Support
Prestige 1600 Universal Access Concentrator
Chapter 13
Remote Management
This chapter discusses Telnet and remote management of the Prestige using NAT.
13.1
About Telnet
Before the Prestige 1600 is properly setup for TCP/IP, the only option for configuring it is through the console port.
Once your Prestige 1600 is configured, you can use telnet to configure it remotely. You can also use a modem for
remote configuration as shown in chapter One.
Figure 13-1 Remote Management Using Telnet
To manage the Prestige primary, telnet directly to the primary, using your computer’s telnet client. For example on
a PC, type:
telnet <primary machine WAN IP address> (where “primary machine WAN IP address” is a real IP address.)
13.2
Telnet Behind NAT
To manage Prestige secondaries, telnet to the Primary first and then use the embedded Prestige telnet client to telnet
to the secondary. Go to SMT Menu 24.8 Command Interpreter Mode and type:
ip telnet <secondary machine IP address> (where “secondary machine IP address” may be a private IP address.)
A later section in this chapter shows you how to configure NAT on the Prestige for this scenario.
Note: Only one connection can be active at any given time. The console port connection has
precedence. Remote users cannot telnet in when the local administration is logged in.
Remote Management
13-1
Prestige 1600 Universal Access Concentrator
13.3
Telnet Capabilities
13.3.1 Single Administrator
To prevent confusion and discrepancy on the configuration, your Prestige only allows one administrator to log in at
any time. Your Prestige also gives priority to the console port over telnet. If you have already connected to your
Prestige via telnet, you will be logged out if another user logs in to the Prestige via the console port.
13.3.2 System Timeout
There is a system timeout of 5 minutes (300 seconds) for either the console port or telnet. Your Prestige 1600 will
automatically log you out if you do nothing in this timeout period, except when it is continuously updating the
status in Menu 24.1.1, 24.1.2 and 24.1.3.
13.4
Remote Management Through NAT
The powerful NAT features allow you to manage Prestige secondaries via Telnet even when using private IPs.
Suppose the network is as shown in the following diagram.
Figure 13-2 Remote Management Via NAT
13-2
Remote Management
Prestige 1600 Universal Access Concentrator
The ISP assigns an IP address of a.b.c.1 to the Prestige primary and IP addresses of a.b.c.2 to a.b.c.5 to the Prestige
secondary units. The private IP addresses for the primary and secondaries are 192.168.1.1 to 192.168.1.5 inclusive.
We wish to map public IP addresses a.b.c.2 to a.b.c.5 to the secondary units.
Please note that “a.b.c.digit” represents a real, public IP address and that alphabetical characters
cannot be accepted as parts of an IP address.
13.4.1 Procedure to Set Up NAT for Remote Management
Step 1.
Pick an available NAT set from Menu 15.1. Let’s say set 1 is available.
Menu 15.1 - Address Mapping Sets
1.
2.
3.
4.
255.
NAT_SET1
NAT_SET2
NAT_SET3
NAT_SET4
SUA (read only)
Figure 13-3 Pick An Address Mapping Set
Step 2.
Go to Menu 15.1.1.1 (see the NAT chapter for details on this) and configure the screen as shown.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One (range)
Local IP:
Start= 192.168.1.2
End = 192.168.1.5
Global IP:
Start= a.b.c.2
End = a.b.c.5
Press ENTER to Confirm or ESC to Cancel:
Figure 13-4 Address Mapping Rule
Step 3.
After you configure this screen, press [ENTER] to go back to this screen.
Remote Management
13-3
Prestige 1600 Universal Access Concentrator
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET1
Idx
--1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Local Start IP
Local End IP
--------------- --------------192.168.1.2
192.168.1.5
Action= Edit
Global Start IP
--------------a.b.c.2
Global End IP
Type
--------------- -----a.b.c.5
1-1 Ra
Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Figure 13-5 Address Mapping Rule Summary
Step 4.
Save the rule back to the Prestige, then go to Menu 4 to apply this newly configured set.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
My Login= 1234
My Password= ********
Network Address Translation= Full Feature
My IP Addr= 0.0.0.0
Address Mapping Set= 1
Press ENTER to Confirm or ESC to Cancel:
Figure 13-6 Apply the New NAT Set
Step 5.
13-4
You can now test the rule by using “telnet a.b.c.2” on a computer to connect to the Secondary 1 unit.
Remote Management
Prestige 1600 Universal Access Concentrator
Chapter 14
System Information and Maintenance
This chapter provides information about the diagnostic tools that help you maintain your Prestige.
The diagnostic tools include updates on system status, port status, log and trace capabilities and upgrades for the
system software. This chapter describes how to use these tools in detail. Information about upgrades is provided in
the Configuration & Firmware Maintenance chapter.
Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below.
Menu 24 - System Maintenance
1.
2.
3.
4.
5.
6.
7.
8.
9.
System Status
System Information and Console Port Speed
Log and Trace
Diagnostic
Backup Configuration
Restore Configuration
Upload Firmware
Command Interpreter Mode
Time and Date Setting
Enter Menu Selection Number:
Figure 14-1 Menu 24 - System Maintenance
14.1
System Status
The first selection, System Status, gives you the status and statistics of the ports, as shown below. System Status is
a tool that can be used to monitor your Prestige. Specifically, it gives you information on the WAN port and the
network module status, number of packets sent and number of packets received.
To get to the System Status, select number 24 to go to Menu 24 - System Maintenance. From this menu, select
number 1, System Status.
Depending on the System Type configuration in the Menu 1 - General Setup, you can see the respective system
type status in Menu 24.1 - System Maintenance - Status. For example, if you chose Primary Configuration
Type with 2 IDSL network modules installed in slots 1 and 2, you will see the following figure. It should be noted
that these fields are READ-ONLY and are meant to be used for diagnostic purposes.
System Information and Maintenance
14-1
Prestige 1600 Universal Access Concentrator
Menu 24.1 – System Maintenance - Status (Primary)
1.
2.
3.
4.
5.
WAN/LAN Status
Slot 1 Configuration(IDSL NM)
Slot 2 Configuration(IDSL NM)
Slot 3 Configuration(N/A)
Route Status
Press ENTER to Confirm or ESC to Cancel:
Figure 14-2 Menu 24.1 - System Maintenance - Status
14.1.1 WAN/LAN Status
Type “1” in Menu 24.1 to enter Menu 24.1.1 for detailed WAN/LAN Status.
Menu 24.1.1 -- System Maintenance – WAN/LAN Status (Primary)
Status TXPkts
Down
0
RXPkts Errs
0
0
Tx(Byte/s)
0
WAN IP Addr:
Rx(Byte/s)
0
System Up Time:
Ethernet :
Status: 100M/Half Duplex
TX Pkts: 52
RX Pkts: 537
Collisions: 0
Press Command:
COMMANDS: a-Reset All Counters
Up Time
0:00:00
28:22:19
Current Time: 04:22:29
Current Date: Fri. Jan. 02, 1970
d-Drop
ESC-Exit
Figure 14-3 Menu 24.1.1 - WAN/LAN Status
The following table describes the fields present in Menu 24.1.1 - System Maintenance - WAN/LAN Status.
Table 14-1 System Maintenance - Status Menu Fields
Field
14-2
Description
Status
The status of the WAN port.
TXPkts
The number of transmitted packets on this port.
RXPkts
The number of received packets on this port.
Err(or)s
The number of error packets on this port.
Tx (Byte / s)
The number of bytes transmitted in the last second.
Rx (Byte / s)
The number of bytes received in the last second.
Up Time
Elapsed time this port has been up.
WAN IP Addr
Shows the IP address of the WAN port.
System Information and Maintenance
Prestige 1600 Universal Access Concentrator
Field
Description
System Up Time
Displays the total elapsed time your system has been running.
Current Time
Displays the current time according to how you have the time set in
Menu 24.9 - System Maintenance - Time and Date Setting.
Current Date
Displays the current date according to how you have the date set in
Menu 24.9 - System Maintenance - Time and Date Setting.
Ethernet
Status
Shows the current speed and duplex mode of the LAN.
TX Pkts
The number of transmitted packets to LAN.
RX Pkts
The number of received packets from LAN.
Collisions
Number of collisions on the Ethernet.
You see the next 24.1.1 screen when you have Frame Relay configured. DLCI, Port and the WAN IP address are
shown for each PVC configured.
Menu 24.1.1 - System Maintenance - Status
DLCI
16
17
18
Index
1
2
3
TXPkts
6
6
6
RXPkts Errs Tx(Byte/s) Rx(Byte/s)
6
0
0
0
6
0
0
0
6
0
0
0
PVC 1 IP Addr: 182.168.10.1
PVC 2 IP Addr: 192.168.11.1
PVC 3 IP Addr: 192.168.12.1
Up Time
0:02:23
0:02:23
0:02:23
System Up Time:
0:39:29
Current Time: 01:07:01
Current Date: Thu. Jan. 01, 1970
Ethernet:
Status: Down
TX Pkts: 0
RX Pkts: 0
Collisions: 0
COMMANDS: b-Drop PVC1
c-Drop PVC2
d-Drop PVC3
a-Reset Counters
ESC-Exit
Figure 14-4 Menu 24.1.1 With Frame Relay Configured
Table 14-2 Menu 24.1.1 With Frame Relay Configured
Field
Description
DLCI
This field shows you the DLCI (data link connection identifier) for
the virtual circuit. The DLCI changes for each hop through the
network it is not the address of the destination. It is a logical
identifier with local significance.
Index
This is the virtual circuit index number.
PVC 1, 2, 3 IP Addr
This displays the IP address of the respective virtual circuit.
14.1.2 DSL Port Status
Enter 2 from Menu 24.1 to go to Menu 24.1.2 for detailed status information on the network module installed in
slot 1. Menus 24.1.3 and 24.1.4 offer identical information on the network modules installed in slots 2 and 3. You
see a “Slot 3 is empty, please make another selection” message if a slot (3 in this case) is empty. Note the asterisk
System Information and Maintenance
14-3
Prestige 1600 Universal Access Concentrator
(*) indicates the port you can reset (press “b”) or drop (press “d”) the counters. Press “i” to move the asterisk to the
preceding port and “j” to the next port. Press “a” to reset all ports. Press [ESC] to exit this menu.
Menu 24.1.2 - System Maintenance(IDSL NM 1)
Port
Link
Speed
TXPkts
RXPkts
Errs
TX(Byte/s)
RX(Byte/s)
Up Time
*1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
Up
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
128K
81899
12070
82431
63184
35762
40203
81448
81504
81361
81724
81756
81707
81875
81869
81862
81822
78655
12046
78907
60558
34822
38293
78414
78455
78374
78567
78603
78606
78656
78656
78656
78655
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
12
125
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
160
0
0
0
0
0
0
0
0
0
12
0
0
0
0
11:55:05
11:53:39
11:53:46
11:45:41
11:40:48
11:26:53
10:38:57
10:38:58
14:00:00
14:15:24
18:07:17
10:00:00
16:25:32
16:25:32
16:25:52
16:25:52
Press Command:
COMMANDS: a-Reset All b-Reset d-Drop i-up j-down ESC-Exit
Figure 14-5 Menu 24.1.2 - NM-1 Status
Table 14-3 NM Status Fields
Description
Field
Port
The DSL Port number.
TXPkts
The number of transmitted packets on this port.
RXPkts
The number of received packets on this port.
Err(or)s
The number of error packets on this port.
Tx (Byte / s)
The number of bytes transmitted in the last second.
Rx (Byte / s)
The number of bytes received in the last second.
Up Time
Elapsed time this port has been up.
14.1.3 Route Status
Enter 3 in menu 24.1 to bring up the following screen showing detailed information on the status of the router.
