Advertisement
Advertisement
Prestige 1400
WAN Router with Integrated Ethernet Switch
ZyNOS Version 3.20
February 2001
User’s Guide
ii
Prestige 1400 WAN Router with Integrated Ethernet Switch
Prestige 1400
WAN Router with Integrated Ethernet Switch
Copyright
Copyright © 2000 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL
Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patents rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Copyright
Prestige 1400 WAN Router with Integrated Ethernet Switch
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two (2) years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition.
Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty Card for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor.
All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid
(USA and territories only). If the customer desires some other return destination beyond the U.S. borders, the customer shall bear the cost of the return shipment. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.
ZyXEL Limited Warranty iii
iv
Prestige 1400 WAN Router with Integrated Ethernet Switch
Customer Support
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL Communications
Corporation offices worldwide, in one of the following ways:
Contacting Customer Support
When you contact your customer support representative, have the following information ready:
♦
Prestige model and serial number
♦
Information in Menu 24.2.1 -System Information
♦
Warranty information
♦
Date you received your Prestige
♦
Brief description of the problem and the steps you took to solve it.
METHOD E-MAIL - SUPPORT/
SALES
TELEPHONE/FAX WEB SITE/ FTP
SITE
REGULAR MAIL
LOCATION
Worldwide
North
America
Scandinavia
Austria
Germany [email protected]
+886-3-578-3942
+886-3-578-2439
+1-714-632-0882
800-255-4101
+1-714-632-0858
+45-3955-0700
+45-3955-0707
+43-1-4948677-0
+43-1-4948678
+49-2405-6909-0
+49-2405-6909-99 www.zyxel.com
www.europe.zyxel.
com ftp.europe.zyxel.co
m www.zyxel.com
ZyXEL Communications
Corp., 6 Innovation Road II,
Science-Based Industrial
Park, HsinChu, Taiwan 300,
R.O.C.
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
ftp.zyxel.com
www.zyxel.dk
ftp.zyxel.dk
www.zyxel.at
ftp.zyxel.at
www.zyxel.de
ZyXEL Communications A/S,
Columbusvej 5, 2860
Soeborg, Denmark.
ZyXEL Communications
Services GmbH.
Thaliastrasse 125a/2/2/4 A-
1160 Vienna, Austria
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A4 D-52146
Wuerselen, Germany
Customer Support
Prestige 1400 WAN Router with Integrated Ethernet Switch
Table of Contents
Prestige 1400 ............................................................................................................................................................ ii
Customer Support .................................................................................................................................................... iv
Table of Contents ......................................................................................................................................................v
List of Figures ...........................................................................................................................................................xi
List of Tables............................................................................................................................................................xv
Preface .................................................................................................................................................................. xvii
Chapter 1 Getting to Know Your Prestige ........................................................................................................................... 1-1
1.1 Overview of the Prestige 1400 ...................................................................................................................... 1-1
1.2 Example Internet Access Application ............................................................................................................ 1-2
1.3 Example LAN-to-LAN Application ................................................................................................................. 1-3
Chapter 2 The Integrated Switch.......................................................................................................................................... 2-1
2.1 The Integrated Switch ................................................................................................................................... 2-1
2.2 Purposes of the Prestige Integrated Switch .................................................................................................. 2-1
2.2.1
Connect to Networking Devices Example ............................................................................................ 2-1
2.2.2
Connect to Computers Directly............................................................................................................. 2-2
2.2.3
Connect to Local Application Servers .................................................................................................. 2-3
2.2.4
Connect the VLAN Configuration Port ................................................................................................ 2-3
Chapter 3 Hardware Installation & Initial Setup .................................................................................................................. 3-1
3.1 Unpacking Your Prestige ............................................................................................................................... 3-1
3.2 Additional Installation Requirements ............................................................................................................. 3-1
3.3 Front Panel .................................................................................................................................................... 3-1
3.3.1
Front Panel Router Connections ........................................................................................................... 3-2
3.4 Rear Panel – Power Connection ................................................................................................................... 3-3
3.5 Front Panel LEDs .......................................................................................................................................... 3-3
3.6 Initial Screen.................................................................................................................................................. 3-4
3.6.1
Password ............................................................................................................................................... 3-4
3.7 Navigating the SMT Interface........................................................................................................................ 3-5
3.8 SMT Menus At A Glance ............................................................................................................................... 3-5
3.8.1
P1400 Main Menu................................................................................................................................. 3-7
3.9 Changing the System Password ................................................................................................................... 3-8
3.9.1
Resetting the Prestige ............................................................................................................................ 3-8
3.10
General Setup ........................................................................................................................................... 3-9
Chapter 4 WAN Port Setup ................................................................................................................................................... 4-1
4.1 Configuring The WAN Port For PPP over HDLC .......................................................................................... 4-1
4.2 Configuring The WAN Port For Frame Relay................................................................................................ 4-2
4.2.1
Standards ............................................................................................................................................... 4-3
Table of Contents v
Prestige 1400 WAN Router with Integrated Ethernet Switch
4.2.2
How To Configure The WAN Port For Frame Relay ........................................................................... 4-3
4.3 How To Configure Frame Relay for Internet Access ..................................................................................... 4-3
4.3.1
Encapsulation ........................................................................................................................................ 4-3
4.3.2
DLCI...................................................................................................................................................... 4-4
4.3.3
CIR (Committed Information Rate) ...................................................................................................... 4-4
4.3.4
EIR (Excess Information Rate) ............................................................................................................. 4-4
4.3.5
How To Configure Frame Relay for Internet Access............................................................................ 4-4
4.4 How To Configure Frame Relay For A Remote Node ................................................................................... 4-5
Chapter 5 Internet Access .................................................................................................................................................... 5-1
5.1 TCP/IP and DHCP for LAN............................................................................................................................ 5-1
5.1.1
IP Address and Subnet Mask................................................................................................................. 5-1
5.1.2
RIP Setup............................................................................................................................................... 5-1
5.1.3
DHCP Configuration ............................................................................................................................. 5-1
5.1.4
IP Multicast ........................................................................................................................................... 5-2
5.2 IP Policies ...................................................................................................................................................... 5-2
5.3 TCP/IP Ethernet Setup .................................................................................................................................. 5-3
5.4 Collecting Internet Account Information......................................................................................................... 5-4
5.5 Internet Access using the Prestige ................................................................................................................ 5-4
Chapter 6 Remote Node Configuration ............................................................................................................................... 6-1
6.1 Remote Node Setup ...................................................................................................................................... 6-1
6.2 Outgoing Authentication Protocol .................................................................................................................. 6-3
6.3 Editing PPP Options ...................................................................................................................................... 6-3
6.4 Edit IP Parameters ........................................................................................................................................ 6-4
Chapter 7 Static Route.......................................................................................................................................................... 7-1
7.1 Basics ............................................................................................................................................................ 7-1
7.2 Static Route Setup......................................................................................................................................... 7-1
Chapter 8 Network Address Translation (NAT) .................................................................................................................. 8-1
8.1 Introduction .................................................................................................................................................... 8-1
8.1.1
NAT Definitions.................................................................................................................................... 8-1
8.1.2
What NAT Does .................................................................................................................................... 8-1
8.1.3
How NAT works ................................................................................................................................... 8-2
8.1.4
NAT Mapping Types............................................................................................................................. 8-2
8.1.5
SUA (Single User Account) Versus NAT............................................................................................. 8-3
8.2 SMT Menus ................................................................................................................................................... 8-3
8.2.1
Applying NAT in the SMT Menus........................................................................................................ 8-3
8.2.2
Configuring NAT .................................................................................................................................. 8-5 vi
8.2.3
Address Mapping Sets and NAT Server Sets:....................................................................................... 8-5
8.2.4
Ordering Your Rules ............................................................................................................................. 8-7
Table of Contents
Prestige 1400 WAN Router with Integrated Ethernet Switch
8.3 NAT Server Sets............................................................................................................................................ 8-9
8.3.1
Multiple Servers behind NAT ............................................................................................................... 8-9
8.3.2
Configuring Inside Servers.................................................................................................................... 8-9
8.4 Examples..................................................................................................................................................... 8-10
8.4.1
Internet Access Only ........................................................................................................................... 8-10
8.4.2
Example 2 - Internet Access with a Default Inside Server.................................................................. 8-11
8.4.3
Example 3 - General Case................................................................................................................... 8-12
8.4.4
NAT Unfriendly Application Programs .............................................................................................. 8-14
8.4.5
Applying NAT to the Ethernet Port .................................................................................................... 8-14
Chapter 9 Filter Configuration.............................................................................................................................................. 9-1
9.1 About Filtering ............................................................................................................................................... 9-1
9.2 The Filter Structure of the Prestige ............................................................................................................... 9-1
9.3 Configuring a Filter Set.................................................................................................................................. 9-3
9.3.1
Filter Rules Summary Menu ................................................................................................................. 9-4
9.4 Configuring a Filter Rule................................................................................................................................ 9-5
9.5 Filter Types and NAT ..................................................................................................................................... 9-5
9.5.1
TCP/IP Filter Rule................................................................................................................................. 9-6
9.5.2
Device Filter Rule ................................................................................................................................. 9-9
9.6 Applying a Filter........................................................................................................................................... 9-11
9.6.1
Ethernet traffic .................................................................................................................................... 9-11
9.6.2
Remote Node Filters ........................................................................................................................... 9-12
9.7 Filter Example.............................................................................................................................................. 9-12
9.7.1
Configuring a FTP_WAN Filter Rule ................................................................................................. 9-12
Chapter 10 SNMP Configuration .......................................................................................................................................... 10-1
10.1
About SNMP............................................................................................................................................ 10-1
10.2
Supported MIBs....................................................................................................................................... 10-2
10.3
SNMP Configuration................................................................................................................................ 10-2
10.4
SNMP Traps ............................................................................................................................................ 10-3
Chapter 11 System Password .............................................................................................................................................. 11-1
11.1
Changing the System Password ............................................................................................................. 11-1
Chapter 12 Remote Management ......................................................................................................................................... 12-1
12.1
Flexible Network Management................................................................................................................ 12-1
12.2
Remote Configuration ............................................................................................................................. 12-1
12.3
Telnet Behind NAT................................................................................................................................... 12-2
12.4
Telnet Capabilities ................................................................................................................................... 12-2
12.4.1
Single Administrator ....................................................................................................................... 12-2
12.4.2
System Timeout .............................................................................................................................. 12-2
12.5
Remote Management Through NAT ....................................................................................................... 12-2
Table of Contents vii
Prestige 1400 WAN Router with Integrated Ethernet Switch
Procedure to Set Up NAT for Remote Management....................................................................................... 12-3
Chapter 13 System Information and Maintenance ............................................................................................................. 13-1
13.1
System Status.......................................................................................................................................... 13-1
13.1.1
WAN/LAN Status ........................................................................................................................... 13-2
13.1.2
Route Status..................................................................................................................................... 13-3
13.2
System Information.................................................................................................................................. 13-4
13.2.1
Console Port Speed ......................................................................................................................... 13-5
13.3
Log and Trace.......................................................................................................................................... 13-5
13.3.1
Viewing Error Log .......................................................................................................................... 13-5
13.3.2
Syslog And Accounting................................................................................................................... 13-6
13.4
Diagnostic ................................................................................................................................................ 13-7
13.5
Boot Module Commands ......................................................................................................................... 13-7
13.6
Command Interpreter Mode .................................................................................................................... 13-8
13.7
Time and Date Setting ............................................................................................................................. 13-9
Chapter 14 Configuration & Firmware Maintenance .......................................................................................................... 14-1
14.1
Filenames ................................................................................................................................................ 14-1
14.2
Backup Configuration .............................................................................................................................. 14-3
14.2.1
Backup using FTP ........................................................................................................................... 14-3
14.2.2
Backup using TFTP......................................................................................................................... 14-3
14.2.3
Backup using the Console Port........................................................................................................ 14-3
14.3
Restore Configuration.............................................................................................................................. 14-4
14.3.1
Restore using FTP ........................................................................................................................... 14-4
14.3.2
Restore using TFTP......................................................................................................................... 14-5
14.3.3
Restore using the Console Port........................................................................................................ 14-5
14.4
Upload Firmware ..................................................................................................................................... 14-6
14.4.1
Dual Firmware Block Structure....................................................................................................... 14-6
14.4.2
Upload Prestige Firmware using FTP ............................................................................................. 14-6
14.4.3
Example - Using the FTP command from the DOS Prompt ........................................................... 14-7
14.4.4
Upload Prestige Firmware using TFTP ........................................................................................... 14-8
14.4.5
Third Party TFTP Clients - General Commands ............................................................................. 14-8
14.4.6
Upload Prestige Firmware via the Console Port ............................................................................. 14-8
14.5
Upload Prestige Configuration File.......................................................................................................... 14-9
14.5.1
Upload Prestige Configuration File using FTP ............................................................................... 14-9
14.5.2
Upload Prestige Configuration File using TFTP........................................................................... 14-10
14.5.3
Upload Prestige Configuration File using the Console Port.......................................................... 14-10
Chapter 15 IP Policy Routing ............................................................................................................................................... 15-1
15.1
Introduction .............................................................................................................................................. 15-1 viii Table of Contents
Prestige 1400 WAN Router with Integrated Ethernet Switch
15.1.1
Benefits ........................................................................................................................................... 15-1
15.1.2
Routing Policy................................................................................................................................. 15-1
15.2
IP Routing Policy Setup........................................................................................................................... 15-2
15.3
Applying an IP Policy............................................................................................................................... 15-4
15.3.1
Ethernet IP Policies ......................................................................................................................... 15-4
15.3.2
Remote Node Routing Policies ....................................................................................................... 15-5
15.4
IP Policy Routing Example ...................................................................................................................... 15-5
Chapter 16 Troubleshooting................................................................................................................................................. 16-1
16.1
Problems Starting Up the Prestige .......................................................................................................... 16-1
16.2
Problems with the WAN Port ................................................................................................................... 16-1
16.3
Problems with the LAN Interface............................................................................................................. 16-2
16.4
Problems Connecting to a Remote Node or ISP..................................................................................... 16-2
16.5
General Problems ................................................................................................................................... 16-2
Hardware Specifications........................................................................................................................................... A
CI Commands .......................................................................................................................................................... B
Glossary ....................................................................................................................................................................J
Index.........................................................................................................................................................................O
Table of Contents ix
Prestige 1400 WAN Router with Integrated Ethernet Switch
List of Figures
Figure 1-1 Prestige Building Deployment Example....................................................................................................................1-3
Figure 1-2 LAN-to-LAN Application .........................................................................................................................................1-4
Figure 2-1 Prestige Integrated Switch .........................................................................................................................................2-1
Figure 2-2 Prestige – Phoneline Switch Connections Example ..................................................................................................2-2
Figure 2-3 Direct Connection Example.......................................................................................................................................2-3
Figure 2-4 VLAN Configurator Main Menu ...............................................................................................................................2-4
Figure 2-5 Port Setup Menu ........................................................................................................................................................2-4
Figure 2-6 Port Setup Dialog.......................................................................................................................................................2-5
Figure 2-7 VLAN Setup Menu....................................................................................................................................................2-5
Figure 2-8 Modifying a Port’s Visibility .....................................................................................................................................2-6
Figure 2-9 Modifying Multiple Ports ..........................................................................................................................................2-6
Figure 2-10 Deleting a Group......................................................................................................................................................2-7
Figure 2-11 Cannot Delete a Group.............................................................................................................................................2-7
Figure 2-12 Trunk Setup 1...........................................................................................................................................................2-7
Figure 2-13 Trunk Setup 2...........................................................................................................................................................2-7
