ZyXEL Prestige 1100 WAN Access Router Uživatelská příručka
Below you will find brief information for Prestige 1100. This WAN Access Router provides internet access and LAN-to-LAN connectivity. It features flexible configuration options for TCP/IP, IPX, and bridging, allowing customization to match your network needs. Setup includes WAN port configuration, Ethernet setup, and remote node configurations for various protocols. Security features include password protection and filtering options. The Prestige 1100 also supports remote management and diagnostic tools for troubleshooting.
Advertisement
Advertisement
Prestige 1100
WAN Access Router
User's Guide
Version 2.50
Nov 1999
ZyXEL
T OTAL I NTERNET A CCESS S OLUTION
Prestige 1100 Internet Access Router
Prestige 1100
WAN Access Router
Copyright
Copyright © 1999 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications
Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Neither does it convey any license under its patent rights nor the patents rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
ii
Prestige 1100 Internet Access Router
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two (2) years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty Card for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid (USA and territories only). If the customer desires some other return destination beyond the
U.S. borders, the customer shall bear the cost of the return shipment. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.
ZyXEL Limited Warranty
iii
i v
Prestige 1100 Internet Access Router
Customer Support
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL Communications
Corporation offices worldwide, in one of the following ways:
Method
Region
EMAIL – Support
EMAIL – Sales [email protected]
Telephone
Fax
+886-3-578-3942
Worldwide [email protected]
North
America
Scandinavia [email protected]
Austria
Germany [email protected]
+886-3-578-2439
+1-714-632-0882
800-255-4101
+1-714-632-0858
Web Site
FTP Site www.zyxel.com
www.europe.zyxel.com
ftp.europe.zyxel.com
www.zyxel.com
ftp.zyxel.com
+45-3955-0700
+45-3955-0707 www.zyxel.dk
ftp.zyxel.dk
+43-1-4948677-0
0810-1-ZyXEL
(= 0810-1-99935)
+43-1-4948678 www.zyxel.at
ftp.zyxel.at
+49-2405-6909-0
0180-5213247
Tech Support hotline
0180-5099935
Note: for Austrian users with *.at
domain only!
www.zyxel.de
RMA/Repair hotline
+49-2405-6909-99 ftp.europe.zyxel.com
Regular Mail
ZyXEL Communications
Corp., 6 Innovation Road II,
Science-Based Industrial
Park, HsinChu, Taiwan.
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860
Soeborg, Denmark.
ZyXEL Communications
Services GmbH.,
Thaliastrasse 125a/2/2/4,
A-1160 Vienna, Austria
ZyXEL Deutschland GmbH.,
Adenauerstr. 20/A4, D-52146
Wuerselen, Germany.
Customer Support
Prestige 1100 Internet Access Router
Table of Contents
Customer Support.......................................................................................................iv
Table of Contents .........................................................................................................v
List of Figures .............................................................................................................xi
List of Tables .............................................................................................................xiii
Preface .......................................................................................................................xiv
Chapter 1: Getting to Know Your Bridge/Router................................................ 1-1
1.1
Quick Feature Overview of the Prestige 1100...................................................................................1-1
1.2
Detailed Features of the Prestige 1100 ...............................................................................................1-1
1.3
Front Panel LEDs and Back Panel Ports ............................................................................................1-3
1.3.1
Front Panel LEDs .........................................................................................................................1-3
1.3.2
Prestige 1100 Back Panel............................................................................................................1-4
1.4
Applications for Prestige 1100.............................................................................................................1-4
1.4.1
Internet Access .............................................................................................................................1-4
Chapter 2: Hardware Installation & Initial Setup ............................................... 2-1
2.1
Unpacking your Bridge/Router............................................................................................................2-1
2.2
Additional Installation Requirements .................................................................................................2-1
2.3
Connect your WAN Bridge/Router......................................................................................................2-2
2.3.1
Prestige 1100 Connections .........................................................................................................2-2
2.4
Power On Your Prestige 1100..............................................................................................................2-3
2.5
Navigating the SMT Interface..............................................................................................................2-5
2.6
Changing the System Password ...........................................................................................................2-7
2.7
General Setup..........................................................................................................................................2-9
2.7.1
Note on Bridging ........................................................................................................................2-10
2.8
WAN Setup ...........................................................................................................................................2-11
2.8.1
Prestige 1100 WAN Port Setup................................................................................................2-11
2.9
Ethernet Setup.......................................................................................................................................2-12
2.10
General Ethernet Setup ..................................................................................................................2-13
2.11
Protocol Dependent Ethernet Setup .............................................................................................2-13
Table of Contents
v
Prestige 1100 Internet Access Router
Chapter 3: Internet Access......................................................................................3-1
3.1
Route IP Setup ....................................................................................................................................... 3-1
3.2
TCP/IP Parameters ................................................................................................................................ 3-2
3.2.1
IP Address and Subnet Mask..................................................................................................... 3-2
3.2.2
RIP Setup ...................................................................................................................................... 3-2
3.2.3
DHCP Configuration................................................................................................................... 3-3
3.3
TCP/IP and DHCP Ethernet Setup..................................................................................................... 3-3
3.4
IP Multicast ............................................................................................................................................ 3-5
3.5
Internet Access Configuration............................................................................................................. 3-6
3.6
Single User Account ............................................................................................................................. 3-8
3.6.1
Advantages of SUA ..................................................................................................................... 3-9
3.6.2
Single User Account Configuration.......................................................................................... 3-9
3.6.3
Ethernet SUA.............................................................................................................................. 3-10
3.7
LANs & WANs.................................................................................................................................... 3-11
3.7.1
LANs, WANs and the Prestige ................................................................................................ 3-11
Chapter 4: Remote Node Configuration for LAN to LAN ...................................4-1
4.1
Leased Line Remote Node Profile ...................................................................................................... 4-1
4.2
Outgoing Authentication Protocol...................................................................................................... 4-3
4.3
Editing PPP Options ............................................................................................................................. 4-3
Chapter 5: Remote Node TCP/IP Configuration..................................................5-1
5.1
LAN-to-LAN Application.................................................................................................................... 5-1
5.2
Remote Node Setup............................................................................................................................... 5-2
5.3
Static Route Setup................................................................................................................................. 5-6
Chapter 6: IPX Configuration.................................................................................6-1
6.1
IPX Network Environment .................................................................................................................. 6-1
6.1.1
Network and Node Number....................................................................................................... 6-1
6.1.2
Frame Types ................................................................................................................................. 6-1
6.1.3
External Network Number.......................................................................................................... 6-2
6.1.4
Internal Network Number........................................................................................................... 6-2
6.2
Prestige 1100 in an IPX Environment................................................................................................ 6-2
6.2.1
Prestige 1100 on LAN with Server........................................................................................... 6-3
6.2.2
Prestige 1100 on LAN without Server..................................................................................... 6-3
6.3
IPX Ethernet Setup................................................................................................................................ 6-4 vi Table of Contents
Prestige 1100 Internet Access Router
6.4
LAN-to-LAN Application with Novell IPX......................................................................................6-5
6.4.1
IPX Remote Node Setup .............................................................................................................6-6
6.4.2
IPX Static Route Setup ................................................................................................................6-8
Chapter 7: Bridging Setup...................................................................................... 7-1
7.1
Bridging in General................................................................................................................................7-1
7.2
Bridge Ethernet Setup ...........................................................................................................................7-1
7.2.1
Remote Node Bridging Setup.....................................................................................................7-2
7.2.2
Bridge Static Route Setup...........................................................................................................7-4
Chapter 8: Filter Configuration ............................................................................. 8-1
8.1
About Filtering........................................................................................................................................8-1
8.2
The Filter Structure of the Prestige .....................................................................................................8-1
8.3
Configuring a Filter Set.........................................................................................................................8-3
8.3.1
Filter Rules Summary Menu ......................................................................................................8-4
8.4
Configuring a Filter Rule ......................................................................................................................8-6
8.4.1
Filter Types and SUA...................................................................................................................8-6
8.4.2
TCP/IP Filter Rule ........................................................................................................................8-7
8.4.3
Novell IPX Filter Rule ...............................................................................................................8-11
8.4.4
Device Filter Rule.......................................................................................................................8-13
8.5
Applying a Filter...................................................................................................................................8-15
8.5.1
Ethernet traffic.............................................................................................................................8-15
8.5.2
Remote Node Filters ..................................................................................................................8-16
Chapter 9: SNMP Configuration........................................................................... 9-1
9.1
About SNMP...........................................................................................................................................9-1
9.2
SNMP Configuration.............................................................................................................................9-1
Chapter 10: System Security................................................................................. 10-1
10.1
Changing the System Password ....................................................................................................10-1
Chapter 11: Telnet Configuration and Capabilities ............................................11-1
11.1
About Telnet Configuration...........................................................................................................11-1
11.2
Telnet Under SUA ...........................................................................................................................11-2
11.3
Telnet Capabilities...........................................................................................................................11-2
11.3.1
Single Administrator.............................................................................................................11-2
11.3.2
System Timeout .....................................................................................................................11-2
Table of Contents
vii
Prestige 1100 Internet Access Router
Chapter 12: System Maintenance .........................................................................12-1
12.1
System Status .................................................................................................................................. 12-2
12.2
System Information........................................................................................................................ 12-4
12.2.1
Console Port Speed............................................................................................................... 12-5
12.3
Log and Trace.................................................................................................................................. 12-5
12.3.1
12.3.2
Viewing Error Log................................................................................................................ 12-5
Syslog And Accounting....................................................................................................... 12-6
12.4
Diagnostic ........................................................................................................................................ 12-7
12.5
Filename conventions .................................................................................................................... 12-8
12.6
Back up Configuration................................................................................................................... 12-9
12.6.1
Backup using the Console Port........................................................................................... 12-9
12.6.2
12.6.3
Back up using FTP..............................................................................................................12-10
Back up using TFTP ...........................................................................................................12-10
12.7
Restore Configuration..................................................................................................................12-11
12.7.1
12.7.2
12.7.3
Restore using the Console Port.........................................................................................12-11
Restore using FTP...............................................................................................................12-11
Restore using TFTP ............................................................................................................12-12
12.8
Upload Firmware ..........................................................................................................................12-12
12.8.1
Dual Firmware Block Structure........................................................................................12-13
12.8.2
Upload Router Firmware via the Console Port..............................................................12-13
12.8.3
12.8.4
Upload Router Firmware using FTP................................................................................12-14
Upload Router Firmware using TFTP.............................................................................12-15
12.9
Upload Router Configuration File .............................................................................................12-15
12.9.1
12.9.2
12.9.3
12.9.4
Upload Router Configuration File using the Console Port ..........................................12-15
Upload Router Configuration File using FTP................................................................12-16
Upload Router Configuration File using TFTP .............................................................12-17
Boot Module Commands...................................................................................................12-18
12.10
Command Interpreter Mode .......................................................................................................12-19
Chapter 13: IP Policy Routing...............................................................................13-1
13.1
Introduction ..................................................................................................................................... 13-1
13.1.1
Benefits................................................................................................................................... 13-1
13.1.2
Routing Policy....................................................................................................................... 13-1
13.1.3
IP Policy Routing Setup ...................................................................................................... 13-2
13.2
Applying an IP Policy.................................................................................................................... 13-6
13.2.1
Ethernet IP Policies .............................................................................................................. 13-6
13.2.2
Remote Node IP Routing Policies ..................................................................................... 13-6 viii Table of Contents
Prestige 1100 Internet Access Router
Chapter 14: Troubleshooting ................................................................................ 14-1
14.1
Problems Starting Up the Prestige 1100......................................................................................14-1
14.2
Problems With the WAN Port .......................................................................................................14-2
14.3
Problems with the LAN Interface.................................................................................................14-2
14.4
Problems Connecting to a Remote Node or ISP ........................................................................14-2
Acronyms and Abbreviations ....................................................................................A
Index.............................................................................................................................C
Table of Contents
ix
Prestige 1100 Internet Access Router
List of Figures
Figure 1-1 Remote Configuration..................................................................................................................... 1-2
Figure 1-2 Prestige 1100 Front Panel.............................................................................................................. 1-3
Figure 1-3 Back Panel........................................................................................................................................ 1-4
Figure 1-4 Internet Access Application ........................................................................................................... 1-5
Figure 1-5 LAN-to-LAN Application................................................................................................................ 1-6
Figure 2-1 P1100 Connections.......................................................................................................................... 2-2
Figure 2-2 Power-On Display ........................................................................................................................... 2-3
Figure 2-3 Login Screen..................................................................................................................................... 2-4
Figure 2-4 SMT Main Menu .............................................................................................................................. 2-6
Figure 2-5 Menu 23 - System Security ............................................................................................................. 2-7
Figure 2-6 Menu 23.1 - System Security - Change Password ...................................................................... 2-8
Figure 2-7 Menu 1 - General Setup.................................................................................................................. 2-9
Figure 2-8 Menu 2 - WAN Port Setup ............................................................................................................ 2-11
Figure 2-9 Menu 3 - Ethernet Setup - Select LAN........................................................................................2-12
Figure 2-10 Menu 3 – Ethernet Setup ............................................................................................................2-12
Figure 2-11 Menu 3.1 - General Ethernet Setup..........................................................................................2-13
Figure 3-1 Menu 1 - General Setup.................................................................................................................. 3-1
Figure 3-2 Menu 3.2 - TCP/IP and DHCP Ethernet Setup .......................................................................... 3-4
Figure 3-3 Menu 4 - Internet Access Setup ..................................................................................................... 3-6
Figure 3-4 Single User Account Topology ...................................................................................................... 3-8
Figure 3-5 Menu 4 - Internet Access Setup for Single User Account ......................................................... 3-9
Figure 3-6 Ethernet SUA Example .................................................................................................................3-10
Figure 3-7 LAN & WAN IPs............................................................................................................................. 3-11
Figure 3-8 Ethernet as WAN port.................................................................................................................... 3-11
Figure 4-1 Menu 11.1 - Remote Node Profile for Leased Lines................................................................... 4-1
Figure 4-2 Menu 11.2 - Remote Node PPP Options...................................................................................... 4-4
Figure 5-1 LAN-to-LAN Application with TCP/IP......................................................................................... 5-1
Figure 5-2 Menu 11.3- Remote Node TCP/IP Options.................................................................................. 5-2
Figure 5-3 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ................................................. 5-3
Figure 5-4 Example of Static Routing Topology ............................................................................................ 5-6
Figure 5-5 Menu 12 - Static Route Setup ........................................................................................................ 5-7
Figure 5-6 Menu 12.1 - IP Static Route Setup................................................................................................ 5-7
Figure 5-7 Edit IP Static Route ......................................................................................................................... 5-7
Figure 6-1 NetWare Network Numbers............................................................................................................ 6-2
Figure 6-2 Prestige in an IPX Environment.................................................................................................... 6-3
Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup ......................................................................................... 6-4
Figure 6-4 LAN-to-LAN Application with Novell IPX................................................................................... 6-5
Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options .......................................................................... 6-6
Figure 6-6 Menu 12.2.1 - Edit IPX Static Route ............................................................................................ 6-8
Figure 7-1 Menu 3.5 - Bridge Ethernet Setup ................................................................................................ 7-2
List of Figures
xi
Prestige 1100 Internet Access Router
Figure 7-2 Menu 11.3 - Remote Node Bridging Options...............................................................................7-3
Figure 7-3 Menu 12.3.1 - Edit Bridge Static Route........................................................................................7-4
Figure 8-1 Filter Rule Process...........................................................................................................................8-2
Figure 8-2 Menu 21 - Filter Set Configuration...............................................................................................8-3
Figure 8-3 Menu 21.1 - Filter Rules Summary................................................................................................8-4
Figure 8-4 Protocol and Device Filter Sets.....................................................................................................8-7
Figure 8-5 Menu 21.1.1 - TCP/IP Filter Rule .................................................................................................8-8
Figure 8-6 Executing an IP Filter .................................................................................................................. 8-10
Figure 8-7 Menu 21.1.1 - IPX Filter Rule......................................................................................................8-11
Figure 8-8 Menu 21.1.2 - Device Filter Rule ............................................................................................... 8-14
Figure 8-9 Filtering Ethernet Traffic ............................................................................................................. 8-15
Figure 8-10 Filtering Remote Node traffic ................................................................................................... 8-16
Figure 9-1 Menu 22 - SNMP Configuration....................................................................................................9-1
Figure 10-1 Menu 23 - System Security ........................................................................................................ 10-1
Figure 10-2 Menu 23.1 - System Security - Change Password ................................................................. 10-2
Figure 11 -1 Telnet Configuration on a TCP/IP Network ............................................................................11-1
Figure 12-1 Menu 24 - System Maintenance................................................................................................ 12-1
Figure 12-2 Menu 24.1 - System Maintenance – Status ............................................................................. 12-2
Figure 12-3 System Maintenance – Information ......................................................................................... 12-4
Figure 12-4 Menu 24.2.2 – System Maintenance – Change Console Port Speed ................................ 12-5
Figure 12-5 Examples of Error and Information Messages....................................................................... 12-6
Figure 12-6 Menu 24.3.2 - System Maintenance - Syslog and Accounting............................................. 12-6
Figure 12-7 Menu 24.4 - System Maintenance - Diagnostic ..................................................................... 12-7
Figure 12-8 Menu 24.5 –Backup Configuration using the Console Port.............................................12-10
Figure 12-9 Backup Configuration using FTP...........................................................................................12-10
Figure 12-10 Menu 24.6 –Restore Configuration using the Console Port .......................................... 12-11
Figure 12-11 Restore Configuration using FTP.........................................................................................12-12
Figure 12-12 Menu 24.7 -- System Maintenance - Upload Firmware ...................................................12-13
Figure 12-13 Menu 24.7.1 –Upload ZyNOS Code using the Console Port..........................................12-14
Figure 12-14 Menu 24.7.1. – Upload Router Firmware using FTP .......................................................12-14
Figure 12-15 Menu 24.7.2 –Upload Router Configuration File.............................................................12-16
Figure 12-16 Menu 24.7.2 – Upload Router Configuration File using FTP ........................................12-16
Figure 12-17 Boot module commands.........................................................................................................12-18
Figure 12-18 Command mode.......................................................................................................................12-19
Figure 13-1 IP Routing Policy Setup ............................................................................................................. 13-2
Figure 13-2 Menu 25 - IP Routing Policy Summary ................................................................................... 13-3
Figure 13-3 IP Routing Policy ........................................................................................................................ 13-4
Figure 13-4 Menu 3.1.1 - General Ethernet Setup ...................................................................................... 13-6
Figure 13-5 Menu 11.3 - Remote Node Network Layer Options............................................................... 13-7 xii List of Figures
Prestige 1100 Internet Access Router
List of Tables
Table 1-1 LED Functions ................................................................................................................................... 1-3
Table 2-1 Main Menu Commands..................................................................................................................... 2-5
Table 2-2 Main Menu Summary ........................................................................................................................ 2-6
Table 2-3 General Setup Menu Fields............................................................................................................2-10
Table 2-4 WAN Setup Menu Fields................................................................................................................. 2-11
Table 3-1 DHCP Ethernet Setup Menu Fields................................................................................................ 3-4
Table 3-2 TCP/IP Ethernet Setup Menu Fields .............................................................................................. 3-5
Table 3-3 Internet Account Information........................................................................................................... 3-6
Table 3-4 Internet Access Setup Menu Fields................................................................................................. 3-7
Table 3-5 Single User Account Menu Fields.................................................................................................3-10
Table 4-1 Remote Node Profile Menu Fields for Leased Lines.................................................................... 4-2
Table 4-2 Remote Node PPP Options Menu Fields....................................................................................... 4-4
Table 5-1 TCP/IP related fields in Remote Node Profile .............................................................................. 5-3
Table 5-2 Remote Node TCP/IP Configuration.............................................................................................. 5-4
Table 5-3 Edit IP Static Route Menu Fields.................................................................................................... 5-8
Table 6-1 Novell IPX Ethernet Setup Fields ................................................................................................... 6-4
Table 6-2 Remote Node Novell IPX Options................................................................................................... 6-7
Table 6-3 Edit IPX Static Route Menu Fields................................................................................................. 6-9
Table 7-1 Remote Node Bridge Options .......................................................................................................... 7-3
Table 7-2 Bridge Static Route Menu Fields .................................................................................................... 7-4
Table 8-1 Abbreviations Used in the Filter Rules Summary Menu ............................................................. 8-4
Table 8-2 Abbreviations Used If Filter Type Is IP.......................................................................................... 8-5
Table 8-3 Abbreviations Used If Filter Type Is IPX ....................................................................................... 8-6
Table 8-4 Abbreviations Used If Filter Type Is Dev ....................................................................................... 8-6
Table 8-5 TCP/IP Filter Rule Menu Fields..................................................................................................... 8-8
Table 8-6 IPX Filter Rule Menu Fields..........................................................................................................8-12
Table 8-7 Device Filter Rule Menu Fields ....................................................................................................8-14
Table 9-1 SNMP Configuration Menu Fields ................................................................................................. 9-2
Table 12-1 System Maintenance - Status Menu Fields................................................................................12-3
Table 12-2 Fields in System Maintenance.....................................................................................................12-4
Table 12-3 System Maintenance Menu Syslog Parameters ........................................................................12-7
Table 12-4 System Maintenance Menu Diagnostic ......................................................................................12-8
Table 12-5 Filename Conventions ..................................................................................................................12-9
Table 13-1 IP Routing Policy Summary.........................................................................................................13-4
Table 13-2 IP Routing Policy...........................................................................................................................13-5
Table 14-1 Troubleshooting the Start-Up of your Prestige 1100 ...............................................................14-1
Table 14-2 Troubleshooting a WAN Port Connection .................................................................................14-2
Table 14-3 Troubleshooting the LAN Interface.............................................................................................14-2
Table 14-4 Troubleshooting a Connection to a Remote Node or ISP .......................................................14-2
List of Tables
xiii
Prestige 1100 Internet Access Router
Preface
About Your Bridge/Router
The Prestige 1100 is a high-performance bridge/router that offers a complete solution for your WAN applications such as Internet access and multi-protocol LAN-to-LAN connections for SMB (Small &
Medium Size Businesses). It integrates the routing and bridging functions in a single package and is easy to install and to configure since you do not need to set any switches.