Dest
FF
192.168.1.0
00
default
01
Press Enter to Exit:
Len
24
0
Device
enet0
Idle
Gateway
192.168.1.1
Scone
Metric
1
2
stat
041b
002b
Timer
0
0
Use
0
0
Figure 14-6 Menu 24.1.5 - Router Status
Field
14-4
Description
Dest
This is the destination IP address.
FF
This is for ZyXEL internal debugging.
System Information and Maintenance
Prestige 1600 Universal Access Concentrator
14.2
Len
This is the length of the subnet mask (24 bits = 255.255.255.0)
Device
This is the physical device. Enet0 is Ethernet.
Gateway
This is the gateway IP address or the remote node name.
Metric
The metric represents the “cost” of transmission for routing
purposes. IP routing uses hop count as the measurement of
cost, with a minimum of 1 for directly connected networks.
Stat
This is the bitmap flags of the route status.
Timer
This is the time left to route expiry. “0” means there is no expiry
time, i.e., an infinite timeout.
Use
This shows how many times the route has been used.
System Information
Step 1
Select option 24 from the Main Menu to open Menu 24 - System Maintenance.
Step 2
From Menu 24, select option 2 then select the first option from Menu 24.2 to view Menu 24.2.1.
Menu 24.2.1 - System Maintenance - Information
Name: P1600
Routing: IP
ZyNOS S/W Version: V3.20(y.00)a02
LAN :
Ethernet Address: 00:a0:c5:30:00:b0
IP Address: 192.168.250.1
IP Mask: 255.255.255.0
Press ESC or RETURN to Exit:
Figure 14-7 Menu 24. 2.1 - System Maintenance Information
Table 14-4 Fields in System Maintenance
Field
Description
Name
Displays the system name of your Prestige. This
information can be modified in Menu 1 - General Setup.
Routing
Refers to the routing protocol enabled.
ZyNOS S/W
Version
Refers to the ZyXEL Network Operating System software
version.
LAN:
Ethernet Address
Refers to the Ethernet MAC (Media Access Control) of
your Prestige.
IP Address
This is the IP address of the Prestige in dotted decimal
notation.
IP Mask
This shows the subnet mask of the Prestige.
System Information and Maintenance
14-5
Prestige 1600 Universal Access Concentrator
14.2.1 Console Port Speed
You can change the console port speeds through Menu 24.2.2 - Console Port Speed. Your Prestige supports 9600
(default), 19200, 38400, 57600, and 115200bps for the console port. Press [SPACE BAR] to select the desired
speed in Menu 24.2.2, as shown next.
Select option 24 from the Main Menu to open Menu 24 - System Maintenance. From Menu 24, select option 2
then select the second option from Menu 24.2 to display Menu 24.2.2 - System Maintenance - Change Console
Port Speed.
Menu 24.2.2 – System Maintenance – Change Console Port Speed
Console Port Speed: 115200
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 14-8 Menu 24.2.2 - System Maintenance - Change Console Port Speed
14.3
Log and Trace
There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally.
The second is the UNIX syslog facility for message logging.
14.3.1 Viewing Error Log
The first place you should look for clues when something goes wrong is the error/trace log. Follow the procedure
below to view the local error/trace log:
Step 1
Select option 24 from the Main Menu to open Menu 24 - System Maintenance.
Step 2
From Menu 24, select option 3 to open Menu 24.3 - System Maintenance - Log and Trace.
Step 3
Select the first option from Menu 24.3 - System Maintenance - Log and Trace to display the error log
in the system.
Step 4
After the Prestige finishes displaying, you will have the option to clear the error log.
14-6
System Information and Maintenance
Prestige 1600 Universal Access Concentrator
Examples of typical error and information messages are presented in the figure below.
0 1073808110
1 1073808353
2 1073808416
3 1073808416
4 1073808564
5 1073808799
6 1073808831
7 1073808864
8 1073808927
9 1073809498
10 1073809498
11 1073809498
12 1073809498
13 1073809498
14 1073809498
15 1073809498
16 1073809498
Clear Error Log
PINI INFO
PP09 ERROR
PINI ERROR
PINI INFO
PP09 ERROR
PINI INFO
PP09 WARN
PINI INFO
PP0c -WARN
PINI INFO
PINI INFO
PINI INFO
PINI INFO
PINI INFO
PINI INFO
PINI INFO
PINI INFO
(y/n):
SMT Session Begin
netMakeChannDial: err=-3001 rn_p=68fb0c
Last errorlog repeat 1 Times
SMT Session End
netMakeChannDial: err=-3001 rn_p=68fb0c
SMT Session Begin
rt_drop: target = c0a80101 nmask=32 code=05
SMT Session End
SNMP TRAP 1: warm start
IDSL port configuration start
Board 0 Channel 0 config ok
Board 0 Channel 1 config ok
Board 0 Channel 2 config ok
Board 0 Channel 3 config ok
Board 0 Channel 4 config ok
Board 0 Channel 5 config ok
Board 0 Channel 6 config ok
Figure 14-9 Examples of Error and Information Messages
14.3.2 Syslog And Accounting
The Prestige uses the UNIX syslog facility to log system messages to a syslog server. Syslog and accounting can be
configured in Menu 24.3.2 - System Maintenance - Syslog and Accounting, as shown next.
Menu 24.3.2 -- System Maintenance - Syslog and Accounting
Syslog:
Active= No
Syslog IP Address= ?
Log Facility= Local 1
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 14-10 Syslog and Accounting
You need to configure the following 3 parameters described in the table below to activate syslog.
Table 14-5 System Maintenance Menu Syslog Parameters
Parameter
Description
Active
Press [SPACE BAR] to turn on or off syslog.
Syslog IP
Address
Enter the IP Address of your syslog server.
Log Facility
Press [SPACE BAR] to toggle between the 7 different
Local options. The log facility allows you to log the
message in different files in the server. Please refer to
your UNIX manual for more detail.
Note: If you want to utilize Syslog on a Windows 95,98 or NT system, you must install a Syslog client.
System Information and Maintenance
14-7
Prestige 1600 Universal Access Concentrator
14.4
Diagnostic
The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working
properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as
shown next. “xDSL” refers to the network module type, i.e., ADSL, IDSL or SDSL.
Menu 24.4 - System Maintenance – Diagnostic
xDSL
1. Drop xDSL Port Connection
2. Reset xDSL Port Hardware
3. xDSL Port Test
System
21. Reboot System
22. Command Mode
TCP/IP
12. Ping Host
Enter Menu Selection Number:
Slot Number= N/A
Port Number= N/A
Host IP Address= N/A
Figure 14-11 Menu 24.4 - System Maintenance - Diagnostic
Follow this procedure to get to the Diagnostic screen.
Step 1
From the Main Menu, select option 24 to open Menu 24 - System Maintenance.
Step 2
From this menu, select option 4. This will open Menu 24.4 - System Maintenance - Diagnostic.
The following table describes the diagnostic tests available in Menu 24.4 for your Prestige and the connections.
Table 14-6 System Maintenance Menu Diagnostic
Description
Field
14-8
Drop xDSL Port Connection
Drops xDSL Port connection.
Reset xDSL Port Hardware
Resets xDSL Port Hardware.
xDSL Port Test
Performs xDSL Port test.
Reboot System
This option reboots the Prestige.
Command Mode
This option allows you to diagnose and test your Prestige
using a specified set of commands.
Ping Host
This diagnostic test pings the host, which determines the
functionality of the TCP/IP protocol on both systems and the
links in between.
Slot Number
Enter the slot number containing the port you wish to
diagnose.
Port Number
Enter xDSL port number.
Host IP Address
Enter the host IP address.
System Information and Maintenance
Prestige 1600 Universal Access Concentrator
14.5
Boot Module Commands
Prestige boot module commands are shown below. For ATBAx, x denotes the number preceding the colon to give
the speed following the colon in the list of numbers that follows; e.g. ATBA3 will give a baud of 9.6 Kbps. ATSE
displays the seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH
command shows product related information such as boot module version, vendor name, product model, RAS code
revision, etc.
======= Debug Command Listing =======
athe
======= Debug Command Listing =======
AT
just answer OK
ATHE
print help
ATBAx
change baudrate. 1:38.4k, 2:19.2k, 3:9.6k
4:57.6k 5:115.2k
ATENx(,y)
set BootExtension Debug Flag (y=password)
ATSE
show the seed of password generator
ATTI(h,m,s)
change system time to hour:min:sec or show
current time
ATDA(y,m,d)
change system date to year/month/day or show
current date
ATDS
dump RAS stack
ATDT
dump Boot Module Common Area
ATDUx,y
dump memory contents from address x for
length y
ATRBx
display the 8-bit value of address x
ATRBx
display the 8-bit value of address x
ATRWx
display the 16-bit value of address x
ATRLx
display the 32-bit value of address x
ATGOx
run program at addr x or boot ZyNOS
ATGR
boot ZyNOS
ATGT
run Hardware Test Program
ATRTw,x,y(,z) RAM Test level w, from address x to y (z
iterations)
ATCB
copy from FLASH ROM to working buffer
ATSH
dump manufacturer related data in ROM
ATDOx,y
download from address x for length y to PC
via XMODEM
ATTD
download configuration to PC via XMODEM
< press any key to continue >
ATUR
upload RAS code to flash ROM
ATUR3
upload RAS configuration file
ATLC
upload RAS configuration file
ATLOa,b,c,d
Int/Trap Log Cmd
ATGM
boot ZyNOS in main block
ATGB
boot ZyNOS in backup block
ATUM
upload RAS code to main block
ATUB
upload RAS code to backup block
ATSW
switch main block and backup block
Figure 14-12 Boot Module Commands
14.6
Command Interpreter Mode
This option allows you to enter the command line interpreter mode. A CLI/CI (Command Line Interface) is a user
interface to a computer's operating system or an application program in which the user responds to a visual prompt
by typing in a command on a specified line, receives a response back from the system, and then enters another
command, and so forth.
The list of valid commands can be found by typing help or ? at the command prompt. To exit the CI mode and
return to the menu mode, type exit.
System Information and Maintenance
14-9
Prestige 1600 Universal Access Concentrator
For more detailed information, refer to the list of CI commands appended at the end of this guide, check the ZyXEL
Web site.
Enter Menu Selection Number: 8
Copyright (c) 2000 ZyXEL Communications Corp.
Primary> ?
Valid commands are:
sys
exit
device
wan
xdsl
frelay
radius
ip
ppp
ether
config
hdap
Primary>
Figure 14-13 Command Mode
14.7
Time and Date Setting
The Prestige 1600 has a battery powered real time clock. Set the time and date of your Prestige in Menu 24.9. Real
time is then displayed in the Prestige error logs and firewall logs.
Menu 24.9 - System Maintenance - Time and Date Setting
Current Time:
New Time (hh:mm:ss):
00 : 00 : 00
00 : 04 :42
Current Date:
New Date (yyyy-mm-dd):
1970 - 01 - 01
1970 - 01 - 01
Figure 14-14 System Maintenance - Time and Date Setting
Table 14-7 Time and Date Setting Fields
Field
Description
Current Time:
New Time
Enter the new time in hour, minute and second format.
New Date
Enter the new date in year, month and date format.
Current Date:
Once you have filled in the new time and date, press [ENTER] to save the setting and press [ESC]
to return to Menu 24.
14-10
System Information and Maintenance
Prestige 1600 Universal Access Concentrator
Chapter 15
Configuration & Firmware Maintenance
This chapter describes how to backup and restore your configuration file as well as upload new firmware
and a new configuration file.