Figure 2-14 Modifying Trunk Setup Example ............................................................................................................................2-8
Figure 2-15 Restore Default Setup Menu....................................................................................................................................2-8
Figure 2-16 View Setup Menu ....................................................................................................................................................2-9
Figure 3-1 Front Panel Connections............................................................................................................................................3-2
Figure 3-2 Prestige Rear Panel ....................................................................................................................................................3-3
Figure 3-3 Front Panel LEDs ......................................................................................................................................................3-4
Figure 3-4 Power-On Display .....................................................................................................................................................3-4
Figure 3-5 Login Screen..............................................................................................................................................................3-4
Figure 3-6 Prestige 1400 Main Menu..........................................................................................................................................3-7
Figure 3-7 Menu 23 - System Security........................................................................................................................................3-8
Figure 3-8 Menu 23.1 - System Security - Change Password .....................................................................................................3-8
Figure 3-9 Menu 1 - General Setup .............................................................................................................................................3-9
Figure 4-1 Menu 2 - WAN Port Setup.........................................................................................................................................4-1
Figure 4-2 Configuring The WAN Port for PPP over HDLC......................................................................................................4-2
Figure 4-3 Configuring The WAN Port For Frame Relay ...........................................................................................................4-2
Figure 4-4 Menu 2.1.2 - Frame Relay Setup ...............................................................................................................................4-3
Figure 4-5 Menu 4 - Internet Access Setup .................................................................................................................................4-5
Figure 4-6 Menu 4.2 - Internet Setup Frame Relay Options .......................................................................................................4-5
Figure 4-7 Menu 11.1 - Remote Node Profile .............................................................................................................................4-6
Figure 4-8 Menu 11.4 - Remote Node Frame Relay Options......................................................................................................4-6
Figure 5-1 Menu 3.2 - TCP/IP Ethernet Setup ............................................................................................................................5-3
Figure 5-2 Menu 4 - Internet Access Setup .................................................................................................................................5-5
List of Figures xi
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 6-1 Menu 11 – Remote Node Setup................................................................................................................................. 6-1
Figure 6-2 Menu 11.1 - Remote Node Profile............................................................................................................................. 6-1
Figure 6-3 Menu 11.2 - Remote Node PPP Options ................................................................................................................... 6-3
Figure 6-4 Menu 11.3- Remote Node Network Layer Options................................................................................................... 6-4
Figure 7-1 An Example of Static Routing Topology................................................................................................................... 7-1
Figure 7-2 Menu 12 - IP Static Route Setup ............................................................................................................................... 7-2
Figure 7-3 Menu 12.1 - Edit IP Static Route............................................................................................................................... 7-2
Figure 8-1 How NAT Works ....................................................................................................................................................... 8-2
Figure 8-2 Applying NAT for Internet Access ............................................................................................................................ 8-4
Figure 8-3 Applying NAT to the Remote Node .......................................................................................................................... 8-4
Figure 8-4 Menu 15 NAT Setup .................................................................................................................................................. 8-5
Figure 8-5 Menu 15.1 Address Mapping Sets............................................................................................................................. 8-5
Figure 8-6 SUA Address Mapping Rules ................................................................................................................................... 8-6
Figure 8-7 First Set in Menu 15.1.1 ............................................................................................................................................ 8-7
Figure 8-8 Editing an Individual Rule in a Set............................................................................................................................ 8-8
Figure 8-9 Multiple Servers Behind NAT ................................................................................................................................... 8-9
Figure 8-10 Menu 15.2 - NAT Server Setup ............................................................................................................................. 8-10
Figure 8-11 NAT Example 1 ..................................................................................................................................................... 8-11
Figure 8-12 NAT Example for Internet Access......................................................................................................................... 8-11
Figure 8-13 NAT Example 2 ..................................................................................................................................................... 8-11
Figure 8-14 Specifying an Inside Sever .................................................................................................................................... 8-12
Figure 8-15 NAT - Example 3................................................................................................................................................... 8-12
Figure 8-16 Example 3 - Menu 15.1.1.1 ................................................................................................................................... 8-13
Figure 8-17 Example 3 Final Menu 15.1.1 ............................................................................................................................... 8-13
Figure 8-18 Example 3 - Menu 15.2 ......................................................................................................................................... 8-14
Figure 8-19 Ethernet NAT......................................................................................................................................................... 8-14
Figure 8-20 Applying NAT to an Ethernet Port ........................................................................................................................ 8-15
Figure 9-1 Outgoing Packet Filtering Process ............................................................................................................................ 9-1
Figure 9-2 Filter Rule Process..................................................................................................................................................... 9-2
Figure 9-3 Menu 21 - Filter Set Configuration ........................................................................................................................... 9-3
Figure 9-4 Menu 21.1 - Filter Rules Summary ........................................................................................................................... 9-4
Figure 9-5 Protocol and Device Filter Sets ................................................................................................................................. 9-6
Figure 9-6 Menu 21.1.1 - TCP/IP Filter Rule ............................................................................................................................. 9-7
Figure 9-7 Executing an IP Filter................................................................................................................................................ 9-9
Figure 9-8 Menu 21.1.2 - Device Filter Rule ............................................................................................................................ 9-10
Figure 9-9 Filtering Ethernet Traffic ......................................................................................................................................... 9-11
Figure 9-10 Filtering Remote Node traffic................................................................................................................................ 9-12
Figure 9-11 FTP_WAN Filter Configuration ............................................................................................................................ 9-13
Figure 9-12 Filter Rule Configuration ...................................................................................................................................... 9-13 xii List of Figures
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 9-13 Filter Rule Configuration.......................................................................................................................................9-14
Figure 9-14 FTP_WAN Filter Rules Summary .........................................................................................................................9-14
Figure 9-15 Remote Node Profile .............................................................................................................................................9-15
Figure 10-1 SNMP Management Model ...................................................................................................................................10-1
Figure 10-2 Menu 22 - SNMP Configuration ...........................................................................................................................10-3
Figure 11-1 Menu 23 - System Security.................................................................................................................................... 11-1
Figure 11-2 Menu 23.1 - System Security - Change Password ................................................................................................. 11-1
Figure 12-1 Remote Management .............................................................................................................................................12-1
Figure 12-2 Remote Management Via NAT..............................................................................................................................12-2
Figure 12-3 Pick An Address Mapping Set...............................................................................................................................12-3
Figure 12-4 Address Mapping Rule ..........................................................................................................................................12-3
Figure 12-5 Address Mapping Rule Summary..........................................................................................................................12-4
Figure 12-6 Apply the New NAT Set ........................................................................................................................................12-4
Figure 13-1 Menu 24 - System Maintenance ............................................................................................................................13-1
Figure 13-2 Menu 24.1 - System Maintenance - Status ............................................................................................................13-2
Figure 13-3 Menu 24.1.1 - WAN/LAN Status...........................................................................................................................13-2
Figure 13-4 Menu 24.1.1 With Frame Relay Configured..........................................................................................................13-3
Figure 13-5 Menu 24.1.5 - Router Status ..................................................................................................................................13-4
Figure 13-6 Menu 24. 2.1 - System Maintenance Information .................................................................................................13-4
Figure 13-7 Menu 24.2.2 - System Maintenance - Change Console Port Speed .....................................................................13-5
Figure 13-8 Examples of Error and Information Messages.......................................................................................................13-6
Figure 13-9 Syslog and Accounting ..........................................................................................................................................13-6
Figure 13-10 Menu 24.4 - System Maintenance - Diagnostic ...................................................................................................13-7
Figure 13-11 Boot Module Commands .....................................................................................................................................13-8
Figure 13-12 Command Mode ..................................................................................................................................................13-9
Figure 13-13 System Maintenance - Time and Date Setting .....................................................................................................13-9
Figure 14-1 Internal and External Filenames ............................................................................................................................14-2
Figure 14-2 Menu 24.5 as seen using Telnet .............................................................................................................................14-3
Figure 14-3 Menu 24.5 - Menu 24.5 as seen using the Console Port ........................................................................................14-4
Figure 14-4 Backup Example Using HyperTerminal ................................................................................................................14-4
Figure 14-5 Successful Backup Confirmation Screen...............................................................................................................14-4
Figure 14-6 Menu 24.6 as seen using Telnet .............................................................................................................................14-5
Figure 14-7 Menu 24.6 as seen using the Console Port ............................................................................................................14-5
Figure 14-8 Successful Restoration Confirmation Screen.........................................................................................................14-6
Figure 14-9 Menu 24.7 - System Maintenance - Upload Firmware ..........................................................................................14-6
Figure 14-10 Menu 24.7.1 as seen using Telnet ........................................................................................................................14-7
Figure 14-11 FTP Session Example ..........................................................................................................................................14-7
Figure 14-12 Menu 24.7.1 as seen using the Console Port. ......................................................................................................14-9
Figure 14-13 Menu 24.7.2 as seen using Telnet ......................................................................................................................14-10
List of Figures xiii
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 14-14 Menu 24.7.2 as seen using the Console Port ..................................................................................................... 14-10
Figure 15-1 Menu 25 - IP Routing Policy Setup....................................................................................................................... 15-2
Figure 15-2 Menu 25 - IP Routing Policy Summary ................................................................................................................ 15-2
Figure 15-3 Menu 25.1.1 - IP Routing Policy........................................................................................................................... 15-3
Figure 15-4 Ethernet IP Policies ............................................................................................................................................... 15-5
Figure 15-5 Remote Node Routing Policies.............................................................................................................................. 15-5
Figure 15-6 Example of IP Policy Routing ............................................................................................................................... 15-6
Figure 15-7 IP Routing Policy Example ................................................................................................................................... 15-7
Figure 15-8 IP Policy Routing .................................................................................................................................................. 15-7
Figure 15-9 Applying IP Policies.............................................................................................................................................. 15-8 xiv List of Figures
Prestige 1400 WAN Router with Integrated Ethernet Switch
List of Tables
Table 3-1 Front Panel LEDs ........................................................................................................................................................3-4
Table 3-2 Navigating the SMT ....................................................................................................................................................3-5
Table 3-3 Main Menu Summary..................................................................................................................................................3-7
Table 3-4 General Setup Fields ...................................................................................................................................................3-9
Table 4-1 WAN Setup Menu Fields.............................................................................................................................................4-1
Table 4-2 Menu 2.1.2 - Frame Relay Setup.................................................................................................................................4-3
Table 4-3 Data Link Connection Identifiers ................................................................................................................................4-4
Table 4-4 Menu 4.2 - Internet Setup Frame Relay Options.........................................................................................................4-5
Table 5-1 Default Prestige IP Assignment...................................................................................................................................5-2
Table 5-2 LAN DHCP Setup Menu Fields ..................................................................................................................................5-3
Table 5-3 LAN TCP/IP Setup Menu Fields.................................................................................................................................5-3
Table 5-4 Internet Account Information ......................................................................................................................................5-4
Table 5-5 Internet Access Setup Menu Fields .............................................................................................................................5-5
Table 6-1 Remote Node Profile Menu Fields for Leased Lines ..................................................................................................6-2
Table 6-2 Remote Node PPP Options Menu Fields.....................................................................................................................6-4
Table 6-3 TCP/IP related fields in Menu 11.1 - Remote Node Profile ........................................................................................6-5
Table 6-4 Remote Node TCP/IP Configuration...........................................................................................................................6-5
Table 7-1 Edit IP Static Route Menu Fields ................................................................................................................................7-3
Table 8-1 NAT Mapping Types ...................................................................................................................................................8-3
Table 8-2 Applying NAT in Menus 4 & 11.3 ..............................................................................................................................8-4
Table 8-3 SUA Address Mapping Rules .....................................................................................................................................8-6
Table 8-4 Menu 15.1.1 ................................................................................................................................................................8-7
Table 8-5 Menu 15.1.1.1 - Configuring an Individual Rule ........................................................................................................8-8
Table 8-6 Common Services & Port numbers ...........................................................................................................................8-10
Table 9-1 Abbreviations Used in the Filter Rules Summary Menu.............................................................................................9-4
Table 9-2 Abbreviations Used If Filter Type Is IP ......................................................................................................................9-5
Table 9-3 Abbreviations Used If Filter Type Is Dev ...................................................................................................................9-5
Table 9-4 TCP/IP Filter Rule Menu Fields..................................................................................................................................9-7
Table 9-5 Device Filter Rule Menu Fields ................................................................................................................................9-10
Table 10-1 SNMP Configuration Menu Fields..........................................................................................................................10-3
Table 13-1 System Maintenance - Status Menu Fields..............................................................................................................13-2
Table 13-2 Menu 24.1.1 With Frame Relay Configured ...........................................................................................................13-3
Table 13-3 Fields in System Maintenance.................................................................................................................................13-4
Table 13-4 System Maintenance Menu Syslog Parameters.......................................................................................................13-6
Table 13-5 System Maintenance Menu Diagnostic ...................................................................................................................13-7
Table 13-6 Time and Date Setting Fields ..................................................................................................................................13-9
Table 14-1 Filenames ................................................................................................................................................................14-2
List of Tables xv
Prestige 1400 WAN Router with Integrated Ethernet Switch
Table 14-2 Third Party FTP Clients - General Commands ....................................................................................................... 14-7
Table 14-3 Third Party TFTP Clients - General Commands..................................................................................................... 14-8
Table 15-1 IP Routing Policy Summary.................................................................................................................................... 15-3
Table 15-2 IP Routing Policy .................................................................................................................................................... 15-4
Table 16-1 Troubleshooting the Start-Up of your Prestige ....................................................................................................... 16-1
Table 16-2 Troubleshooting the WAN Port Connection............................................................................................................ 16-1
Table 16-3 Troubleshooting the LAN Interface ........................................................................................................................ 16-2
Table 16-4 Troubleshooting a Connection to a Remote Node or ISP ....................................................................................... 16-2 xvi List of Tables
Prestige 1400 WAN Router with Integrated Ethernet Switch
Preface
Congratulations on your purchase of the Prestige 1400 WAN Router with Integrated Ethernet Switch.
This preface introduces you to your router and discusses the organization and conventions of this user’s guide. It also provides information on other related documentation.
About the Prestige
Coupled with the local loop switches, e.g., phoneline networking/ADSL/VDSL-to-Ethernet switches, from ZyXEL, the Prestige 1400 is the ideal WAN router for large buildings and campuses. It also allows you to connect local application servers such as web, e-mail, video, gaming, building automation servers and so on, without an external switch. Moreover, the virtual LAN (VLAN) capability isolates each port from one another, thereby eliminating the security problems inherent in broadcast media such as Ethernet. In a typical setup, you can connect up to 14 local loop switches to the Prestige, making it the premier WAN router of choice for both business and residential use.
Used alone without the local loop switches, the P1400 is equally at home for Internet café, campus networks, interoffice connectivity and other applications.
Configuring your Prestige
You can use the System Management Terminal (SMT) interface or the CLI (Command Line Interpreter) commands to configure your Prestige. The SMT is a menu-driven interface that you can access from either a VT100 compatible terminal or a terminal emulation program on a computer via the console port or telnet. Use of CLI/CI commands are recommended only for advanced users.
About this Guide
This user's guide covers all operations of the Prestige 1400 and shows you how to get the best out of the multiple advanced features of your Prestige router. It is designed to help you to configure the Prestige correctly for various applications using the SMT interface via the console port or telnet. For detailed CI commands please refer to the section Related Documentation .
Syntax Conventions
“Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to select one from the predefined choices.
The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold Arial font. A single keystroke is in Arial font and enclosed in square brackets, for instance, [ ENTER ] means the Enter, or carriage return, key; [ ESC ] means the Escape key.
For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a shorthand for “that is” or “in other words” throughout this manual.
The Prestige 1400 will also be referred to as the Prestige or the P1400 in this manual.
Related Documentation
Support Notes
More detailed information about the Prestige and examples of its use can be found in the Support Notes accessible through the ZyXEL web pages at zyxel.com.
ZyXEL Web Page and FTP Server Site
You can access release notes as well as firmware upgrades at ZyXEL web and FTP sites. Refer to the Customer
Support page in this User’s Guide for more information.
Preface xvii
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 1
Getting to Know Your Prestige
This chapter describes the key features, benefits and applications of your Prestige.
Coupled with the local loop switches, e.g., phoneline networking/ADSL/VDSL-to-Ethernet switches, from ZyXEL, the Prestige is the ideal WAN router for large buildings and campuses. It also allows you to connect local application servers such as web, e-mail, video, gaming, building automation servers and so on, without an external switch. Moreover, the virtual LAN (VLAN) capability isolates each port from one another, thereby eliminating the security problems inherent in broadcast media such as Ethernet. In a typical setup, you can connect up to 14 local loop switches to the Prestige, making it the premier WAN router of choice for both business and residential use.
Used alone without the local loop switches, the P1400 is equally at home for Internet café, campus networks, interoffice connectivity and other applications
1.1 Overview of the Prestige 1400
Integrated Switch
The 16-port auto-negotiating 10/100MB Fast Ethernet switch is equipped with VLAN (Virtual LAN) security feature. You can connect up to 15 devices to this switch (ports 1 to 15).
VLAN Configuration Port
This port (marked VLAN CONF.) allows you to access the VLAN configuration using either a VT100 compatible terminal or a terminal emulation program and the enclosed cable.
Auto-negotiating 10/100 Mbps Ethernet Interface
This 10/100 Mbps auto-negotiating Fast Ethernet interface connects the routing module to the integrated switch
(port16).
Console Port
The console port is for out-of-band local management.
WAN Interface
!
One FlexWAN port.
Frame Relay Support
Frame relay support allows the Prestige to connect to a frame relay network.