In addition, the Prestige 1100 supports synchronous mode on its WAN port, allowing it to connect to
T1/E1 or FT1/FE1 (Fractional T1/E1) leased lines via CSU/DSUs (Channel Service Unit/Data Service
Units).
About This User's Guide
This user's guide covers all operations of the Prestige 1100 and shows you how to get the best out of the multiple advanced features of your Prestige router. It is designed to help you configure the Prestige correctly for various applications.
Related Documentation
Ø Supporting Disk
More detailed information about the Prestige and examples of its use can be found in our Supporting
Disk. This disk contains a Prestige Bulletin (a release note highlighting new features), a FAQ, a
Configuration Guide, Support Tools for extra configuration, CI Commands Reference, Cable Pin assignments and Reference Documentation (Training Material and Support Accessories).
Ø Packing List Card
You should have a Packing List Card that lists all items that should have come with your Prestige.
Syntax Conventions
•
“Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to select one from the predefined choices.
•
The SMT menu titles and labels are in Bold Times font. The choices of a menu item are enclosed in square brackets [xxx]. A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means the Enter, or carriage return, key; [ESC] means the Escape key.
•
For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a shorthand for “that is” or “in other words” throughout this manual.
xiv Preface
Prestige 1100 Internet Access Router
Chapter 1:
Getting to Know Your Bridge/Router
The Prestige 1100 is a high-performance bridge/router that offers a complete solution for your WAN applications such as Internet access and multi-protocol LAN-to-LAN connections for SMB (Small &
Medium Size Businesses). It integrates the routing and bridging functions in a single package and is easy to install and to configure since you do not need to set any switches.
In addition, the Prestige 1100 supports synchronous mode on its WAN port, allowing it to connect to
T1/E1 or FT1/FE1 (Fractional T1/E1) leased lines via CSU/DSUs (Channel Service Unit/Data Service
Units).
1.1 Quick Feature Overview of the Prestige 1100
§ One WAN port with various interface support: RS-449/V.35/X.21/EIA 530/RS-232
§ Two auto-sensing 10/100M Ethernet interfaces
§ PPP for WAN connection
§ IP/IPX and transparent bridging
§ IP Multicast
§ IP Policy Routing to support traffic management
§ Network Address Translation for private IP address support
§ Remote Management
§ SNMP manageable
§ IP packet filtering, including network level and device level filtering
§ 100V~240V internal power supply and rack size for MIS environment
1.2 Detailed Features of the Prestige 1100
The following are the key features of the P1100.
One WAN port for various WAN Solutions
Your Prestige 1100 provides one WAN port with a 68-pin D type connector. It supports several interfaces (RS-449/V.35/X.21/EIA 530/RS-232) to connect to various WAN devices for up to E1 speed
(2.048Mbps).
Getting to know your Prestige
1-1
Prestige 1100 Internet Access Router
Two 10/100 Ethernet LANs
One 10/100M Ethernet interface is designed for high performance LAN environment. The other
10/100M Ethernet interface can be reserved for connecting to a Web/FTP server for public Internet access.
Most Complete NAT Support
ZyXEL NAT technology supports not only private IP for Internet access sharing and security protection, but also popular Internet multimedia applications such as Microsoft NetMeeting and
CuSeeMe.
Multiple Protocol Support
§ TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
§ Novell IPX (Internetwork Packet eXchange) protocol.
§ Transparently bridging for network layer protocols that the Prestige 1100 does not route.
§ PPP (Point-to-Point Protocol) link layer protocol.
§ SUA™ (Single User Account) for NAT (Network Address Translation).
Remote Configuration
The P1100 may be remotely configured via the console port as well as the WAN port. A modem can be attached directly to the console port (DTE) for easy, alternative, remote configuration. See Page 2-2 for more information on P1100 connections.
Figure 1-1 Remote Configuration
Full Network Management
Your Prestige 1100 supports SNMP (Simple Network Management Protocol) in addition to menudriven network management via the console port or a telnet connection. With remote management, built-in diagnostic tools and syslog support, users can manage the P1100 with no extra effort.
1-2 Getting to know your Prestige
Prestige 1100 Internet Access Router
DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows you to dynamically and automatically assign IP address to hosts on your network.
Data Compression
Your Prestige incorporates Stac data compression to speed up data transfer. Stac is the de facto standard of data compression over PPP links.
1.3 Front Panel LEDs and Back Panel Ports
Figure 1-2 Prestige 1100 Front Panel
1.3.1 Front Panel LEDs
The LED lights on the front panel indicate the operational status of your Prestige. Table 1-1 (next) describes the LED functions:
Table 1-1 LED Functions
PWR
SYS
LAN-1_10M
LAN-1_100M
LAN-2_10M
LAN-2_100M
WAN
The PWR (power) LED is on when power is applied to the Prestige.
A steady on SYS (system) LED indicates the Prestige is on and functioning properly while an off SYS
LED indicates the system is not ready or a malfunction. The system is rebooting when the SYS LED is blinking.
A steady green light indicates a 10Mbps Ethernet connection. The LED blinks when data is being sent or received.
A steady orange light indicates a 100Mbps Ethernet Connection. The LED blinks when data is being sent or received.
A steady green light indicates a 10Mbps Ethernet connection. The LED blinks when data is being sent or received.
A steady orange light indicates a 100Mbps Ethernet Connection. The LED blinks when data is being sent or received.
The WAN LED is on when the Prestige is connected successfully to a WAN device. The LED blinks when data is sent or received. The LED is off when the link is down.
Getting to know your Prestige
1-3
Prestige 1100 Internet Access Router
1.3.2 Prestige 1100 Back Panel
Figure 1-3 Back Panel
The diagram above shows the rear panel of your Prestige 1100. Refer to this diagram when making connections.
•
: POWER INPUT = Power cord receptacle and switch
‚
: LAN1 = RJ-45 10/100 Mbps Ethernet port
ƒ
: LAN2 = RJ-45 10/100 Mbps Ethernet port
„
: CONSOLE = DB-9 Console port
…
: WAN = 68-pin D-type connector
1.4 Applications for Prestige 1100
The following sections show you the possible applications that you can use your Prestige for.
1.4.1 Internet Access
The Prestige 1100 is the ideal high-speed Internet access solution. Your Prestige 1100 supports the
TCP/IP protocol that the Internet uses exclusively. A typical Internet access application is shown below:
1-4 Getting to know your Prestige
Prestige 1100 Internet Access Router
Corporate LAN
Prestige
1100
INTERNET
Leased Line
WEB/FTP
Server
Figure 1-4 Internet Access Application
Internet Single User Account
For a business environment, your Prestige offers the Single User Account (SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for the cost of a single user. The SUA address mapping can also be used for other LAN to LAN connections.
Getting to know your Prestige
1-5
Prestige 1100 Internet Access Router
Multi-protocol/Multilink LAN-to-LAN Connection
You can use the Prestige to connect two geographically dispersed networks over the WAN connection.
The Prestige supports TCP/IP and Novell IPX routing, as well as transparent bridging for other network layer protocols. A typical LAN-to-LAN application for your Prestige is shown below:
Corporate LAN
INTERNET
Prestige
1100
Prestige
1100
Branch Office
LAN
Leased Lines (T1/E1)
WEB/FTP
Server
Figure 1-5 LAN-to-LAN Application
1-6 Getting to know your Prestige
Prestige 1100 Internet Access Router
Chapter 2:
Hardware Installation & Initial Setup
2.1 Unpacking your Bridge/Router
This chapter explains how to connect to the hardware and to perform the initial setup. Before installing be sure that all components listed with the enclosed packing slip are included.
2.2 Additional Installation Requirements
In addition to the contents of your package, there are other hardware and software requirements you need before you can install and use your Prestige. These requirements include: l A computer with Ethernet 10Base-T or 100Base-TX NIC (Network Interface Card).
l A computer equipped with communications software configured to the following parameters:
Ø VT100 terminal emulation.
Ø 9600 Baud.
Ø No parity, 8 Data bits, 1 Stop bit.
Ø Flow Control set to None.
After the Prestige is properly set up, you can make future changes to the configuration through telnet connections.
Hardware Installation & Initial Setup 2-1
Prestige 1100 Internet Access Router
2.3 Connect your WAN Bridge/Router
2.3.1 Prestige 1100 Connections
This section outlines how to make the connections to your Prestige 1100. Please refer to the following figure when making connections to the P1100.
Figure 2-1 P1100 Connections
Step 1. Connect WAN Devices to your Prestige 1100
Connect the port of a WAN device to the WAN port on the Prestige 1100 using an appropriate cable.
Please consult the documentation of your WAN device for detailed information when making the connections.
Step 2. Connecting the Console Port
For the initial configuration of your Prestige, you need to use terminal emulator software on a workstation and connect it to the Prestige through the console port. A modem can be connected directly to the Prestige console port for remote configuration (see Figure 1-1). The PC - Prestige console port direct connection must be made via a null modem (supplied). The Prestige console port is
2-2 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router a DTE (Data Terminal Equipment) device, not a DCE (Data Circuit-terminating Equipment) device, so the null modem is needed to allow connection to the workstation console port, which is of course a
DTE device also. Connect the 9-pin (smaller) end of the console cable to the console port of the
Prestige and the 25-pin (bigger) end to the null modem. Then connect the null modem to a serial port
(COM1, COM2 or other COM port) of your workstation. You can use an extension RS-232 cable if the enclosed one is too short. After the initial setup, you can modify the configuration remotely through telnet connections or via a modem connection. See the Telnet Configuration and
Capabilities chapter for more information on using telnet to configure your Prestige.
Step 3. Connect your Prestige 1100 to Ethernet
Connect one end of a STP (Shielded Twisted Pair) cable to the Ethernet port of the Prestige 1100 and the other to a hub using a straight-through cable with RJ-45 connectors . If you connect the Prestige
1100 to a workstation directly without a hub, you must use a crossover cable.
Step 4. Connect the Power Cord to your Prestige 1100
Connect the power cord to the port labeled POWER INPUT on the rear panel of your Prestige 1100.
2.4 Power On Your Prestige 1100
At this point, you should have connected the console cable, the WAN device, the Ethernet cable(s), and the power cord. You can now power on your Prestige 1100 by flipping the power switch to on. (Note:
“I” =ON, “O” = OFF)
Initial Screen
When you power on your Prestige 1100, the router performs several internal tests and initializes the
WAN devices. After the initialization, the Prestige asks you to press [ENTER] to continue, as shown below:
Copyright (c) 1999 ZyXEL Communications Corp.
ethernet address: 00:a0:c5:00:50:01 ethernet address: 00:a0:c5:00:50:02
Press ENTER to continue...
Figure 2-2 Power-On Display
Step 1. Enter Password
After you press [ENTER], the Login screen appears prompting you to enter the password , as shown in the next figure.
Hardware Installation & Initial Setup 2-3
Prestige 1100 Internet Access Router
For your first login, enter the default password [1234]. As you enter the password, the screen displays an (X) for each character you type.
Enter Password : XXXX
Figure 2-3 Login Screen
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will automatically log you out and will display a blank screen. If you see a blank screen, press [ENTER] to bring up the password screen again.
2-4 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router
2.5 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration are listed in Table 2-1.
Operation
Move forward to another menu
Press/<read>
[ENTER]
Move backward to a previous menu
Move to a “hidden” menu
[ESC]
Press the
[Space bar] to change [No] to
[Yes] then press
[ENTER].
Table 2-1 Main Menu Commands
Description
To move forward to a sub-menu, type in the number of the desired sub-menu and press [ENTER].
Press the [ENTER] key to move back to the previous menu.
Fields beginning with “Edit” lead to hidden menus and have a default setting of [No]. Press the [Space bar] to change [No] to [Yes], then press [ENTER] to go to a “hidden” menu.
Within a menu, press [ENTER] to move to the next field. You can also use the [Up]/[Down] arrow keys to move to the previous and the next field, respectively.
Move the cursor [ENTER] or
[Up]/[Down] arrow keys
Enter information Fill in, or
Press the
[Space bar] to toggle
Required fields
<
?
>
There are two types of fields that you will need to fill in. The first requires you to type in the appropriate information. The second gives you choices to choose from. In the second case, press the [Space bar] to cycle through the available choices.
N/A fields
Save your configuration
Exit the SMT
<N/A>
[ENTER]
Type 99, then press
[ENTER].
All fields with the symbol <?> must be filled in order be able to save the new configuration.
Some of the fields in the SMT will show a <N/A>. This symbol refers to an option that is not available.
Save your configuration by pressing [ENTER] at the message:
[Press ENTER to confirm or ESC to cancel]. Saving the data on the screen will take you, in most cases to the previous menu.
Type 99 at the Main Menu prompt and press [ENTER] to exit the
SMT interface.
Hardware Installation & Initial Setup 2-5
Prestige 1100 Internet Access Router
The SMT displays the Main Menu, as shown below:
Getting Started
Copyright (c) 1999 ZyXEL Communications Corp.
P1100 Main Menu
1. General Setup
2. WAN Setup
3. Ethernet Setup
4. Internet Access Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Security
24. System Maintenance
25. IP Routing Policy Setup
15. SUA Server Setup 99. Exit
Enter Menu Selection Number:
Figure 2-4 SMT Main Menu
The following table shows the Main Menu Summary ,
Table 2-2 Main Menu Summary
#
1
2
3
4
11
12
15
21
Menu Title
General Setup
WAN Setup
Ethernet Setup
Internet Access Setup
Remote Node Setup
Static Routing Setup
SUA Server Setup
Filter Set Configuration
Description
Use this menu to setup general information and enable routing or bridging of specific protocols.
Use this menu to setup the WAN port configuration.
Use this menu to setup the Ethernet configuration.
A quick and easy way to setup Internet connection.
Use this menu to setup the remote node for LAN-to-LAN connection, including Internet connection.
Use this menu to setup static route for different protocols. There are eight static routes for each protocol.
Use this menu to specify inside servers when SUA is selected.