15.1
Filenames
The configuration file contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP
Setup etc. It arrives from ZyXEL with named “prestige.rom” or something similar. Once you have customized the
Prestige's setting, they can be saved back to your computer under a filename of your choosing. Choose something
meaningful, e.g., “prestige.cfg”. Rename it as “rom-spt” or “rom-0” when transferring files to the Prestige.
Renaming is not necessary if you transfer files using the XMODEM protocol.
The ZyNOS firmware file (sometimes referred to as the ras file) is the file that contains the ZyXEL Network
Operating System firmware and is usually named the router model name with a “bin” extension, e.g.,
“prestige.bin”. Rename it as “ras-m” or “ras-b” when uploading to the Prestige main block and backup block
respectively using TFTP or FTP. With serial (Xmodem) transfer and many ftp and tftp clients, the filenames on the
PC are your choice.
ftp> put prestige.bin ras
This is a sample ftp session showing the transfer of the "prestige.bin" file on your computer to the Prestige.
ftp> get rom-0 prestige.cfg
This is a sample ftp session saving the current configuration to the “prestige.cfg” file on your computer.
If your (t)ftp client does not allow a destination filename different from the source, then you will need to rename
them. Be sure you keep unaltered copies of both files for later use.
Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the
filename not on the Prestige, i.e., on your workstation, local network or ftp site and so the name (but not the
extension) will vary.
Always refer to Menu 24.2.1 to verify your current firmware version.
Configuration & Firmware Maintenance
15-1
Prestige 1600 Universal Access Concentrator
Password:
External
230 Logged in
Filename
ftp> dir
200 Port command okay
150 Opening data connection for LIST
--w--w--w- 1 owner
group
885146 Jul 01 12:00 ras
--w--w--w- 1 owner
group
885146 Jul 01 12:00 ras-m
--w--w--w- 1 owner
group
885570 Jul 01 12:00 ras-b
-rw-rw-rw- 1 owner
group
131072 Jul 01 12:00 rom-spt
--w--w--w- 1 owner
group
327680 Jul 01 12:00 rom-0
226 File sent OK
ftp: 325 bytes received in 0.00Seconds 325000.00Kbytes/sec.
ftp> put prestige.rom
rom-0
200 Port command okay
Internal
150 Opening data connection for STOR rom-0
Filenames
226 File received OK
ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
ftp quit
Figure 15-1 Internal and External Filenames
Table 15-1 Filenames
Internal Filename
rom-spt
rom-0
Description
External
Filename
The rom-spt file is the user
configuration file. It contains your
password, Prestige configurations such
as IP addresses, Remote Node
settings, etc.
*.rom
The rom-0 configuration file is the entire
factory configuration file. It includes
rom-spt, default settings, file system,
log, etc.
*.rom
FTP Command Example
get rom-spt (backup)
put rom-spt (restore)
put prestige.rom rom-0
(upload)
Uploading the rom-0 file replaces the
entire ROM file system, including your
Prestige configurations, system-related
data (speed of the console port and
default password etc.), the error log and
the trace log.
15-2
ras
This is the firmware filename.
*.bin
ras-m
This is the router firmware filename on
the Prestige 1600 when you transfer a
file to the main block.
*.bin
put prestige.bin ras-m
(upload)
ras-b
This is the router firmware filename on
the Prestige 1600 when you transfer a
file to the backup block.
*.bin
put prestige.bin ras-b
(upload)
Configuration & Firmware Maintenance
Prestige 1600 Universal Access Concentrator
15.2
Backup Configuration
15.2.1 Backup using FTP
To transfer the configuration file using FTP to your workstation, follow the instructions as shown in the following
screen. See also the FTP example later in this chapter. For details on FTP commands, please consult the
documentation of your FTP client program.
Menu 24.5 – Back up Configuration
To transfer the configuration file to your workstation, follow the procedure below:
1. Launch the FTP client on your workstation.
2. Type “open” and the IP address of your Prestige. Then type “root” and your SMT password
as requested.
3. Locate the “rom-spt” file.
4. Type “get rom-spt” to back up the current Prestige configuration to your workstation.
For details on FTP commands, please consult the documentation of your FTP client program.
For details on backup using TFTP (note that you must remain in menu 24.5 to back up using
TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 15-2 Menu 24.5 as seen using Telnet
15.2.2 Backup using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the configuration file, follow
the procedure below:
Step 1.
Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any
security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only
from this address.
Step 2.
Put the SMT in Command Interpreter (CI) mode by entering 8 in Menu 24 - System Maintenance.
Step 3.
Type command sys stdio 0 to disable the SMT timeout, so the TFTP transfer will not be
interrupted. Type command sys stdio 5 to restore the five-minute SMT timeout (default) when the
file transfer is complete.
Step 4.
Launch the TFTP client on your workstation and connect to the Prestige.
Step 5.
Go to SMT menu 24.5. You must remain in this menu until backup is complete.
Step 6.
Use the TFTP client to transfer files between the Prestige and the workstation. The file name for the
configuration file is “rom-spt”.
The telnet connection must be active before and during TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the
computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
15.2.3 Backup using the Console Port
Option 5 from Menu 24 - System Maintenance allows you to save the current Prestige configuration file to your
workstation. Backup is highly recommended once your Prestige is functioning properly.
Configuration & Firmware Maintenance
15-3
Prestige 1600 Universal Access Concentrator
You can perform the backup either through FTP or TFTP (preferred methods as they are faster) or through the RS232 console port (if the network is down). For backup via the console port any serial communications program
should work fine; however, you must use the XMODEM protocol to perform the download/upload.
Menu 24.5 – Backup Configuration
FTP or TFTP are the preferred methods for backing up the current Prestige
configuration to your workstation since FTP or TFTP is faster.
Ready to back up Configuration via Xmodem.
Do you want to continue (Y/N):
Figure 15-3 Menu 24.5 - Menu 24.5 as seen using the Console Port
Step 1.
Go to menu 24.5.
Step 2.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal
program. The procedure for other serial communications programs should be similar.
Step 3.
Click Transfer in the HyperTerminal menu bar, then Receive File from the drop-down menu to display
the following screen. Follow the instructions as shown in the next screen.
Enter where you want to
place the configuration file
on your computer.
Finally,
press
Receive.
Choose the
Xmodem
Protocol.
Figure 15-4 Backup Example Using HyperTerminal
Step 4.
After a successful backup, you will see the following screen.
** Backup Configuration completed. OK.
### Hit any key to continue.###
Figure 15-5 Successful Backup Confirmation Screen
15.3
Restore Configuration
Option 6 from Menu 24 - System Maintenance allows you to restore the current workstation backup configuration
to your Prestige.
15.3.1 Restore using FTP
To transfer your current workstation configuration to your Prestige, follow the instructions as shown in the
following screen. See also the FTP example later in this chapter. For details on FTP commands, please consult the
documentation of your FTP client program.
15-4
Configuration & Firmware Maintenance
Prestige 1600 Universal Access Concentrator
Menu 24.6 – Restore Configuration using FTP
To transfer your current workstation configuration to your Prestige, follow the
procedure below:
1. Launch the FTP client on your workstation.
2. Type “open” and the IP address of your Prestige. Then type “root” and your SMT
password as requested.
3. Type “put backupfilename rom-spt” where “backupfilename” is the name of your backup
configuration file on your workstation and “rom-spt” is the remote file name on the
Prestige. This restores the configuration to your Prestige.
4. The system reboots automatically after a successful file transfer.
For details on FTP commands, please consult the documentation of your FTP client
program. For details on restoring using TFTP (note that you must remain in menu 24.6
to restore using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 15-6 Menu 24.6 as seen using Telnet
15.3.2 Restore using TFTP
Even though TFTP should work over WAN as well, it is not recommended. To use TFTP, your workstation must
have both telnet and TFTP clients. To transfer the configuration file, follow the procedure below. See also the
TFTP example later in this chapter. Follow steps 1 to 4 as outlined previously in 15.2.2, then continue with the
steps below.
Step 1.
Go to SMT menu 24.6. You must remain in this menu until file transfer is complete.
Step 2.
Use the TFTP client to transfer files between the Prestige and the workstation. The remote file name on
the Prestige is “rom-spt”.
Step 3.
The system reboots automatically after the file transfer process is complete.
The telnet connection must be active before and during TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the
computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
15.3.3 Restore using the Console Port
You can restore the backup configuration on your computer either through FTP or TFTP (preferred methods as they
are faster) or through the RS-232 console port (if the network is down). To restore via the console port any serial
communications program should work fine; however, you must use the XMODEM protocol to perform the
download/upload. The system reboots automatically after the file transfer process is complete.
Menu 24.6 - Restore Configuration
FTP or TFTP are the preferred methods for restoring your current workstation
configuration to your Prestige since FTP or TFTP is faster. Please note that the
system reboots automatically after the file transfer process is complete.
Ready to Restore Configuration via Xmodem.
Do you want to continue (Y/N):
Figure 15-7 Menu 24.6 as seen using the Console Port
Step 1.
Go to menu 24.6.
Step 2.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal
program. The procedure for other serial communications programs should be similar.
Configuration & Firmware Maintenance
15-5
Prestige 1600 Universal Access Concentrator
Step 3.
Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Step 4.
Enter the configuration filename on your computer.
Step 5.
Choose the Xmodem Protocol.
Step 6.
Finally, press Send.
Step 7.
After a successful restoration you will see the following screen.
Save to ROM
Hit any key to start system reboot.
Figure 15-8 Successful Restoration Confirmation Screen
15.4
Upload Firmware
Option 7 from Menu 24 - System Maintenance takes you to Menu 24.7 - System Maintenance - Upload
Firmware which allows you to upgrade the firmware. You can upgrade the firmware either through FTP or TFTP
(preferred methods as they are faster) or through the RS-232 console port (if the network is down). The system
reboots automatically after the file transfer process is complete.
The Prestige P1600 internal filenames are ‘ras-m’ (main block) and ‘ras-b’ (backup block).
Menu 24.7 -- System Maintenance - Upload Firmware
1.
2.
Upload ZyNOS Code
Upload Router Configuration File
Enter Menu Selection Number:
Figure 15-9 Menu 24.7 - System Maintenance - Upload Firmware
15.4.1 Dual Firmware Block Structure
The Prestige 1600 employs a “dual firmware block structure” where one block is called the “main block” and the
other block is called the “backup block”. The benefits of this approach are:
You can save the current firmware into the backup block before you upload new firmware. If the new firmware has
problems, you may either revert to the old working firmware by using the “ATSW” command under Boot
Extension or selectively run the old firmware in the backup block by using the “ATGB” command under Boot
Extension.
If the firmware in the main block gets corrupted for some reason, the Prestige will try to boot from the backup
block automatically.
15.4.2 Upload Prestige Firmware using FTP
To transfer the firmware, follow the instructions as shown in the following screen (Menu 24.7.1 using Telnet).
15-6
Configuration & Firmware Maintenance
Prestige 1600 Universal Access Concentrator
Menu 24.7.1 – Upload ZyNOS code using FTP
To upload the router firmware, follow the procedure below:
1. Launch the FTP client on your workstation.
2. Type “open” and the IP address of your Prestige. Then type “root” and your SMT
password as requested.
3. Type “put firmwarefilename ras-m” where “firmwarefilename” is the name of your
firmware upgrade file on your workstation and “ras-m” is the remote file name
on the Prestige. Specify “ras-m” as the remote filename if you want to upload
firmware from your workstation into the main block or “ras-b” if you want to
upload firmware into the backup block.
4. The system reboots automatically after a successful firmware upload.
For details on FTP commands, please consult the documentation of your FTP client
program. For details on uploading router firmware using TFTP (note that you must
remain in menu 24.7.1 to upload router firmware using TFTP), please see the
Prestige manual.