Internet Protocols
!
IP routing
!
IP Policy Routing - IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
!
IP packet filtering, including network level and device level filtering
!
RIP-1 and RIP-2 - (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers.
1-1 Getting to Know Your Prestige
Prestige 1400 WAN Router with Integrated Ethernet Switch
!
Static IP Route - Static routes tell a router routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
!
IP Multicast - Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest version is version 2 (see RFC 2236). Both versions 1 and 2 are supported by the Prestige.
!
DHCP - The Prestige's DHCP server capability (RFC 2131) allows you to automatically assign TCP/IP settings to a workstation on your LAN.
!
NAT (Network Address Translation - NAT, RFC 1631) allows multiple stations to share one IP address to conserve public IP addresses.
PPP Support
!
PPP for WAN connection
Network Management
!
!
!
!
Menu driven SMT (System Management Terminal) management
SNMP manageable
Local SMT session via console port
Remote SMT session via Telnet
Security
!
CHAP, PAP authentication
!
Password protected SMT
!
LAN, WAN filters to block unwanted incoming and outgoing packets.
Time and Date Setting
The Prestige has a battery powered real time clock. Set the time and date of your Prestige in Menu 24.9.
Real time is then displayed in the Prestige error logs.
Logging and Tracing
!
Built-in message logging and packet tracing.
!
Unix syslog facility support.
Remote Firmware Upgrades
!
Console, Telnet, TFTP and FTP Firmware Upgrades
Internet Access Sharing
The Prestige supports Single User Account (SUA)/Network Address Translation (NAT) which enables multiple subscribers to access the Internet using a single IP address. The ZyXEL Network Operating System (ZyNOS) implementation of SUA/NAT supports NetMeeting, CuSeeMe, ICQ and other multimedia applications.
1.2 Example Internet Access Application
The following diagram depicts a typical application for the P1400 in a large residential building that leverages the existing building phone line wiring using phoneline networking technology to provide economical Internet access to tenants.
1-2 Getting to Know Your Prestige
Prestige 1400 WAN Router with Integrated Ethernet Switch
Tenants connect to the 1Mbps phoneline network using a phoneline PCI card such as ZyXEL’s PPC-10 or a phoneline Ethernet Converter such as ZyXEL’s PEC-50. The phoneline switches are connected to a Main
Distribution Frame (MDF) from which all tenants already have phone line connections. You may connect up to 15 switches (14 if you wish to connect a local application server to port 15 of the integrated Ethernet switch) to the
Prestige, easily meeting multiple tenant Internet access requirements. See your phoneline switch manual for details on switch connections.
Figure 1-1 Prestige Building Deployment Example
1.3 Example LAN-to-LAN Application
You can use the Prestige to connect two geographically dispersed networks over the WAN connection. A typical
LAN-to-LAN application for your Prestige is shown next.
Getting to Know Your Prestige 1-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 1-2 LAN-to-LAN Application
1-4 Getting to Know Your Prestige
2.1 The Integrated Switch
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 2
The Integrated Switch
Figure 2-1 Prestige Integrated Switch
The integrated switch consists of 16 ports with VLAN capability. Ports 1 to 14 are logically independent and are invisible to each other. In factory default, all ports are visible to port 15 (reserved to connect a local application server) and port 16 (reserved to connect the switch to the Prestige routing module).
2.2 Purposes of the Prestige Integrated Switch
The Prestige Integrated Switch can be used to:
1. Connect to networking devices
2.
3.
4.
Connect to computers in an MTU application
Connect to local application servers
Connect the VLAN Configurator
2.2.1 Connect to Networking Devices Example
In a multiple switch system, you link the uplink port of each switch (see your switch documentation) to a Prestige integrated Ethernet switch port (1 to 15) using a straight through Category 5 UTP (Unshielded Twisted Pair) cable with RJ-45 connectors.
The following figure shows you a Prestige – phoneline switch connections example which might be seen in a large building. The tenants’ computers have phoneline PCI cards installed.
Tenants connect to the 1Mbps phoneline network using a phoneline PCI card such as ZyXEL’s PPC-10 or a phoneline Ethernet Converter such as ZyXEL’s PEC-50. The phoneline switches are connected to a Main
Distribution Frame (MDF) from which all tenants already have phone line connections. You may connect up to 15 switches (14 if you wish to connect a local application server to port 15 of the integrated Ethernet switch) to the
Prestige, easily meeting multiple tenant Internet access requirements. See your phoneline switch manual for details on switch connections.
The Prestige Integrated Switch 2-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 2-2 Prestige – Phoneline Switch Connections Example
2.2.2 Connect to Computers Directly
Connect computers directly to a Prestige integrated Ethernet switch port (1 to 15) using a straight through Category
5 UTP (Unshielded Twisted Pair) cable with RJ-45 connectors as in an the following example application (see following figure).
2-2 The Prestige Integrated Switch
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 2-3 Direct Connection Example
2.2.3 Connect to Local Application Servers
Connect a local application server such as a web, e-mail, video, gaming, building automation, etc. to port 15
(reserved by default) of the integrated Ethernet switch. If you wish to connect more than one local application server, then either hook them up with an external Ethernet switch and connect its uplink port to port 15 or to port 1 to 14, but remember to make that port visible to the entire switch (see next).
2.2.4 Connect the VLAN Configuration Port
In case you need to change the default Virtual LAN (VLAN) configuration of the integrated Ethernet switch, use a terminal emulator on a computer and connect it to the VLAN CONF. port. Connect the RJ-11 connector end of the supplied cable to the VLAN CONF. port of the switch and the 9-pin end to a serial port (COM1, COM2 or other
COM port) of your computer.
Please exercise caution when changing the default switch VLAN configuration as there may be security ramifications.
Virtual LANs (VLANs)
VLAN stands for Virtual Local Area Network. It partitions a physical network into multiple virtual, or logical, networks. The stations on a logical network belong to one group; however, a station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s); the traffic must first go through a router. This isolates the subscribers from one another and prevents a subscriber from discovering the resources, e.g., shared drives or printers, of another subscriber. The Prestige factory default is that ports 1 to 14 of the integrated switch are in their own individual groups (networks) and ports 15 and 16 belong to all groups.
VLAN also increases network performance by containing broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port.
With VLAN implemented, all broadcasts are confined to a specific broadcast domain.
The Prestige Integrated Switch 2-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
VLAN CONF. Menus
Connect the RJ-11 connector end of the supplied console cable to the VLAN CONF. port of the Prestige and the 9pin end to a serial port (COM1, COM2 or other COM port) of your computer.
Set your terminal emulation software as follows:
"
VT100 terminal emulation
"
9600 bps
"
No parity, 8 data bits, 1 stop bit
"
No flow control
No password is required. Correct cable connection and terminal emulation software settings should bring up the following screen.
16 Ports Switch Setup V1.38
======== Main Menu ======
1. Port Setup
2. VLAN Setup
3. Trunk Setup
4. Restore Default Setup
5. View Setup
Select?1
Figure 2-4 VLAN Configurator Main Menu
1. Port Setup
Under normal circumstances, you do not have to configure this menu – it is usually used for debugging purposes.
Enter 1 to bring up the following menu that allows you to set up the auto-negotiation, speed, duplex mode and flow control parameters for each port.
Port Setup:(1=100M,0=10M,F=Full,H=Half,E=Enable,D=Disable)
Port No: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Auto Negotiation:E E E E E E E E E E E E E E E E
Speed: x x x x x x x x x x x x x x x x
Duplex: x x x x x x x x x x x x x x x x
Flow Control: E E E E E E E E E E E E E E E E m=Modify,q=Quit?
Figure 2-5 Port Setup Menu
Enter m to modify port settings and the software begins a dialog such as shown in the following screen example.
Your new port setup configuration is displayed on finishing the dialog for a port and you are then asked to confirm your configuration “Save & Update? (Y/N)” when you decide to quit ( q ).
2-4 The Prestige Integrated Switch
Prestige 1400 WAN Router with Integrated Ethernet Switch m=Modify,q=Quit?m
Which port no:(1-16,q)
Which port no:(1-16,q)8
Auto Negotiation ?(e=Enable,d=Disable,q)d
Speed ?(1=100MTx,0=10M,q)1
Duplex ?(f=Full,h=Half,q)f
----------------------------------------------------------------------
Port Setup:(1=100M,0=10M,F=Full,H=Half,E=Enable,D=Disable)
Port No: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Auto Negotiation:E E E E E E E D E E E E E E E E
Speed: x x x x x x x 1 x x x x x x x x
Duplex: x x x x x x x F x x x x x x x x
Flow Control: D E E E E E E x E E E E E E E E m=Modify,q=Quit?q
Save & Update? (Y/N)
Figure 2-6 Port Setup Dialog
2. VLAN Setup
The default setting is that ports 1 to 14 are logical independent networks that are invisible to each other. All ports are visible to port 15 (reserved to connect a local application server) and port 16 (reserved to connect the switch to the Prestige routing module). You may wish to make a port in the 1 to 14 range visible to other ports if for example you want to connect an application server to it. Enter 2 from the Port Switch Setup menu to bring up the VLAN menu shown next. A “v” indicates where the port is visible.
Group
1
2
3
4
5
6
7
8
9
10
Port No
1 v
2 v
3 v
4 v
11
12
13
14 m=Modify,a=Add,d=Delete,q=Quit?
5 v
6 v
7 v
8 v
9 10 v v
11 12 13 14 v v v v v v v v v v v v v v
16 v v v v v v v v v v v v v v
15 v v v v
Figure 2-7 VLAN Setup Menu
The Prestige Integrated Switch 2-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
All ports in the same group are visible to each other. All ports are visible to ports 15 and 16. To make port 2 visible to port 1 (default not visible), you need to put port 2 (which belongs to group 2) in group 1. First type m (modify) and then follow the dialog as shown in the following screen.
m=Modify,a=Add,d=Delete,q=Quit?m
Which group no:(1-16,q)1
Which port no:(1-16,q)2
VLAN:(a=Add,r=Remove,q)a
Which port no:(1-16,q)q
----------------------------------------------------------------------
VLAN Setup:(v=At VLAN group)
Group
1
2
3
4
5
6
7
8
9
10
11
Port No
1 v
2 v v
3 v
4 v
12
13
14 m=Modify,a=Add,d=Delete,q=Quit?
5 v
6 v
7 v
8 v
9 v
10 v
11 v
12 v
13 v
14 v v v v v v v v v v v v v
16 v v v v v v v v v v v v v v
15 v v
Figure 2-8 Modifying a Port’s Visibility
Your new port setup configuration is displayed on finishing the dialog for a port and you are then asked to confirm your configuration “Save & Update? (Y/N)” when you decide to quit ( q ).
To put a port in multiple groups use a (add) as shown in the following example.
m=Modify,a=Add,d=Delete,q=Quit?a
Which group no:(1-16,q)3
Which port no:(1-16,q)4
Which port no:(1-16,q)5
Which port no:(1-16,q)6
Which port no:(1-16,q)7
Which port no:(1-16,q)q
----------------------------------------------------------------------
VLAN Setup:(v=At VLAN group)
Group
1
2
3
4
Port No
1 2 v v
3 v
4 v v
5 v
6 v
7 v
8 9 10 11 12 v 5
6
7
8
9
10
11
12
13
14 m=Modify,a=Add,d=Delete,q=Quit?
v v v v v v v
13 v
14 v v v v v v v v v v v
16 v v v v v v v v v v v v v v
15 v v v v
Figure 2-9 Modifying Multiple Ports
2-6 The Prestige Integrated Switch
Prestige 1400 WAN Router with Integrated Ethernet Switch
To delete a group use d (delete) as shown in the next example.
m=Modify,a=Add,d=Delete,q=Quit?d
Which group no:(1-16,q)3
Group
1
2
4
5
6
7
8
9
10
11
Port No
1 v
2 v
3 4 v
12
13
14 m=Modify,a=Add,d=Delete,q=Quit?
5 v
6 v
7 v
8 v
9 v
10 v
11 v
12 v
13 v
14 v v v v v v v v v v
16 v v v v v v v v v v v v v
15 v v v v
Figure 2-10 Deleting a Group
However after deleting a group, you will see this warning message when you quit.
m=Modify,a=Add,d=Delete,q=Quit?q
** Port: 3 MUST be in any VLAN group
Press Any key
Figure 2-11 Cannot Delete a Group
When you restore the group the software allows you to save your configuration “Save & Update? (Y/N)” .
3. Trunk Setup
Option 3 allows you to configure the Trunk Setup menu. First you must disable VLAN as shown in the next screen.
Select?3
Disable VLAN?(Y/N)
Figure 2-12 Trunk Setup 1
Select y (yes) to disable VLAN and bring up the Trunk Setup menu shown in the following screen. These are the trunk ports that can be configured in this example.
Trunk Setup:
Trunk 1:
Trunk 2:
Can be Setup Trunk port no:
Trunk 1: 9, 1,10, 2,11, 3
Trunk 2:15, 7,16, 8 m=Modify,q=Quit?
Figure 2-13 Trunk Setup 2
The Prestige Integrated Switch 2-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
To modify the trunk follow the dialog as in the next example.
m=Modify,q=Quit?m
Which Trunk?(1/2)1
How many Trunk ports ?(0/2/4/6,q)2
----------------------------------------------------------------------
Trunk Setup:
Trunk 1: Port 9, 1
Trunk 2:
Can be Setup Trunk port no:
Trunk 1: 9, 1,10, 2,11, 3
Trunk 2:15, 7,16, 8 m=Modify,q=Quit?
Figure 2-14 Modifying Trunk Setup Example
As usual you are then asked to confirm your configuration “Save & Update? (Y/N)” when you decide to quit ( q ).
4. Restore Default Setup
Enter 4 from the Port Switch Setup menu to bring up the Restore Default Setup menu shown next. Enter y to restore the default setup then confirm by typing y again at the “Save & Update? (Y/N)” prompt.
16 Ports Switch Setup V1.38
======== Main Menu ======
1. Port Setup
2. VLAN Setup
3. Trunk Setup
4. Restore Default Setup
5. View Setup
Select?4
Restore Default ?(Y/N)n
Figure 2-15 Restore Default Setup Menu
5. View Setup
2-8 The Prestige Integrated Switch
Prestige 1400 WAN Router with Integrated Ethernet Switch
Enter 5 from the Port Switch Setup menu to bring up the View Setup menu shown next. This menu displays what your current setup is. You will be prompted to “Press Any key” periodically to see the whole setup.
Select?5
----------------------------------------------------------------------
VLAN Setup:(v=At VLAN group)
Group
1
2
3
Port No
1 v
2 v
3 v
4 5 6 7 8 9 10 11 12 13
4
5
6
7
8
9 v v v v v v
10
11
12 v
13
14
Port Setup:(1=100M,0=10M,F=Full,H=Half,E=Enable,D=Disable) v
Port No: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Auto Negotiation:E E E E E E E E E E E E E E E E
Speed: x x x x x x x x x x x x x x x x
Duplex: x x x x x x x x x x x x x x x x
Flow Control: E E E E E E E E E E E E E E E E v v
Press Any key
----------------------------------------------------------------------
Port Setup:(1=100M,0=10M,F=Full,H=Half,E=Enable,D=Disable)
Port No: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Auto Negotiation:E E E E E E E E E E E E E E E E
Speed: x x x x x x x x x x x x x x x x
Duplex: x x x x x x x x x x x x x x x x
Flow Control: E E E E E E E E E E E E E E E E
14 v v v v v v v
16 v v v v v v v v v v v v v v
15 v v v v v v v v
Press Any key
16 Ports Switch Setup V1.38
======== Main Menu ======
1. Port Setup
2. VLAN Setup
3. Trunk Setup
4. Restore Default Setup
5. View Setup
Select?
Figure 2-16 View Setup Menu
The Prestige Integrated Switch 2-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 3
Hardware Installation & Initial Setup
This chapter shows you how to install the Prestige hardware and perform initial setup using the SMT.
Before installing, check if all the components of the Prestige package are included. Observe the safety rules carefully when you are making the connections.
3.2 Additional Installation Requirements
In addition to the contents of the package, you need additional hardware and software components before you can install and use your Prestige. These components include:
•
A computer with Ethernet 10Base-T or 100Base-TX NIC (Network Interface Card)
•
WAN service provided by a local phone company
•
A computer with terminal emulation software configured to the following parameters:
"
VT100 terminal emulation
"
9600 bps
"
No parity, 8 data bits, 1 stop bit
"
No flow control
The following figure shows, as an example, the Prestige connected to a PES-100 phoneline network switch, a computer via null modem for initial configuration, a local application server and two possible WAN connections.