Setup filters to be used in Menu 3 and Menu 11 to provide security, call control, etc.
22 SNMP Configuration
23 System Security
24 System Maintenance
Use this menu to setup SNMP related parameters
Use this menu to setup security related parameters.
Provides system status, diagnostics, firmware upload, etc.
25 IP Routing Policy Setup Setup configuration for Routing Policies.
99 Exit To exit from SMT and return to the blank screen.
2-6 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router
2.6 Changing the System Password
The first thing you should do before anything else is to change the default system password by following the steps below:
Step 1. Select option 23. System Security in the Main Menu. This will open Menu 23 - System
Security as below:
Menu 23 - System Security
1. Change Password
Enter Menu Selection Number
Figure 2-5 Menu 23 - System Security
Step 2. From the System Security Menu, select option 1. Change Password to bring up Menu 23.1
- System Security - Change Password.
Hardware Installation & Initial Setup 2-7
Prestige 1100 Internet Access Router
Step 3. When submenu 23.1- System Security-Change Password appears, as shown below, enter the existing system password, i.e., [1234], then press [ENTER].
Menu 23.1 - System Security - Change Password
Old Password= XXXX
New Password= XXXX
Retype to confirm= XXXX
Press ENTER to Confirm or ESC to Cancel:
Figure 2-6 Menu 23.1 - System Security - Change Password
Step 4. Enter your new system password and press [ENTER].
Step 5. Re-type your new system password for confirmation and press [ENTER].
2-8 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router
2.7 General Setup
The Menu 1 - General Setup contains administrative and system-related information.
Step 1. Select option 1. General Setup in the Main Menu by typing 1 at the menu selection number prompt.
Step 2. The Menu 1 - General Setup screen appears, as shown. Fill in the required fields marked [?] and turn on the individual protocols for your particular application, as explained in the following table.
Menu 1 - General Setup
System Name= p1100
Location= location
Contact Person's Name= name
Route IP= Yes
Route IPX= No
Bridge= No
Press ENTER to Confirm or ESC to Cancel:
Figure 2-7 Menu 1 - General Setup
Hardware Installation & Initial Setup 2-9
Prestige 1100 Internet Access Router
Table 2-3 General Setup Menu Fields
Field
System Name
Description
Choose a descriptive name for identification purposes.
This name can be up to 8 alphanumeric characters long.
Spaces are not allowed, but dashes “-” and underscores
"_" are accepted. This name can be retrieved remotely via SNMP and will be displayed at the prompt in the
Command Mode.
Location (optional) Enter the geographic location (up to 31 characters) of your Prestige 1100.
Contact Person's
Name (optional)
Protocols:
Enter the name (up to 8 characters) of the person in charge of this Prestige 1100.
Turn on or off the individual protocols for your particular application.
Route IP
Route IPX
Bridge
Selecting [Yes] to enable IP routing. You must enable IP routing for Internet access.
Selecting [Yes] to enable IPX routing.
Selecting [Yes] to enable bridging. Packets that the
Prestige 1100 does not route are transparently bridged.
Example
P1100 location name
Press spacebar to toggle
[Yes/No]
[Yes/No]
[Yes/No]
2.7.1 Note on Bridging
When bridging is enabled, your Prestige forwards any packet that it does not route. Without bridging, the packets that the Prestige does not route are simply discarded. Compared to routing, bridging generates far more traffic for the same network layer protocol, and uses more CPU cycles and memory.
2-10 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router
2.8 WAN Setup
This section describes how to configure the WAN port and a WAN device using Menu 2- WAN Setup.
When you finish the setup, the Prestige uses this information to initialize the WAN port and the attached WAN device.
2.8.1 Prestige 1100 WAN Port Setup
Select option 2. WAN Setup in the Main Menu by typing 2 at the menu selection number prompt.
Menu 2 - WAN Port Setup
Clock Source = External
Port Speed = N/A
Press Enter to Confirm or ESC to Cancel:
Press Spacebar to Toggle
Figure 2-8 Menu 2 - WAN Port Setup
Field
Clock Source
Port Speed
Table 2-4 WAN Setup Menu Fields
Description
An external device controls timing. The P1100 currently only supports an external clock source.
Set by External Device
Example
External
N/A
Hardware Installation & Initial Setup 2-11
Prestige 1100 Internet Access Router
2.9 Ethernet Setup
This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup. There are actually three Menu 3s:
1st. Menu 3 – Ethernet Setup – allows you to select the LAN (1 or 2) you wish to configure.
2nd. Menu 3 - Ethernet Setup (LAN 1) – allows you to configure the LAN 1 Ethernet interfaces.
Choose 1 from the first Menu 3 to get to this menu.
3rd. Menu 3 - Ethernet Setup (LAN 2) – allows you to configure the LAN 2 Ethernet interfaces.
Choose 2 from the first Menu 3 to get to this menu.
From the Main Menu, enter 3 to bring up (the first) Menu 3 – Ethernet Setup. Select the LAN that you wish to configure.
Menu 3 – Ethernet Setup
1. LAN1
2. LAN2
Figure 2-9 Menu 3 - Ethernet Setup - Select LAN
Select 1 to bring you to Menu 3 - Ethernet Setup (LAN 1) that you will use to configure the Ethernet interfaces. These submenus are also identical for Menu 3 - Ethernet Setup (LAN 2).
Menu 3 - Ethernet Setup (LAN 1)
1. General Setup
2. TCP/IP and DHCP Setup
3. Novell IPX Setup
4. Bridge Setup
Enter Menu Selection Number:
Figure 2-10 Menu 3 – Ethernet Setup
2-12 Hardware Installation & Initial Setup
Prestige 1100 Internet Access Router
2.10 General Ethernet Setup
This menu allows you to specify the filter sets that you wish to apply to the Ethernet traffic. You seldom need to filter Ethernet traffic, however, the filter sets may be useful to block certain packets, reducing traffic and preventing security breaches.
From Menu 3 - Ethernet Setup, enter 1 to go to Menu 3.1 -General Ethernet Setup.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 2-11 Menu 3.1 - General Ethernet Setup
If you need to define filters, please read the Filter Set Configuration Chapter, then return to this menu to define the filter sets.
2.11 Protocol Dependent Ethernet Setup
For the protocol-dependent setup, go to the appropriate section for details: l For TCP/IP Ethernet Setup refer to - Internet Access Application.
l For Novell IPX Ethernet Setup refer to - IPX Ethernet Setup in - Novell IPX Configuration for
LAN-to-LAN.
l For Bridge Ethernet Setup refer to - Bridge Configuration for LAN-to-LAN.
Hardware Installation & Initial Setup 2-13
Prestige 1100 Internet Access Router
Chapter 3:
Internet Access
This chapter shows you how to configure the LAN as well as the WAN of your Prestige for Internet access .
3.1 Route IP Setup
The first step is to enable the IP routing in Menu 1 - General Setup.
To edit Menu 1, enter 1 in the Main Menu to select 1. General Setup and press [ENTER]. Set the [Route
IP] field to [Yes] by pressing the space bar as shown in Figure 3-1.
Menu 1 - General Setup
System Name= p1100
Location= location
Contact Person's Name= name
Route IP= Yes
Route IPX= No
Bridge= No
Press ENTER to Confirm or ESC to Cancel:
Figure 3-1 Menu 1 - General Setup
Internet Access 3-1
Prestige 1100 Internet Access Router
3.2 TCP/IP Parameters
3.2.1 IP Address and Subnet Mask
Similar to the houses on a street that share a common street name, the machines on a LAN share one common network number, also.
Where you obtain your network number depends on your particular situation. If the ISP (Internet Service
Provider) or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is recommended that you select a network number from 192.168.0.0 to 192.168.255.0 (ignoring the trailing zero) and you must enable the Single User Account feature of the Prestige 1100. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let’s say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first 3 numbers specify the network number while the last number identifies an individual workstation on that network.
Once you have decided on the network number, pick an IP address that is easy to remember, e.g.,
192.168.1.1, for your Prestige 1100.
The subnet mask specifies the network number portion of an IP address. Your Prestige 1100 will compute the subnet mask automatically based on the IP address that you entered. You don’t need to change the subnet mask computed by the Prestige 1100 unless you are instructed to do otherwise.
3.2.2 RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.
The [RIP Direction] field controls the sending and receiving of RIP packets. When set to both, the Prestige
1100 will broadcast its routing table periodically and incorporate the RIP information that it receives; when set to none, it will not send any RIP packets and will ignore any RIP packets received.
The [Version] field controls the format and the broadcasting method of the RIP packets that the Prestige
1100 sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have a unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must use multicasting, also. By default, RIP direction is set to [Both] and the version set to [RIP-1].
3-2 Internet Access
Prestige 1100 Internet Access Router
3.2.3 DHCP Configuration
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the
TCP/IP configuration at start-up from a centralized DHCP server. The Prestige 1100 has the DHCP server capability built-in. The DHCP server is disabled when [DHCP=] is [None.] When [DHCP=] is [Client, ]the
Prestige requests an IP address from a DHCP server on the Ethernet on which the [DHCP] field is set to
[Client].
IP Pool Setup
The Prestige 1100 is pre-configured with a pool of 6 IP addresses.
DNS Server Address(es)
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa, e.g., the IP address of www.zyxel.com is 204.217.0.2. The DNS server(s) is extremely important because without it, you must know the IP address of a machine before you can access it. The DNS server address(es) that you enter in the DHCP setup is passed to the client machines along with the assigned IP address and subnet mask. Make sure that you obtain the IP address of the DNS server(s) from your ISP.
Your workstations will need this information even if you don’t use the Prestige 1100’s DHCP server.
If the [Primary ]and[ Secondary DNS Server ]fields in [DHCP Setup] are not specified, i.e., left as 0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a workstation sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response back to the workstation.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the [DHCP Setup] menu. This way, the
Prestige can pass the DNS servers to the workstations and the workstations can query the DNS server directly without the Prestige’s intervention.
3.3 TCP/IP and DHCP Ethernet Setup
You will now use Menu 3.2 to configure the Ethernet of your Prestige 1100 for TCP/IP.
To edit Menu 3.2, select Menu 3. Ethernet Setup in the Main Menu and then the appropriate LAN. Then select the submenu option 2, and press [ENTER]. The screen now displays Menu 3.2 - TCP/IP and DHCP
Ethernet Setup, shown next.
Internet Access 3-3
Prestige 1100 Internet Access Router
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= None
Client IP Pool Starting Address= N/A
Size of Client IP Pool= N/A
Primary DNS Server= N/A
Secondary DNS Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies=
SUA= No
Enter here to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 3-2 Menu 3.2 - TCP/IP and DHCP Ethernet Setup
Table 3-1 DHCP Ethernet Setup Menu Fields
Description Field
DHCP Setup
Example
DHCP= This field enables/disables the DHCP server or client. If it is set to [Server], your Prestige will act as a DHCP server. If set to
[None], the DHCP server will be disabled. If set to [Client], the
Prestige will request an IP address from the Ethernet that has this field set to [Client. ]The Ethernet that has this field set to
[Client ]also has multicast support ([Multicast= None]) disabled.
[None](default)
[Server]
[Client]
When DHCP [Server] is used, the following items need to be set:
Client IP Pool Starting
Address
This field specifies the first of the contiguous addresses in the
IP address pool.
Size of Client IP Pool This field specifies the size, or count, of the IP address pool.
Primary DNS Server
Secondary DNS
Server
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask.
192.168.1.33
6
3-4 Internet Access
Prestige 1100 Internet Access Router
Follow Table 3-2 to configure TCP/IP parameters for the Ethernet port.
Table 3-2 TCP/IP Ethernet Setup Menu Fields
Field Description Example
TCP/IP Setup
IP Address Enter the IP address of your Prestige 1100 in dotted decimal notation.
192.168.1.1
255.255.255.0
IP Subnet Mask Your Prestige 1100 will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the value computed by the Prestige 1100.
RIP Direction Press the space bar to select the RIP direction among [Both]/[In
Only]/[Out Only]/[None]
[Both]
(default)
Version Press the space bar to select the RIP version among [RIP-1]/[RIP-
2B]/[RIP-2M].
[RIP-1]
(default)
[IGMP-v2] Multicast Turn on/off IGMP support and select the version from [IGMPv2]/[IGMP-v1]/[None]. This field is disabled if [DHCP= ]is set to [Client].
IP Policies You can apply up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11
SUA Press the space bar to select [Yes]to enable SUA on the Ethernet.
[No] (default)
When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
3.4 IP Multicast
Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts. Host groups are identified by class D IP addresses, i.e., those with
“1110” as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to
239.255.255.255. Among them, 224.0.0.1 is assigned to the permanent IP hosts group, and 224.0.0.2 is assigned to the multicast routers group.
IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC2236). IP hosts use IGMP to report their multicast group membership to any immediate-neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded. At start up, the Prestige queries all directly connected networks to gather group membership.
After that, the Prestige updates the information by periodic queries. The Prestige implementation of IGMP
Internet Access 3-5
Prestige 1100 Internet Access Router is also compatible with version 1. The multicast setting can be turned on or off on Ethernet and remote nodes.
For IP routing policy information, please refer to Chapter 13: IP Routing Policy.
3.5 Internet Access Configuration
Menu 4 allows you to enter the Internet access parameters in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access through menu 11. Before you configure your Prestige
1100 for Internet access, you need to collect your Internet account information from your ISP. Use Table
3-3 to record your Internet Account Information.
Table 3-3 Internet Account Information
Internet Account Information
IP Address of the ISP's Gateway (Optional)
Login Name
Password
DNS server address(es) for your workstations
Write your account information here
−
−
−
−
From the Main Menu, enter option 4 to go to Menu 4 - Internet Access Setup, as displayed in the next figure.
Menu 4 - Internet Access Setup
ISP's Name= ?
My Login=
My Password= ********
Single User Account= No
My IP Addr= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 3-3 Menu 4 - Internet Access Setup
3-6 Internet Access
Prestige 1100 Internet Access Router
Table 3-4 contains instructions on how to configure your Prestige 1100 for Internet access.
Table 3-4 Internet Access Setup Menu Fields
Field
ISP's Name
Description
Enter the name of your Internet Service Provider. (This information is for identification purposes only.)
Observation myISP
My Login Name
My Password
Enter the login name assigned to you by your ISP.
Enter the password associated with the login name above. Note that this login name/password pair is only for your Prestige 1100 to connect to the ISP's gateway. For TCP/IP applications, e.g., FTP, you will need a separate login name and password for each server.
(required)
(required)
Single User Account See Section 3.5 for a detailed discussion on the Single User
Account feature.
[Yes/No]
Press [ENTER] at the message [Press ENTER to Confirm ...] to confirm your configuration, or press [ESC] at any time to cancel.
Internet Access 3-7
Prestige 1100 Internet Access Router
3.6 Single User Account
Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, you will have to lease a block of legal, or globally unique, IP addresses from the ISP.
The Single User Account (SUA) feature allows you to have the same benefits as having multiple legal addresses, but only pay for one IP address, thus saving significantly on the subscription fees. (Check with your ISP before you enable this feature).
Private Network IP Addresses
Assigned by User
192.168.1.1
192.168.1.33
192.168.1.34
192.168.1.35
192.168.1.36
The SUA network appears as a single host on the Internet
INTERNET
Leased Line (T1/E1)
IP ADDRESS ASSIGNED
BY ISP
Figure 3-4 Single User Account Topology
The Single User Account feature may also be used on connections to remote networks other than the ISP.
For example, this feature can be used to simplify the allocation of IP addresses when connecting branch offices to the corporate network.
The IP address for the SUA can be either fixed or dynamically assigned. In addition, you can designate servers, e.g., a web server, on your local network and make them accessible to outside world.
3-8 Internet Access
Prestige 1100 Internet Access Router
If you do not define any server, SUA offers the additional benefit of firewall protection. If no server is defined, all incoming inquiries will be filtered out by your Prestige and thus preventing intruders from probing your network.
Your Prestige accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. For more information on IP address translation, refer to
RFC 1631, The IP Network Address Translator (NAT).
3.6.1 Advantages of SUA
In summary: l SUA is a cost-effective solution for small offices with less than 20 hosts to access the Internet or other remote TCP/IP networks.
l SUA supports servers to be accessible to the outside world.
l SUA can provide firewall protection if you do not specify any server. All incoming inquiries will be filtered out by your Prestige 1100.
l UDP and TCP datagrams can be routed. In addition, partial ICMP, including echo (ping) and trace route, is supported.
3.6.2 Single User Account Configuration
The steps for configuring your Prestige for Single User Account are identical to the conventional Internet access (See configuration instructions in Table 3-4) with the exception that you need to fill in two extra fields in Menu 4 - Internet Access Setup, as shown in the following figure. SUA here is applied solely to the output interface and is valid only for LAN -- WAN connections and not for connections between LANs.
Menu 4 - Internet Access Setup
SUA
ISP's Name= ?
My Login=
My Password= ********
Single User Account= Yes
My IP Addr=
Press Enter to Confirm or ESC to Cancel
Figure 3-5 Menu 4 - Internet Access Setup for Single User Account
Internet Access 3-9
Prestige 1100 Internet Access Router
To enable the SUA feature in Menu 4, move the cursor to the Single User Account field and select [Yes] (or
[No] to disable SUA). Then follow the instructions on how to configure the SUA fields in the following table.
Field
Single User Account
Table 3-5 Single User Account Menu Fields
Description
Select [Yes] to enable SUA.
My IP Addr.
If your ISP did not assigns you a static IP address, enter [0.0.0.0]; otherwise, enter that IP address here.
Press [ENTER] at the message [Press ENTER to Confirm ...] to save your configuration, or press
[ESC] at any time to cancel.
3.6.3 Ethernet SUA
The Single User Account (SUA) feature can also apply to Ethernet ports. This feature is useful if you connect a broadband device such as a xDSL modem or cable modem via the Ethernet port. As there can be only one interface to the Internet at any one time you should not enable both the WAN SUA (Menu 4) and
Ethernet SUA (Menu 3.2) at the same time. In the example in Figure 3-6 Ethernet SUA, the ADSL modem is configured as a bridge, so the DHCP server – Ethernet connection is equivalent to a LAN-to-LAN connection. When [DHCP=] [Client] on the Ethernet in Menu 3.2, then the Prestige will request an IP address from the DHCP server as shown. Address translation takes place when [SUA= ][Yes] (in Menu
3.2). The Single User Account (SUA) feature in Menu 3.2 applies solely to the Ethernet interface.