Press ENTER to Exit:
Figure 15-10 Menu 24.7.1 as seen using Telnet
15.4.3 Example - Using the FTP command from the DOS Prompt
Use “put” to transfer files from the workstation to the Prestige, e.g., put prestige.bin ras transfers the
firmware on your computer (“prestige.bin”) to the Prestige and renames it “ras”. Type “quit” to exit the ftp prompt.
331 Enter PASS command
Password:
230 Logged in
ftp> bin
200 Type I OK
ftp> put prestige.bin ras
200 Port command okay
150 Opening data connection for STOR ras
226 File received OK
ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
ftp> quit
Figure 15-11 FTP Session Example
Note: The system reboots after a successful upload.
The following table describes some of the fields that you may see in third party FTP clients:
Table 15-2 Third Party FTP Clients - General Commands
Host Address
Login Type
Enter the address of the host server.
•
Anonymous.
This is when a user I.D. and password is automatically supplied to the
server for anonymous access. Anonymous logins will work only if your
ISP or service administrator has enabled this option.
•
Normal.
The server requires a unique User ID and Password to login.
Transfer Type
Transfer files in either ASCII (plain text format) or in binary mode.
Initial Remote Directory
Specify the default remote directory (path).
Initial Local Directory
Specify the default local directory (path).
Configuration & Firmware Maintenance
15-7
Prestige 1600 Universal Access Concentrator
15.4.4 Upload Prestige Firmware using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. Follow steps 1 to 4 as outlined previously
in 15.2.2, then continue with the steps below.
Step 1.
Go to SMT menu 24.7.1. You must remain in this menu until file transfer is complete.
Step 2.
Use the TFTP client to transfer files between the Prestige and the workstation.
Step 3.
Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the
main block or “ras-b” if you want to upload firmware into the backup block of the Prestige.
Step 4.
The system reboots automatically after a successful firmware upload.
The telnet connection must be active before and during the TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the
computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
15.4.5 Third Party TFTP Clients - General Commands
The following table describes some of the fields that you may see in third party TFTP clients.
Table 15-3 Third Party TFTP Clients - General Commands
Host
Enter the IP address of the Prestige. 192.168.1.1 is the Prestige default IP
address when shipped.
Send/Fetch
Press “Send” to upload the file to the Prestige and “Fetch” to back up the
file on your computer.
Local File
Enter the path and name of the firmware file (*.bin extension) or
configuration file (*.rom extension) on your computer.
Remote File
This is the filename on the Prestige. The filename for the firmware is “ras”
and for the configuration file, is “rom-0”.
Binary
Transfer the file in binary mode.
Abort
Stop transfer of the file.
15.4.6 Upload Prestige Firmware via the Console Port
You can upload Prestige firmware to your Prestige either through FTP or TFTP (preferred methods as they are
faster) or through the RS-232 console port (if the network is down). To upload Prestige firmware via the console
port any serial communications program should work fine; however, you must use the XMODEM protocol to
perform the download/upload.
Select 1 from Menu 24.7 - System Maintenance - Upload Firmware to display Menu 24.7.1 - System
Maintenance - Upload ZyNOS Code, then follow the instructions as shown in the following screen.
15-8
Configuration & Firmware Maintenance
Prestige 1600 Universal Access Concentrator
Menu 24.7.1 - System Maintenance - Upload ZyNOS Code.
FTP or TFTP are the preferred methods for uploading router firmware to
your Prestige since FTP or TFTP is faster.
To upload router firmware:
1. Enter "y" at the prompt below to go into debug mode.
2. Enter "atur" after the "Enter Debug Mode" message.
3. Wait for the "Starting XMODEM upload" message before activating
the Xmodem upload on your terminal.
4. The system reboots automatically after a successful firmware upload.
Warning: Proceeding with the upload will erase the current router
firmware.
Do you want to continue:(Y/N)
Figure 15-12 Menu 24.7.1 as seen using the Console Port.
You can type 'atur' to upload ras code to the P1600 main block as atur = atum. If you want to upload ras
code to the backup block then you must type 'atub' instead of 'atur'.
After the "Starting XMODEM upload" message appears, activate the Xmodem protocol on your computer. The
following procedure is for the HyperTerminal program. The procedure for other serial communications programs
should be similar.
Step 1.
Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Step 2.
Enter the path and name of the firmware file (“bin” extension) on your computer.
Step 3.
Choose the Xmodem Protocol.
Step 4.
Finally, press Send.
Step 5.
The system reboots automatically after a successful firmware upload.
15.5
Upload Prestige Configuration File
The configuration data, system-related data, error log and trace log are all stored in the configuration file. You can
upload the configuration file either through FTP or TFTP (preferred methods as they are faster) or through the RS232 console port (if the network is down). You need to reboot the system after the configuration file upload process
is complete. Uploading the configuration file replaces all previous configurations; the speed of the console port will
be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit (8n1) and the password will also be reset
to the default of 1234.You will need to change your serial communication software to the defaults before you can
connect to the Prestige again.
15.5.1 Upload Prestige Configuration File using FTP
To upload the router configuration file, follow the instructions as shown in the following screen (Menu 24.7.2 using
Telnet). See also the FTP example earlier in this chapter.
Configuration & Firmware Maintenance
15-9
Prestige 1600 Universal Access Concentrator
Menu 24.7.2 – System Maintenance - Upload Router Configuration File
To upload the router configuration file, follow the procedure below:
1. Launch the FTP client on your workstation.
2. Type “open” and the IP address of your Prestige. Then type “root” and your SMT
password as requested.
3. Type “put configurationfilename rom-0” where “configurationfilename” is the
name of your router configuration file on your workstation, which will be
transferred to the “rom-0” file on the Prestige.
4. The system reboots automatically after the upload is complete.
For details on FTP commands, please consult the documentation of your FTP client
program. For details on uploading router firmware using TFTP (note that you must
remain in menu 24.7.2 to upload the router configuration file using TFTP), please
see the Prestige manual.
Press ENTER to Exit:
Figure 15-13 Menu 24.7.2 as seen using Telnet
15.5.2 Upload Prestige Configuration File using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. Follow steps 1 to 4 as outlined previously
in and then continue with the steps below.
Step 1.
Go to SMT menu 24.7.2. You must remain in this menu until file transfer is complete.
Step 2.
Use the TFTP client to transfer files between the Prestige and the workstation.
Step 3.
Specify “rom-0” as the remote file name on the Prestige.
Step 4.
The system reboots automatically after the upload Prestige configuration file process is complete.
The telnet connection must be active before and during the TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the
computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
15.5.3 Upload Prestige Configuration File using the Console Port
Select 2 from Menu 24.7 - System Maintenance - Upload Firmware to display Menu 24.7.2 - System
Maintenance - Upload Router Configuration File. Follow the instructions as shown in the following screen.
Menu 24.7.2 - System Maintenance - Upload Router Configuration File
FTP or TFTP are the preferred methods for uploading the router configuration
file to your Prestige since FTP or TFTP is faster.
To upload the router configuration file:
1. Enter "y" at the prompt to go into debug mode.
2. Enter "atlc" after the "Enter Debug Mode" message
3. Wait for the "Starting XMODEM upload" message before activating the Xmodem
upload on your terminal.
4. After successful file transfer, enter "atgo" to restart the router.
Proceeding with the upload will erase the current router configuration file.
The router's console port speed will be reset to 9600 bps and the password to
"1234".
Do you want to continue: (Y/N)
Figure 15-14 Menu 24.7.2 as seen using the Console Port
After the "Starting XMODEM upload" message appears, activate the Xmodem protocol on your computer. The
following procedure is for the HyperTerminal program. The procedure for other serial communications programs
should be similar.
15-10
Configuration & Firmware Maintenance
Prestige 1600 Universal Access Concentrator
Step 1.
Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Step 2.
Enter the configuration filename on your computer.
Step 3.
Choose the Xmodem Protocol.
Step 4.
Finally, press Send.
Configuration & Firmware Maintenance
15-11
Prestige 1600 Universal Access Concentrator
Chapter 16
IP Policy Routing
This chapter explains IP Policy Routing and helps you to configure IP Policy Routing.
16.1
Introduction
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a
packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the
packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to
incoming packets on a per interface basis, prior to the normal routing.
16.1.1 Benefits
Source-Based Routing - Network administrators can use policy-based routing to direct traffic from different users
through different connections.
Quality of Service (QoS) - Organizations can differentiate traffic by setting the precedence or TOS (Type of
Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.
Cost Savings - IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost paths while
using low-cost paths for batch traffic.
Load Sharing - Network administrators can use IPPR to distribute traffic among multiple paths.
16.1.2 Routing Policy
A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken
only when all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP,
etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length
criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have
short packets, while bulk traffic, e.g., file transfer, tends to have large packets.
The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface)
and the TOS and precedence fields in the IP header.
IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are
divided into sets, where related policies are grouped together. A user defines the policies before applying them to
an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set.
16.2
IP Routing Policy Setup
IP Policy Routing
16-1
Prestige 1600 Universal Access Concentrator
Menu 25 shows all the policies defined.
Menu 25 - IP Routing Policy Setup
Policy
Set #
-----1
2
3
4
5
6
Name
----------------test
_______________
_______________
_______________
_______________
_______________
Policy
Set #
-----7
8
9
10
11
12
Name
----------------_______________
_______________
_______________
_______________
_______________
_______________
Enter Policy Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 16-1 Menu 25 - IP Routing Policy Setup
To setup a routing policy, follow the procedure below:
Step 1.
Enter 25 in the Main Menu to open Menu 25 - IP Routing Policy Setup.
Step 2.
Enter the index of the policy set you wish to configure to open Menu 25.1 - IP Routing Policy
Summary.
Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether
a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet, and
the latter is the action. Between these two parts, separator ‘|’ means the action is taken on criteria matched and
separator ‘=’ means the action is taken on criteria not matched.
Menu 25.1 - IP Routing Policy Summary
# A
Criteria/Action
- - ------------------------------------------------------------------1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5
SP=20-25,DP=20-25,P=6,T=NM,PR=0
|GW=192.168.1.1,T=MT,PR=0
2 N ___________________________________________________________________
___________________________________________________________________
3 N ___________________________________________________________________
___________________________________________________________________
4 N ___________________________________________________________________
___________________________________________________________________
5 N ___________________________________________________________________
___________________________________________________________________
6 N ___________________________________________________________________
___________________________________________________________________
Enter Policy Rule Number (1-6) to Configure:
Figure 16-2 Menu 25 - IP Routing Policy Summary
16-2
IP Policy Routing
Prestige 1600 Universal Access Concentrator
Table 16-1 IP Routing Policy Summary
Abbreviation
Meaning
Criteria
SA
Source IP address
SP
Source port
DA
Destination IP address
DP
Destination port
P
IP layer 4 protocol number(TCP=6,UDP=17…)
T
Type Of Service of Incoming packet
PR
Precedence of incoming packet
Action
GW
Gateway IP address
T
Outgoing Type of Service
P
Outgoing Precedence
Type Of Service
NM
Normal
mD
Minimum Delay
MT
Maximum Throughput
MR
Maximum Reliability
MC
Minimum Cost
Enter a number from 1 to 6 to display Menu 25.1.1 - IP Routing Policy (see the next figure). This menu allows you
to configure a policy rule.
Menu 25.1.1 - IP Routing Policy
Policy Set Name= test
Active= Yes
Criteria:
IP Protocol
= 6
Type of Service= Normal
Precedence
= 0
Source:
addr start= 1.1.1.1
port start= 20
Destination:
addr start= 2.2.2.2
port start= 20
Action= Matched
Gateway addr
= 192.168.1.1
Type of Service= Max Thruput
Precedence
= 0
Packet length= 40
Len Comp=
end= 1.1.1.1
end= 20
end= 2.2.2.2
end= 20
Log= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 16-3 Menu 25.1.1 - IP Routing Policy
IP Policy Routing
16-3
Prestige 1600 Universal Access Concentrator
Table 16-2 IP Routing Policy
Field
Description
Policy Set Name
This is the name of the policy set assigned in Menu 25 - IP Routing Policy
Setup.