Hardware Installation & Initial Setup 3-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 3-1 Front Panel Connections
3.3.1 Front Panel Router Connections
Connecting the Console Port
For the initial configuration of your Prestige, you need to use a terminal emulator on a computer and connect it to the Prestige through the console port. To connect a computer to the console port, you must use a null modem. The console port is a DTE (Data Terminal Equipment) device and not a DCE (Data Communications Equipment), thus a null modem is needed to connect it to the COM port of a computer, which is also a DTE device. Connect the 9pin (smaller) end of the console cable to the console port of the Prestige and the 25-pin (bigger) end to a null modem and connect the null modem to a serial port (COM1, COM2 or other COM port) of your computer. You can use an RS-232 cable extension if the enclosed one is too short.
After you complete the initial setup, you can modify the configuration remotely through telnet connections or via a modem connection. If a modem is used, connect it directly to the Prestige console port without a null modem.
Connecting WAN Devices
1.
Connect a WAN device such as a CSU/DSU, to the WAN port on the Prestige using an appropriate cable.
Please consult the documentation of your WAN device for detailed information when making the connections.
2.
Connect a broadband Internet access device (e.g., Prestige 642 ADSL router) to an Ethernet switch port (1-14) on the Prestige using an appropriate cable. Please consult the documentation of your broadband Internet access device for detailed information when making the connections.
Only one Internet access interface can be active at any given time.
Connecting The Integrated Switch and Router
To connect the integrated switch and router, connect the LAN port of the Prestige to Ethernet switch port 16 using a
Category 5 UTP with RJ-45 connectors.
3-2 Hardware Installation & Initial Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Connecting Local Application Servers
Connect a local application server such as web, e-mail, video, gaming, building automation etc. to port 15 (reserved by default) of the integrated Ethernet switch. If you wish to connect more than one local application server, then either hook them up via a hub connection to port 15 (shared bandwidth tradeoff) or to port 1 to 14, but remember to make that port visible to the entire switch (see next).
Connecting the VLAN Configuration Port
In case you need to change the default Virtual LAN (VLAN) configuration of the integrated Ethernet switch, use a terminal emulator on a computer and connect it to the VLAN CONF. port. Connect the RJ-11 connector end of the supplied cable to the VLAN CONF. port of the switch and the 9-pin end to a serial port (COM1, COM2 or other
COM port) of your computer.
Please exercise caution when changing the default switch VLAN configuration as there may be security ramifications.
3.4 Rear Panel – Power Connection
The following figure shows the rear panel of the Prestige. Connect one end of the power cord to the receptacle labeled AC INPUT on the rear panel of your Prestige and the other end to the power outlet. Make sure that no objects obstruct the operation of the fan (to the left of the power receptacle).
Figure 3-2 Prestige Rear Panel
After you have finished making the connections to the Prestige, turn the Prestige on by using the switch on the rear panel and then make sure all connections are correct by checking these LEDs. These LEDs are also useful as troubleshooting aides. The following figure and table describe the front panel LEDs of the Prestige.
Hardware Installation & Initial Setup 3-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
LED
PWR
SYS
1-16
RDY/ACT
LAN
Figure 3-3 Front Panel LEDs
Table 3-1 Front Panel LEDs
DESCRIPTION
The PWR (power) LED is on when power is applied to the Prestige.
The SYS (system) LED is on when the system is running normally and is off when the system is not ready or has failed. It blinks when the system is rebooting.
A port LED is on when the link for its corresponding integrated switch port is up and blinks when data is being transmitted or received.
The RDY/ACT LED is on when the link between the WAN port and a WAN device is up and ready. The LED blinks to indicate activity when the WAN port is transmitting data.
The LAN port is for connecting the Prestige routing module to an Ethernet network.
The amber LED is on when the link speed is 100 Mbps and the green LED indicates
10 Mbps. The LED blinks when the port is transmitting data.
When you power on your Prestige, the router performs several internal tests and initializes the ports. After the initialization, the Prestige asks you to press [ENTER] to continue, as shown below:
Copyright (c) 2001 ZyXEL Communications Corp.
ethernet address: 00:a0:c5:00:50:02
Press ENTER to continue...
Figure 3-4 Power-On Display
3.6.1 Password
After you press [ENTER], the Login screen appears prompting you to enter the password, as shown in the next figure.
For your first login, enter the default password 1234 . As you enter the password, the screen displays an ( X ) for each character you type.
Enter Password : XXXX
3-4
Figure 3-5 Login Screen
Hardware Installation & Initial Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will automatically log you out and will display a blank screen. If you see a blank screen, press [ENTER] to bring up the password screen again.
3.7 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration are listed in the following table.
Table 3-2 Navigating the SMT
OPERATION
Move down to another menu
KEYSTROKES
[ENTER]
DESCRIPTION
To move forward to a submenu, type in the number of the desired submenu and press [ENTER].
Press the [ESC] key to move back to the previous menu.
Move up to a previous menu
Move to a
“hidden” menu
[ESC]
Press the
[SPACE BAR] to change No to
Yes, then press
[ENTER].
Fields beginning with “Edit” lead to hidden menus and have a default setting of No. Press the [SPACE BAR] to change
No to Yes , then press [ENTER] to go to a “hidden” menu.
Move the cursor [ENTER] or
[Up]/[Down] arrow keys
Within a menu, press [ENTER] to move to the next field.
You can also use the [Up]/[Down] arrow keys to move to the previous and the next field, respectively.
Enter information Fill in, or press
[SPACE BAR] to toggle
You need to fill in two types of fields. The first requires you to type in the appropriate information. The second allows you to cycle through the available choices by pressing the
[Space] bar.
Required fields <
N/A fields
Save your configuration
Exit the SMT
?
>
<N/A>
[ENTER]
Type 99, then press [ENTER].
All fields with the symbol <?> must be filled in order be able to save the new configuration.
Some of the fields in the SMT will show a <N/A>. This symbol refers to an option that is Not Applicable.
Save your configuration by pressing [ENTER] at the message “Press ENTER to confirm or ESC to cancel”.
Saving the data on the screen will take you, in most cases to the previous menu.
Type 99 at the main menu prompt and press [ENTER] to exit the SMT interface.
3.8 SMT Menus At A Glance
The following chart is an overall view of how the SMT menus are organized.
Hardware Installation & Initial Setup 3-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
3-6 Hardware Installation & Initial Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
3.8.1 P1400 Main Menu
The SMT displays a general Main Menu first. Once you configure the system in Menu 1 - General Setup you can see the P1400 Main Menu, as shown next.
Copyright (c) 2001 ZyXEL Communications Corp.
Prestige 1400 Main Menu (MyPrestig)
Getting Started
1. General Setup
2. WAN Setup
3. Ethernet Setup
4. Internet Access Setup
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Security
24. System Maintenance
25. IP Routing Policy Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
15. NAT Setup
Enter Menu Selection Number:
99. Exit
Figure 3-6 Prestige 1400 Main Menu
The following table shows the Prestige 1400 Main Menu summary,
1
22
23
24
25
99
2
3
4
11
12
15
21
#
Table 3-3 Main Menu Summary
MENU TITLE
General Setup
WAN Setup
Ethernet Setup
DESCRIPTION
Use this menu to set up general information and enable routing or bridging of specific protocols. The name in brackets after
Main Menu is the System Name you assign here.
Use this menu to set up the WAN configuration.
Use this menu to set up the Ethernet configuration.
Internet Access Setup A quick and easy way to set up an Internet connection for the
1400.
Remote Node Setup Use this menu to set up the remote node for LAN-to-LAN connections, including an Internet connection for the and models.
Static Routing Setup Use this menu to set up static routes for different protocols.
There are eight static routes for each protocol.
NAT Setup Use this menu to configure NAT.
Filter Set Configuration Set up filters to be applied in Menu 3 and Menu 11 to provide security, call control, etc.
SNMP Configuration Use this menu to set up SNMP related parameters
System Security Use this menu to set up security related parameters.
System Maintenance Provides system status, diagnostics, firmware upload, etc.
IP Routing Policy Setup Configure your routing policies here.
Exit To exit the SMT and return to a blank screen.
Hardware Installation & Initial Setup 3-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
3.9 Changing the System Password
The first thing you should do before anything else is to change the default system password by doing the following:
Step 1. Select option 23 from the main menu. This will open Menu 23 - System Security as shown:
Menu 23 - System Security
1. Change Password
Enter Menu Selection Number
Step 2.
Step 3.
Figure 3-7 Menu 23 - System Security
From Menu 23 - System Security , select Change Password to bring up Menu 23.1 - System Security -
Change Password .
When submenu Menu 23.1- System Security-Change Password appears, as shown next, enter the existing system password, i.e., 1234 , then press [ENTER].
Menu 23.1 - System Security - Change Password
Old Password= XXXX
New Password= XXXX
Retype to confirm= XXXX
Press ENTER to Confirm or ESC to Cancel:
Step 4.
Step 5.
Figure 3-8 Menu 23.1 - System Security - Change Password
Enter your new system password and press [ENTER] .
Re-type your new system password for confirmation and press [ENTER] .
3.9.1 Resetting the Prestige
If you forget your password or for some reason cannot access the SMT menu, you will need to reload the configuration file. Uploading the configuration file replaces the current configuration file with the new configuration file. This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 9600bps with 8 data bit, no parity, one stop bit and flow control none.
The password will be reset to 1234, also.
To obtain the default configuration file, download it from the FTP site, unzip it and save it in a folder. Turn the
Prestige off and then on to begin a session. When you turn on the Prestige again you will see the initial screen.
When you see the message “Press any key to enter Debug Mode within 3 seconds” press any key to enter debug mode.
3-8 Hardware Installation & Initial Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 1 - General Setup contains administrative and system-related information. The fields for General Setup are as shown next.
Menu 1 - General Setup
System Name= MyPrestige
Location= Hsinchu
Contact Person's Name= JohnDoe
Press ENTER to Confirm or ESC to Cancel:
Figure 3-9 Menu 1 - General Setup
The Menu 1 - General Setup fields are explained in the next table.
Table 3-4 General Setup Fields
FIELD DESCRIPTION
System Name Choose a descriptive name for identification purposes. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. This name can be retrieved remotely via SNMP and will be displayed up to the first 9 characters at the prompt in the Command Mode.
EXAMPLE
MyPrestige
Note: Once you have configured the System Name, you can see it displayed (up to the first 9 characters) in the main menu within brackets next to "Prestige 1400 Main Menu”.
Location
(optional)
Enter the geographic location (up to 31 characters) of your
Prestige 1400 .
Hsinchu
Contact
Person's Name
(optional)
Enter the name (up to 30 characters) of the person in charge of this Prestige 1400.
JohnDoe
Hardware Installation & Initial Setup 3-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 4
WAN Port Setup
This section describes setting up your WAN port including Frame Relay.
Select option 2 from the main menu by typing 2 at the menu selection number prompt to display the next screen.
Menu 2 - WAN Port Setup
Clock Source = External
Port Speed = N/A Change the default option ( No ) to
Yes if you wish to configure the
WAN port for frame relay.
Edit Frame Relay Setup= No
Press Enter to Confirm or ESC to Cancel:
Figure 4-1 Menu 2 - WAN Port Setup
Table 4-1 WAN Setup Menu Fields
FIELD
Clock Source
DESCRIPTION
The device connected to the WAN port controls timing. The
P1400 currently only supports an external clock source.
Set by External Device Port Speed
Edit Frame Relay
Setup
To configure the WAN port for frame relay move the cursor to the Edit Frame Relay Setup field, press the
[SPACEBAR] once to display Yes and then press
[ENTER]. This takes you to Menu 2.1.2 - Frame Relay
Setup shown ahead.
EXAMPLE
External
N/A
No
4.1 Configuring The WAN Port For PPP over HDLC
The following diagram depicts the configuration scenario for running PPP over HDLC (High-level Data Link
Control).
4-1 WAN Port Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 4-2 Configuring The WAN Port for PPP over HDLC
To run PPP over HDLC directly without frame relay, the Line Type field in Menu 2.1.2 - Frame Relay Setup must be set to None . To make sure frame relay is disabled, go to menu 2 and then to Menu 2.1.2 – Frame Relay
Setup . If the Line Type field is not None , press [ SPACE BAR] to change it before saving the configuration.
4.2 Configuring The WAN Port For Frame Relay
Frame relay is a form of packet-switching technology that routes frames of information from source to destination over a switched network. Frames are “relayed” through switches in the network.
4-2
Figure 4-3 Configuring The WAN Port For Frame Relay
W AN Port Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
4.2.1 Standards
The two main groups that create recommendations and standards in the telecommunications field are ITU - T
(International Telecommunication Union - Telecommunications Standardization Sector) and ANSI (American
National Standards Institute). Standards vary slightly for both organizations, so please select the correct standard in the Link Management field. Your Network Service Provider (NSP) should provide you with this information.
4.2.2 How To Configure The WAN Port For Frame Relay
Go to menu 2, then move the cursor to the Edit Frame Relay Setup field, press the [SPACEBAR] once to display
Yes and then press [ENTER]. This takes you to Menu 2.1.2 - Frame Relay Setup shown next.
Menu 2.1.2 – Frame Relay Setup
Line Type = User
Link Management = ANSI(T1.618)
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Link Type
FIELD
Link Management
Figure 4-4 Menu 2.1.2 - Frame Relay Setup
Table 4-2 Menu 2.1.2 - Frame Relay Setup
DESCRIPTION
Choose User if the Prestige is on the user side of the UNI (User Network Interface: defines the connection between user equipment and the
Frame Relay network), i.e. if your Prestige is connected to a service provider. Choose None to disable Frame Relay.
Press the [SPACE BAR] and then [ENTER] to select which standard is compatible with your
Prestige. Both the Prestige and the peer must use the same standard. The standard defines functions that are responsible for monitoring the up/down status and error performance of an individual link. If failure occurs, recovery actions are initiated for the restoration of the failed link.
OPTIONS
User (default)
None
ITU-T(Q.933)
ANSI(T1.618)
4.3 How To Configure Frame Relay for Internet Access
4.3.1 Encapsulation
Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods:
WAN Port Setup 4-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
RFC 1973 (PPP in Frame Relay)
RFC 1973 describes the use of Frame Relay for transporting PPP encapsulated packets. Please refer to RFC 1973 for more information.
RFC 1490
RFC 1490 describes Multiprotocol Interconnect over Frame Relay encapsulation which is an encapsulation method for carrying network interconnect traffic (both bridging and routing) over a frame relay network. It also describes a simple fragmentation procedure for carrying large frames over a frame relay network with a smaller MTU
(Maximum Transmission Unit).
4.3.2 DLCI
The carrier gives you a DLCI (Data Link Connection Identifier) for each frame relay connection to a destination.
Identifiers can range from 1 to 991 with restrictions as shown in the following table. The default DLCI for the first connection is 16.
Table 4-3 Data Link Connection Identifiers
DLCI USAGE
0
1-15
16 - 991
Channel Signaling
Reserved
Frame Relay
4.3.3 CIR (Committed Information Rate)
The carrier programs virtual circuits into the network between your sites and charges you for a specific level of service called the committed information rate (CIR). The CIR is basically a guarantee that the carrier will always have that bandwidth available. The CIR limit for the Prestige is 8Mbps. The sum of CIRs from all channels in a line cannot exceed 8Mbps due to the processing limit of the P1400 CPU.
4.3.4 EIR (Excess Information Rate)
This is the burst capability of the connection, i.e., the maximum allowable data transfer rate. EIR must be greater than or equal to the CIR.
4.3.5 How To Configure Frame Relay for Internet Access
Go to Menu 4 - Internet Access Setup , move the cursor to the Edit Frame Relay Options= field, press the
[SPACE BAR] once to display Yes and then press [ENTER] to display Menu 4.2 - Internet Setup Frame Relay
Options shown next.
4-4 W AN Port Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 4 - Internet Access Setup
ISP's Name= ?
Internet Access Interface= FlexWAN
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= Yes
Network Address Translation= None
My WAN Addr= N/A
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 4-5 Menu 4 - Internet Access Setup
Menu 4.2 – Internet Setup Frame Relay Options
Encapsulation= RFC 1490
DLCI = 16
CIR (kbps)= 64
EIR (kbps)= 80
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-6 Menu 4.2 - Internet Setup Frame Relay Options
FIELD
Encapsulation
DLCI
CIR (Kbps)
EIR (Kbps)
Table 4-4 Menu 4.2 - Internet Setup Frame Relay Options
DESCRIPTION
Be sure to use the encapsulation method required by your ISP. The Prestige supports
RFC 1973 and RFC 1490. See section 4.3.1
for more information.