Ethernet
ADSL Modem
Prestige
1100
Figure 3-6 Ethernet SUA Example
DSL/
ATM
DHCP
Server
3-10 Internet Access
Prestige 1100 Internet Access Router
3.7 LANs & WANs
A LAN (Local Area Network) is a computer network limited to the immediate area, usually the same building or floor of a building. A WAN (Wide Area Network), on the other hand is an outside connection to another network or the Internet.
3.7.1 LANs, WANs and the Prestige
The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two separate IP networks, one inside, the LAN network; the other outside, the WAN network as shown next.
LAN
LAN IP WAN IP
The interface to the
Internet or a remote node can be any hardware port including an Ethernet port.
INTERNET
Prestige
1100
The interface to the
LAN is Ethernet.
Figure 3-7 LAN & WAN IPs
The following diagram illustrates the Ethernet port as a WAN port.
LAN
LAN 2
Prestige
1 1 0 0
LAN 1
Ethernet
INTERNET
Figure 3-8 Ethernet as WAN port
Internet Access 3-11
Prestige 1100 Internet Access Router
Chapter 4:
Remote Node Configuration for LAN to LAN
A remote node is required for placing calls to a remote gateway. A remote node represents both the gateway and the network behind it across a WAN connection. Note that when you use Menu 4 to set up
Internet access, you are actually configuring the remote node.
In this chapter, we will discuss the parameters that are protocol independent. The protocol-dependent configuration will be covered in subsequent chapters.
This section describes the protocol-independent parameters for a remote node.
4.1 Leased Line Remote Node Profile
To configure a remote node, enter 11 to select Menu 11.1 - Remote Node Setup.
Rem Node Name= ?
Active= Yes
Incoming:
Rem Login= ?
Rem Password= ********
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Menu 11.1 - Remote Node Profile
Route= IP
Bridge= No
Edit PPP Options= No
Rem IP Addr= ?
Edit IP/IPX/Bridge= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 4-1 Menu 11.1 - Remote Node Profile for Leased Lines
The following table contains the instructions on how to configure the Remote Node Menu for leased lines.
Remote Node Configuration 4-1
Prestige 1100 Internet Access Router
Active
Table 4-1 Remote Node Profile Menu Fields for Leased Lines
Field
Rem Node Name
Description
This is a required field [?]. Enter a descriptive name for the remote node, e.g., Corp. This field can be up to eight characters. This name must be unique from any other remote node name or remote dial-in user name.
Press the space bar to toggle between [Yes] and [No].
Options
Press space bar to toggle
[Yes/No]
Incoming: Rem Node
Login Name
Incoming: Rem Node
Password
Enter the login name that this remote node will use when it calls your Prestige 1100. The login name in this field combined with the Rem Node Password will be used to authenticate this node.
Enter the password used when this remote node calls your Prestige 1100.
Outgoing: My Login
Name
Outgoing: My
Password
Outgoing: Authen
Enter the login name for your Prestige 1100 when it calls this remote node.
Enter the password for your Prestige 1100 when it calls this remote node.
This field sets the authentication protocol used for outgoing calls.
Options for this field are: l CHAP/PAP - Your Prestige 1100 will accept either
CHAP or PAP when requested by this remote node.
[CHAP/PAP]
(default) l
CHAP - accept CHAP only.
[CHAP] l
PAP – accept PAP only.
[PAP]
Route
Bridge
This field determines the protocols that your Prestige
1100 will route.
Bridging is used for protocols that the Prestige 1100 does not route, e.g., SNA, or not turned on in the previous
Route field. When bridging is enabled, your Prestige 1100 will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. .
[IP]/[IPX]/[IP
+IPX]/[None]
Press space bar to toggle
[Yes/No]
4-2 Remote Node Configuration
Prestige 1100 Internet Access Router
Field
Edit PPP Options
Description
To edit the PPP options for this remote node, move the cursor to this field, use the space bar to select [Yes] and press [Enter]. This will bring you to Menu 11.2 - Remote
Node PPP Options. For more information on configuring
PPP options, see the section Editing PPP Options.
Rem IP Addr This is a required field [?] if IP routing is enabled. Enter the IP address of the remote gateway.
Edit IP/IPX/Bridge Options To edit the parameters, select [Yes] and press [ENTER].
This will bring you to Menu 11.3 – Remote Node Network
Layer Options. For more information on this screen, refer to the chapter pertaining to your specific protocol.
Options
Press space bar to toggle [Yes] then press
[Enter]
Press space bar to select [Yes] then press
[ENTER]
Session Options:
Input Filter Sets,
Output Filter Sets
In these fields, enter the filter set(s) you wish to apply to the incoming and outgoing traffic between this remote node and your Prestige 1100. You can choose from 12 different filter sets. In addition, you can link up to 4 filter sets together for further customization, e.g., 1, 5, 9, 12.
Default= Blank
Note that spaces are accepted in this field. For more information on customizing your filter sets, see Chapter 8.
The default is blank, i.e., no filters defined.
Once you have completed filling in Menu 11.1.1 - Remote Node Profile, press [ENTER] at the message
[Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
4.2 Outgoing Authentication Protocol
Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons.
However, some vendor’s implementation includes specific authentication protocol in the user profile. It will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified. If you encounter the case where the peer disconnects right after a successful authentication, please make sure that you specify the correct authentication protocol when connecting to such an implementation.
4.3 Editing PPP Options
To edit the remote node options, move the cursor to the Edit PPP Options field in Menu 11.1 - Remote
Node Profile, and use the space bar to select [Yes]. Press [ENTER] to open Menu 11.2, as shown.
Remote Node Configuration 4-3
Prestige 1100 Internet Access Router
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP
Compression= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 4-2 Menu 11.2 - Remote Node PPP Options
Table 4-2 Remote Node PPP Options Menu Fields describes the Remote Node PPP Options Menu, and contains instructions on how to configure the PPP options fields.
Table 4-2 Remote Node PPP Options Menu Fields
Option Field
Encapsulation
Description
Select the vendor-specific encapsulation for the link.
The default is Standard PPP. Select Cisco PPP only when the remote gateway is a Cisco machine.
l
Standard PPP - Standard PPP encapsulation will be used.
l CISCO PPP - Cisco PPP encapsulation will be used.
[Standard PPP]
[CISCO PPP]
Compression Turn on/off Stac data compression. The default for this field is Off.
[On/Off]
(Default = Off)
Once you have completed filling in Menu 11.2 - Remote Node PPP Options, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
4-4 Remote Node Configuration
Prestige 1100 Internet Access Router
Chapter 5:
Remote Node TCP/IP Configuration
This chapter shows you how to configure the TCP/IP parameters of a remote node.
5.1 LAN-to-LAN Application
A typical LAN-to-LAN application is to use your Prestige to connect a branch office to the headquarters, as depicted in the following Figure 5-1.
Branch Office LAN Corporate LAN
Leased Line
Figure 5-1 LAN-to-LAN Application with TCP/IP
For the branch office, you need to configure static routes if some services reside beyond the immediate remote LAN.
Remote Node TCP/IP Configuration 5-1
Prestige 1100 Internet Access Router
5.2 Remote Node Setup
Follow the procedure in the Remote Node Configuration Chapter to configure the protocol-independent parameters in Menu 11 - Remote Node Profile. For the TCP/IP parameters, follow the instructions below.
Follow the steps below to edit Menu 11.3 - Remote Node Network Layer Options shown in Figure 5-2:
Step 1. In Menu 11.1, make sure [IP] is among the protocols in the Route field. (The Route field should display Route = IP or Route = IP + IPX.)
Step 2. Move the cursor to the [Edit IP/IPX/Bridge] field, then press the space bar to toggle and set the value to [Yes], and press [ENTER] to edit Menu 11.3 - Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Single User Account= No
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies=
IPX Options:
Rem LAN Net #= N/A
My WAN Net #= N/A
Hop Count= N/A
Tick Count= N/A
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)= N/A
Bridge Options:
Ethernet Addr Timeout(min)= N/A
Enter here to CONFIRM or ESC to CANCEL:
Figure 5-2 Menu 11.3- Remote Node TCP/IP Options
5-2 Remote Node TCP/IP Configuration
Prestige 1100 Internet Access Router
The following diagram in Figure 5-3 explains the Sample IP Addresses to help you to understand the field of My Wan Address in Menu 11.3.
Remote Network
192.168.1.0
172.16.0.2
Local Network
172.16.0.1
10.0.0.0
192.168.1.1
10.0.0.1
Figure 5-3 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection
To configure the TCP/IP parameters of a remote node, first configure the three fields in Menu 11 – Remote
Node Profile, as shown. For more details on the IP Option fields, refer to the Internet Access Application
Chapter.
Field
Route
Rem IP Address
Edit IP/IPX/Bridge
Table 5-1 TCP/IP related fields in Remote Node Profile
Description
Make sure [IP] is among the protocols in the Route field in the
Remote Node Profile.
Enter the IP address of the remote gateway in Menu 11.1 -
Remote Node Profile. You must fill in either the remote
Prestige WAN IP address or the remote Prestige LAN IP address. This depends on the remote router’s WAN IP (for the
Prestige, the [My WAN Addr] in Menu 11.3 – Remote Node
Network Layer Options). For example, if the remote WAN IP is
172.16.0.2 (the remote router’s WAN IP), then you should enter 172.16.0.2 in the [Rem IP Address] field. If the remote
WAN IP is 0.0.0.0, then enter 192.168.1.1(the remote router’s
LAN IP) in the [Rem IP Address] field.
Press the space bar to select [Yes] and press [ENTER] to go to
Menu 11.3 - Remote Node Network Layer Options Menu.
Option
[IP]
[Yes]
([Yes/No])
Remote Node TCP/IP Configuration 5-3
Prestige 1100 Internet Access Router
The following table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer
Options.
Table 5-2 Remote Node TCP/IP Configuration
Field Description Option
Rem IP Address
Rem IP Subnet
Mask
This shows the IP address you entered for this remote node in the previous menu, Remote Node Profile.
Enter the subnet mask for the remote network.
My WAN Addr
Single User
Account
Metric
Private
Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige 1100.
Note that this is the address assigned to your local Prestige
1100, not the remote router.
(See Figure 5-3 for an explanation of [My WAN Addr] with
Sample IP Addresses)
Set this field to [Yes] to enable the Single User Account feature for your Prestige 1100. Use the space bar to toggle between
[Yes] and [No].
The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of [1] for directly connected networks.
Enter a number that approximates the cost for this link. The number need not be precise, but it must be between [1] and
[16]. In practice, [2] or [3] is usually a good number.
This parameter determines if the Prestige 1100 will include the route to this remote node in its RIP broadcasts. If set to [Yes], this route is kept private and not included in RIP broadcast. If
[No], the route to this remote node will be propagated to other hosts through RIP broadcasts.
[Yes/No]
[1] to [15]
[Yes/No]
5-4 Remote Node TCP/IP Configuration
Prestige 1100 Internet Access Router
Field Description Option
RIP Direction= Press the space bar to select the RIP direction from [Both]/[In
Only]/[Out Only]/[None].
Multicast
Version= Press the space bar to select the RIP version from [RIP-
1]/[RIP-2B]/[RIP-2M].
Sets IGMP to version 1, version 2 or disables IGMP.
[Both]/[In
Only]/[Out
Only]/[None]
[RIP-1]/ [RIP-
2B]/ [RIP-2M]
[IGMP-v2]
[IGMPv1][None]
e.g., 3, 4, 5, 6 IP Policies You can apply up to four IP Policy sets (from twelve) by entering their numbers separated by commas.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu
11. Press [ENTER] at the message [Press ENTER to Confirm...] to save your configuration, or press
[ESC] at any time to cancel.
Remote Node TCP/IP Configuration 5-5
Prestige 1100 Internet Access Router
5.3 Static Route Setup
Static routes tell the Prestige routing information that it cannot learn automatically through other means.
This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following diagram through remote node R1. However, the Prestige is unable to route a packet to network
N3 because it doesn’t know that there is a route through the same remote node R1 (via gateway R2). The static routes are for you to tell the Prestige about the networks beyond the remote nodes.
Figure 5-4 Example of Static Routing Topology
To configure an IP static route, use Menu 12, Static Route Setup, as displayed below.
Menu 12 - Static Route Setup
1. IP Static Route
2. IPX Static Route
3. Bridge Static Route
Please enter selection:
5-6 Remote Node TCP/IP Configuration
Prestige 1100 Internet Access Router
Figure 5-5 Menu 12 - Static Route Setup
From Menu 12, select one of the available IP static routes to open Menu 12.1 - IP Static Route Setup, as shown below.
Menu 12.1 - IP Static Route Setup
1. ________
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
Enter selection number:
Figure 5-6 Menu 12.1 - IP Static Route Setup
Choosing a static route to edit produces the following screen.
Menu 12.1.1 - Edit IP Static Route
Route #: 1
Route Name= ?
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to Confirm or ESC to Cancel:
Figure 5-7 Edit IP Static Route
Remote Node TCP/IP Configuration 5-7
Prestige 1100 Internet Access Router
The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup.
Field
Table 5-3 Edit IP Static Route Menu Fields
Description
Route #
Route Name
Active
Destination IP Address
IP Subnet Mask
Gateway IP Address
Metric
Private
Options
This is the index number of the route as listed in
Menu 12.1 – IP Static Route Setup.
Enter a descriptive name for this route. This is for identification purpose only.
This field allows you to activate/deactivate this static route.
This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255
in the subnet mask field to force the network number to be identical to the host ID.
Enter the subnet mask for this destination. Follow the discussion on IP subnet mask in this chapter.
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your Prestige; over WAN, the gateway must be the IP address of one of the remote nodes.
[Yes]/[No]
Same meaning as those in the Remote Node Setup.
[1] to [15]
Same meaning as those in the Remote Node Setup.
[Yes]/[No]
5-8 Remote Node TCP/IP Configuration
Prestige 1100 Internet Access Router
Chapter 6:
IPX Configuration
This chapter shows you how to configure the IPX parameters of the Prestige 1100.
6.1 IPX Network Environment
Novell bundles the protocol stack, the server software and routing functionality in their NetWare server products. So a NetWare server is not only a file or print server, it is also a router.
6.1.1 Network and Node Number
Every IPX machine has a network number and a node number, together they form the complete address of the machine. The IPX network number is a 32-bit quantity and is usually expressed in 8 hexadecimal digits, e.g., 0893A8CF. The host number is a 48-bit quantity and usually is taken from the
MAC (Media Access Control) address of the Ethernet hardware, so you don’t have to explicitly configure the node number.
An IPX client obtains its network number from a server that has the network numbers statically configured. If there are multiple servers on a network, only one server need to have the network numbers configured, and all other stations (clients and servers) can obtain the network numbers from it.
The server with configured network numbers is called a seed router.
If you have a NetWare server on the same LAN as the Prestige 1100, we recommend that you set up a
NetWare server as a seed router. Even though the Prestige 1100 is capable as a seed router, a NetWare server offers a much more extensive facility for network management.
6.1.2 Frame Types
IPX can run on top of four different frame types on the Ethernet. These frame types are 802.2, 802.3,
Ethernet II (DIX), and SNAP (Sub-Network Access Protocol). Each frame type is a separate logical network, even though they exist on one physical network.
Even though there are four frame types available on the Ethernet, you should configure as few frame types as possible on your NetWare server and use automatic frame detection on the clients, to simplify management and to reduce network overhead.
IPX Configuration 6-1
Prestige 1100 Internet Access Router
Figure 6-1 NetWare Network Numbers
6.1.3 External Network Number
Each of the four logical networks (based on frame type) has its own external network number.
6.1.4 Internal Network Number
In addition to the external network numbers, each NetWare server has its own internal network number that is a virtual network to which the server is attached. It is important to remember that every network number must be unique for that entire internetwork, either internal or external.
6.2 Prestige 1100 in an IPX Environment
There are two different scenarios in which your Prestige 1100 is deployed:
6-2 IPX Configuration
Prestige 1100 Internet Access Router l LAN with a server (server side) l LAN without a server (client side)
Seed Router (Client Side)
Assigns Network Number
Not Seed Router (Server Side)
Learns Network Number
Prestige
1100
Prestige
1100
Netware Clients
Netware Server
Figure 6-2 Prestige in an IPX Environment
6.2.1 Prestige 1100 on LAN with Server
If your Prestige is on a LAN with a seed router, you do not need to configure the LAN network numbers. Your Prestige will learn the network number from the seed router and add the routes to its routing table.
6.2.2 Prestige 1100 on LAN without Server
Each IPX network must have a seed router. If you only have NetWare clients on your network, then you must configure the Prestige as a seed router and set up unique network numbers for each frame type enabled using the Ethernet Setup Menu.
IPX Configuration 6-3
Prestige 1100 Internet Access Router
6.3 IPX Ethernet Setup
From Menu 3 - Ethernet. Setup, select option 3. Novell IPX Setup from the appropriate LAN to go to
Menu 3.3 - Novell IPX Ethernet Setup as shown in Figure 6-3.
Menu 3.3 - Novell IPX Ethernet Setup
Seed Router= No
Frame Type 802.2= Yes
IPX Network #= N/A
Frame Type 802.3= No
IPX Network #= N/A
Frame Type Ethernet II= No
IPX Network #= N/A
Frame Type SNAP= No
IPX Network #= N/A
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup
The following Table 6-1 describes the Novell IPX Ethernet Setup Menu.
Table 6-1 Novell IPX Ethernet Setup Fields
Field Description Options
Seed Router
Frame Type
Determine if your Prestige 1100 is to act as a seed router.
Enable/Disable the individual frame type. Remember to enable only the ones that are actually used on your network.