Active
Press the spacebar to select Yes to activate the policy.
Criteria
IP Protocol
IP layer 4 protocol, e.g., UDP, TCP, ICMP, etc.
Type of Service
Prioritize incoming network traffic by choosing from Don’t Care/
Normal / Min Delay / Max Thruput / Max Reliability.
Packet Length
Enter the length of incoming packets (in bytes). The operators in the
Len Comp (next) apply to packets of this length.
Len Comp
Press the spacebar to choose from Equal / Not Equal / Less /
Greater / Less or Equal / Greater or Equal.
Precedence
Precedence value of the incoming packet. Values range from 0 to 7
or Don’t Care.
Source:
addr start= / end=
Source IP address range from start to end.
port start= / end=
Source port number range from start to end; applicable only for
TCP/UDP.
Destination:
16.3
addr start= / end=
Destination IP address range from start to end.
port start= / end=
Destination port number range from start to end; applicable only for
TCP/UDP.
Action=
Specifies whether action should be taken on criteria Matched or Not
Matched.
Gateway addr
Defines the outgoing gateway address. The gateway must be on the
same subnet as the Prestige if it’s on the LAN, otherwise, the
gateway must be the IP address of a remote node. The default
gateway is specified as 0.0.0.0.
Log
Press the spacebar to select Yes to make an entry in the system log
when a policy is executed.
Type of Service
Set the new TOS value of the outgoing packet. Choose from Prioritize
incoming network traffic by choosing from No Change / Normal / Min
Delay / Max Thruput / Max Reliability.
Precedence
Set the new precedence value of the outgoing packet. Values range
from 0 to 7 or No Change.
Applying an IP Policy
This section shows you where to apply the IP Policies after you design them.
16.3.1 Ethernet IP Policies
From Menu 3 - Ethernet Setup, enter 2 to go to Menu 3.2 -TCP/IP Ethernet Setup.
16-4
IP Policy Routing
Prestige 1600 Universal Access Concentrator
You can choose up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 2, 4,
7, 9.
Menu 3.2 - TCP/IP Ethernet Setup
TCP/IP Setup:
IP Address= 192.68.0.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies= 2,4,7,9
Enter your
IP Policy
Sets here
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 16-4 Ethernet IP Policies
16.3.2 DSL IP Routing Policies
Go to Menu 6.1 and enter the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four
policy sets by entering their numbers separated by commas.
Menu 6.1 - Port Usage
Active= Yes
Device Type: IDSL
Speed= 128K
Encapsulation= PPP
Authen Method:
Protocol= None
User Name=
Password= ********
Enter your
IP Policy
Sets here
IP Address Assigned to Client= 192.168.255.1
Start of Public IP Address= 0.0.0.0
IP Count= 0
Multicast=
IP Policies= 1,2,3,4
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 16-5 IDSL IP Routing Policies
16.4
IP Policy Routing Example
If a network has both Internet and remote node connections, you can route Web packets to the Internet using one
policy and route FTP packets to a remote network using another policy. See the next figure.
IP Policy Routing
16-5
Prestige 1600 Universal Access Concentrator
Figure 16-6 Example of IP Policy Routing
To force Web packets coming from clients with IP addresses of 192.168.255.1 to 192.168.255.32 to be routed to
the Internet via the WAN port of the P1600, follow the steps mentioned next.
16-6
IP Policy Routing
Prestige 1600 Universal Access Concentrator
Step 1.
Create a routing policy set in Menu 25.
Step 2.
Create a rule for this set in Menu 25.1 - IP Routing Policy as shown next.
Menu 25.1 - IP Routing Policy
Policy Set Name= set1
Active= Yes
Criteria:
IP Protocol
= 6
Type of Service= Don't Care
Precedence
= Don't Care
Source:
addr start= 192.168.255.1
port start= 0
Destination:
addr start= 0.0.0.0
port start= 80
Action= Matched
Gateway addr
= 192.168.1.1
Type of Service= No Change
Precedence
= No Change
Packet length= 10
Len Comp= N/A
end= 192.168.255.32
end= N/A
end= N/A
end= 80
Log= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 16-7 IP Routing Policy Example
Step 3.
Check Menu 25.1 - IP Routing Policy Setup to see if the rule is added correctly.
Step 4.
Create another policy set in Menu 25.
Step 5.
Create a rule this set in Menu 25.2 to route packets from any host (IP=0.0.0.0 means any host) with
protocol TCP and port FTP access through another gateway (192.168.1.100).
Menu 25.2 - IP Routing Policy
Policy Set Name= set2
Active= Yes
Criteria:
IP Protocol
= 6
Type of Service= Don't Care
Precedence
= Don't Care
Source:
addr start= 0.0.0.0
port start= 0
Destination:
addr start= 0.0.0.0
port start= 20
Action= Matched
Gateway addr =192.168.1.100
Type of Service= No Change
Precedence
= No Change
Packet length= 10
Len Comp= N/A
end= N/A
end= N/A
end= N/A
end= 21
Log= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 16-8 IP Policy Routing
Step 6.
Check Menu 25.1 - IP Routing Policy Setup to see if the rule is added correctly.
Step 7.
Apply both policy sets in Menu 3.2 as shown next.
IP Policy Routing
16-7
Prestige 1600 Universal Access Concentrator
Menu 3.2 - TCP/IP Ethernet Setup
TCP/IP Setup:
IP Address= 192.68.0.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies= 1,2
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 16-9 Applying IP Policies
16-8
IP Policy Routing
Prestige 1600 Universal Access Concentrator
Chapter 17
Troubleshooting
17.1
Problems Starting Up the Prestige 1600
Table 17-1 Troubleshooting the Start-Up of your Prestige 1600
Troubleshooting
17.2
Corrective Action
None of the LEDs
are on when you
power on the
Prestige 1600.
Check the connection between the power cord and
your Prestige 1600.
Cannot access the
Prestige 1600 via
the console port.
Check to see if the Prestige 1600 is connected to
your computer's serial port.
If the error persists you may have a hardware
problem. In this case you should contact technical
support.
Check to see if the
communications
program is configured
correctly. The
communications
software should be
configured as
mentioned here.
VT100 terminal emulation
9600 Baud
No parity, 8 Data bits, 1
Stop bit
Flow Control set to None
Problems With the xDSL Port
Table 17-2 Troubleshooting an xDSL Port Connection
Troubleshooting
Cannot connect to
the xDSL Client
17.3
Corrective Action
Check Menu 24.1 to verify the line status. If it
indicates [down], then refer to the section on the
line problems.
Problems with the WAN Port
Table 17-3 Troubleshooting the WAN Port Connection
Troubleshooting
Cannot connect to
WAN device.
Corrective Action
Check if the WAN port is connected to an external
WAN device.
Check if the power of the external WAN device is
turned on.
Troubleshooting
17-1
Prestige 1600 Universal Access Concentrator
17.4
Problems with the LAN Interface
Table 17-4 Troubleshooting the LAN Interface
Troubleshooting
Can’t ping any station
on the LAN
Corrective Action
Check the Ethernet LED on the front panel of your
Prestige 1600. If it is off, check the cables
connecting your Prestige 1600 to the hub.
Verify that the IP address and the subnet mask in
Menu 3.2 are consistent between the Prestige 1600
and the workstations.
17.5
Problems Connecting to a Remote Node or ISP
Table 17-5 Troubleshooting a Connection to a Remote Node or ISP
Troubleshooting
Can’t connect to a
remote node or ISP
Corrective Action
Check Menu 24.1 to verify the line status. If it
indicates [down], then refer to the section on the
line problems.
Check the error log in Menu 24.3.1. If it does
indicate that something has gone wrong, it may be
an IP address configuration error.
17.6
General Instructions
If you have other problems, you can try the following options.
♦ Check the Menu 24.1 System Maintenance - Status, Menu 24.2.1 - System Information and Menu 24.3
System Maintenance - Log and Trace in order to locate the problem.
♦ Check the Troubleshooting section in the Support Notes.
♦ Use Debug commands to diagnose problems. In general, ZyXEL recommends that you use these commands
with the direction of your customer support representative.
17-2
Troubleshooting
Prestige 1600 Universal Access Concentrator
CI Commands
Use Menu 24.8 to enter command line mode. Please refer to the section 14.6 Command Interpreter Mode for
details about the SMT menu. The following table describes the syntax used to configure your Prestige using
Command Interface (CI) commands. For details on other CI commands to configure your Prestige, please consult
the supporting CD.
ZyXEL recommends that you use CI Commands for debugging purposes only. You are advised to
configure the Prestige through menu interface.
Command Syntax
CI user interface uses the following syntax:
command < iface | device > subcommand [Parma]
command subcommand [Parma]
command ? | help
command subcommand ? | help
[channel-name]: enet0 for Ethernet port, wan00 for WAN port (only available in P1600 primary), xdsln
(n=00~31) for xDSL port
[iface-name]: enif0 for Ethernet port, wanif0 for WAN port (only available in P1600 primary), wanifn
(n=01~32) for IDSL port
System Related Commands
CI Command
Options
Description
sys
cbuf
cnt
disp
cpu
disp
Display cbuf static
clear
Clear cbuf static
[a|f|u]
Display cbuf a: all f: free u: used
disp
Display CPU utilization
dir
Display file directory
edit
<filename>
Edit a text file
errctl
[level]
Set the error control level
0:crash no save, not in debug mode
(default)
1:crash no save, in debug mode
2:crash save, not in debug mode
3:crash save, in debug mode
event
display
trace
feature
fid
CI Commands
Display tag flags information
[display|clear]
Display system event information
Display feature bit
display
Display function id list
A
Prestige 1600 Universal Access Concentrator
CI Command
Options
Description
filter
disp
Display filter statistic counters
clear
Clear filter statistic counter
sw
[on|off]
hostname
iface
Display system hostname
disp
Display iface list
disp
Display log error
clear
Clear log error
log
online
[on|off]
Turn on/off error log online display
cnt
[disp|cl]
Display or clear system mbuf count
link
link
List system mbuf link
pool
[id] [type]
List system mbuf pool
mbuf
status
disp
Display system mbuf status
<address>
Display mbuf status
memutil
usage
Display memory allocate and heap
status
mq
<address> <len>
Display memory queues
mcell
mid [f|u]
Display memory cells by given ID
msecs
Display memory sections
disp
Display all process information
pro
stack
[TAG]
Display process's stack by a give TAG
ps
[TAG]
Display process's status by a give TAG
disp
[a|f|u] [start#] [end#]
Display queue by given status and range
numbers
ndisp
[#]
Display a queue by a given number
queue
quit
Quit CI command mode
reboot
[code]
Reboot system
code = 0 cold boot,
= 1 immediately boot
= 2 bootModule debug mode
reslog
roadrun
disp
[disp|clear]
Display resources trace
<iface-name>
Display roadrunner information
iface-name: enif0, wanif0, wanifn
(n=01~32)
B
CI Commands
Prestige 1600 Universal Access Concentrator
CI Command
debug
Options
<level>
Description
Enable/disable roadrunner service
0: diable <default>
1: enable
restart
<iface-name>
dump
[root|rn|user|slot]
socket
spt
size
stdio
Dump spt raw data
Display spt record size
[second]
Change terminal timeout value
[a|f|u]
Display timer cell
timer
disp
trcdisp
Monitor packets
.