Enter the DLCI number required by your ISP.
The default DLCI for the Prestige is 16 for the first PVC. See section 4.3.2 for more information.
Enter the CIR as negotiated with your ISP. See section 4.3.3 for more information.
Enter the EIR as negotiated with your ISP. See section 4.3.4 for more information.
OPTIONS/EXAMPLES
RFC 1973 (PPP)
RFC 1490
16
64
80
4.4 How To Configure Frame Relay For A Remote Node
Configuring frame relay for a remote node is similar to configuring frame relay for Internet Access.
Go to Menu 11.1 - Remote Node Profile , move the cursor to the move the cursor to the Edit Frame Relay
Options field, press the [SPACE BAR] once to display Yes and then press [ENTER]. This takes you to Menu 11.5
- Remote Node Frame Relay Options shown next.
WAN Port Setup 4-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
Rem Node Name= verio
Active= Yes
Menu 11.1 - Remote Node Profile
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= scci
My Password= ********
Authen= CHAP/PAP
Telco Option:
Edit Frame Relay Options= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Leave name field blank to delete profile
Please enter 0-9, a-z, A-Z, '-', or '_', or leave blank to DELETE profile
Figure 4-7 Menu 11.1 - Remote Node Profile
Menu 11.4 - Remote Node Frame Relay Options
Encapsulation= RFC 1490
DLCI = 16
CIR (kbps)= 64
EIR (kbps)= 80
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-8 Menu 11.4 - Remote Node Frame Relay Options
The fields in this table are the same as described in Table 4-4 above .
4-6 W AN Port Setup
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 5
Internet Access
This chapter shows you how to configure the Prestige for Internet access.
5.1 TCP/IP and DHCP for LAN
The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support
DHCP client capability.
5.1.1 IP Address and Subnet Mask
Machines on a LAN share one common network number; once you have decided on the network number, pick an
IP address that is easy to remember for your Prestige.
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the subnet mask automatically based on the IP address that you entered. You don’t need to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.
RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to:
1.
Both the Prestige will broadcast its routing table periodically and incorporate the RIP information that it receives.
2.
In Only - the Prestige will not send any RIP packets but will accept all RIP packets received.
3.
Out Only - the Prestige will send out RIP packets but will not accept any RIP packets received.
4.
None the Prestige will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more information.
RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router machines since they generally do not listen to the RIP multicast address and so will not receive the RIP packets. However, if one router uses multicasting, then all routers on your network must also use multicasting.
By default, RIP direction is set to Both and Version is set to RIP-1 .
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (workstations) to obtain the TCP/IP configuration at start-up from a server .
You can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TCP/IP configuration for the clients. If set to
None , DHCP service will be disabled and you must have another DHCP sever on your LAN, or else the workstation must be manually configured.
Internet Access 5-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
IP Pool Setup
The Prestige is pre-configured with a pool of 220 IP addresses starting from 192.168.1.1 to 192.168.1.220. For local application servers, e.g., mail, FTP, telnet, web, etc. that you wish to assign static addresses, then choose from
192.168.1.221 to 192.168.1.253.
Table 5-1 Default Prestige IP Assignment
Prestige LAN IP address
IP Pool for DHCP clients
Suggested static IP addresses for local application servers.
192.168.1.254
192.168.1.1 to 192.168.1.220
192.168.1.221 to 192.168.1.253
DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa, e.g., the IP address of www.zyxel.com
is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a customer the
DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP does give you the
DNS server addresses, enter them in the DNS Server fields in the DHCP setup menu.
The second is to leave this field blank, i.e., 0.0.0.0 – in this case the Prestige acts as a DNS proxy.
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast
(1 sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network.
IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1
(RFC 1112) but IGMP version 1 is still widely used. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to 239.255.255.255. The address 224.0.0.0
is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the
224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 ( IGMP-v1 ) and IGMP-v2 . At start up, the Prestige queries all directly connected networks to gather group membership. After that, the Prestige periodically updates this information by sending a membership query to 224.0.0.1. IP Multicasting can be enabled/disabled on the Prestige LAN and/or
WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN). Select None to disable IP Multicasting on these interfaces.
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing. Create policies using SMT Menu 25 ( see the
IP Policy Routing chapter ) and apply them on the Prestige LAN and/or WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN).
5-2 Internet Access
Prestige 1400 WAN Router with Integrated Ethernet Switch
5.3 TCP/IP Ethernet Setup
To edit Menu 3.2
, select Menu 3 - Ethernet Setup in the main menu and then the appropriate LAN. Then select the submenu option 2 , and press [ENTER] to display Menu 3.2 - TCP/IP Ethernet Setup as shown next.
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= Server
Client IP Pool Starting Address= 192.168.1.1
Size of Client IP Pool= 220
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
TCP/IP Setup:
IP Address= 192.68.1.254
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-1
Multicast= N/A
IP Policies=
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 5-1 Menu 3.2 - TCP/IP Ethernet Setup
Follow the instructions in the following table on how to configure the DHCP fields.
DHCP
FIELD
Table 5-2 LAN DHCP Setup Menu Fields
DESCRIPTION
This field enables/disables the DHCP server. If it is set to
Server , your Prestige will act as a DHCP server. If set to
None , DHCP service will be disabled and you must have another DHCP sever on your LAN, or else the workstation must be manually configured. When DHCP is set to Server , the following four items need to be set.
Client IP Pool
Starting Address
Size of Client IP
Pool
This field specifies the first of the contiguous addresses in the IP address pool.
This field specifies the size, or count, of the IP address pool.
Primary DNS Server
Secondary DNS
Server
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Leave these entries at
0.0.0.0 if a WAN DHCP server provides them.
EXAMPLE
None
Server
(default)
192.168.1.1
Follow the instructions in the following table to configure TCP/IP parameters for the LAN port.
220
Table 5-3 LAN TCP/IP Setup Menu Fields
DESCRIPTION EXAMPLE FIELD
TCP/IP Setup
IP Address Enter the IP address of your Prestige in dotted decimal notation.
IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing
192.168.1.254
(default)
255.255.255.0
Internet Access 5-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD DESCRIPTION subnetting, use the subnet mask computed by the Prestige
RIP Direction Press [SPACE BAR] to select the RIP direction from Both/In
Only/Out Only/None .
EXAMPLE
Both
(default)
Version
Multicast
Press the [SPACE BAR] to select the RIP version from RIP-1/RIP-
2B/RIP-2M .
IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a Multicast group. The
Prestige supports both IGMP version 1 ( IGMP-v1 ) and IGMP-v2 .
Press [SPACE BAR] to enable IP Multicasting or select None
(default) to disable it.
RIP-1
(default)
None
IP Policies You can apply up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
5.4 Collecting Internet Account Information
Before you configure your Prestige for Internet access, you need to collect your Internet account information from your ISP. The type of information you need to gather depends on your Prestige interface to the Internet –
FlexWAN or Ethernet. Use Table 5-4 to record your Internet Account Information.
Only one Internet interface can be active at any one time.
Table 5-4 Internet Account Information
INTERNET ACCOUNT INFORMATION WRITE YOUR ACCOUNT INFORMATION HERE
Local IP Addr
Subnet Mask
Gateway IP Addr
Internet Access Interface= Ethernet
✎
✎
✎
Login Name
Password
Internet Access Interface= FlexWAN
✎
Frame Relay Options (if applicable)
✎
✎
5.5 Internet Access using the Prestige
Menu 4 allows you to enter the Internet access parameters in one screen. Menu 4 is actually a simplified setup for one of the remote nodes that you can access through menu 11. From the main menu, enter option 4 to go to Menu 4
- Internet Access Setup , as displayed in the next figure.
5-4 Internet Access
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 4 - Internet Access Setup
ISP's Name= Hinet
Internet Access Interface= FlexWAN
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= No
Network Address Translation= None
My WAN Addr= N/A
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 5-2 Menu 4 - Internet Access Setup
Table 5-5 contains instructions on how to configure your Prestige for Internet access.
FIELD
Table 5-5 Internet Access Setup Menu Fields
DESCRIPTION
ISP's Name
Internet Access
Interface=
Enter the name of your Internet Service Provider. (This information is for identification purposes only.)
Press the [SPACE BAR] to select either Ethernet (connection via broadband modem to a Prestige Ethernet port) or
FlexWAN (connection via WAN device, e.g., CSU/DSU to the
Prestige WAN port). You can only have one interface active at any one time.
To change the Internet Access Interface field you need to:
1. Go to Menu 4 and delete the ISP’s name field.
2. Then press [ENTER] at the message “Press ENTER to
Confirm...”, i.e., delete the profile.
3. Now reenter Menu 4 and select a new Internet access interface.
Ethernet: This information is given to you by your ISP.
Local IP Addr This is the WAN IP address of the Prestige.
Subnet Mask Enter the corresponding subnet mask given to you.
Gateway IP Addr This is the default ISP gateway to the Internet.
FlexWAN: This information is given to you by your ISP.
My Login Name Enter the login name assigned to you.
My Password Enter the password associated with the login name above.
Note that this login name/password pair is only for your
Prestige to connect to the ISP's gateway. For TCP/IP applications, e.g., FTP, you will need a separate login name and password for each server.
OPTION/
EXAMPLE myISP
FlexWAN
(required)
(required)
Internet Access 5-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD DESCRIPTION OPTION/
EXAMPLE
Edit Frame Relay
Options
You only need to configure this field if you want to configure the WAN port for frame relay.Please see the WAN Port Setup chapter for a full discussion of this feature.
Network Address
Translation
See the NAT chapter for more details on this field.
My WAN Addr Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige.
Note that this is the address assigned to your local Prestige, not the remote router.
Address Mapping
Set
See the NAT Chapter for more details on this field
Press [ENTER] at the message “Press ENTER to Confirm...” to confirm your configuration, or press
[ESC] at any time to cancel.
5-6 Internet Access
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 6
Remote Node Configuration
This chapter shows you how to configure the profile and TCP/IP parameters of a remote node.
A remote node is required for placing calls to a remote gateway. A remote node represents both the gateway and the network behind it across a WAN connection. Note that when you use Menu 4 to set up Internet access, you are actually configuring remote node 1.
6.1 Remote Node Setup
Select menu option 11 from the main menu to enter Menu11.1 Remote Node Profile as shown next.
Menu 11 - Remote Node Setup
1. myISP
2. ________
3. ________
Enter Node # to Edit:
Figure 6-1 Menu 11 – Remote Node Setup
Enter a remote node index number to bring up the following screen.
Rem Node Name= myISP
Active= Yes
Menu 11.1 - Remote Node Profile
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= scci
My Password= ********
Authen= CHAP/PAP
Telco Option:
Edit Frame Relay Options= No
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Leave name field blank to delete profile
Please enter 0-9, a-z, A-Z, '-', or '_', or leave blank to DELETE profile
Figure 6-2 Menu 11.1 - Remote Node Profile
6-1 Remote Node Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
The following table contains the instructions on how to configure the Remote Node Profile Menu for leased lines.
Active
Table 6-1 Remote Node Profile Menu Fields for Leased Lines
FIELD
Rem Node Name
DESCRIPTION
This is a required field. Enter a descriptive name for the remote node, e.g., myISP. This field can be up to eight characters.
Press [SPACE BAR] to toggle between Yes and
No .
OPTIONS
Yes/No
Outgoing:
My Login Name Enter the login name for your Prestige when it calls this remote node.
My Password Enter the password for your Prestige when it calls this remote node.
Authen This field sets the authentication protocol used for outgoing calls. PAP/CHAP
Your Prestige supports both Password
Authentication Protocol (PAP) and Challenge
Handshake Authentication Protocol (CHAP).
CHAP is more secure than PAP because the password is not sent in clear text.
Options for this field are:
CHAP/PAP - Your Prestige will accept either
CHAP or PAP when requested by this remote node.
CHAP - accept CHAP only.
CHAP/PAP
(default)
CHAP
PAP - accept PAP only.
PAP
6-2
Edit PPP Options
Rem IP Addr
Edit IP
To edit the PPP options for this remote node, move the cursor to this field, press the [SPACE
BAR] to select Yes and press [ENTER]. This will bring you to Menu 11.2 - Remote Node PPP
Options . For more information on configuring
PPP options, see the section Editing PPP
Options .
This is a required field. Enter the IP address of the remote gateway.
To edit the IP parameters, select Yes and press
[ENTER]. This will bring you to Menu 11.3 -
Remote Node Network Layer Options. For more information on this screen, refer to the section
Remote Node TCP/IP Configuration.
Telco Option:
Edit Frame Relay Options Please see the WAN Port Setup chapter for a full discussion of this feature.
Session Options:
Input Filter Sets, Output
In these fields, enter the filter set(s) you wish to apply to the incoming and outgoing traffic between this remote node and your Prestige. You can
Yes
Yes
Remote Node Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Filter Sets
FIELD DESCRIPTION choose from 12 different filter sets. In addition, you can link up to 4 filter sets together for further customization, e.g., 1, 5, 9, 12.
Note that spaces are accepted in this field. For more information on customizing your filter sets, see the chapter on filters. The default is blank, i.e., no filters defined.
OPTIONS
Once you have completed filling in Menu 11.1. - Remote Node Profile, press [ENTER] at the message “Press ENTER to Confirm…” to save your configuration, or press [ESC] at any time to cancel.
6.2 Outgoing Authentication Protocol
Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons.
However, some vendor’s implementation includes specific authentication protocol in the user profile. It will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified. If you encounter the case where the peer disconnects right after a successful authentication, please make sure that you specify the correct authentication protocol when connecting to such an implementation.
Generally, the server decides the authentication option. For outgoing calls it is not necessary for you to configure this field except in cases where the remote server’s operator tells you.
6.3 Editing PPP Options
To edit the PPP options of a remote node, move the cursor to the Edit PPP Options field in Menu 11.1 - Remote
Node Profile , and press [SPACE BAR] to select Yes . Press [ENTER] to open Menu 11.2
, as shown.
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP
Compression= No
ENTER here to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 6-3 Menu 11.2 - Remote Node PPP Options
Table 6-2 Remote Node PPP Options Menu Fields describes the Remote Node PPP Options Menu, and contains instructions on how to configure the PPP options fields.
Remote Node Configuration 6-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD
Encapsulation
Table 6-2 Remote Node PPP Options Menu Fields
DESCRIPTION
Select the vendor-specific encapsulation for the link.
The default is Standard PPP. Select Cisco PPP only when the remote gateway is a Cisco machine.
Standard PPP - Standard PPP encapsulation will be used.
CISCO PPP - Cisco PPP encapsulation will be used.
OPTION
Standard PPP
CISCO PPP
Compression Turn on/off Stac data compression. The default for this field is Off .
On/Off
(Default = Off)
Once you have completed filling in Menu 11.2 - Remote Node PPP Options , press
[ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press
[ESC] at any time to cancel.
6.4 Edit IP Parameters
Move the cursor to the Edit IP field in Menu 11.1 - Remote Node Profile , then press [SPACE BAR] to choose
Yes , and press [ENTER] to edit Menu 11.3 - Network Layer Options .
Menu 11.3 Remote Node Network Layer Options
Rem IP Addr= 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Network Address Translation= SUA Only
Address Mapping Set= N/A
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= IGMP-v2
IP Policies=
Enter here to CONFIRM or ESC to CANCEL
Figure 6-4 Menu 11.3- Remote Node Network Layer Options
6-4 Remote Node Configuration
To configure the TCP/IP parameters of a remote node, first configure the two fields in Menu 11 - Remote Node
Profile , as shown.
Table 6-3 TCP/IP related fields in Menu 11.1 - Remote Node Profile
FIELD DESCRIPTION
Rem IP Address Enter the IP address of the remote gateway in
Menu 11 - Remote Node Profile .
Edit IP Press [SPACE BAR] to select Yes and press
[ENTER] to go to Menu 11.3 - Remote Node
Network Layer Options .
OPTION
Yes/No
The following table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer Options .
FIELD
Rem IP
Address
Rem IP
Subnet Mask
My WAN
Addr
Table 6-4 Remote Node TCP/IP Configuration
DESCRIPTION
This shows the IP address you entered for this remote node in the previous menu, Remote Node Profile.
Enter the subnet mask for the remote network.
Network
Address
Translation
Address
Mapping
Set= N/A
Metric
Private
RIP
Direction=
Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the
LAN and that each end must have a unique address within the
WAN network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige.
Note that this is the address assigned to your local Prestige, not the remote router.
Please see the NAT chapter for a more detailed discussion on the Network Address Translation feature. The choices are
Feature, None and SUA Only.