[Yes/No]
[802.2]
[802.3]
[Ethernet II]
[SNAP]
IPX Network
#
If your Prestige 1100 is a seed router, enter a unique network number for each frame type enabled.
Press [ENTER] at the message [Press ENTER to Confirm] to save your configuration, or press [ESC] at any time to cancel.
6-4 IPX Configuration
Prestige 1100 Internet Access Router
6.4 LAN-to-LAN Application with Novell IPX.
A typical LAN-to-LAN application is to use your Prestige to call from a branch office to the corporate headquarters to enable the stations in the branch office to access the NetWare servers at the headquarters, as depicted in Figure 6-4
Branch Office LAN
External Network
Number = 333
Prestige
1100
Corporate LAN
External Network
Number = 222
Prestige
1100
Netware Clients
Netware Server
Internal Network
Number = 111
Figure 6-4 LAN-to-LAN Application with Novell IPX
IPX Configuration 6-5
Prestige 1100 Internet Access Router
6.4.1 IPX Remote Node Setup
Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 -
Remote Node Profile. For the IPX-related parameters in Menu 11.3 - Remote Node Network Layer
Options, follow the instructions below.
To edit Menu 11.3 - Remote Node Network Layer Options shown in Figure 6-5, follow these steps:
In Menu 11.1, make sure [IPX] is among the protocols in the Route field. (The Route field should display Route = IPX or Route = IP + IPX.)
Move the cursor to the [Edit IP/IPX/Bridge] field, then press the space bar to toggle and set the value to
[Yes], and press [ENTER] to edit Menu 11.3 - Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
IP Options:
Rem IP Addr:
Rem Subnet Mask= N/A
My WAN Addr= N/A
Single User Account= N/A
Server IP Addr= N/A
Metric= N/A
Private= N/A
RIP Direction= N/A
Version= N/A
Multicast= IGMP-v2
IP Policies=
IPX Options:
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2
W/D Spoofing(min)= 3
SAP/RIP Timeout(min)= 3
Bridge Options:
Ethernet Addr Timeout(min)= N/A
Enter here to CONFIRM or ESC to CANCEL:
Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options
6-6 IPX Configuration
Prestige 1100 Internet Access Router
Table 6-2 describes the IPX protocol-dependent parameters of the remote node Setup.
Table 6-2 Remote Node Novell IPX Options
Field Description Option
Rem LAN Net #
My WAN Net #
In this field, enter the internal network number of the NetWare server on the remote LAN.
In this field, enter the network number of the WAN link. If you leave this field as [00000000], your Prestige 1100 will determine automatically the network number through negotiation with the PPP peer.
This field indicates the number of intermediate networks that must be passed through to reach the remote node.
[00000000]
(default)
Hop Count [1]
(default)
[2] (default) Tick Count
W/D Spoofing
(min)
SAP/RIP Timeout
(min)
This field indicates the time-ticks required to reach the remote node.
This field is for the Prestige 1100 on the server side. Your Prestige
1100 can spoof a response to a server’s WatchDog request after the connection is dropped. In this field, type in the time (number of minutes) that you want your Prestige 1100 to spoof the WatchDog response.
This field indicates the amount of time that you want your Prestige
1100 to maintain the SAP and RIP entries learned from this remote node in its internal tables after the connection has been dropped. If this information is retained, then your Prestige 1100 will not have to get the SAP information when the line is brought back up. Enter the time (number of minutes) in this field.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu
11.1. Then press [ENTER] at the message [Press ENTER to Confirm] to save your configuration, press
[ESC] to cancel.
IPX Configuration 6-7
Prestige 1100 Internet Access Router
6.4.2 IPX Static Route Setup
Similar to IP, IPX static routes tell the Prestige how to reach servers beyond a remote node before a connection to that remote node is established.
From Menu 12, select two, then select one of the IPX Static Routes to open Menu 12.2.1 - Edit IPX
Static Route, as shown below.
Menu 12.2.1 - Edit IPX Static Route
Route #= 11
Server Name= ?
Active= Yes
Network #= ?
Node #= 000000000001
Socket #= 0451
Type #= 0004
Hop Count= 2
Tick Count= 3
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-6 Menu 12.2.1 - Edit IPX Static Route
The following table contains the instructions on how to configure the Edit IP Static Route Menu.
6-8 IPX Configuration
Prestige 1100 Internet Access Router
Field
Table 6-3 Edit IPX Static Route Menu Fields
Description
Route #
Server Name
This is the index number of the route as listed in Menu 12.2 – IPX Static Route
Setup.
In this field, enter the name of the server. This must be the exact name configured in the NetWare server.
Active
Network #
Node #
Socket #
Type #
This field allows you to activate/deactivate this static route.
This field contains the internal network number of the remote server that you wish to access. [00000000] or [FFFFFFFF] are reserved.
This field contains the address of the node on which the server resides. If you are using a Novell IPX implementation, this value is [000000000001].
This field contains the socket number on which the server will receive service requests. The default for this field is hex [0451].
This field identifies the type of service the server provides. The default for this field is hex [0004].
These two fields have the same meaning as those in the Ethernet setup.
Hop Count and
Tick Count
Once you have completed filling in the menu, press [ENTER] at the message [Press ENTER to
Confirm…] to save your configuration, or press [ESC] to cancel.
IPX Configuration 6-9
Prestige 1100 Internet Access Router
Chapter 7:
Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige 1100.
7.1 Bridging in General
Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does on the network layer (IP or IPX) address. Bridging allows the Prestige 1100 to transport packets of network layer protocols that the Prestige 1100 does not route, e.g., SNA, from one network to another. The caveat is that, compared to routing, bridging generates more traffic for the same network layer protocol, and it also demands more CPU cycles and memory.
For efficiency reason, do not turn on bridging unless you need to support protocols other than IP and
IPX on your network. For IP and IPX, enable the respective routing if you need it; do not bridge what the Prestige 1100 can route.
7.2 Bridge Ethernet Setup
Basically, all non-local packets are bridged to the WAN, however, your Prestige 1100 applies special handling for certain IPX packets to reduce the number of calls, depending on the setting.
Bridge Setup 7-1
Prestige 1100 Internet Access Router
From Menu 3 - Ethernet Setup, enter option 4. Bridge Setup for the appropriate LAN and Menu 3.4 -
Bridge Ethernet Setup displays as shown in Figure 7-1.
Menu 3.4 - Bridge Ethernet Setup
Bridge = No
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 7-1 Menu 3.5 - Bridge Ethernet Setup
7.2.1 Remote Node Bridging Setup
Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 -
Remote Node Profile. For bridging-related parameters, you need to configure Menu 11.3 - Remote
Node Network Layer Options.
To setup Menu 11.3 - Remote Node Network Layer Options shown in Figure 7-2 Menu 11.3 -
Remote Node Bridging Options, follow these steps:
Step 1. In Menu 11.1, make sure the [Bridge] field is set to [Yes].
Step 2. Move the cursor to the [Edit IP/IPX/Bridge] field, then press the space bar to toggle and set the value to [Yes], and press [ENTER] to edit Menu 11.3 - Network Layer Options.
7-2 Bridge Setup
Prestige 1100 Internet Access Router
IP Options:
Menu 11.3 - Remote Node Network Layer Options
Rem IP Addr:
Rem Subnet Mask= N/A
My WAN Addr= N/A
Single User Account= N/A
Server IP Addr= N/A
Metric= N/A
Private= N/A
RIP Direction= N/A
Version= N/A
Multicast= IGMP-v2
IP Policies=
IPX Options:
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2
W/D Spoofing(min)= 3
SAP/RIP Timeout(min)= 3
Bridge Options:
Ethernet Addr Timeout(min)= 0
Enter here to CONFIRM or ESC to CANCEL:
Figure 7-2 Menu 11.3 - Remote Node Bridging Options
Table 7-1 describes the bridging-dependent parameters in the Remote Node Profile and Network Layers menus.
Table 7-1 Remote Node Bridge Options
Field Description
Bridge (Menu 11) Make sure this field is set to [Yes].
Edit IP/IPX/Bridge (Menu 11) Press the space bar to change it to [Yes] and press [ENTER] to go to the
Network Layer Options Menu.
Ethernet Addr Timeout (min)
(Menu 11.3 above)
In this field, enter the time (number of minutes) that you wish your Prestige
1100 to retain the Ethernet Addr information in its internal tables while the line is down. If this information is retained, your Prestige 1100 will not have to recompile the tables when the line is brought back up.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu
11.1. Then press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [ESC] to cancel.
Bridge Setup 7-3
Prestige 1100 Internet Access Router
7.2.2 Bridge Static Route Setup
Similar to network layer static routes, a bridging static route tells the Prestige 1100 about the route to a node before a connection is established. You configure bridge static routes in Menu 12.3.1(go to Menu
12, choose option 3, then choose a static route to edit) as shown in Figure 7-3.
Menu 12.3.1 - Edit Bridge Static Route
Route #: 21
Route Name=
Active= Yes
Ether Address= ?
IP Address=
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-3 Menu 12.3.1 - Edit Bridge Static Route
The following Table 7-2 describes the Bridge Static Route Menu.
Table 7-2 Bridge Static Route Menu Fields
Field Description
Route #
Route Name
This is the index number of the route as listed in Menu 12.3 – IPX Static Route
Setup.
Enter a name for the bridge static route for identification purposes.
Active
IP Address
Indicates whether the static route is active or not.
Ether Address Enter the MAC address of the destination machine that you wish to bridge the packets to
If available, enter the IP address of the destination machine that you wish to bridge the packets to.
Once you have completed filling in this menu, press [ENTER] at the message [Press ENTER to
Confirm…] to save your configuration, or press [ESC] to cancel.
7-4 Bridge Setup
Prestige 1100 Internet Access Router
Chapter 8:
Filter Configuration
8.1 About Filtering
Your Prestige uses filters to decide whether or not to allow passage of a packet. Data filtering is divided into incoming and outgoing filters, depending on the direction of the packet relative to a port.
The following sections describe how to configure filter sets. Please see our application notes for more information and examples on creating and configuring filters.
8.2 The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
The following diagram illustrates the logic flow when executing a filter rule.
Filter Configuration 8-1
Prestige 1100 Internet Access Router
Start
Packet into Filter
Fetch First
Filter Set
Yes
Fetch Next
Filter Set
Filter Set
Yes
Fetch Next
Filter Rule
Fetch First
Filter Rule
Next Filter Set
Available?
No
Next Filter Rule
Available?
Execute Filter
Rule
No
Check Next Rule
Drop
Drop Packet
Forward
Accept Packet
Figure 8-1 Filter Rule Process
8-2 Filter Configuration
Prestige 1100 Internet Access Router
8.3 Configuring a Filter Set
To configure a filter sets, follow the procedure below:
Step 1. Enter 21 from the Main Menu to open Menu 21 - Filter Set Configuration.
2
3
4
5
6
Filter
Set #
------
1
Menu 21 - Filter Set Configuration
Comments
------------------
______________
______________
______________
______________
______________
______________
8
9
10
11
12
Filter
Set #
------
7
Comments
------------------
______________
______________
______________
______________
______________
______________
Enter Filter Set Number to Configure=
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
Figure 8-2 Menu 21 - Filter Set Configuration
Step 2. Enter the index of the filter set you wish to configure (no. 1-12) and press [ENTER]
.
Step 3. Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
Step 4. Press [ENTER] at the message: [Press ENTER to confirm] to open Menu 21.1 - Filter Rules
Summary.
Filter Configuration 8-3
Prestige 1100 Internet Access Router
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure: 1
Edit Comments= NetBIOS_WAN
Press ENTER to Confirm or ESC to Cancel:
Enter Filter Rule Number (1-6) to Configure:
Figure 8-3 Menu 21.1 - Filter Rules Summary
8.3.1 Filter Rules Summary Menu
These screens show a summary of the existing rules in an example filter set. The following tables contain a brief description of the abbreviations used in Menu 21.1 and 21.2.
#
A
Table 8-1 Abbreviations Used in the Filter Rules Summary Menu
Abbreviations Description Display
Refers to the filter rule number (1-6).
Refers to Active.
Type Refers to the type of filter rule.
This shows IP for TCP/IP, IPX and
Device
[Y] means the filter rule is active.
[N] means the filter rule is inactive.
[IP] for TCP/IP
[IPX] for Novell’s IPX protocol
[Dev] for Device
Filter Rules The filter rule parameters are displayed here (see below).
8-4 Filter Configuration
Prestige 1100 Internet Access Router
Abbreviations Description
M Refers to More.
m n
[Y] means an action can not yet be taken as there are more rules to check, which are concatenated with the present rule to form a rule chain. When the rule chain is complete an action can be taken.
[N] means you can now specify an action to be taken i.e., forward the packet, drop the packet or check the next rule. For the latter, the next rule is independent of the rule just checked.
If More is [Yes], then [Action Matched] and [Action Not Matched] will be [N/A].
Refers to Action Matched.
[F] means to forward the packet immediately and skip checking the remaining rules if any.
Refers to Action Not Matched
[F] means to forward the packet immediately and skip checking the remaining rules if any.
Display
[Y] means there are more rules to check.
[N] means there are no more rules to check.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
The protocol dependent filter rules abbreviation are listed as follows: l If the filter type is IP, the following abbreviations listed in the following table will be used.
Table 8-2 Abbreviations Used If Filter Type Is IP
Abbreviation Description
Pr
SA
SP
DA
Protocol
Source Address
Source Port number
Destination Address
DP Destination Port number
•
Abbreviations Used If Filter Type Is IPX
Filter Configuration 8-5
Prestige 1100 Internet Access Router
Table 8-3 Abbreviations Used If Filter Type Is IPX
Abbreviation Description
PT IPX Packet Type
SS
DS
Source Socket
Destination Socket l If the filter type is Dev (device), the following abbreviations listed in the following table will be used.
Table 8-4 Abbreviations Used If Filter Type Is Dev
Abbreviation Description
Off Offset
Len Length
Refer to the next section for information on configuring the filter rules.
8.4 Configuring a Filter Rule
To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ENTER] to open Menu 21.1.1 for the rule.
8.4.1 Filter Types and SUA
There are two types of filter rules, Device Filter rules and Protocol Filter (TCP/IP and IPX) rules. Device
Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP and IPX packets.
Device and TCP/IP filter rules are discussed in more detail in the next section.
When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before NAT/SUA for outgoing packets and after NAT/SUA for incoming packets.
On the other hand, the device filters are applied to the raw packets that appear on the wire. They are applied at the point where the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet, or any other hardware port. The following diagram illustrates this.
8-6 Filter Configuration
Prestige 1100 Internet Access Router
Figure 8-4 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same type, i.e., Protocol filters or Device filters.
The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn you and will not allow you to save.
8.4.2 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open
Menu 21.1.1 - TCP/IP Filter Rule, as shown below.
Filter Configuration 8-7
Prestige 1100 Internet Access Router
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 8-5 Menu 21.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
Field
Filter #
Filter Type
Active
IP Protocol
IP Source
Route
Destination: IP
Addr
Destination: IP
Mask
Table 8-5 TCP/IP Filter Rule Menu Fields
Description
This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third filter rule of that set.
Use the space bar to toggle between types of rules.
Parameters displayed below each type will be different.
Option
This field activates/deactivates the filter rule.
Protocol refers to the upper layer protocol, e.g., TCP is 6,
UDP is 17 and ICMP is 1. This value must be between 0 and
255. Enter 0 if IP protocol is don’t care.
If Yes, the rule applies to packet with IP source route option; else the packet must not have source route option. The majority of IP packets do not have source route.
Enter the destination IP Address of the packet you wish to filter. This field is a don’t-care if it is 0.0.0.0.
Enter the IP subnet mask to apply to the Destination: IP Addr.
To filter a single host, enter 255.255.255.255 as the mask.
[Device Filter Rule] /
[TCP/IP Filter Rule] /
[IPX Filter Rule]
[Yes]/[No]
0-255
[Yes]/[No]
IP address
Subnet mask
8-8 Filter Configuration
Prestige 1100 Internet Access Router
Field
Destination:
Port #
Destination:
Port # Comp
Source: IP
Addr
Source: IP
Mask
Description
Enter the destination port of the packets that you wish to filter.
The range of this field is 0 to 65535. This field is a don’t-care if it is 0.
Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
Enter the source IP Address of the packet you wish to filter.
This field is a don’t-care if it is 0.0.0.0.
Enter the IP subnet mask to apply to the Source: IP Addr.
Source: Port # Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is a don’t-care if it is 0.
Source: Port #
Comp
TCP Estab
Select the comparison to apply to the source port in the packet against the value given in Source: Port #.
This field is applicable only when IP Protocol field is 6, TCP. If yes, the rule matches only established TCP connections; else the rule matches all TCP packets.
Option
0-65535
[None]/[Less]/[Greater]/
[Equal]/[Not Equal]
IP Address
IP Mask
0-65535
[None]/[Less]/[Greater]/
[Equal]/[Not Equal]
[Yes]/[No]
More
Log
If yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields.
If More is [Yes], then Action Matched and Action Not Matched will be [N/A].
Select the logging option from the following: l
[None] – No packets will be logged.
l
[Action Matched] - Only packets that match the rule parameters will be logged.
l
[Action Not Matched] - Only packets that do not match the rule parameters will be logged.
l
[Both] – All packets will be logged.
Select the action for a matching packet.
[Yes]/[ N/A]
[None]
[Action Matched]
[Action Not Matched]
[Both]
Action
Matched
Action Not
Matched
Select the action for a packet not matching the rule.
[Check Next Rule]
[Forward]
[Drop]
[Check Next Rule]
[Forward]
[Drop]
Once you have completed filling in Menu 21.1.1 - TCP/IP Filter Rule, press [ENTER] at the message
[Press Enter to Confirm] to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
Filter Configuration 8-9
Prestige 1100 Internet Access Router
The following diagram illustrates the logic flow of an IP filter.
Packet into IP Filter
No Filter Active?
Yes
Apply SrcAddrMask to Src Addr
Check Src
IP Addr
Matched
Apply DestAddrMask to Dest Addr
Check Dest
IP Addr
Matched
Check
IP Protocol
Matched
Check Src &
Dest Port
Matched
More?