.
brief
.
Online display packet content briefly
.
.
parse
.
Online parse packet content
trcl
call
Display call event
clear
Clear trace
disp
Display trace log
level
[#]
Set trace level of trace log #:1-10
online
[on|off]
Set on/off trace log online
switch
[on|off]
Set system trace log
type
<bitmap>
Set trace type of trace log
chann
<channel name>
Set packet trace direction for a given
[none|incoming|outgoing|bothway] channel
trcp
<channel name>=enet0, wan00, idsln
(n=00~31)
create
<entry> <size>
Create packet trace buffer
destroy
Packet trace related commands
disp
Display packet trace
string
switch
[on|off]
Turn on/off the packet trace
udp
[sw|addr|port]
Send packet trace to other system
brief
parse
Display packet content briefly
[[begin_idx], end_idx]
version
Parse packet content
Display RAS code and driver version
view
<filename>
View a text file
switch
[on|off]
Set on/off wdog
cnt
<value>
Display watchdog counts value: 0-34463
wdog
CI Commands
C
Prestige 1600 Universal Access Concentrator
DSL related CI Commands
CI Command
xdsl cnt
test
event
Options
Description
disp
chann name|scc2|scc4
Display idsl channel/line counter
clear
chann name|scc2|scc4
Clear idsl channel/line counter
disp
packet
0|1|2
event
chann name
inernal
chann name
cnt
Do internal loopback
external
chann name
cnt
Do external loopback
Set packet display mode in testing
on|off
disp
Display ZyNOS event
clear
Clear ZyNOS event
netstat chann name
Display network state
reset
chann name
Reset channel
drop
chann name
Drop channel
version
Display NDIS version
debug
on|off
dpram
system
line name
Display system descriptor
parameter
line name
Display channel parameters
inttable
line name
Display interrupt table
bd
chann name
Display buffer descriptor
bf
chann name
Display buffer
rci
chann name|all
Read layer1 CI code
wci
chann name
rmon
chann name|all
wmon
chann name
status
chann name
setbw
chann name
parameter
scc2|scc4
Display SCC parameters
inttable
scc2|scc4
Display interrupt table
chantable
chann name
Display channel parameter table
bd
chann name
Display buffer descriptor
bf
chann name
Display buffer
idsl
D
Set event display mode in testing
Enable/disable debug. If enable and system crash,
system will reboot and stop at BootExt
CI code
[up]
Write layer 1 CI code (up for upstream)
Read layer1 Monitor code
mon code 1
mon
Write layer1 Monitor code
code 2
Display layer1 near-end and far-end error count
1:128K, 2:64K
Set layer1 bandwidth
modem xx
Modem related CI command
xdsl
xDSL related CI command
xx
CI Commands
Prestige 1600 Universal Access Concentrator
IP related CI Commands
Options
CI Command
ip
address
Description
display host ip address
arp
add
<hostid> ether <ether
addr>
add arp
drop
<hostid> [ether]
drop arp
flush
flush arp
publish
add proxy arp
resolve
<hostid>
status
display ip arp status
dhcp
set dhcp configuration
arpcount
<num>
dnsserver
<dnsIP1> <dnsIP2>
gateway
<gateway IP>
hostname
<hostname>
leasetime
<period>
netmask
<netmask>
pool
<start IP> <num>
rebindtime
<period>
renewaltime
<period>
reset
status
<iface-name> st
display iface DHCP information
iface-name wanif2, wanif1, wanif0, enif1,
enif0
client release
release DHCP client IP
client renew
renew DHCP client IP
dns
table
display dns table
stats
[disp|clear]
check
[cmd|rsp|indication]
display or clear dns statistics
icmp
data
echo
[on|off]
status
trace
CI Commands
display icmp statistic counter
[on|off]
turn on/off trace for debugging
E
Prestige 1600 Universal Access Concentrator
ifconfig
display ifconfig
ping
<hostid>
ping remote host
pong
<hostid> [<size> <timeinterval>]
pong remote host
rip
accept
<gateway>
activate
ip
rip
dialin_user
[show|in|out|both|none]
merge
[on|off]
RIP merging
mode
<iface> [in|out] [mode]
mode: 0 - 3
refuse
<gateway>
request
reverse
[on|off]
status
RIP Poisoned Reverse
display rip statistic counters
trace
route
add
<dest addr>[/<bits>]
<gateway> [<metric>]
addprivate
add route
add private route
drop
<host address> [/bits]
drop a route
errcnt
[disp|clear]
display|clear routing statistic counters
flush
flush route table
lookup
status
display routing table
status
display ip statistic counters
sua
iface
<iface>
disp
display single user account statistic
set
<IP addr> <Port #>
ceiling
<value>
TCP maximum round trip time
floor
<value>
TCP minimum rtt
irtt
<value>
TCP default init rtt
limit
<value>
mss
<size>
tcp
kick
TCP input MSS
reset
rtt
status
syndata
F
display TCP statistic counters
[on|off]
TCP syndata piggyback
CI Commands
Prestige 1600 Universal Access Concentrator
trace
[on|off]
turn on/off trace for debugging
window
[size]
TCP input window size
tftp
stats
support
udp
CI Commands
status
G
Prestige 1600 Universal Access Concentrator
Ethernet Related CI Command
Options
CI Command
Description
ether
config
display LAN configuration information
driver
cnt
mac
disp <ch-name>
display ether driver counters
clear <ch-name>
ch-name: enet0, enet1
<macaddr>
Set LAN Mac address
reg
ether
driver
display LAN hardware related registers
status
<ch-name>
ch-name: enet0, enet1
rxmod
<mode>
set LAN receive mode.
mode: 1: turn off receiving
2: receive only packets of this interface
3: mode 2+ broadcast
5: mode 2 + multicast
6: all packets
debug
display ethernet debug infomation
disp
<ch-name>
display ethernet debug infomation
level
<ch-name> <level>
set the ethernet debug level
level 0: disable debug log
level 1:enable debug log (default)
arp
[ip-addr]
disp event
[ch-name] [on|off]
disp packet
[1|2|3]
sap
version
H
CI Commands
Prestige 1600 Universal Access Concentrator
Glossary
10BaseT
The 10-Mbps baseband Ethernet specification that uses two pairs of twisted-pair cabling
(Category 3 or 5): one pair for transmitting data and the other for receiving data.
ADSL
Asymmetric Digital Subscriber Line. A digital subscriber line (DSL) technology in which the
transmission of data from server to client is much faster than the transmission from the client to
the server.
ARP
Address Resolution Protocol is a protocol for mapping an Internet Protocol address (IP address)
to a physical machine address that is recognized in the local network.
ATU-C and ATU-R
ADSL Transmission Unit, Central or Remote: the device at the end of an ADSL line that stands
between the line and the first item of equipment in the subscriber premises or telephone switch.
It may be integrated within an access node.
Backbone
A high-speed line or series of connections that forms a major pathway within a network.
Bandwidth
This is the capacity on a link usually measured in bits-per-second (bps).
bandwidth-on-demand
The ability of a user to dynamically set upstream and downstream line speeds to a particular
rate of speed.
Bit
(Binary Digit) -- A single digit number in base-2, in other words, either a one or a zero. The
smallest unit of computerized data.
bps
Bits per second. A standard measurement of digital transmission speeds.
Byte
A set of bits that represent a single character. There are 8 bits in a Byte.
Call Filtering
Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing
packets must undergo data filtering before they encounter call filtering.
CDR
Call Detail Record. This is a name used by telephone companies for call related information.
CHAP
Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending
passwords over the wire by using a challenge/response technique.
CI/CLI Commands
CI/CLI (Command Interface/Command Line Interface) commands can be accessed via Menu
24.8. For details on CI commands to configure your Prestige, please consult the supporting CD.
ZyXEL recommends use of the CI Commands only for debugging purposes.
CIR
See Committed Information Rate.
Client
A software program that is used to contact and obtain data from a Server software program on
another computer. Each Client program is designed to work with one or more specific kinds of
Server programs and each Server requires a specific kind of Client. A Web Browser is a specific
kind of Client.
Committed
Information Rate
The carrier programs virtual circuits into the network between your sites and charges you for a
specific level of service called the committed information rate (CIR). The CIR is a negotiated rate
and is basically a guarantee that the carrier will always have that bandwidth available. The CIR
limit for the Prestige is 8000Kbps. The sum of CIRs from all channels in a line cannot exceed
8000Kbps due to the processing limit of the P1600 CPU.
CPE
Customer Premises Equipment: that portion of the ADSL system residing within the customer's
premises.
crossover Ethernet
cable
A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable
connects two similar devices, for example, two data terminal equipment (DTE) or data
communications equipment (DCE) devices.
CSU/DSU
Channel Service Unit/Data Service Unit. CSUs (channel service units) and DSUs (data service
units) are actually two separate devices, but they are used in conjunction and often combined
into the same box. The devices are part of the hardware you need to connect computer
equipment to digital transmission lines. The Channel Service Unit device connects with the
digital communication line and provides a termination for the digital signal. The Data Service
Unit device, sometimes called a digital service unit, is the hardware component you need to
transmit digital data over the hardware channel. The device converts signals from bridges,
routers and multiplexors into the bipolar digital signals used by the digital lines. Multiplexors mix
voice signals and data on the same line.
Data Filtering
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters
Glossary
I
Prestige 1600 Universal Access Concentrator
are divided into incoming and outgoing filters, depending on the direction of the packet relative
to a port. Data filtering can be applied on either the WAN side or the LAN side.
J
DCE
Data Communications Equipment is typically a modem or other type of communication device.
The DCE sits between the DTE (data terminal equipment) and a transmission circuit such as a
phone line.
Device Filter Rules
For Device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX
packet. You specify the portion of the packet to check with the Offset (from 0) and the Length
fields, both in bytes.
DHCP
Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they
log on. DHCP centralizes IP address management on central computers that run the DHCP
server program. DHCP leases addresses for a period of time which means that addresses are
made available to assign to other systems.
DLCI
For Frame Relay connections, DLCI (Data Link Connection Identifier) is a path number of a
portion of the PVC (the DLCI changes for each hop through the network). It is a logical identifier
with local significance only and is not the address of the destination.
DNS
Domain Name System links names to IP addresses. When you access Web sites on the
Internet, you can type the IP address of the site or the DNS name. When you type a domain
name in a Web browser, a query is sent to the primary DNS server defined in your Web
browser’s configuration dialog box. The DNS server converts the name you specified to an IP
address and returns this address to your system. From then on, the IP address is used in all
subsequent communications.
Domain Name
The unique name that identifies an Internet site. Domain Names always have two or more parts,
separated by dots. The part on the left is the most specific and the part on the right is the most
general.
DRAM
Dynamic RAM that stores information in capacitors that must be refreshed periodically.
DSL
Digital Subscriber Line technologies enhances the data capacity of the existing twisted-pair wire
that runs between the local telephone company switching offices and most homes and offices.
There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52
Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both
directions), or asymmetrical (the downstream capacity is higher than the upstream capacity).
DSL connections are point-to-point dedicated circuits, meaning that they are always connected.
There is no dial-up. There is also no switching, which means that the line is a direct connection
into the carrier’s frame relay, ATM (Asynchronous Transfer Mode), or Internet-connect system.
DSLAM
A Digital Subscriber Line Access Multiplexer (DSLAM) is a network device, usually at a
telephone company central office, that receives signals from multiple customer Digital
Subscriber Line connections and puts the signals on a high-speed backbone line using
multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with
some combination of asynchronous transfer mode ATM, frame relay, or IP networks.
DTE
Originally, the DTE (data terminal equipment) was a dumb terminal or printer, but today it is a
computer, or a bridge or router that interconnects local area networks.