Enter the address mapping set you are applying to this remote node. 255 is the default (read-only) SUA Only set.
Full
The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and not included in RIP broadcast. If No , the route to this remote node will be propagated to other hosts through RIP broadcasts.
Press [SPACE BAR] to select the RIP direction from Both/In
Only/Out Only/None .
Version=
Prestige 1400 WAN Router with Integrated Ethernet Switch
Press [SPACE BAR] to select the RIP version from RIP-1/RIP-
2B/RIP-2M .
OPTION
Full Feature
None and SUA
Only
1 to 4, 255
1 to 15
Yes/No
Both/In
Only/Out
Only/None
RIP-1/ RIP-2B/
RIP-2M
Remote Node Configuration 6-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD
Multicast Turn on/off IGMP support and select the version from IGMPv2/IGMP-v1/None .
DESCRIPTION OPTION
IGMP-v2
IGMP-v2
None
IP Policies You can apply up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to
Menu 11. Press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel.
6-6 Remote Node Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 7
Static Route
This chapter tells you how to configure static routes for the Prestige.
7.1 Basics
If you wish to know more about static route basics, please read on. Skip to the Static Route Setup section for the actual configuration.
Static routes tell a router routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Each remote node specifies only the network to which the gateway is directly connected, and a router has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following diagram through remote node Router 1. However, the Prestige is unable to route a packet to network N3 because it doesn’t know that there is a route through the same remote node Router 1 (via gateway Router 2). Configure static routes to tell the Prestige about networks beyond remote nodes.
Figure 7-1 An Example of Static Routing Topology
7.2 Static Route Setup
Static routes are required if the client has more than one public IP address. By adding static routes, the Prestige knows how to route packets that belong to public IP addresses back to the client’s local network. The Prestige supports up to 240 static routes. Enter “p” to view a precious page of static routes and “n” to view the next page.
To configure an IP static route, use Menu 12 - IP Static Route Setup , as displayed next.
Static Route 7-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 12 - IP Static Route Setup
No. Name No. Name No. Name No. Name
1. ________ 13. ________ 25. ________ 37. ________
2. ________ 14. ________ 26. ________ 38. ________
3. ________ 15. ________ 27. ________ 39. ________
4. ________ 16. ________ 28. ________ 40. ________
5. ________ 17. ________ 29. ________ 41. ________
6. ________ 18. ________ 30. ________ 42. ________
7. ________ 19. ________ 31. ________ 43. ________
8. ________ 20. ________ 32. ________ 44. ________
9. ________ 21. ________ 33. ________ 45. ________
10. ________ 22. ________ 34. ________ 46. ________
11. ________ 23. ________ 35. ________ 47. ________
12. ________ 24. ________ 36. ________ 48. ________
Enter Selection Number, 'p' for prev OR 'n' for next page:
Figure 7-2 Menu 12 - IP Static Route Setup
Choosing a static route to edit displays the following screen.
Menu 12.1 - Edit IP Static Route
Route #: 1
Route Name= ?
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to Confirm or ESC to Cancel:
Figure 7-3 Menu 12.1 - Edit IP Static Route
The following table describes the fields for Menu 12.1 - Edit IP Static Route Setup .
7-2 Static Route
FIELD
Route #
Route Name
Active
Destination IP
Address
IP Subnet Mask
Gateway IP
Address
Metric
Private
Prestige 1400 WAN Router with Integrated Ethernet Switch
Table 7-1 Edit IP Static Route Menu Fields
DESCRIPTION
This is the index number of the route as listed in Menu
12 - IP Static Route Setup .
Enter a descriptive name for this route. This is for identification purpose only.
This field allows you to activate/deactivate this static route.
This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
Enter the subnet mask for this destination. Follow the discussion on IP subnet mask in this chapter.
Enter the IP address of the gateway. The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination. On the LAN the gateway must be a router on the same segment as your Prestige; over
WAN, the gateway must be the IP address of one of the remote nodes.
The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
This parameter determines if the Prestige will include the route to this remote node in its RIP broadcasts. If set to Yes , this route is kept private and not included in RIP broadcast. If No , the route to this remote node will be propagated to other hosts through RIP broadcasts.
OPTIONS
Yes/No
1 to 15
Yes/No
Static Route 7-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 8
Network Address Translation (NAT)
This chapter discusses how to configure NAT on the Prestige.
8.1 Introduction
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, e.g., the source address of an outgoing packet, used within one network to a different IP address known within another network.
Inside / outside denotes where a host is located relative to the Prestige, e.g., the workstations of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts. Global / local denotes the IP address of a host in a packet as the packet traverses across a router, e.g., the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is travelling in the WAN side. Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.
TERM
Inside
Outside
Local
Global
DEFINITION
This refers to the host on the LAN.
This refers to the host on the WAN.
This refers to the packet address (source or destination) as the packet travels on the LAN.
This refers to the packet address (source or destination) as the packet travels on the WAN.
The IP address (either local or global) of an outside host is never changed.
8.1.2 What NAT Does
In its simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back the inside local address before forwarding it to the original inside host.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-Many Overload mapping - see next), NAT offers the additional benefit of firewall protection. If no server is defined in these cases, all incoming inquiries will be filtered out by your Prestige, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
8-1 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
Each packet has two addresses - a source address and a destination address. For outgoing packets, the ILA (Inside
Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the
WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. NAT replaces the original IP source address (and TCP or UDP source port numbers for
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards the packet to the
Internet. The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
Figure 8-1 How NAT Works
NAT supports five types of IP/port mapping. They are:
1.
One to One: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
2.
Many to One: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address.
This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature.
3.
Many to Many Overload: In Many-to-Many Overload mode, the Prestige maps the multiple local IP addresses to shared global IP addresses.
4.
One-to-One (range): In One-to-One (range) mode, the Prestige maps each local IP address to a unique global IP address.
5.
Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world.
6.
No-Change: This NAT mapping type allows you to assign global IPs to machines behind NAT.
Port numbers do not change for One-to-One, One-to-One (range) and No-Change NAT mapping types.
The following table summarizes these types.
8-2 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
TYPE
Server
No Change
Table 8-1 NAT Mapping Types
IP MAPPING SMT
ABBREVIATION
One-to-One
Many-to-One (SUA/PAT)
Many-to-Many Overload
One-to-One (range)
ILA1 #$ IGA1
ILA1 #$ IGA1
ILA2 #$ IGA1
…
ILA1 #$ IGA1
ILA2 #$ IGA2
ILA3 #$ IGA1
ILA4 #$ IGA2
…
ILA1 #$ IGA1
ILA2 #$ IGA2
ILA3 #$ IGA3
…
Server 1 IP #$ IGA1
Server 2 IP #$ IGA1
Server 3 IP #$ IGA1
IGA1 #$ IGA1
IGA2 #$ IGA2
IGA3 #$ IGA3
…
1:1
M:1
M:M Ov
1-1 Ra
Server
No-Ch
8.1.5 SUA (Single User Account) Versus NAT
SUA (Single User Account) in previous ZyNOS versions is a subset of NAT that supports two types of mapping,
Many-to-One and Server . See section 8.2.3
for a detailed description of the NAT set for SUA. The Prestige has
Full Feature NAT support to map local IP addresses to global IP addresses of clients or servers using all mapping types as outlined in Table 8-1 . The Prestige supports NAT sets on a remote node basis. The mapping sets are reusable, but only one set is allowed for each remote node. Set 255 is for SUA Only which is a convenient, preconfigured, read only Many-to-1 port mapping set, sufficient if you have just one public IP.
8.2.1 Applying NAT in the SMT Menus
Apply NAT via menus 4 or 11.3. The next figure shows you how to apply NAT for Internet access in Menu 4.
Enter 4 from the main menu to go to Menu 4 - Internet Access Setup .
NAT 8-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 4 - Internet Access Setup
ISP's Name= Hinet
Internet Access Interface= FlexWAN
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= No
Network Address Translation= None
My WAN Addr= N/A
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 8-2 Applying NAT for Internet Access
The following figure shows how you apply NAT to the remote node in Menu 11.1.
Step 1.
Step 2.
Enter 11 from the main menu.
Move the cursor to the Edit IP field, press the [SPACE BAR] to toggle the default No to Yes , then press
[ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Network Address Translation= SUA Only
Address Mapping Set= N/A
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= N/A
IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
Figure 8-3 Applying NAT to the Remote Node
The following table describes the options for Network Address Translation.
FIELD
Network Address
Translation
Table 8-2 Applying NAT in Menus 4 & 11.3
DESCRIPTION
Full Feature: You can configure any of the six mapping types described in Table 8-1 .
SUA Only: When you select this option the SMT will use Address
Mapping Set 255 (Menu 15.1 - see section 8.2.3
). It is a convenient, pre-configured, read only Many-to-1 port mapping set, sufficient for most purposes (especially for users with just one public IP) and helpful to people already familiar with SUA in previous ZyNOS versions. Note that there is also a Server type whose IGA is 0.0.0.0
in this set.
None: NAT is disabled when you select this option.
8-4 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
Address Mapping
Set
This is the Address Mapping Set that you wish to apply to this node.
Set 255 is reserved for SUA.
To configure NAT, enter 15 from the main menu to bring up the following screen.
Menu 15 – NAT Setup
1. Address Mapping Sets
2. Server Set
Enter Menu Selection Number:
Figure 8-4 Menu 15 NAT Setup
8.2.3 Address Mapping Sets and NAT Server Sets:
Use the Address Mapping Sets menus and submenus to create the mapping table for translation. Each remote node must specify which NAT Address Mapping Set to use. You can only configure set 1 to 4, which supports all mapping types as outlined in Table 8-1 . Set 255 is used for SUA. When you select SUA Only , the SMT will use the pre-configured Set 255 (read only) - see section 8.1.5
.
Enter 1 to bring up Menu 15.1 - Address Mapping Sets .
Menu 15.1 - Address Mapping Sets
1. NAT_SET1
2. NAT_SET2
3. NAT_SET3
4. NAT_SET4
255. SUA (read only)
Figure 8-5 Menu 15.1 Address Mapping Sets
Let’s look first at Option 255 ( see section 8.1.5) . The fields in this menu cannot be changed. Entering 255 brings up the following screen.
NAT 8-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 15.1.255 - Address Mapping Rules
Set Name= SUA
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- --------------- --------------- --------------- ------
1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1
2. 0.0.0.0 Server
3.
4.
5.
6.
7.
8.
9.
10.
Press ENTER to Confirm or ESC to Cancel:
Figure 8-6 SUA Address Mapping Rules
The following table explains the fields in this screen.
Please note that the fields in this menu are read-only. Fields are configured in Menu 15.1.1.1
(described later) and the values are displayed here.
FIELD
Set Name
Idx
Local Start IP
Local End IP
Table 8-3 SUA Address Mapping Rules
DESCRIPTION
This is the name of the set you selected in Menu
15.1 or enter the name of a new set you want to create.
This is the index or rule number.
Local Start IP is the starting local IP address (ILA)
( see Figure 8-1) . Local End IP is the ending local IP address (ILA). If the rule is for all local IPs, then the
Start IP is 0.0.0.0 and the End IP is 255.255.255.255.
OPTIONS/EXAMPLE
SUA
1
0.0.0.0
255.255.255.255
Global Start
IP
This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start
IP.
Global End IP This is the ending global IP address (IGA).
0.0.0.0
N/A
Type These are the mapping types discussed above ( see
Table 8-1 ). Type Server allows you to specify a server of a given service behind NAT. See section
8.4.3 below for some examples.
Server
For all Local and Global IPs, the End IP address must be numerically greater than the IP Start address.
Enter 1 to in Menu 15.1
bring up the following menu. Note that, this screen is not read only, so there are extra
Action and Select Rule fields. Note also that the [?] in the Set Name field means that this is a required field and you must enter a name for the set.
8-6 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
Please note that if the Set Name field is left blank, the entire set will be deleted.
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET1
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- --------------- --------------- --------------- ------
1.
2
3.
4.
5.
6.
7.
8.
9.
10.
Action= Edit Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Figure 8-7 First Set in Menu 15.1.1
The Type, Local and Global Start/End IPs are configured in Menu 15.1.1.1 (described later) and the values are displayed here.
8.2.4 Ordering Your Rules
Ordering your rules is important because the Prestige applies the rules in the order that you specify. When a rule matches the current packet, the Prestige takes the corresponding action and the remaining rules are ignored. If there are any empty rules before your new configured rule, your configured rule will be pushed up by that number of empty rules. For example, if you have already configured rules 1 to 6 in your current set and now you configure rule number 9. In the set summary screen, the new rule will be rule 7, not 9.
Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rules 5, 6 and 7 become new rules 4, 5 and 6.
The description of the other fields is as described above. The Type, Local and Global Start/End IPs are configured in Menu 15.1.1.1 (described later) and the values are displayed here.
Table 8-4 Menu 15.1.1
FIELD
Set Name
DESCRIPTION
Enter a name for this set of rules. This is a required field.
Please note that if this field is left blank, the entire set will be deleted.
Action There are 4 actions. The default is Edit . Edit means you want to edit a selected rule (see following field). Insert
Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the indices of the rules after the selected one will be decremented by 1. Save Set means to save the whole set
(note when you choose this action, the Select Rule item will be disabled).
Select Rule When you choose Edit, Insert Before or Delete in the previous field the cursor jumps to this field to allow you to select the rule to apply the action in question.
OPTION
Edit
Insert Before
Delete
Save Set
NAT 8-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
Save Set in the Action field means to save the whole set. You must do this if you make any changes to the set - including deleting a rule. No changes to the set take place until this action is taken.
Selecting Edit in the Action field and then entering a rule number brings up the following menu, Menu 15.1.1.1
- Address
Mapping Rule.
In this menu you can edit an individual rule and configure the Type, Local and Global Start/End IPs .
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start=
End = N/A
Global IP:
Start=
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 8-8 Editing an Individual Rule in a Set
The following table describes the fields in this screen.
Table 8-5 Menu 15.1.1.1 - Configuring an Individual Rule
FIELD
Type
DESCRIPTION
Press the [SPACE BAR] to toggle through a total of 6 types. These are the mapping types discussed above
( see Table 8-1 ). Type Server allows you to specify multiple servers of different types behind NAT to this machine. See section 8.4.3 below for some examples.
OPTION/EXAMPLE
One-to-One
Many-to-One
Many-to-Many Overload
One-to-One (range)
Server
No Change
Local IP
Start
End
Only local IP fields are N/A for Server ; Global IP fields
MUST be set for Server .
This is the starting local IP address (ILA).
This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the
End IP as 255.255.255.255. This field is N/A for Oneto-One and Server types.
0.0.0.0
255.255.255.255
Global IP
Start This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 in the Global IP Start field.
Note that Global IP Start can be set to 0.0.0.0 only if the types are Many-to-One or Server .
0.0.0.0
End This is the ending global IP address (IGA). This field is
N/A for One-to-One, Many-to-One and Server types.
172.16.23.55
For all Local and Global IPs, the End IP address must be numerically greater than the Start IP address.
8-8 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
8.3 NAT Server Sets
A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to the outside world. Menu 15.2 - NAT Server Sets is used to configure these servers.
8.3.1 Multiple Servers behind NAT
If you wish, you can make inside servers for different services, e.g., web or FTP, visible to the outside users, even though NAT makes your whole inside network appear as a single machine to the outside world. A service is identified by the port number, e.g., web service is on port 80 and FTP on port 21.
As an example (see the following figure), if you have a web server at 192.168.1.36 and an FTP server 192.168.1.33, then you need to specify for port 80 (web) the server at IP address 192.168.1.36 and for port 21 (FTP) and another at IP address 192.168.1.33.
Please note that a server machine can support more than one service, e.g., a machine can provide both FTP and
DNS service, while another provides only web service.
Figure 8-9 Multiple Servers Behind NAT
8.3.2 Configuring Inside Servers
Follow the steps below to configure a server behind NAT:
Step 1. Enter 15 in the main menu to go to Menu 15 - NAT Setup.
Step 2.
Step 3.
Enter 2 to go to Menu 15.2 - NAT Server Sets .
Enter the service port number in the Port # field and the inside IP address of the server in the IP Address field.
NAT 8-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuration after you define all the servers or press [ ESC] at any time to cancel. The most often used port numbers are shown in the following table.
Please refer to RFC 1700 for further information about port numbers. Please also refer to the included disk for more examples and details on NAT.