No
Action Matched
Not Matched
Not Matched
Not Matched
Not Matched
Yes
Check Next Rule
Check Next Rule
Action Not Matched
Drop Forward
Drop
Drop Packet
Forward
Check Next Rule
Figure 8-6 Executing an IP Filter
Accept Packet
8-10 Filter Configuration
Prestige 1100 Internet Access Router
8.4.3 Novell IPX Filter Rule
This section shows you how to configure an IPX filter rule. IPX filters allow you to base the rules on the fields in the IPX headers.
To configure an IPX rules, select [IPX Filter Rule] from the [Filter Type] field and press Enter to open
Menu 21.1.1 IPX Filter Rule, as shown in the figure below.
Menu 21.1.1 - IPX Filter Rule
Filter #: 1,1
Filter Type= IPX Filter Rule
Active= No
IPX Packet Type=
Destination: Network #=
Node #=
Socket #=
Socket # Comp= None
Source: Network #=
Node #=
Socket #=
Operation= N/A
Socket # Comp= None
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 8-7 Menu 21.1.1 - IPX Filter Rule
Filter Configuration 8-11
Prestige 1100 Internet Access Router
The table below describes the IPX Filter Rule.
Filter #
Filter Type
Field
Active
IPX Packet Type
Destination Network #
Destination Node #
Destination Socket #
Destination Socket # Comp
Source Network #
Source Node #
Table 8-6 IPX Filter Rule Menu Fields
Description
This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third filter rule of that set.
Use the space bar to toggle between types of rules.
Parameters displayed below each type will be different.
Option e.g., 2,3
[Device Filter
Rule] / [TCP/IP
Filter Rule] /
[IPX Filter
Rule]
[Yes]/[No] e.g., 14
Select [Yes] to turn on the filter rule.
Enter the IPX packet type (1-byte in hexadecimal) you wish to filter.
The popular types are (in hexadecimal):
01 - RIP
04 - SAP
05 - SPX (Sequenced Packet eXchange)
11 - NCP (NetWare Core Protocol)
14 - Novell NetBIOS
Enter the destination network numbers (4-byte in hexadecimal) of the packet that you wish to filter.
Enter in the destination node number (6-byte in hexadecimal) of the packet you wish to filter.
Enter the destination socket number (2-byte in hexadecimal) of the packets that you wish to filter.
Select the comparison you wish to apply to the destination socket in the packet against that specified above.
e.g., 22222222 e.g.,
333333333333 e.g.,4444
[None]/[Equal]/
[Not
Equal]/[Less]/[
Greater] e.g., 55555555 Enter the source network numbers (4-byte in hexadecimal) of the packet that you wish to filter.
Enter in the source node number (6-byte in hexadecimal) of the packet you wish to filter.
e.g.,
666666666666
8-12 Filter Configuration
Prestige 1100 Internet Access Router
Field
Source Socket #
Description
Enter the source socket number (2-byte in hexadecimal) of the packets that you wish to filter.
Select the comparison you wish to apply to the source socket in the packet against that specified above.
Option e.g.,7777
Source Socket # Comp
Operation This field is applicable only if one of the Socket # fields is
0452 or 0453 indicating SAP and RIP packets. There are seven options for this field that specify the type of the packet.
[None]/[Equal]/
[Not
Equal]/[Less]/[
Greater]
[None]
[RIP Request]
[RIP
Response]
[SAP Request]
[SAP
Response]
[SAP Get
Nearest Server
Request]
[SAP Get
Nearest Server
Response]
Once you have completed filling in Menu 21.1.1 - IPX Filter Rule, press [Enter] at the message [Press
Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on
Menu 21.1 - Filter Rules Summary.
8.4.4 Device Filter Rule
This section shows you how to configure a device filter rule. The purpose of device rules is to allow you to filter non-IP/IPX packets. For IP and IPX, it is generally easier to use the protocol rules directly.
For Device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The
Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the
Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, e.g., FFFFFFFF.
To configure a device rule, select Device Filter Rule in the Filter Type field and press [ENTER] to open
Menu 21.1.1 - Device Filter Rule, as shown below.
Filter Configuration 8-13
Prestige 1100 Internet Access Router
Menu 21.1.1 - Device Filter Rule
Filter #: 1,1
Filter Type= Device Filter Rule
Active= No
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Figure 8-8 Menu 21.1.2 - Device Filter Rule
The following table describes the fields in the Device Filter Rule Menu.
Field
Filter #
Table 8-7 Device Filter Rule Menu Fields
Description
This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third filter rule of that set.
Filter Type Use the space bar to toggle between types of rules. Parameters displayed below each type will be different.
Active
Offset
Length
Mask
Value
More
Option
Select [Yes] to turn on the filter rule.
Enter the starting byte of the data portion in the packet that you wish to compare. The range for this field is from 0 to 255.
Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8.
Enter the mask (in Hexadecimal) to apply to the data portion before comparison.
Enter the value (in Hexadecimal) to compare with the data portion.
If yes, a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields.
If More is [Yes], then [Action Matched] and [Action Not Matched] will be
[N/A].
[Device Filter
Rule] /
[TCP/IP Filter
Rule] / [IPX
Filter Rule]
[Yes]/[No]
Default = 0
Default = 0
[Yes] / [ N/A]
8-14 Filter Configuration
Prestige 1100 Internet Access Router
Field
Log
Action
Matched
Description
Select the logging option from the following: l
[None] – No packets will be logged.
l
[Action Matched] - Only packets that match the rule parameters will be logged.
l
[Action Not Matched] - Only packets that do not match the rule parameters will be logged.
l
[Both] – All packets will be logged.
Select the action for a matching packet.
Option
[None]
[Action
Matched]
[Action Not
Matched]
[Both]
[Check Next
Rule]
[Forward]
[Drop]
Action Not
Matched
Select the action for a packet not matching the rule.
[Check Next
Rule]
[Forward]
[Drop]
Once you have completed filling in Menu 21.1.1 - Device Filter Rule, press [ENTER] at the message
[Press Enter to Confirm] to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
8.5 Applying a Filter
This section shows you where to apply the filter(s) after you design it (them).
8.5.1 Ethernet traffic
You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reducing traffic and preventing security breaches. Go to Menu 3.1 (shown below) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 8-9 Filtering Ethernet Traffic
Filter Configuration 8-15
Prestige 1100 Internet Access Router
8.5.2 Remote Node Filters
Go to Menu 11.1 (shown next) and enter the number(s) of the filter set(s) as appropriate. You can specify up to four filter sets by entering their numbers separated by commas.
Rem Node Name= ?
Active= Yes
Menu 11.1 - Remote Node Profile
Route= IP
Bridge= No
Incoming:
Rem Login= ?
Rem Password= ********
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Edit PPP Options= No
Rem IP Addr= ?
Edit IP/IPX/Bridge= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Enter Filter sets here
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 8-10 Filtering Remote Node traffic
8-16 Filter Configuration
Prestige 1100 Internet Access Router
Chapter 9:
SNMP Configuration
9.1 About SNMP
SNMP (Simple Network Management Protocol) is a protocol for network management and monitoring.
Your Prestige 1100 supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige 1100 through the network. Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige 1100.
9.2 SNMP Configuration
To configure SNMP, select option 22. SNMP Configuration from the Main Menu to open Menu 22 -
SNMP Configuration, as shown in Figure 9-1. The “community” for Get, Set and Trap fields is simply
SNMP’s terminology for password.
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Host= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 9-1 Menu 22 - SNMP Configuration
SNMP Configuration 9-1
Prestige 1100 Internet Access Router
The following table describes the SNMP configuration parameters.
Table 9-1 SNMP Configuration Menu Fields
Field Description Default
Get Community Enter the Get Community, which is the password for the incoming Getand GetNext- requests from the management station.
Set Community Enter the set community, which is the password for incoming Setrequests from the management station.
Trusted Host
If you enter a trusted host, your Prestige 1100 will only respond to SNMP messages from this address. If you leave the field blank (default), your
Prestige 1100 will respond to all SNMP messages it receives, regardless of source.
Trap:
Community
Enter the trap community, which is the password sent with each trap to the SNMP manager.
Public
Public
Blank
Public
Trap:
Destination
Enter the IP address of the station to send your SNMP traps to.
Blank
Once you have completed filling in Menu 22 - SNMP Configuration, press [ENTER] at the message [Press
ENTER to Confirm...] to save your configuration, or press [ESC] to cancel.
9-2 SNMP Configuration
Prestige 1100 Internet Access Router
Chapter 10:
System Security
This chapter covers Menu 23, which is for you to change the system password and to configure an external authentication server.
10.1 Changing the System Password
To change the system password , following steps below:
Step 1. Select option 23. System Security in the Main Menu to open Menu 23 - System Security as shown in Figure 10-1.
Menu 23 - System Security
1. Change Password
Enter Menu Selection Number:
Figure 10-1 Menu 23 - System Security
System Security 10-1
Prestige 1100 Internet Access Router
Step 2. From the System Security Menu, select option 1. Change Password to open Menu 23.1 -
System Security - Change Password.
Step 3. Enter your existing system password and press [ENTER].
Menu 23.1 - System Security - Change Password
Old Password= ********
New Password= ********
Retype to confirm= ********
Enter here to CONFIRM or ESC to CANCEL:
Figure 10-2 Menu 23.1 - System Security - Change Password
Step 4. Enter your new system password and press [ENTER].
Step 5. Re-type your new system password for confirmation and press [ENTER].
As you enter the password, the screen displays an (*) for each character you type.
10-2 System Security
Prestige 1100 Internet Access Router
Chapter 11:
Telnet Configuration and Capabilities
11.1 About Telnet Configuration
Before the Prestige 1100 is properly setup for TCP/IP, the only option for configuring it is through the console port. Once your Prestige 1100 is configured, you can use telnet to configure it remotely.
Corporate LAN
INTERNET
Prestige 1100 with Network IP Address
WEB/FTP
Server
Figure 11-1 Telnet Configuration on a TCP/IP Network
If your Prestige 1100 is configured for IPX but not IP routing in Menu 1, telnet is still available provided you assign the Prestige 1100 a correct IP address and subnet mask. When IP routing is disabled, the
Prestige 1100 can still function as a host.
Telnet Configuration 11-1
Prestige 1100 Internet Access Router
11.2 Telnet Under SUA
When Single User Account (SUA) is enabled and an inside server is specified, telnet connections from the outside will be forwarded to the inside server. So to configure the Prestige via telnet from the outside, you must first telnet to the inside server, and then telnet from the server to the Prestige using its inside LAN IP address. If no insider server is specified, telnet to the SUA’s IP address will connect to the Prestige directly.
11.3 Telnet Capabilities
11.3.1 Single Administrator
To prevent confusion and discrepancy on the configuration, your Prestige only allows one administrator to log in at any time. Your Prestige also gives priority to the console port over telnet. If you have already connected to your Prestige via telnet, you will be logged out if another user logs in to the Prestige via the console port.
11.3.2 System Timeout
There is a system timeout of 5 minutes (300 seconds) for either the console port or telnet. Your Prestige
1100 will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in Menu 24.1.
11-2 Telnet Configuration
Prestige 1100 Internet Access Router
Chapter 12:
System Maintenance
This chapter covers the diagnostic tools that help you to maintain your Prestige. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail.
Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below.
Menu 24 - System Maintenance
1. System Status
2. System Information and Console Port Speed
3. Log and Trace
4. Diagnostic
5. Backup Configuration
6. Restore Configuration
7. Upload Firmware
8. Command Interpreter Mode
Enter Menu Selection Number:
Figure 12-1 Menu 24 - System Maintenance
System Maintenance 12-1
Prestige 1100 Internet Access Router
12.1 System Status
The first selection, System Status gives you the status and statistics of the ports, as shown below. System
Status is a tool that can be used to monitor your Prestige. Specifically, it gives you information on WAN port status, number of packets sent and number of packets received.
To get to the System Status, select number 24 to go to Menu 24 - System Maintenance. From this menu, select number 1, System Status.
The following figure shows the fields present in Menu 24.1 - System Maintenance - Status. It should be noted that these fields are READ-ONLY and are meant to be used for diagnostic purposes.
Status
Down
TXPkts
0
Menu 24.1 -- System Maintenance – Status
RXPkts
0
Errors
WAN IP Addr:
Ethernet 1:
Status: 100M/Half Duplex
TX Pkts: 52
RX Pkts: 537
Collisions: 0
0
Tx(Byte/s)
0
Rx(Byte/s)
0
Ethernet 2:
Status: 100M/Half Duplex
TX Pkts: 52
RX Pkts: 537
Collisions: 0
Up Time
0:00:00
Press Command:
COMMANDS: 1- Drop Port 9- Reset Counters ESC-Exit
Figure 12-2 Menu 24.1 - System Maintenance – Status
The following table describes the fields present in Menu 24.1 - System Maintenance - Status.
12-2 System Maintenance
Prestige 1100 Internet Access Router
Field
Status
TXPkts
RXPkts
Errors
Table 12-1 System Maintenance - Status Menu Fields
Description
The status of the WAN port.
The number of transmitted packets on this channel.
The number of received packets on this channel.
The number of error packets on this channel.
Tx (Byte / s)
Rx (Byte / s)
Up Time
WAN IP Addr
The transmission speed in bytes per second.
The reception speed in bytes per second.
Time this channel has been connected to the current remote node.
Shows the IP address of the WAN port.
Ethernet 1 & 2
Status Shows the current transmission speed and mode of the LAN.
TX Pkts The number of transmitted packets to LAN.
RX Pkts The number of received packets from LAN.
Collisions Number of collisions.
COMMANDS
1 Press “1” to drop a port.
9 Press “9” to reset all counters.
ESC Press [ESC] to exit this menu.
System Maintenance 12-3
Prestige 1100 Internet Access Router
12.2 System Information
Step 1. Select option 24 from the Main Menu to open Menu 24 - System Maintenance .
Step 2. From Menu 24, select option 2 then select the first option from Menu 24.2 to display Menu
24.2.1 - System Maintenance – Information.
Menu 24.2.1 - System Maintenance - Information
Name: P1100
Routing: IP/IPX
ZyNOS S/W Version: V2.50a05
LAN 1:
Ethernet Address: 00:a0:c5:30:00:b0
IP Address: 202.132.154.170
IP Mask: 255.255.255.0
DHCP: None
LAN 2:
Ethernet Address: 00:a0:c5:30:00:b1
IP Address: 202.132.50.25
IP Mask: 255.255.255.248
DHCP: Server
Press ESC or RETURN to Exit:
Figure 12-3 System Maintenance – Information
Field
Table 12-2 Fields in System Maintenance
Description
Name Displays the system name of your Prestige. This information can be modified in Menu 1 - General Setup.
Routing
ZyNOS S/W
Version
Refers to the routing protocol enabled.
Refers to the ZyXEL Network operating System software version.
LAN 1 & 2
Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your
Prestige.
IP Address This is the IP address of the Prestige in dotted decimal notation.
IP Mask This shows the subnet mask of the Prestige.
DHCP This field shows the DHCP setting ([None] or [Server]) of the
Prestige.
12-4 System Maintenance
Prestige 1100 Internet Access Router
12.2.1 Console Port Speed
Step 1. Select option 24 from the Main Menu to open Menu 24 - System Maintenance .
Step 2. From Menu 24, select option 2 then select the second option from Menu 24.2 to display Menu
24.2.2 – System Maintenance – Change Console Port Speed.
You can change the console port speeds through Menu 24.2.2 – Console Port Speed. Your Prestige supports 9600 (default), 19200, 38400, 57600, and 115200bps for the console port. Use the space bar to select the desired speed in Menu 24.2.2, as shown below.
Menu 24.2.2 – System Maintenance – Change Console Port Speed
Console Port Speed: 115200
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 12-4 Menu 24.2.2 – System Maintenance – Change Console Port Speed
12.3 Log and Trace
There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
12.3.1 Viewing Error Log
The first place you should look for clues when something goes wrong is the error/trace log. Follow the procedure below to view the local error/trace log:
Step 1. Select option 24 from the Main Menu to open Menu 24 - System Maintenance.
Step 2. From Menu 24, select option 3 to open Menu 24.3 - System Maintenance - Log and Trace.
Step 3. Select the first option from Menu 24.3 - System Maintenance - Log and Trace to display the error log in the system.
After the Prestige finishes displaying, you will have the option to clear the error log.
System Maintenance 12-5
Prestige 1100 Internet Access Router
Examples of typical error and information messages are presented in the figure below.
60 4 PP07 INFO LAN promiscuous mode <0>
61 4 PINI ERROR System Ert completed
63 e PINI INFO Session Begin
Clear Error Log (y/n):
Figure 12-5 Examples of Error and Information Messages
12.3.2 Syslog And Accounting
The Prestige uses the UNIX syslog facility to log system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog and Accounting, as shown next.
Menu 24.3.2 -- System Maintenance - Syslog and Accounting
Syslog:
Active= No
Syslog IP Address= ?
Log Facility= Local 1
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 12-6 Menu 24.3.2 - System Maintenance - Syslog and Accounting
You need to configure the following 3 parameters described in the table below to activate syslog.
12-6 System Maintenance
Prestige 1100 Internet Access Router
Parameter
Active
Syslog IP Address
Log Facility
Table 12-3 System Maintenance Menu Syslog Parameters
Description
Use the space bar to turn on or off syslog.
Enter the IP Address of your syslog server.
Use the space bar to toggle between the 7 different Local options. The log facility allows you to log the message in different files in the server. Please refer to your UNIX manual for more detail.
12.4 Diagnostic
The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown below.
Menu 24.4 - System Maintenance - Diagnostic
1. Ping Host
2. Reboot System
3. Command Mode
Enter Menu Selection Number:
Post IP Address= N/A
Figure 12-7 Menu 24.4 - System Maintenance - Diagnostic
Follow the procedure below to get to Diagnostic
Step 1. From the Main Menu, select option 24 to open Menu 24 - System Maintenance.
Step 2. From this menu, select option 4. Diagnostic. This will open Menu 24.4 - System Maintenance
- Diagnostic.