Dual Firmware Block
Structure
The Prestige 1600 employs a “dual firmware block structure” where one block is called the “main
block” and the other block is called the “backup block”. You can save the current firmware into
the backup block before you try to upload new firmware. If the firmware in the main block gets
corrupted, the Prestige will try to boot from the backup block automatically so the service will not
get interrupted.
E1
European basic multiplex rate which packs thirty voice channels into a 256 bit frame and
transmitted at 2.048 Mbps.
EIR (Excess
Information Rate)
This is the burst capability of the connection, i.e., the maximum allowable data transfer rate.
EMI
ElectroMagnetic Interference. The interference by electromagnetic signals that can cause
reduced data integrity and increased error rates on transmission channels.
Ethernet
A very common method of networking computers in a LAN. There are a number of adaptations
to the IEEE 802.3 Ethernet standard, including adaptations with data rates of 10 Mbits/sec and
100 Mbits/sec over coaxial cable, twisted-pair cable and fiber-optic cable. The latest version of
Ethernet, Gigabit Ethernet, has a data rate of 1 Gbit/sec.
FAQ
(Frequently Asked Questions) -- FAQs are documents that list and answer the most common
questions on a particular subject.
Glossary
Prestige 1600 Universal Access Concentrator
FCC
The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic
spectrum and thus the bandwidth of various communication systems.
Filters
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a
call. There are two types of filter applications: data filtering and call filtering.
Flash memory
The nonvolatile storage that can be electrically erased and reprogrammed so that data can be
stored, booted and rewritten as necessary.
Frame Relay
Frame relay is a metropolitan and wide area networking solution that implements a form of
packet-switching technology. It routes frames of information from source to destination over a
switching network.
FTP
File Transfer Protocol. The Internet protocol (and program) used to transfer files between hosts.
Gateway
A gateway is a computer system or other device that acts as a translator between two systems
that do not use the same communication protocols, data formatting structures, languages,
and/or architecture.
HDLC
HDLC (High-level Data Link Control) is a bit-oriented (the data is monitored bit by bit), link layer
protocol for the transmission of data over synchronous networks.
hop count
A measure of distance between two points on the Internet. It is equivalent to the number of
gateways that separate the source and destination.
Host
Any computer on a network that is a repository for services available to other computers on the
network. It is quite common to have one host machine provide several services, such as WWW
and USENET.
IANA
Internet Assigned Number Authority acts as the clearinghouse to assign and coordinate the use
of numerous Internet protocol parameters such as Internet addresses, domain names, protocol
numbers, and more. The IANA Web site is at http://www.isi.edu/iana.
ICMP
Internet Control Message Protocol is a message control and error-reporting protocol between a
host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the
messages are processed by the TCP/IP software and are not directly apparent to the application
user.
IDSL
Uses ISDN transmission technology to deliver data at 128kbps into an IDSL "modem bank"
connected to a router.
IGMP
IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish
membership in a multicast group - it is not used to carry user data.
Internet
(Lower case i) Any time you connect two or more networks together, you have an internet.
Internet
(Upper case I) The vast collection of inter-connected networks that all use the TCP/IP protocols
and that evolved from the ARPANET of the late 60’s and early 70’s.
Intranet
A private network inside a company or organization that uses the same kinds of software that
you would find on the public Internet, but that is only for internal use.
IP
Internet Protocol (currently IP version 4, or IPv4), is the underlying protocol for routing packets
on the Internet and other TCP/IP-based networks.
IP Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1
recipient) or Broadcast (1 sender to everybody on the network). IP Multicast is a third way to
deliver IP packets to a group of hosts on the network - not everybody.
IP Policy Routing
(IPPR)
IPPR provides a mechanism to override the default routing behavior and alter the packet
forwarding based on the policy defined by the network administrator. Policy-based routing is
applied to incoming packets on a per interface basis prior to the normal routing.
IPCP (PPP)
IP Control Protocol allows changes to IP parameters such as the IP address.
ISO
International Standards Organization. A voluntary, non-treaty organization founded in 1946,
responsible for creating international standards in many areas, including computers and
communications.
ISP
Internet Service Provider: an organization offering and providing Internet services to the public
and having its own computer servers to provide the services offered.
ITU-T
International Telecommunications Union, Standardization Sector. ITU-T is the
telecommunication standardization sector of ITU and is responsible for making technical
Glossary
K
Prestige 1600 Universal Access Concentrator
recommendations about telephone and data (including fax) communications systems for service
providers and suppliers.
L
LAN
Local Area Network is a shared communication system to which many computers are attached.
A LAN, as its name implies, is limited to a local area. This has to do more with the electrical
characteristics of the medium than the fact that many early LANs were designed for
departments, although the latter accurately describes a LAN as well. LANs have different
topologies, the most common being the linear bus and the star configuration.
LEC
Local Exchange Carrier: one of the new U.S. telephone access and service providers that have
grown up with the recent U.S. deregulation of telecommunications.
MAC
On a local area network (LAN) or other network, the MAC (Media Access Control) address is
your computer's unique hardware number. (On an Ethernet LAN, it is the same as your Ethernet
address.) The MAC layer frames data for transmission over the network, then passes the frame
to the physical layer interface where it is transmitted as a stream of bits.
NAT
Network Address Translation is the translation of an Internet Protocol address used within one
network to a different IP address known within another network - see also SUA.
NAT Server Set
A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to
the outside world.
NDIS
Network Driver Interface Specification is a Windows® specification for how communication
protocol programs (such as TCP/IP) and network device drivers should communicate with each
other.
Network
Any time you connect two or more computers together so that they can share resources, you
have a computer network. Connect two or more networks together and you have an internet.
NIC
Network Interface Card. A board that provides network communication capabilities to and from a
computer system. Also called an adapter.
Node
Any single computer connected to a network.
PAP
Password Authentication Protocol PAP is a security protocol that requires users to enter a
password before accessing a secure system. The user’s name and password are sent over the
wire to a server, where they are compared with a database of user account names and
passwords. This technique is vulnerable to wiretapping (eavesdropping) because the password
can be captured and used by someone to log onto the system.
Port
An Internet port refers to a number that is part of a URL, appearing after a colon (:) right after
the domain name. Every service on an Internet server listens on a particular port number on that
server. Most services have standard port numbers, e.g. Web servers normally listen on port 80.
POTS
Plain Old Telephone Service is the analog telephone service that runs over copper twisted-pair
wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and
businesses to a neighborhood central office. This is called the local loop. The central office is
connected to other central offices and long-distance facilities.
PPP
Point to Point Protocol. PPP encapsulates and transmits IP (Internet Protocol) datagrams over
serial point-to-point links. PPP works with other protocols such as IPX (Internetwork Packet
Exchange). The protocol is defined in IETF (Internet Engineering Task Force) RFC 1661
through 1663. PPP provides router-to-router, host-to-router and host-to-host connections.
Primary
The P1600 in primary mode provides concentration, network management, Internet access and
routing functions as well as uses the FlexWan port as the interface to the trunk.
PSTN
Public Switched Telephone Network was put into place many years ago as a voice telephone
call-switching system. The system transmits voice calls as analog signals across copper twisted
cables from homes and businesses to neighborhood COs (central offices); this is often called
the local loop. The PSTN is a circuit-switched system, meaning that an end-to-end private circuit
is established between caller and callee.
PTT
The generic European name is usually used to refer to state-owned telephone companies.
PVC
Permanent Virtual Circuit. A PVC is a logical point-to-point circuit between customer sites. PVCs
are low-delay circuits because routing decisions do not need to be made along the way.
Permanent means that the circuit is preprogrammed by the carrier as a path through the
network. It does not need to be set up or torn down for each session.
RADIUS
Remote Authentication Dial-In User Service (RADIUS). A client/server security protocol created
by Livingston Enterprises. Security information is stored in a central location, known as the
RADIUS server.
Glossary
Prestige 1600 Universal Access Concentrator
RADIUS Accounting
This facility logs information about dial-in connections. It can be used independently of RADIUS
Authentication. It allows data to be sent at the start and the end of sessions, indicating the
amount of resources (time, packets, bytes, etc.) used during the session. An ISP could use this
function for special security and billing needs.
RADIUS
Authentication
An external RADIUS server can provide authentication service for an unlimited number of DSL
users.
RFC
An RFC (Request for Comments) is an Internet formal document or standard that is the result of
committee drafting and subsequent review by interested parties. Some RFCs are informational
in nature. Of those that are intended to become Internet standards, the final version of the RFC
becomes the standard and no further comments or changes are permitted. Change can occur,
however, through subsequent RFCs.
RIP
Routing Information Protocol is an interior or intra-domain routing protocol that uses the
distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare
environment as a method for exchanging routing information between routers.
RS-232
An EIA standard which is the most common way of linking data devices together.
SDSL
Symmetrical Digital Subscriber Line is a symmetrical, bi-directional DSL service that operates on
one twisted-pair wire. It can provide data rates up to the T1 rate of 1.544 Mbits/sec and it
operates above the voice frequency, so voice and data can be carried on the same wire.
Secondary
The P1600 secondary provides concentration, network management, Internet access and
routing functions as well but only through the LAN interface.
Server
A computer, or a software package that provides a specific kind of service to client software
running on other computers.
SMT
The SMT (System Management Terminal) is the interface that you use to configure your
Prestige.
SNMP
System Network Management Protocol is a popular management protocol defined by the
Internet community for TCP/IP networks. It is a communication protocol for collecting information
from devices on the network.
Splitter
A filter to separate ADSL signals from POTS signals to prevent mutual interference.
Standalone
Standalone SMT configurations are the same as a secondary, but in this configuration mode, it
does not have to work with a primary. You can connect a router to its LAN port.
STP
Twisted-pair cable consists of copper-core wires surrounded by an insulator. Two wires are
twisted together to form a pair and the pair form a balanced circuit. The twisting prevents
interference problems. STP (shielded twisted-pair) provides protection against external
crosstalk.
Straight-through
Ethernet Cable
A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for
example, a data terminal equipment (DTE) device and a data communications equipment (DCE)
device. A straight-through Ethernet cable is the most common cable used.
SUA
SUA (Single User Account) is a proprietary ZyXEL implementation of a subset of NAT that
supports two types of mapping, Many-to-One and Server - see also NAT.
Subnet Mask
A bit mask used to select bits from an Internet address for subnet addressing. The mask is 32
bits long and selects the network portion of the Internet address and one or more bits of the
local portion.
SYSLOG
SYSLOG allows you to log significant system information to a remote server.
T1
Twenty-four voice channels packed into a 193 bit frame and transmitted at 1.544 Mbps. The
unframed version, or payload, is 192 bits at a rate of 1.536 Mbps.
TCP
Transmission Control Protocol. The major transport protocol in the Internet suite of protocols
providing reliable, connection-oriented full-duplex streams.
TCP/IP Filter Rules
TCP/IP filter rules allow you to base the rule on the fields in the IP and the upper layer protocol,
e.g., UDP and TCP headers.
Telco
The generic name for telephone companies throughout the world which encompasses RBOCs,
LECs and PTTs.
Telnet
The virtual terminal protocol in the Internet suite of protocols. Allows users of one host to log into
a remote host and act as normal terminal users of that host.
Glossary
M
Prestige 1600 Universal Access Concentrator
N
Terminal
A device that allows you to send commands to a computer somewhere else. At a minimum, this
usually means a keyboard and a display screen and some simple circuitry.
Terminal Software
Software that pretends to be (emulates) a physical terminal and allows you to type commands to
a computer somewhere else.