Menu 15.2 - NAT Server Sets
Port #
----
1. (Used by SUA)
IP Address
---------------
0.0.0.0
2.21
3.23
4.25
5.80
6. 0
7. 0
8. 0
9. 0
10. 0
192.168.255.1
192.168. 255.2
192.168. 255.3
192.168. 255.4
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 8-10 Menu 15.2 - NAT Server Setup
Table 8-6 Common Services & Port numbers
SERVICES
FTP (File Transfer Protocol)
PORT NUMBER
21
Telnet
SMTP (Simple Mail Transfer Protocol)
DNS(Domain Name System)
HTTP (Hyper Text Transfer protocol or WWW, Web)
PPTP (Point-to-Point Tunneling Protocol)
23
25
53
80
1723
8.4 Examples
8.4.1 Internet Access Only
In this Internet access example, you only need one rule where all the ILAs (Inside Local Addresses) map to one dynamic IGA (Inside Global Address) assigned by your ISP.
8-10 NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 8-11 NAT Example 1
Menu 4 - Internet Access Setup
ISP's Name= Hinet
Internet Access Interface= FlexWAN
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= No
Network Address Translation= None
My WAN Addr= N/A
Address Mapping Set= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 8-12 NAT Example for Internet Access
In Menu 4 choose the SUA Only option for the Network Address Translation field. This is a pre-configured
Many-to-One mapping discussed in section 8.1.4.
8.4.2 Example 2 - Internet Access with a Default Inside Server
Figure 8-13 NAT Example 2
NAT 8-11
Prestige 1400 WAN Router with Integrated Ethernet Switch
In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu 15.2
to specify the inside server behind the NAT as shown in the next figure. All incoming connections are forwarded to the default inside server at the IP address specified.
Menu 15.2 - NAT Server Sets
Port #
----
1. (Used by SUA)
IP Address
---------------
192.168.1.10
2. 0
3. 0
4. 0
5. 0
6. 0
7. 0
8. 0
9. 0
10. 0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 8-14 Specifying an Inside Sever
8.4.3 Example 3 - General Case
In this example, there are three IGAs from your ISP. There are many departments but two have their own FTP server. All departments share the same router. You want to reserve one IGA for each department with an FTP server and the other IGA is used by all. You want to map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA. You also want to map the third IGA to an inside web server and mail server. You need to configure four rules as follows.
Rule 1. You map the first IGA to the first inside FTP server ( 1: 1 mapping, giving both local and global IP addresses).
Rule 2.
Rule 3.
You map the second IGA to the second inside FTP server ( 1: 1 mapping, giving both local and global IP addresses).
You map all other addresses to IGA3 ( Many : 1 mapping).
Rule 4. You also use the third IGA to open the web server and mail server on the LAN. Type Server allows you to specify a server, of a given service behind NAT.
The situation looks somewhat like this:
8-12
Figure 8-15 NAT - Example 3
NAT
Step 1.
Step 2.
Prestige 1400 WAN Router with Integrated Ethernet Switch
You need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in Menu 4 or Menu
11.3).
Enter 15 from the main menu.
Step 3.
Step 4.
Step 5.
Enter 1 to configure the Address Mapping Sets.
Choose 1 to begin configuring this new set. Enter a Set Name , choose the Edit Action and then select 1 from Select Rule field. Press [ENTER] to confirm.
Select Type= as One-to-One and enter the Local IP: Start as 192.168.1.10 (the IP address of FTP
Server 1), the Global IP: Start as 10.132.50.1 (the first IGA). ( See Figure 8-16)
Step 6.
Step 7.
Repeat the previous step for rules 2 to 4 as outlined above.
When finished, Menu 15.1.1 should look like as shown in
The following figure shows how to configure the first rule.
Figure 8-17.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start= 192.168.1.10
End = N/A
Global IP:
Start= 10.132.50.1
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 8-16 Example 3 - Menu 15.1.1.1
When you have configured all four rules, Menu 15.1.1 should look as follows.
Menu 15.1.1 - Address Mapping Rules
Set Name= Example3
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- --------------- --------------- --------------- ------
1. 192.168.1.10 10.132.50.1 1-1
2 192.168.1.11 10.132.50.2 1-1
3. 0.0.0.0 255.255.255.255 10.132.50.3 M-1
4. 10.132.50.3 Server
5.
6.
7.
8.
9.
10.
Action= Edit Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Figure 8-17 Example 3 Final Menu 15.1.1
Now you configure IGA3 to map to the web and mail server on the LAN.
Step 8. Enter 15 from the main menu.
NAT 8-13
Prestige 1400 WAN Router with Integrated Ethernet Switch
Step 9. Enter 2 from this menu and configure it as shown in Figure 8-18 .
Menu 15.2 - NAT Server Sets
Port #
----
1. (Used by SUA)
IP Address
---------------
0.0.0.0
2.80
3. 25
4. 0
5. 0
6. 0
7. 0
8. 0
9. 0
10. 0
192.168.1.21
192.168.1.20
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 8-18 Example 3 - Menu 15.2
8.4.4 NAT Unfriendly Application Programs
Many applications, e.g., gaming programs, are NAT unfriendly because they embed addressing information in the data stream. In this case it is better to use the No Change NAT mapping type for computers running such applications behind NAT.
8.4.5 Applying NAT to the Ethernet Port
You can also apply NAT to an Ethernet port. This feature is useful when you connect a broadband device such as a
DSL modem or cable modem via an Ethernet port (1 – 14) for Internet Access – you do not have to make this port visible to the other ports using the VLAN configurator in this case. Configure NAT in menu 4 for this scenario.
Figure 8-19 Ethernet NAT
8-14 NAT
NAT
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 4 - Internet Access Setup
ISP's Name= Hinet
Internet Access Interface= Ethernet
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= No
Network Address Translation= Full Feature
My WAN Addr= 172.16.2.4
Address Mapping Set= 2
Press ENTER to Confirm or ESC to Cancel:
Figure 8-20 Applying NAT to an Ethernet Port
8-15
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 9
Filter Configuration
This chapter shows you how to create and apply filter(s).
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following figure.
Outgoing
Packet
Data
Filtering
No match
Match
Call Filtering
Built-in default
Call Filters
No match
Match
User-defined
Call Filters
(if applicable)
Match
No match
Active Data
Initiate call if line not up
Send packet and reset
Idle Timer
Drop packet
Drop packet if line not up
Or
Drop packet if line not up
Or
Send packet but do not reset
Idle Timer
Send packet but do not reset
Idle Timer
Figure 9-1 Outgoing Packet Filtering Process
The following sections describe how to configure filter sets. Please see the application notes for more information and examples on creating and configuring filters.
9.2
The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
The following diagram illustrates the logic flow when executing a filter rule.
Filter Configuration 9-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Fetch Next
Filter Set
Yes
Next Filter Set
Available?
No
Drop Packet
Filter Set
Start
Packet into filter
Fetch First
Filter Set
Fetch First
Filter Rule
Fetch Next
Filter Rule
Yes
Next filter
Rule
Available?
No No Active?
Yes
Execute
Filter Rule
Check
Next
Rule
Drop
Forward
Accept Packet
Figure 9-2 Filter Rule Process
9-2 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
9.3 Configuring a Filter Set
To configure a filter sets, follow the procedure below:
Step 1. Enter 21 from the main menu to open Menu 21 - Filter Set Configuration.
Menu 21 - Filter Set Configuration
2
3
4
5
6
Filter
Set #
------
1
Comments
------------------
______________
______________
______________
______________
______________
______________
Filter
Set #
------
7
8
9
10
11
12
Enter Filter Set Number to Configure=
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
Comments
------------------
______________
______________
______________
______________
______________
______________
Figure 9-3 Menu 21 - Filter Set Configuration
Step 2.
Step 3.
Step 4.
Enter the index of the filter set you wish to configure (no. 1-12) and press [ENTER] .
Enter a descriptive name or comment in the Edit Comments field and press [ ENTER ].
Press [ENTER] at the message “Press ENTER to confirm” to open Menu 21.1 - Filter Rules Summary.
Filter Configuration 9-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- ------ - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure: 1
Edit Comments= NetBIOS_WAN
Press ENTER to Confirm or ESC to Cancel:
Enter Filter Rule Number (1-6) to Configure:
Figure 9-4 Menu 21.1 - Filter Rules Summary
9.3.1 Filter Rules Summary Menu
These screens show a summary of the existing rules in an example filter set. The following tables contain a brief description of the abbreviations used in Menu 21.1
and Menu 21.2
.
#
A
Table 9-1 Abbreviations Used in the Filter Rules Summary Menu
ABBREVIATIONS DESCRIPTION DISPLAY
Refers to the filter rule number (1-6).
Refers to Active.
Type
“Y” means the filter rule is active.
“N” means the filter rule is inactive.
“IP” for TCP/IP
“Dev” for Device
Filter Rules
M m
Refers to the type of filter rule.
This shows IP for TCP/IP, and Device
The filter rule parameters are displayed here (see below).
Refers to More.
“Y” means an action can not yet be taken as there are more rules to check, which are concatenated with the present rule to form a rule chain.
When the rule chain is complete an action can be taken.
“N” means you can now specify an action to be taken i.e., forward the packet, drop the packet or check the next rule. For the latter, the next rule is independent of the rule just checked.
If More is Yes , then Action Matched and Action Not Matched will be N/A .
Refers to Action Matched.
“Y” means there are more rules to check.
“N” means there are no more rules to check.
“F” means to forward the
9-4 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
ABBREVIATIONS n
DESCRIPTION
“F” means to forward the packet immediately and skip checking the remaining rules if any.
Refers to Action Not Matched
“F” means to forward the packet immediately and skip checking the remaining rules if any.
DISPLAY packet.
“D” means to drop the packet.
“N” means check the next rule.
“F” means to forward the packet.
“D” means to drop the packet.
“N” means check the next rule.
The protocol dependent filter rules abbreviation are listed as follows:
If the filter type is IP, the following abbreviations listed in the following table will be used.
Table 9-2 Abbreviations Used If Filter Type Is IP
ABBREVIATION
Pr
SA
SP
DA
DP
DESCRIPTION
Protocol
Source Address
Source Port number
Destination Address
Destination Port number
If the filter type is Dev (device), the following abbreviations listed in the following table will be used.
Table 9-3 Abbreviations Used If Filter Type Is Dev
ABBREVIATION
Off
Len
Offset
Length
DESCRIPTION
Refer to the next section for information on configuring the filter rules.
9.4 Configuring a Filter Rule
To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ ENTER] to open
Menu 21.1.1
for the rule.
9.5 Filter Types and NAT
There are two classes of filter rules, Device rules and TCP/IP (protocol filter) rules. Device rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP packets. Device and TCP/IP filter rules are discussed in more detail in the next section. When NAT (Network Address Translation) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the “native” IP address and port number before NAT for outgoing packets and after NAT for incoming packets. On the other hand, the device
Filter Configuration 9-5
Prestige 1400 WAN Router with Integrated Ethernet Switch filters are applied to the raw packets that appear on the wire. They are applied at the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet port or any other hardware port. The following diagram illustrates this.
Figure 9-5 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same type, i.e., protocol filters or device filters. The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn you and will not allow you to save.
9.5.1 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open Menu
21.1.1 - TCP/IP Filter Rule , as shown next.
9-6 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 9-6 Menu 21.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
FIELD
Table 9-4 TCP/IP Filter Rule Menu Fields
DESCRIPTION
Filter #
Filter Type
Active
IP Protocol
IP Source
Route
Destination: IP
Addr
Destination: IP
Mask
Destination:
Port #
Destination:
Port # Comp
This is the filter set, filter rule co-ordinates, i.e.,
2,3 refers to the second filter set and the third filter rule of that set.
Press [SPACE BAR] to toggle between types of rules. Parameters displayed below each type will be different.
This field activates/deactivates the filter rule.
Protocol refers to the upper layer protocol, e.g.,
TCP is 6, UDP is 17 and ICMP is 1. This value must be between 0 and 255. Enter 0 if IP protocol is don’t care.
If Yes , the rule applies to packet with IP source route option; else the packet must not have source route option. The majority of IP packets do not have source route.
Enter the destination IP Address of the packet you wish to filter. This field is a ignored if it is 0.0.0.0.
Enter the IP subnet mask to apply to the
Destination: IP Addr.
To filter a single host, enter 255.255.255.255 as the mask.
Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535.
This field is ignored if it is 0.
Select the comparison to apply to the destination port in the packet against the value given in
OPTION
Device Filter Rule /
TCP/IP Filter Rule
Yes/No
0-255
Yes/No
0-65535
None/Less/Greater/E qual/Not Equal
Filter Configuration 9-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD
Source: IP
Addr
DESCRIPTION
Destination: Port #.
Enter the source IP Address of the packet you wish to filter. This field is a ignored if it is 0.0.0.0.
Source: IP
Mask
Enter the IP subnet mask to apply to the Source:
IP Addr.
Source: Port # Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is a ignored if it is 0.
Source: Port #
Comp
TCP Estab
More
Select the comparison to apply to the source port in the packet against the value given in Source:
Port #.
This field is applicable only when the IP Protocol field is 6, TCP. If Yes , the rule matches packets that want to establish a TCP connection (SYN=1 and ACK=0); else it is ignored.
If Yes , a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields.
If More is Yes , then Action Matched and Action
Not Matched will be N/A .
OPTION
0-65535
None/Less/Greater/E qual/Not Equal
Yes/No
Yes/N/A
Log Select the logging option from the following:
None - No packets will be logged.
Action Matched - Only packets that match the rule parameters will be logged.
Action Not Matched - Only packets that do not match the rule parameters will be logged.
Both - All packets will be logged.
Action Matched Select the action for a matching packet.
None
Action Matched
Action Not Matched
Both
Check Next Rule
Forward
Drop
Action Not
Matched
Select the action for a packet not matching the rule.
Check Next Rule
Forward
Drop
Once you have completed filling in Menu 21.1.1 - TCP/IP Filter Rule , press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary .
The next diagram illustrates the logic flow of an IP filter.
9-8 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Packet into IP Filter
Filter Active?
Yes
Apply SrcAddrMask to Src Addr
No
Check Src
IP Addr
Matched
Apply DestAddrMask to Dest Addr
Not Matched
Check Dest
IP Addr
Matched
Check
IP Protocol
Matched
Check Src &
Dest Port
Matched
Not Matched
Not Matched
Not Matched
More?
No
Action Matched
Yes
Check Next Rule
Check Next Rule
Action Not Matched
Drop Forward
Drop Forward
Drop Packet Check Next Rule
Figure 9-7 Executing an IP Filter
Accept Packet
9.5.2 Device Filter Rule
This section shows you how to configure a device filter rule. The purpose of device rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the TCP/IP rule directly.
For device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match.
The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, e.g., FFFFFFFF .
To configure a device rule, select Device Filter Rule in the Filter Type field and press [ ENTER ] to open Menu
21.1.1 - Device Filter Rule , as shown next.
Filter Configuration 9-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 21.1.1 - Device Filter Rule
Filter #: 1,1
Filter Type= Device Filter Rule
Active= No
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Figure 9-8 Menu 21.1.2 - Device Filter Rule
The following table describes the fields in the Device Filter Rule Menu.
Table 9-5 Device Filter Rule Menu Fields
FIELD
Filter #
DESCRIPTION
This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second filter set and the third filter rule of that set.
Filter Type Press [SPACE BAR] to toggle between types of rules.
Parameters displayed below each type will be different.
Active
Offset
OPTION
Device Filter
Rule /
TCP/IP Filter
Rule
Yes/No
0
(default)
Length
Mask
Value
More
Log
Select Yes to turn on the filter rule.
Enter the starting byte of the data portion in the packet that you wish to compare. The range for this field is from 0 to 255.
Enter the byte count of the data portion in the packet that you wish to compare. The range for this field is 0 to 8.
Enter the mask (in Hexadecimal) to apply to the data portion before comparison.
Enter the value (in Hexadecimal) to compare with the data portion.
If Yes , a matching packet is passed to the next filter rule before an action is taken; else the packet is disposed of according to the action fields.
If More is Yes , then Action Matched and Action Not
Matched will be N/A .
Select the logging option from the following:
None - No packets will be logged.
Action Matched - Only packets that match the rule parameters will be logged.
Action Not Matched - Only packets that do not match the rule parameters will be logged.
0
(default)
Yes / N/A
None
Action
Matched
Action Not
Matched
9-10 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD DESCRIPTION
Both - All packets will be logged.
OPTION
Both
Action
Matched
Action Not
Matched
Select the action for a matching packet.
Select the action for a packet not matching the rule.
Check Next
Rule
Forward
Drop
Check Next
Rule
Forward
Drop
Once you have completed filling in Menu 21.1.1 - Device Filter Rule , press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1 - Filter Rules Summary .