System Maintenance 12-7
Prestige 1100 Internet Access Router
The following table describes the diagnostic tests available in Menu 24.4 for your Prestige and the connections.
Field
Table 12-4 System Maintenance Menu Diagnostic
Description
Ping Host This diagnostic test pings the host, which determines the functionality of the
TCP/IP protocol on both systems and the links in between.
This option reboots the Prestige.
Reboot System
Command Mode This option allows you to enter the command mode. This mode allows you to diagnose and test your Prestige using a specified set of commands.
12.5 Filename conventions
The configuration file (sometimes called the romfile or romfile-0) contains the settings in the menus such as password, DHCP Setup defaults, TCP/IP Setup defaults etc. The external (i.e., not on the Prestige) configuration filename is usually the router model name with a *.rom extension, e.g., P1100.rom. The
ZyNOS firmware file (sometimes referred to as the “ras” file) is the file that contains the ZyXEL Network
Operating System firmware and the external firmware file is usually called the router model name with a
*.bin extension, e.g., P1100.bin. Rename the configuration filename to “rom-0” or “rom-spt” (see the next section) and the firmware filename to “ras” when transferring files to the Prestige. These are the internal
(i.e., on the Prestige) filenames. Renaming the files is not necessary when you transfer files to the Prestige using the X-Modem protocol.
The following table is a summary. Please note that the internal filename refers to the filename on the
Prestige and the external filename refers to the filename not on the Prestige, i.e., on your workstation, local network or ftp site and so the name (but not the extension) will vary. The AT command is the command you enter after you press “Y” when prompted in the SMT menu to go into debug mode.
12-8 System Maintenance
Prestige 1100 Internet Access Router
File type
Configuration
File
Firmware
Internal
Name
Table 12-5 Filename Conventions
Description
Rom-spt This is the router configuration filename on the
Prestige when you are backing up and restoring files (menus 24.5 and 24. 6). The rom-spt file contains your Prestige configurations such as IP addresses, DHCP settings, Remote Node settings etc. as well as your personal password.
Rom-0 This is the router configuration filename on the
Prestige when you are uploading the configuration file in menu 24.7.2. Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, systemrelated data (including the baud rate and default password), the error log and the trace log.
Ras
1
This is the generic name for the firmware (in the main block) on the Prestige.
Ras-m
1
This is the name for the firmware in the main block on the Prestige.
Ras-b This is the name for the firmware in the backup block on the Prestige.
AT
Command
ATUR3
ATUR
1
ATUM
1
ATUB
External
Name
*.rom
*.rom
*.bin
*.bin
*.bin
12.6 Back up Configuration
12.6.1 Backup using the Console Port
Option 5 from Menu 24 – System Maintenance allows you to back up the current Prestige configuration to your workstation. Backup is highly recommended once your Prestige is functioning properly.
You can perform the backup either through an FTP or TFTP client program (preferred method) or through the RS-232 console port (in the event of the network being down). Backup via the console port under normal conditions is not recommended since FTP or TFTP is faster. Any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload.
1
Ras and ATUR exist for backward compatibility. Ras is equivalent to ras-m; atur is equivalent to ATUM.
System Maintenance 12-9
Prestige 1100 Internet Access Router
Menu 24.5 – Backup Configuration
FTP or TFTP are the preferred methods for backing up the current Prestige configuration to your workstation since FTP or TFTP is faster.
Ready to back up Configuration via Xmodem.
Do you want to continue (Y/N):
Figure 12-8 Menu 24.5 –Backup Configuration using the Console Port
12.6.2 Back up using FTP
To transfer the configuration file, follow the procedure below:
Step 1. Launch the FTP client on your workstation.
Step 2. Type open and the IP address of your Prestige. Then type root and your SMT password as requested.
Step 3. Locate the “rom-spt” file.
Step 4. Type get rom-spt to backup the current Prestige configuration to your workstation.
For details on FTP commands, please consult the documentation of your FTP client program.
Menu 24.5 – Back up Configuration
To transfer the configuration file to your workstation, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your
SMT password as requested.
3.
Locate the “rom-spt” file.
4.
Type “get rom-spt” to back up the current Prestige configuration to your workstation.
For details on FTP commands, please consult the documentation of your FTP client program. For details on backup using TFTP (note that you must remain in menu 24.5 to back up using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 12-9 Backup Configuration using FTP
12.6.3 Back up using TFTP
Even though TFTP should work over WAN as well, it is not recommended.
To use TFTP, your workstation must have both telnet and TFTP clients.
12-10 System Maintenance
Prestige 1100 Internet Access Router
To transfer the configuration file, follow the procedure below: Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Step 1. Launch the TFTP client on your workstation and connect to the Prestige.
Step 2. Go to SMT menu 24.5. Note that you must remain in this menu until backup is complete.
Step 3. Use the TFTP client to transfer files between the Prestige and the workstation. The file name for the configuration file is “rom-spt”.
For details on TFTP commands, please consult the documentation of your TFTP client program. For
UNIX, use “get” to transfer from the Prestige to the workstation, and “binary” to set binary transfer mode.
12.7 Restore Configuration
Option 6 from Menu 24 – System Maintenance allows you to restore the current workstation backup configuration to your Prestige.
12.7.1 Restore using the Console Port
You can restore the configuration either through an FTP or TFTP client program (preferred method) or through the RS-232 console port (in the event of the network being down). Restoring via the console port under normal conditions is not recommended since FTP or TFTP is faster. Any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload. Please note that the system reboots automatically after the file transfer process is complete.
Menu 24.6 - Restore Configuration
FTP or TFTP are the preferred methods for restoring your current workstation configuration to your Prestige since FTP or TFTP is faster. Please note that the system reboots automatically after the file transfer process is complete.
Ready to Restore Configuration via Xmodem.
Do you want to continue (Y/N):
Figure 12-10 Menu 24.6 –Restore Configuration using the Console Port
12.7.2 Restore using FTP
To transfer your current workstation configuration to your Prestige, follow the procedure below:
Step 1. Launch the FTP client on your workstation.
Step 2. Type open and the IP address of your Prestige. Then type root and password as requested.
Step 3. Type put backupfilename rom-spt where “backupfilename” is the name of your backup configuration file on your workstation and “rom-spt” is the remote file name on the
System Maintenance 12-11
Prestige 1100 Internet Access Router
Prestige. This restores the configuration to your Prestige.
Step 4. The system reboots automatically after the file transfer process is complete.
For details on FTP commands, please consult the documentation of your FTP client program.
Menu 24.6 – Restore Configuration using FTP
To transfer your current workstation configuration to your Prestige, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your
SMT password as requested.
3.
Type “put backupfilename rom-spt” where “backupfilename” is the name of your backup configuration file on your workstation and “rom-spt” is the remote file name on the Prestige. This restores the configuration to your
Prestige.
4.
The system reboots automatically after a successful file transfer.
For details on FTP commands, please consult the documentation of your FTP client program. For details on restoring using TFTP (note that you must remain in menu 24.6 to restore using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 12-11 Restore Configuration using FTP
12.7.3 Restore using TFTP
Even though TFTP should work over WAN as well, it is not recommended.
To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the configuration file, follow the procedure below. Use telnet from your workstation to connect to the Prestige and log in. Because
TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts
TFTP requests only from this address.
Step 1. Launch the TFTP client on your workstation and connect to the Prestige.
Step 2. Go to SMT menu 24.6. Note that you must remain in this menu until file transfer is complete.
Step 3. Use the TFTP client to transfer files between the Prestige and the workstation. The remote file name on the Prestige is “rom-spt”.
Step 4. The system reboots automatically after the file transfer process is complete.
Note that the telnet connection must be active before and during the TFTP transfer. For details on TFTP commands, please consult the documentation of your TFTP client program. For UNIX, use “put” to transfer from the workstation to the Prestige, and “binary” to set binary transfer mode.
12.8 Upload Firmware
Option 7 from Menu 24 – System Maintenance takes you to Menu 24.7 – System Maintenance –
Firmware Update which allows you to upgrade the firmware or default configuration. You can upgrade the firmware either through an FTP or TFTP client program (preferred method) or through the RS-232 console port (in the event of the network being down). Updating the firmware via the console port under
12-12 System Maintenance
Prestige 1100 Internet Access Router normal conditions is not recommended since FTP or TFTP is faster. Please note that the system reboots automatically after the file transfer process is complete.
Menu 24.7 -- System Maintenance - Upload Firmware
1. Upload ZyNOS Code
2. Upload Router Configuration File
Enter Menu Selection Number:
Figure 12-12 Menu 24.7 -- System Maintenance - Upload Firmware
12.8.1 Dual Firmware Block Structure
The Prestige P1100 employs a “dual firmware block structure” where one block is called the “main block” and the other block is called the “backup block”. The benefits of this approach are:
•
You can upload the current firmware into the backup block (ras-b) before you try to upload new firmware. If the new firmware has problems, you may either revert to using your old working firmware by using the “ATSW” command under Boot Extension or selectively run the old firmware in the backup block by using the “ATGB” command under Boot Extension.
•
If the firmware in the main block gets corrupted for some reason, the Prestige will try to boot from the backup block automatically so service won’t get interrupted.
12.8.2 Upload Router Firmware via the Console Port
FTP or TFTP are the preferred methods for uploading router firmware to your Prestige. However in the event of your network being down, uploading router firmware is only possible with a direct connection to your Prestige via the console port. Uploading router firmware via the console port under normal conditions is not recommended since FTP or TFTP is faster. Any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload.
Select 1 from Menu 24.7 – System Maintenance – Firmware Update to go to Menu 24.7.1 - System
Maintenance - Upload ZyNOS Code.
Step 1. Enter "y" at the prompt to go into debug mode.
Step 2. Enter "atur" after the "Enter Debug Mode" message
Step 3. Wait for the "Starting XMODEM upload" message before activating the Xmodem upload on your terminal.
Step 4. The system reboots automatically after a successful firmware upload .
System Maintenance 12-13
Prestige 1100 Internet Access Router
Menu 24.7.1 - System Maintenance - Upload ZyNOS Code.
FTP or TFTP are the preferred methods for uploading router firmware to your
Prestige since FTP or TFTP is faster.
To upload router firmware:
1. Enter "y" at the prompt below to go into debug mode.
2. Enter "atur" after the "Enter Debug Mode" message.
3. Wait for the "Starting XMODEM upload" message before activating
the Xmodem upload on your terminal.
4. The system reboots automatically after a successful firmware upload.
Warning: Proceeding with the upload will erase the current router firmware.
Do you want to continue:(Y/N)
Figure 12-13 Menu 24.7.1 –Upload ZyNOS Code using the Console Port.
12.8.3 Upload Router Firmware using FTP
To transfer the firmware, follow the procedure below:
Step 1. Launch the FTP client on your workstation.
Step 2. Type open and the IP address of your Prestige. Then type root and your SMT password as requested.
Step 3. Type put firmwarefilename ras-m where “firmwarefilename” is the name of your firmware upgrade file on your workstation and “ras-m” is the remote file name on the Prestige.
Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the main block or “ras-b” if you want to upload firmware into the backup block.
Step 4. The system reboots automatically after a successful firmware upload .
Menu 24.7.1 – Upload ZyNOS code using FTP
To upload the router firmware, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your
SMT password as requested.
3.
Type “put firmwarefilename ras-m” where “firmwarefilename” is the name of your firmware upgrade file on your workstation and “ras-m” is the remote file name on the Prestige. Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the main block or “rasb” if you want to upload firmware into the backup block.
4.
The system reboots automatically after a successful firmware upload.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain in menu 24.7.1 to upload router firmware using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 12-14 Menu 24.7.1. – Upload Router Firmware using FTP
12-14 System Maintenance
Prestige 1100 Internet Access Router
12.8.4 Upload Router Firmware using TFTP
Even though TFTP should work over WAN as well, it is not recommended.
To use TFTP, your workstation must have both telnet and TFTP clients. Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Step 1. Launch the TFTP client on your workstation and connect to the Prestige.
Step 2. Go to SMT menu 24.7.1. Note that you must remain in this menu until file transfer is complete.
Step 3. Use the TFTP client to transfer files between the Prestige and the workstation.
Step 4. Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the main block or “ras-b” if you want to upload firmware into the backup block of the
Prestige.
Step 5. The system reboots automatically after a successful firmware upload .
Note that the telnet connection must be active before and during the TFTP transfer. For details on TFTP commands, please consult the documentation of your TFTP client program. For UNIX, use “put” to transfer from the workstation to the Prestige, and “binary” to set binary transfer mode.
12.9 Upload Router Configuration File
The configuration data, system-related data, the error log and the trace log are all stored in the configuration file. Please be aware that uploading the configuration file replaces all previous configurations. You can upgrade the configuration file either through an FTP or TFTP client program (preferred method) or through the RS-232 console port (in the event of the network being down). Updating the configuration file via the console port under normal conditions is not recommended since FTP or TFTP is faster. Please note that you need to reboot the system after the configuration file update process is complete. Note that if you replace the current configuration with the default configuration file, i.e.. P1100.rom, you will lose all configurations that you had before and the speed of the console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit(8n1). You will need to change your serial communication software to the default before you can connect to the Prestige again. The password will be reset to the default of 1234, as well.
12.9.1 Upload Router Configuration File using the Console Port
Select 2 from Menu 24.7 – System Maintenance – Firmware Update to go to Menu 24.7.2 –Upload Router
Configuration File.
Step 1. Enter "y" at the prompt to go into debug mode.
Step 2. Enter "atur3" after the "Enter Debug Mode" message.
Step 3. Wait for the "Starting XMODEM upload" message before activating the Xmodem upload on your terminal .
System Maintenance 12-15
Prestige 1100 Internet Access Router
Step 4. After successful file transfer, enter "atgo" to restart the router .
Menu 24.7.2 - System Maintenance - Upload Router Configuration File
FTP or TFTP are the preferred methods for uploading the router configuration file to your Prestige since FTP or TFTP is faster.
To upload the router configuration file:
1.
Enter "y" at the prompt to go into debug mode.
2.
Enter "atur3" after the "Enter Debug Mode" message
3.
Wait for the "Starting XMODEM upload" message before activating the
Xmodem upload on your terminal.
4.
After successful file transfer, enter "atgo" to restart the router.
Proceeding with the upload will erase the current router configuration file.
The router's console port speed will be reset to 9600 bps and the password to "1234".
Do you want to continue: (Y/N)
Figure 12-15 Menu 24.7.2 –Upload Router Configuration File.
12.9.2 Upload Router Configuration File using FTP
To upload the router configuration file, follow the procedure below:
Step 1. Launch the FTP client on your workstation.
Step 2. Type open and the IP address of your Prestige. Then type root and your SMT password as requested.
Step 3. Type put configurationfilename rom-0 where “configurationfilename” is the name of your router configuration file on your workstation, which will be transferred to the “rom-0” file on the Prestige.
Step 4. The system reboots automatically after the upload router configuration file process is complete.
Menu 24.7.2 – System Maintenance - Upload Router Configuration File
To upload the router configuration file, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your
SMT password as requested.
3.
Type “put configurationfilename rom-0” where “configurationfilename” is the name of your router configuration file on your workstation, which will be transferred to the “rom-0” file on the Prestige.
4.
The system reboots automatically after the upload is complete.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain in menu 24.7.2 to upload the router configuration file using
TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 12-16 Menu 24.7.2 – Upload Router Configuration File using FTP
12-16 System Maintenance
Prestige 1100 Internet Access Router
12.9.3 Upload Router Configuration File using TFTP
Even though TFTP should work over WAN as well, it is not recommended.
To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the configuration file, follow the procedure below.
Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address .
Step 1. Launch the TFTP client on your workstation and connect to the Prestige. Set the transfer mode to binary before starting data transfer.
Step 2. Go to SMT menu 24.7.2. Note that you must remain in this menu until file transfer is complete.
Step 3. Use the TFTP client to transfer files between the Prestige and the workstation.
Step 4. Specify “rom-0” as the remote file name on the Prestige.
Step 5. The system reboots automatically after the upload router configuration file process is complete .
Note that the telnet connection must be active before and during the TFTP transfer. For details on TFTP commands, please consult the documentation of your TFTP client program. For UNIX, use “put” to transfer from the workstation to the Prestige, and “binary” to set binary transfer mode.
System Maintenance 12-17
Prestige 1100 Internet Access Router
12.9.4 Boot Module Commands
Prestige boot module commands are shown below. For ATBAx, x denotes the number preceding the colon to give the baud rate following the colon in the list of numbers that follows; e.g. ATBA3 will give a baud of
9.6 kbps. ATSE displays the seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH command shows product related information such as boot module version, vendor name, product model, RAS code revision, etc.
======= Debug Command Listing ======= athe
======= Debug Command Listing =======
AT just answer OK
ATHE print help
ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k
4:57.6k 5:115.2k
ATENx(,y) set BootExtension Debug Flag (y=password)
ATSE show the seed of password generator
ATTI(h,m,s) change system time to hour:min:sec or show current time
ATDA(y,m,d) change system date to year/month/day or show current date
ATDS dump RAS stack
ATDT dump Boot Module Common Area
ATDUx,y dump memory contents from address x for length y
ATRBx display the 8-bit value of address x
ATRBx display the 8-bit value of address x
ATRWx display the 16-bit value of address x
ATRLx display the 32-bit value of address x
ATGOx run program at addr x or boot ZyNOS
ATGR boot ZyNOS
ATGT run Hardware Test Program
ATRTw,x,y(,z) RAM Test level w, from address x to y (z iterations)
ATCB copy from FLASH ROM to working buffer
ATSH dump manufacturer related data in ROM
ATDOx,y download from address x for length y to PC via
XMODEM
ATTD download configuration to PC via XMODEM
< press any key to continue >
ATUR upload RAS code to flash ROM
ATUR3 upload RAS configuration file
ATLOa,b,c,d Int/Trap Log Cmd
ATGM boot ZyNOS in main block
ATGB boot ZyNOS in backup block
ATUM upload RAS code to main block
ATUB upload RAS code to backup block
ATSW switch main block and backup block
OK
Figure 12-17 Boot module commands
12-18 System Maintenance
Prestige 1100 Internet Access Router
12.10 Command Interpreter Mode
This option allows you to enter the command interpreter mode. A list of valid commands can be found by typing [help] at the command prompt. For more detailed information, check the ZyXEL Web site or send email to the ZyXEL Support Group. Please note that the first release of the P1100 does not support L2TP.