TFTP
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP (File Transfer
Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP
uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
UDP
UDP is a connectionless transport service that dispenses with the reliability services provided by
TCP. UDP gives applications a direct interface with IP and the ability to address a particular
application process running on a host via a port number without setting up a connection session.
URL
(Uniform Resource Locator) URL is an object on the Internet or an intranet that resides on a
host system. Objects include directories and an assortment of file types, including text files,
graphics, video and audio. A URL is the address of an object that is normally typed in the
Address field of a Web browser. The URL is basically a pointer to the location of an object.
Virtual Connection
(VC)
A link that seems and behaves like a dedicated point-to-point line or a system that delivers
packets in sequence, as happens on an actual point-to-point network. In reality, the data is
delivered across a network via the most appropriate route. The sending and receiving devices
do not have to be aware of the options and the route is chosen only when a message is sent.
There is no pre-arrangement, so each virtual connection exists only for the duration of that one
transmission.
WAN
Wide Area Network s link geographically dispersed offices in other cities or around the globe.
Just about any long-distance communication medium can serve as a WAN link, including
switched and permanent telephone circuits, terrestrial radio systems and satellite systems.
WWW
(World Wide Web) - Frequently used when referring to "The Internet", WWW has two major
meanings - First, loosely used: the whole constellation of resources that can be accessed using
Gopher, FTP, HTTP, telnet, USENET, WAIS and some other tools. Second, the universe of
hypertext servers (HTTP servers).
Glossary
Prestige 1600 Universal Access Concentrator
Index
DNS, 3-6, 3-7
A
DNS Server, 3-6
Acct-Session-Id, 12-6
Domain Name, 3-6, 9-10
Acct-Status-Type, 12-6
DSL clients, 1-4
Action Matched, 10-4
DSL Comparison, xx
ADSL (Asymmetric DSL), xix
DSL Ports
ANSI (American National Standards Institute), 4-2
Example
IDSL, 6-4
Authentication, 7-2
Method, 6-4
Setup, 6-1
Outgoing, 7-3
Speed, 6-3
User Authentication, 6-5
B
DSL related CI Commands, D
Boot Module Commands, 14-9
E
C
EIR (Excess Information Rate), 4-4
Encapsulation, 4-5, 7-4
CHAP, 7-2
CI Commands. See Command Interpreter Mode
PPP, 4-3
CLI/CI (Command Line Interface), 14-9
RFC 1490, 4-3
Ethernet Related CI Command, H
Clock Source, 4-1
Command Interpreter Mode, xvii, 14-9
F
Command Syntax, A
Committed Information Rate, 4-4
Feature Overview
Community, 11-2
Full Network Management, 1-3
Compression, 7-4
Quick, 1-1
Configuration Examples, 2-3
Filename Conventions, 15-1
Console Port Speed, 14-6
Filter
Contacting Customer Support, iv
NAT, 10-5
Filters
Copyright, ii
CPE Devices, 1-5
About, 10-1
Current Date, 14-10
Applying, 10-11
Current Time, 14-10
Ethernet, 10-11
Customer Support, iv
Remote Node, 10-12
Call Filtering, 10-1
D
Configuring a Filter Rule, 10-5
Digital Subscriber Line (DSL), xix
Configuring a Filter Set, 10-3
Disclaimer, ii
Data Filtering, 10-1
DLCI, 4-4, 14-3
Device
Index
O
Prestige 1600 Universal Access Concentrator
Internal Filename, 15-2
Abbreviations, 10-5
Internet Access Configuration
Device Filter Rule, 10-9
Executing a Filter Rule, 10-1
Primary, 5-5
IP
Standalone, 9-15
Internet Access Setup, 9-3
Abbreviations, 10-5
Logic Flow of an IP Filter, 10-8
Internet Service Provider, 2-2
More, 10-4
IP Address, 5-3, 5-4, 7-2, 7-5
Rules Summary, 10-4
Default, 5-1
Session Options, 7-2
Standalone, 5-3
Structure, 10-1
IP Count, 6-4
TCP/IP Filter Rule, 10-6
IP Multicast, 5-3
Flow Control, 17-1
IP Policies, 16-4
Frame Relay, 4-2
IP Policy Routing (IPPR), 5-4, 16-1
Remote Node, 4-5
Applying an IP Policy, 16-4
Standards, 4-2
Benefits, 16-1
Frame Relay Solution, 4-2
Cost Savings, 16-1
FTP Server, 9-13
Criteria, 16-1
Ethernet IP Policies, 16-4
G
Gateway, 16-4
Load Sharing, 16-1
General Setup, 3-6
Remote Node IP Policies, 16-5
Menu Fields, 3-7
Setup, 16-1
Glossary, I
IP related CI Commands, E
H
IP Routing Policy, 16-4
Hidden Menus, 3-2
IP Routing Policy Setup, 16-3
HTTP, 9-10
ITU – T (International Telecommunication Union –
Telecommunications Standardization Sector), 4-2
HyperTerminal, 15-4
L
I
IDSL
Port Setup, 6-1
IDSL (ISDN DSL), xix
IGMP (Internet Group Multicast Protocol), 5-3
Initial Screen, 3-1
Interactive Applications, 16-1
Interface
ADSL, 1-1
Ethernet, 1-2
LAN, 5-3, 14-3
Receiving, 14-3
Transmitting, 14-3
Len Comp, 16-4
Link Management, 4-2, 4-3
Link Type, 4-3
Log Facility, 14-7
Login, 5-6, 7-2
Login Screen, 3-1
IDSL, 1-1
M
SDSL, 1-1
WAN, 1-2
Machine Types, 1-3
Main Menu, 3-4
P
Index
Prestige 1600 Universal Access Concentrator
Secondary, 3-5
Password, 3-1, 3-5, 5-6, 7-2, 11-2, 12-1
Summary, 3-4
Physical Dimensions, 1-1
Management Information Base (MIB), 11-2
Port Usage, 6-3
MDU, 2-1
Power Requirement, 1-1
Metric, 7-5
PPP, 7-2
Cisco, 7-4
My WAN Addr, 5-6, 7-5
Editing PPP Options, 7-3
N
Standard, 7-4
NAS-Port, 12-6
Precedence, 16-1, 16-4
NAS-Port-DNIS, 12-6
Primary, 1-3
NAT, 10-5
Private, 7-5, 8-3
Applying NAT in the SMT Menus, 9-3
Q
Configuring, 9-5
Definitions, 9-1
Quality of Service, 16-1
Ethernet Port, 9-14
R
Examples, 9-10
How NAT Works, 9-2
RADIUS
Inside Servers, 9-9
Accounting, 12-4
Mapping Types, 9-2
Accounting Attributes, 12-6
Non NAT Friendly Application Programs, 9-14
Authentication, 12-2
Ordering Rules, 9-7
Installing External Server, 12-2
Port Numbers, 9-10
Server, 12-3
Remote Management, 9-14, 13-2
ras, 15-2
Server Sets, 9-5, 9-9
ras-b, 15-2
Type, 9-8
ras-m, 15-2
What NAT does, 9-1
Related Documentation, xviii
Navigating the SMT Interface, 3-2
Remote Configuration, 1-3
Network Address Translation (NAT), 1-2, 9-1
Remote Firmware Upgrades, 1-2
Network Management, 1-2
Remote Node, 7-1, 14-2, 14-4
Network Modules, xvii
Setup, 7-1
ADSL, xvii
Required fields, 3-2
IDSL, xvii
Resetting, 3-6
SDSL, xvii
RIP. See Routing Information Protocol
No-Change, 9-2
Version, 7-5
rom-0, 15-2
O
rom-spt, 15-2
Routing Information Protocol, 5-3
Operating Environment, 1-1
Direction, 5-3
P
PAP, 7-2
Version, 5-3
Routing Policy, 16-1
PAP/CHAP, 6-5
Index
Q
Prestige 1600 Universal Access Concentrator
S
SDSL (Symmetric DSL), xix
Secondary, 1-3
Security, 1-2
Server, 3-7, 9-2, 9-3, 9-4, 9-6, 9-8, 9-10, 9-12
Single User Account, 5-6
slot 3, xvii
SMT. See System Management Terminal
SNMP
Community, 11-3
Configuration, 11-2
Get, 11-2
Manager, 11-1
MIBs, 11-2
Trap, 11-2
Trusted Host, 11-3
Restore, 15-4
Console Port, 15-5
FTP, 15-4
TFTP, 15-5
Syslog & Accounting, 14-7
System Status, 14-1
System Management Terminal, 3-2
System Management Terminal (SMT, xvii
System Related Commands, A
System Security, 3-4, 3-5, 3-6, 12-1
Password, 12-1
System Status
DSL Port Status, 14-3
Route Status, 14-4
WAN/LAN, 14-2
System Up Time, 14-3
SNMP ( Simple Network Management Protocol), 11-1
T
Standalone, 1-3
Static Route, 8-1
Configuration, 8-1
Static Route Setup
Menu Fields, 8-3
SUA (Single User Account). See NAT
SUA Only, 9-5
Subnet Mask, 5-3, 5-4, 7-5
Syntax Conventions, xvii
System Information, 14-5
TCP/IP, 5-4, 10-5, 14-8
Telnet, 13-1
Capabilities, 13-2
Single Administrator, 13-2
Timeout, 13-2
Time and Date Setting, 14-10
TOS (Type of Service), 16-1
Type of Service, 16-1, 16-3, 16-4
Type Of Service, 16-3
System Maintenance, 14-10
U
Backup, 15-3
Console Port, 15-3
FTP, 15-3
TFTP, 15-3
Console Port Speed, 14-6
Diagnostic, 14-8
Drop IDSL, 14-8
Ping, 14-8
Reboot, 14-8
Reset IDSL, 14-8
Log & Trace, 14-6
UNIX syslog, 14-7
Up Time, 14-2
Upload Firmware, 15-6
Console Port, 15-8
Dual Firmware Block Structure, 15-6
FTP, 15-6
TFTP, 15-8
Upload Router Configuration File, 15-9
FTP, 15-9
TFTP, 15-10
Viewing, 14-6
Menu 24, 14-1
R
Index
Prestige 1600 Universal Access Concentrator
V
VT100, 17-1
Z
ZyNOS, 9-4, 15-8, 16-1
ZyXEL Limited Warranty, iii
W
WAN Port Setup, 4-1
Index
S

advertisement

Key Features

  • High-performance
  • Multi-user access
  • High-speed Internet access
  • Versatile deployment options
  • Advanced security features
  • Remote management capabilities
  • Flexible configuration options
  • Easy setup and maintenance
  • Robust and reliable
  • Support for various WAN connections

Frequently Answers and Questions

What is the purpose of the Prestige 1600?
The Prestige 1600 is a Universal Access Concentrator designed to provide high-speed Internet access for multiple users. It can be deployed in various environments, such as high-rise buildings, college campuses, and Internet Service Providers (ISPs).
How many users can the Prestige 1600 support?
The Prestige 1600 can support up to 16 users simultaneously. The exact number of users that can be supported depends on the specific configuration and network conditions.
What types of WAN connections does the Prestige 1600 support?
The Prestige 1600 supports various WAN connections, including PPP over HDLC, Frame Relay, and Ethernet.
How do I configure the Prestige 1600 for remote management?
The Prestige 1600 can be remotely managed via telnet or a web browser. You can configure the device for remote management using the System Management Tool (SMT) interface.
What are the security features of the Prestige 1600?
The Prestige 1600 offers various security features, including password protection, RADIUS authentication, and access control lists. These features help to secure your network and protect sensitive information.
How do I upgrade the firmware on the Prestige 1600?
The firmware of the Prestige 1600 can be upgraded using FTP, TFTP, or the console port. You can download the latest firmware from the ZyXEL website.

Related manuals

Download PDF

advertisement