Enter Menu Selection Number: 8
Copyright (c) 1999 ZyXEL Communications Corp.
ras> ?
Valid commands are: sys exit device ether wan l2tp radius ip ppp bridge ipx hdap ras>
Figure 12-18 Command mode
System Maintenance 12-19
Prestige 1100 Internet Access Router
Chapter 13:
IP Policy Routing
13.1 Introduction
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.
13.1.1 Benefits
•
Source-Based Routing – Network administrators can use policy-based routing to direct traffic from different users through different connections.
•
Quality of Service (QoS) – Organizations can differentiate traffic by setting the precedence or TOS
(Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.
•
Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost paths while using low-cost paths for batch traffic.
•
Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
13.1.2 Routing Policy
A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria include the source address and port, IP protocol
(ICMP, UDP, TCP, etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets.
The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header.
IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set.
IP Policy Routing 13-1
Prestige 1100 Internet Access Router
13.1.3 IP Policy Routing Setup
Menu 25 shows all the policies defined
Menu 25 - IP Routing Policy Setup
Policy Policy
Set # Name Set # Name
------ ----------------- ------ -----------------
1 test 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Policy Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 13-1 IP Routing Policy Setup
To setup a routing policy, follow the procedures below:
Step 1. Enter 25 in the Main Menu to open Menu 25 – IP Policy Routing Setup.
Step 2. Enter the index of the policy set you wish to configure to open Menu 25.1 - IP Policy Routing
Summary.
Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet, and the latter is the action. Between these two parts, separator ‘|’ means the action is taken on criteria matched and separator ‘=’ means the action is taken on criteria not matched.
13-2 IP Policy Routing
Prestige 1100 Internet Access Router
Menu 25.1 - IP Routing Policy Summary
# A Criteria/Action
- - --------------------------------------------------------------------------
1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5
SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0
2 N __________________________________________________________________________
__________________________________________________________________________
3 N __________________________________________________________________________
__________________________________________________________________________
4 N __________________________________________________________________________
__________________________________________________________________________
5 N __________________________________________________________________________
__________________________________________________________________________
6 N __________________________________________________________________________
__________________________________________________________________________
Enter Policy Rule Number (1-6) to Configure:
Figure 13-2 Menu 25 - IP Routing Policy Summary
IP Policy Routing 13-3
Prestige 1100 Internet Access Router
Abbreviation
Criteria
SA
SP
DA
DP
P
T
PR
Action
GW
T
P
Type Of Service
NM m D
MT
MR
MC
Table 13-1 IP Routing Policy Summary
Meaning
Source IP address
Source port
Destination IP address
Destination port
IP layer 4 protocol number(TCP=6,UDP=17…)
Type Of Service of Incoming packet
Precedence of incoming packet
Gateway IP address
Outgoing Type of Service
Outgoing Precedence
Normal
Minimum Delay
Maximum Throughput
Maximum Reliability
Minimum Cost
Enter a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule.
Menu 25.1.1 - IP Routing Policy
Policy Set Name= test
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Normal
Precedence = 0
Source:
addr start= 1.1.1.1
port start= 20
Destination:
addr start= 2.2.2.2
port start= 20
Action= Matched
Gateway addr = 192.168.1.1
Type of Service= Max Thruput
Precedence = 0
Packet length= 40
Len Comp= end= 1.1.1.1
end= 20 end= 2.2.2.2
end= 20
Log= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 13-3 IP Routing Policy
13-4 IP Policy Routing
Field
Policy Set Name
Active
Criteria
IP Protocol
Type of Service
Packet Length
Len Comp
Precedence
Source: addr start= / end= port start= / end=
Destination: addr start= / end= port start= / end=
Action=
Gateway addr
Log
Type of Service
Precedence
Prestige 1100 Internet Access Router
Table 13-2 IP Routing Policy
Description
This is the name of the policy set assigned in Menu 25 - IP Routing Policy
Setup.
Press the [SPACEBAR] to select [Yes] to activate the policy.
IP layer 4 protocol, e.g., UDP, TCP, ICMP, etc.
Prioritize incoming network traffic by choosing from [Don’t Care] / [Normal] /
[Min Delay] / [Max Thruput] / [Max Reliability].
Enter the length of incoming packets (in bytes). The operators in the [Len
Comp] (next) apply to packets of this length.
Press the [SPACEBAR] to choose from [Equal] / [Not Equal] / [Less] / [Greater] /
[Less or Equal] / Greater or Equal].
Precedence value of the incoming packet. Values range from [0] to [7] or [Don’t
Care].
Source IP address range from start to end.
Source port number range from start to end; applicable only for TCP/UDP.
Destination IP address range from start to end.
Destination port number range from start to end; applicable only for TCP/UDP.
Specifies whether action should be taken on criteria [Matched] or [Not
Matched].
Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it’s on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0.
Press the [SPACEBAR] to select [Yes] to make an entry in the system log when a policy is executed.
Set the new TOS value of the outgoing packet. Choose from Prioritize incoming network traffic by choosing from [No Change] / [Normal] / [Min Delay] / [Max
Thruput] / [Max Reliability].
Set the new precedence value of the outgoing packet. Values range from [0] to
[7] or [No Change].
IP Policy Routing 13-5
Prestige 1100 Internet Access Router
13.2 Applying an IP Policy
This section shows you where to apply the IP Policies after you design them.
13.2.1 Ethernet IP Policies
From Menu 3 - Ethernet Setup, enter 2 to go to Menu 3.2 -General Ethernet Setup.
You can choose up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 2, 4, 7, 9.
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= None
Client IP Pool Starting Address= N/A
Size of Client IP Pool= N/A
Primary DNS Server= N/A
Secondary DNS Server= N/A
TCP/IP Setup:
IP Address= 192.68.0.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies= 2,4,7,9
Enter your IP
Policy sets here.
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 13-4 Menu 3.1.1 - General Ethernet Setup
13.2.2 Remote Node IP Routing Policies
Go to Menu 11.3 (shown next) and enter the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by entering their numbers separated by commas.
13-6 IP Policy Routing
Prestige 1100 Internet Access Router
Menu 11.3 - Remote Node Network Layer Options
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Single User Account= No
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies= 1,2,3,4
IPX Options:
Rem LAN Net #= N/A
My WAN Net #= N/A
Hop Count= N/A
Tick Count= N/A
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)= N/A
Bridge Options:
Ethernet Addr Timeout(min)= N/A
Enter here to CONFIRM or ESC to CANCEL:
Enter your IP
Policy sets here.
Figure 13-5 Menu 11.3 - Remote Node Network Layer Options
IP Policy Routing 13-7
Prestige 1100 Internet Access Router
Chapter 14:
Troubleshooting
This chapter covers the potential problems you may run into and the possible remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem.
14.1 Problems Starting Up the Prestige 1100
Table 14-1 Troubleshooting the Start-Up of your Prestige 1100
Troubleshooting Corrective Action
None of the LEDs are on when you power on the Prestige 1100
Cannot access the Prestige 1100 via the console port.
Check the connection between the power cord and your Prestige
1100.
If the error persists you may have a hardware problem. In this case you should contact technical support.
1.Check to see if the Prestige 1100 is connected to your computer’s serial port. Note that a null modem is required.
2. Check to see if the communications program is configured correctly. The communications software should be configured as follows:
VT100 terminal emulation
9600 Baud.
No parity, 8 Data bits, 1 Stop bit.
Troubleshooting 14-1
Prestige 1100 Internet Access Router
14.2 Problems With the WAN Port
Table 14-2 Troubleshooting a WAN Port Connection
Troubleshooting Corrective Action
RDY LED of a WAN Port is not ON Check if the WAN port is connected to an external WAN device.
Check if the power of the external WAN device is turned on.
14.3 Problems with the LAN Interface
Table 14-3 Troubleshooting the LAN Interface
Troubleshooting Corrective Action
Can’t ping any station on the LAN Check the Ethernet LED on the front panel of your Prestige 1100. If it is off, check the cables connecting your Prestige 1100 to the hub.
Verify that the IP address and the subnet mask in Menu 3.2 are consistent between the Prestige 1100 and the workstations.
14.4 Problems Connecting to a Remote Node or ISP
Table 14-4 Troubleshooting a Connection to a Remote Node or ISP
Troubleshooting Corrective Action
Can’t connect to a remote node or
ISP
Check Menu 24.1 to verify the line status. If it indicates [down], then refer to the section on the line problems.
In Menu 24.4.5, do a manual call to that remote node. Observe the messages and take appropriate actions.
14-2 Troubleshooting
IPCP
IPX
ISDN
ISP
LAN
MAC
MP
NAT
PAP
POTS
PPP
PSTN
RADIUS
RIP
DCE
DHCP
DNS
DTE
IANA
IP
BAP/BACP
BOD
CDR
CHAP
CLID
CSU/DSU
Prestige 1100 Internet Access Router
Acronyms and Abbreviations
Bandwidth Allocation Protocol/Bandwidth Allocation Control protocol
Bandwidth on Demand
Call Detail Record
Challenge Handshake Authentication Protocol
Calling Line IDentification
Channel Service Unit/Data Service Unit
Data Communications Equipment
Dynamic Host Configuration Protocol
Domain Name System
Data Terminal Equipment
Internet Assigned Number Authority
Internet Protocol
IP Control Protocol
Internetwork Packet eXchange
Integrated Service Digital Network
Internet Service Provider
Local Area Network
Media Access Control
(PPP) Multilink Protocol
Network Address Translation
Password Authentication Protocol
Plain Old Telephone Service
Point to Point Protocol
Public Switched Telephone Network
Remote Authentication Dial-In User Service
Routing Information Protocol
Acronyms & Abbreviations A
Prestige 1100 Internet Access Router
SAP
SNAP
SNMP
SUA
TA
TCP
UDP
STP
WAN
(IPX) Service Advertising Protocol
Sub-Network Access Protocol
Simple Network Management Protocol
Single User Account
(ISDN) Terminal Adapter
Transmission Control Protocol
User Datagram Protocol
Shielded Twisted Pair (cable)
Wide Area Network
B Acronyms & Abbreviations
Action Matched, 8-5
Applications, 4
Internet Access, 4
SUA, 5
LAN-to-LAN, 6, 5-1
Authentication, 4-2, 4-3
A
B
Back Panel, 4
Boot Module Commands, 12-18
Bridging, 2, 6, 2-10, 4-2, 7-1
Ether Address, 7-4
Ethernet, 7-1
Ethernet Addr Timeout, 7-3
Remote Node, 7-2
Static Route Setup, 7-4
C
CHAP, 4-2
Command Interpreter Mode, 12-19
Community, 9-1
Compression, 4-4
Connections, 2-2
Ethernet, 2-3
Power Cord, 2-3
WAN Devices, 2-2
Copyright, ii
CSU/DSU, xiv, 1
Customer Support, iv
D
DHCP. See Dynamic Host Configuration Protocol
DNS. See Domain Name System
Domain Name System, 3-3
DNS Proxy, 3-3
Primary and Secondary DNS Server, 3-3
Dynamic Host Configuration Protocol, 3-3
Index
Prestige 1100 Internet Access Router
Index
E
Encapsulation, 4-4
Ethernet Setup, 2-12
F
Feature Overview
Data Compression, 3
Detailed Features, 1
DHCP Support, 3
Ethernet LANs, 2
Full Network Management, 2
Multiple Protocol Support, 2
NAT Support, 2
Quick, 1
WAN Solutions, 1
Filename Conventions, 12-8
Filters
About, 8-1
Applying, 8-15
Ethernet, 8-15
Remote Node, 8-16
Configuring a Filter Rule, 8-6
Configuring a Filter Set, 8-3
Device
Abbreviations, 8-6
Device Filter Rule, 8-13
Ethernet, 2-13
Executing a Filter Rule, 8-1
IP
Abbreviations, 8-5
IPX Filter Rule, 8-11
Logic Flow of an IP Filter, 8-10
More, 8-5
Rules Summary, 8-4
Session Options, 4-3
Structure, 8-1
SUA, 8-6
TCP/IP Filter Rule, 8-7
Fractional T1/E1, xiv, 1
Front Panel, 3
LEDs, 3
C
Prestige 1100 Internet Access Router
G
Gateway, 5-8
General Setup, 2-9
Menu Fields, 2-10
H
Hop Count, 6-7, 6-9
I
IANA. See Internet Assigned Number Authority
Initial Screen, 2-3
Interactive Applications, 13-1
Internet access, 3-1
Internet Access Configuration, 3-6
Internet Assigned Number Authority, 3-2
Internet Service Provider, 3-2
IP Address, 3-2, 3-5, 3-8, 4-3, 5-3, 5-8, 7-4
IP Multicast, 3-5
Internet Group Management Protocol(IGMP), 3-5
IP Network Number, 3-2
IP Policies , 3-5, 5-5, 13-6
IP Policy Routing (IPPR), 13-1
Applying an IP Policy, 13-6
Benefits, 13-1
Cost Savings, 13-1
Criteria, 13-1
Ethernet IP Policies, 13-6
Gateway, 13-5
Load Sharing, 13-1
Remote Node IP Policies, 13-6
Setup, 13-2
IP Pool, 3-3
IP Routing Policy, 13-5
IP Routing Policy Setup, 13-4
IPX, 2, 6, 4-3, 6-1
Ethernet Setup, 6-4
External Network Number, 6-2
Frame Types, 6-1, 6-4
802.2, 6-1
802.3, 6-1
Ethernet II, 6-1
SNAP(Sub-Network Access Protocol), 6-1
Internal Network Number, 6-2
LAN-to-LAN, 6-5
Prestige, 6-2
D
Remote Node Setup, 6-6
Seed Router, 6-3
Static Route Setup, 6-8
IPX Network Number, 6-1, 6-7
IPX Node Number, 6-1
ISP. See Internet Service Provider
L
LAN, 5, 3-2, 12-3
Receiving, 12-3
Transmitting, 12-3
LANs & WANs, 3-11
Prestige, 3-11
Login, 3-7, 4-2
M
MAC. See Media Access Control
Main Menu, 2-6
Summary, 2-6
Media Access Control, 6-1, 7-1
Metric, 5-4, 5-8
My WAN Addr, 5-3, 5-4
N
Navigating the SMT Interface, 2-5
NetWare, 6-1
Network Address Translation, 1, 2, 8-6, A
Network Address Translator (NAT) , 3-9
Network Interface Card, 2-1
NIC. See Network Interface Card
P
Packing List Card , xiv
PAP, 4-2
Password, 2-3, 2-7, 3-7, 4-2, 9-1, 10-1
Point-to-Point Protocol, 2
Power On, 2-3
PPP, 4-3
Editing PPP Options, 4-3
Precedence, 13-1, 13-5
Private, 5-4, 5-8
Index
Q
Quality of Service, 13-1
R
Remote Configuration, 2
Remote Node, 4-1, 12-3
Leased Line, 4-1
TCP/IP, 5-1
Remote Node Setup, 5-2
RIP. See Routing Information Protocol
RJ-45, 2-3
Route IP Setup, 3-1
Routing Information Protocol, 3-2
Direction, 3-2
Version, 3-2
Routing Policy, 13-1
S
SAP/RIP Timeout, 6-7
Single User Account, 2
Single User Account, 5, 3-2, 3-7, 3-8, 3-9, 3-10, 5-4,
8-6, B
Advantages, 3-9
Configuration, 3-9
Ethernet, 3-10
SMT. See System Management Terminal
SNMP ( Simple Network Management Protocol), 9-1
Community, 9-2
Configuration, 9-1
Traps, 9-2
Trusted Host, 9-2
Socket, 6-9
Stac, 3
Static Route Setup, 5-6
Menu Fields, 5-8
STP (Shielded Twisted Pair), 2-3
SUA. See Single User Account
Subnet Mask, 3-2, 3-5, 5-4, 5-8
Supporting Disk, xiv
Syntax Conventions, xiv
System Maintenance
Backup
Console Port, 12-9
FTP, 12-10
TFTP, 12-10
Index
Prestige 1100 Internet Access Router
Console Port Speed, 12-5
Diagnostic, 12-7
Ping, 12-8
Reboot, 12-8
Log & Trace, 12-5
Viewing, 12-5
Menu 24, 12-1
Restore, 12-11
Console Port, 12-11
FTP, 12-11
TFTP, 12-12
Syslog & Accounting, 12-6
System Status, 12-2
System Management Terminal, 2-5
System Security, 2-6, 2-7, 2-8, 10-1, 10-2
Password, 10-1, 10-2
T
TCP/IP, 3-3, 12-8
Telnet, 11-1
Single Administrator, 11-2
Single User Account, 11-2
SUA, 11-2
Timeout, 11-2
Terminal Emulation, 2-1, 14-1
Tick Count, 6-7, 6-9
TOS (Type of Service), 13-1
Troubleshooting, 14-1
LAN Interface, 14-2
Remote Node, 14-2
Start up, 14-1
WAN Port, 14-2
Type of Service, 13-1, 13-4, 13-5
U
UNIX syslog, 12-6
Upload Firmware, 12-12
Console Port, 12-13
Dual Firmware Block Structure, 12-13
FTP, 12-14
TFTP, 12-15
Upload Router Configuration File, 12-15
Console Port, 12-15
FTP, 12-16
TFTP, 12-17
E
Prestige 1100 Internet Access Router
V
VT100, 2-1
W
WAN port, 2-2
WAN Setup, 2-11
Watchdog, 6-7
Z
ZyNOS, 12-4, 12-13, 12-14, 13-1
ZyXEL Limited Warranty, iii
F Index
Advertisement
Key Features
- WAN and LAN connectivity
- Flexible protocol support (TCP/IP, IPX, Bridging)
- Remote node configuration
- Robust security features (password, filtering)
- System maintenance and diagnostics
- Remote management via Telnet
- Single User Account (SUA) support
- IP Policy Routing