This section shows you where to apply the filter(s) after you design it (them).
You seldom need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reducing traffic and preventing security breaches. Go to Menu 3.1 - General Ethernet Setup (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 9-9 Filtering Ethernet Traffic
Filter Configuration 9-11
Prestige 1400 WAN Router with Integrated Ethernet Switch
9.6.2 Remote Node Filters
Go to Menu 11.1 - Remote Node Profile (shown next) and enter the number(s) of the filter set(s) as appropriate.
You can specify up to four filter sets by entering their numbers separated by commas.
Rem Node Name= ?
Active= Yes
Menu 11.1 - Remote Node Profile
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Input Filter Sets:
Protocol filters =
Device filters =
Output Filter Sets:
Protocol filters =
Device filters =
Enter filter sets here
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 9-10 Filtering Remote Node traffic
The Prestige supports the firmware and configuration files upload using FTP connections via LAN and WANs.
Therefore, it is possible that anyone can make an FTP connection over the Internet to your Prestige. To prevent outside users from connecting to your Prestige via FTP, you can configure a filter to block FTP connections from the WAN.
Before configuring a filter, you need to know the following information:
1.
The inbound packet type (protocol & port number) - in this case, it is TCP (06) protocol with port 20 or 21.
2.
The source IP address - in this case, to block all connections from the outside, the source IP is 0.0.0.0.
The destination IP address is the Prestige's IP address, but it is unknown when SUA is enabled since most WAN IP addresses are dynamically assigned by the ISP. Therefore, enter 0.0.0.0 as the destination IP in the filter rule. Once
0.0.0.0 is set as the destination IP, no FTP connections can reach the Prestige nor the FTP server on the LAN. For a
LAN-to-LAN connection, enter the Prestige's LAN IP as the destination IP in the filter rule. After you apply the
FTP filter to the remote node, it only blocks the FTP connection to the Prestige but still permits the FTP connection to the local FTP server.
9.7.1 Configuring a FTP_WAN Filter Rule
Create a filter set in Menu 21, e.g., set 2.
9-12 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 21 - Filter Set Configuration
2
3
4
5
6
Filter
Set #
------
1
Comments
------------------
NetBIOS_WAN
_____________
______________
______________
______________
______________
Filter
Set #
------
7
8
9
10
11
12
Enter Filter Set Number to Configure= 2
Edit Comments= FTP_WAN
Press ENTER to Confirm or ESC to Cancel:
Comments
------------------
______________
______________
______________
______________
______________
______________
Figure 9-11 FTP_WAN Filter Configuration
Create two filter rules in Menu 21.2.1 and Menu 21.2.2.
Rule 1- block the inbound FTP packet, TCP (06) protocol with port number 20
Menu 21.2.1 - TCP/IP Filter Rule
Filter #: 2,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 20
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 9-12 Filter Rule Configuration
Filter Configuration 9-13
Prestige 1400 WAN Router with Integrated Ethernet Switch
Rule 2- block the inbound FTP packet, TCP (06) protocol with port number 21
Menu 21.2.2 - TCP/IP Filter Rule
Filter #: 2,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 21
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 9-13 Filter Rule Configuration
Check if the filter rules have been correctly configured using the Menu 21.2
Menu 21.2 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- ------ - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=20 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D F
Enter Filter Rule Number (1-6) to Configure: 1
Edit Comments= FTP_WAN
Press ENTER to Confirm or ESC to Cancel:
Enter Filter Rule Number (1-6) to Configure:
Figure 9-14 FTP_WAN Filter Rules Summary
Note: Please refer to the Support Notes for more examples.
9-14 Filter Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Apply the filter set in Menu 11. 1 - Remote Node Profile. Put the filter set number 2 to the Input Filter Sets:
Protocol Filters to activate the FTP_WAN filter.
Rem Node Name= ?
Active= Yes
Menu 11.1 - Remote Node Profile
Edit PPP Options= No
Rem IP Addr= ?
Edit IP = No
Outgoing:
My Login= ?
My Password= ********
Authen= CHAP/PAP
Input Filter Sets:
Protocol filters = 2
Device filters =
Output Filter Sets=
Protocol filters =
Device filters =
Press ENTER to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 9-15 Remote Node Profile
Filter Configuration 9-15
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 10
SNMP Configuration
This chapter explains how to configure SNMP.
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. The
Prestige supports SNMP version one (SNMPv1).
Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige.
The next figure illustrates an SNMP management operation.
Figure 10-1 SNMP Management Model
An SNMP managed network consists of two main components: agents and a manager.
An agent is a management software module that resides in a managed device (the Prestige). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions. It executes applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A
Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.
SNMP Configuration 10-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations:
♦
Get
Allows the manager to retrieve an object variable from the agent.
♦
GetNext
Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
♦
Set
Allows the manager to set values for object variables within an agent.
♦
Trap
Used by the agent to inform the manager of some events.
10.2 Supported MIBs
The Prestige supports MIB II that is defined in RFC-1213 and RFC-1215. The Prestige can also respond with specific data from the ZyXEL private MIB (ZYXEL-MIB). The focus of the MIBs is to let administrators collect statistic data and monitor status and performance.
The only implement MIBs in the Prestige as a SNMP agent. Users must implement their own GUI on SNMP platform (SNMP manager).
To configure SNMP, select option 22 from the main menu to open Menu 22 - SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP’s terminology for password.
10-2 SNMP Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Hgst= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 10-2 Menu 22 - SNMP Configuration
The following table describes the SNMP configuration parameters.
Table 10-1 SNMP Configuration Menu Fields
FIELD
Get Community
Set Community
Trusted Host
DESCRIPTION
Enter the Get Community, which is the password for the incoming Get- and GetNext- requests from the management station.
Enter the set community, which is the password for incoming Set requests from the management station.
If you enter a trusted host, your Prestige will only respond to
SNMP messages from this address. If you leave the field blank (default), your Prestige will respond to all SNMP messages it receives, regardless of source.
OPTION
Public
Public
Blank
Trap: Community Enter the trap community, which is the password sent with each trap to the SNMP manager.
Trap: Destination Enter the IP address of the station to send your SNMP traps to.
Public
Blank
Once you have completed filling in Menu 22 - SNMP Configuration , press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] to cancel.
P1400 will send traps to the SNMP manager when any one of the following events occurs:
1. coldStart ( defined in RFC-1215 ) :
When the machine coldstarts, a trap will be sent after booting (power on).
2. warmStart ( defined in RFC-1215 ) :
When the machine warmstarts, a trap will be sent after booting (software reboot).
3. linkDown ( defined in RFC-1215 ) :
When any of the links are down, a trap will be sent with the port number. The port number is its interface index under the interface group.
Port 1 : Ethernet LAN
SNMP Configuration 10-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Port 2 : PVC 1
Port 3 : PVC 2
Port 4 : PVC 3
Port 5 : xDSL 1
Port 6 : xDSL 2
…
Port 36 : xDSL 32 xDSL refers to the type of network module installed, i.e., ADSL, IDSL, SDSL.
4. linkUp ( defined in RFC-1215 ) :
When a link is up, the trap will be sent with the port number . The port number is its interface index under the interface group.
5. authenticationFailure ( defined in RFC-1215 ) :
When receiving any SNMP get or set requirement with wrong community (password), this trap is sent to the manager.
6. whyReboot ( defined in ZYXEL-MIB ) :
When the system is going to restart (warmstart), a trap will be sent with the reason of restart before rebooting.
a. For intentional reboot :
In some cases (download new files, CI command "sys reboot", …), reboot is done intentionally. When this happens, traps with the message "System reboot by user !" will be sent.
b. For fatal error :
If the system reboots because of some fatal errors, traps with the message of the fatal code will be sent.
10-4 SNMP Configuration
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 11
System Password
This chapter shows you how to change the default system password.
The first step towards ensuring security is changing your system password from the default value to your personal password.
11.1 Changing the System Password
To change the system password, following steps below:
Step 1. Select option 23 in the main menu to open Menu 23 - System Security as shown in Figure 11-1.
Menu 23 - System Security
1.
Change Password
Enter Menu Selection Number:
Step 2.
Step 3.
Figure 11-1 Menu 23 - System Security
From the System Security Menu, select option 1 to open Menu 23.1 - System Security - Change
Password .
Enter your existing system password and press [ENTER].
Menu 23.1 - System Security - Change Password
Old Password= ********
New Password= ********
Retype to confirm= ********
Enter here to CONFIRM or ESC to CANCEL:
Step 4.
Step 5.
Figure 11-2 Menu 23.1 - System Security - Change Password
Enter your new system password and press [ENTER] .
Re-type your new system password for confirmation and press [ENTER] .
As you enter the password, the screen displays an (*) for each character you type.
System Password 11-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 12
Remote Management
This chapter discusses Telnet and remote management of the Prestige using NAT.
12.1 Flexible Network Management
Your Prestige offers you a variety of options for network management. It supports password protected local and remote menu-driven network management via the console port or a telnet connection. It also supports SNMP
(Simple Network Management Protocol).
Before the Prestige is properly setup for TCP/IP, the only option for configuring it is through the console port.
Once your Prestige is configured, you can use telnet to configure it remotely. If you cannot telnet to your Prestige, you can configure your Prestige via a modem connected to the console port over a phone line as shown in the next figure.
Figure 12-1 Remote Management
Telnet directly to the Prestige using your computer’s telnet client. For example on a PC, type: telnet < machine WAN IP address> (where “ machine WAN IP address” is a real IP address.)
Remote Management 12-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
12.3 Telnet Behind NAT
When NAT is enabled and an inside server is specified, telnet connections from the outside will be forwarded to the inside server. So to configure the Prestige via telnet from the outside, you must first telnet to the inside server, and then telnet from the server to the Prestige using its inside LAN IP address.
Only one connection can be active at any given time. The console port connection has precedence.
Remote users cannot telnet in when the local administration is logged in.
12.4.1 Single Administrator
To prevent confusion and discrepancy on the configuration, your Prestige allows only one administrator to log in at any time. Your Prestige also gives priority to the console port over telnet. If you have already connected to your
Prestige via telnet, you will be logged out if another user logs in to the Prestige via the console port.
12.4.2 System Timeout
There is a system timeout of 5 minutes (300 seconds) for either the console port or telnet. Your Prestige will automatically log you out if you do nothing in this timeout period, except when it is continuously updating the status in Menu 24.1.1, 24.1.2 and 24.1.3.
12.5 Remote Management Through NAT
The powerful NAT features allow you to manage multiple switches behind NAT. The switches may not have
Telnet clients, but may be managed using a web browser or SNMP.
12-2
Figure 12-2 Remote Management Via NAT
Remote Management
Prestige 1400 WAN Router with Integrated Ethernet Switch
The ISP gives you IP addresses of a.b.c.1 to a.b.c.5. The corresponding private IP addresses are 192.168.1.1 to
192.168.1.5 inclusive. We wish to map public IP addresses a.b.c.2 to a.b.c.5 to the phoneline switches.
“a.b.c.digit” represents a real, public IP address - alphabetical characters cannot be accepted as parts of an IP address.
12.5.1 Procedure to Set Up NAT for Remote Management
Step 1. Pick an available NAT set from Menu 15.1. Let’s say set 1 is available.
Menu 15.1 - Address Mapping Sets
1. NAT_SET1
2. NAT_SET2
3. NAT_SET3
4. NAT_SET4
255. SUA (read only)
Step 2.
Figure 12-3 Pick An Address Mapping Set
Go to Menu 15.1.1.1 ( see the NAT chapter for details) and configure the screen as shown.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One (range)
Local IP:
Start= 192.168.1.2
End = 192.168.1.5
Global IP:
Start= a.b.c.2
End = a.b.c.5
Press ENTER to Confirm or ESC to Cancel:
Step 3.
Figure 12-4 Address Mapping Rule
After you configure this screen, press [ ENTER] to go back to this screen.
Remote Management 12-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET1
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- --------------- --------------- --------------- ------
1. 192.168.1.2 192.168.1.5 a.b.c.2 a.b.c.5 1-1 Ra
2.
3.
4.
5.
6.
7.
8.
9.
10.
Action= Edit Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Step 4.
Figure 12-5 Address Mapping Rule Summary
Save the rule back to the Prestige, then go to Menu 4 to apply this newly configured set.
Menu 4 - Internet Access Setup
ISP's Name= Hinet
Internet Access Interface= Ethernet
Ethernet:
Local IP Addr= N/A
Subnet Mask= N/A
Gateway IP Addr= N/A
FlexWAN:
My Login=
My Password= ********
Edit Frame Relay Options= No
Network Address Translation= Full Feature
My WAN Addr= 172.16.2.4
Address Mapping Set= 1
Press ENTER to Confirm or ESC to Cancel:
Step 5.
Figure 12-6 Apply the New NAT Set
You can now test the rule by typing IP address “a.b.c.2” in your web browse to view phoneline Switch
1’s web configurator.
12-4 Remote Management
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 13
System Information and Maintenance
This chapter provides information about the diagnostic tools that help you maintain your Prestige.
The diagnostic tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Information about upgrades is provided in the Configuration & Firmware Maintenance chapter .
Select menu 24 in the main menu to open Menu 24 - System Maintenance , as shown below.
Menu 24 - System Maintenance
1. System Status
2. System Information and Console Port Speed
3. Log and Trace
4. Diagnostic
5. Backup Configuration
6. Restore Configuration
7. Upload Firmware
8.
Command Interpreter Mode
9.
Time and Date Setting
Enter Menu Selection Number:
Figure 13-1 Menu 24 - System Maintenance
The first selection, System Status, gives you the status and statistics of the ports, as shown below. System Status is a tool that can be used to monitor your Prestige. Specifically, it gives you information on the WAN port and the network module status, number of packets sent and number of packets received.
To get to System Status, select number 24 to go to Menu 24 - System Maintenance. From this menu, select 1 .
System Information and Maintenance 13-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 24.1 – System Maintenance - Status
1.
WAN/LAN Status
5.
Route Status
Press ENTER to Confirm or ESC to Cancel:
Figure 13-2 Menu 24.1 - System Maintenance - Status
13.1.1 WAN/LAN Status
Type 1 in Menu 24.1
to enter Menu 24.1.1
for detailed WAN/LAN Status.
Status
Down
Menu 24.1.1 -- System Maintenance – WAN/LAN Status (MyPrestig)
TXPkts
0
RXPkts
0
Errs
0
Tx(Byte/s)
0
WAN IP Addr:
Ethernet :
Status: 100M/Half Duplex
TX Pkts: 52
RX Pkts: 537
Collisions: 0
Rx(Byte/s)
0
System Up Time:
Up Time
0:00:00
28:22:19
Current Time: 04:22:29
Current Date: Thu. Nov. 23, 2000
Press Command:
COMMANDS: a-Reset All Counters d-Drop ESC-Exit
Figure 13-3 Menu 24.1.1 - WAN/LAN Status
The following table describes the fields present in Menu 24.1.1 - System Maintenance - WAN/LAN Status .
Status
FIELD
TXPkts
RXPkts
Err(or)s
Tx (Byte / s)
Rx (Byte / s)
Up Time
WAN IP Addr
Table 13-1 System Maintenance - Status Menu Fields
DESCRIPTION
The status of the WAN port.
The number of transmitted packets on this port.
The number of received packets on this port.
The number of error packets on this port.
The number of bytes transmitted in the last second.
The number of bytes received in the last second.
Elapsed time this port has been up.
Shows the IP address of the WAN port.
13-2 System Information and Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD
System Up Time
Current Time
Current Date
DESCRIPTION
Displays the total elapsed time your system has been running.
Displays the current time according to how you have the time set in
Menu 24.9 - System Maintenance - Time and Date Setting.
Displays the current date according to how you have the date set in
Menu 24.9 - System Maintenance - Time and Date Setting.
Ethernet
Status Shows the current speed and duplex mode of the LAN.
TX Pkts The number of transmitted packets to LAN.
RX Pkts The number of received packets from LAN.
Collisions Number of collisions on the Ethernet.
You see the next 24.1.1 screen when you have frame relay configured. DLCI, Port and the WAN IP address are shown for each PVC configured.
Menu 24.1.1 - System Maintenance - Status
DLCI Index TXPkts RXPkts Errs Tx(Byte/s) Rx(Byte/s) Up Time
16 1 6 6 0 0 0 0:02:23
17 2 6 6 0 0 0 0:02:23
18 3 6 6 0 0 0 0:02:23
PVC 1 IP Addr: 182.168.10.1 System Up Time: 0:39:29
PVC 2 IP Addr: 192.168.11.1 Current Time: 01:07:01
PVC 3 IP Addr: 192.168.12.1 Current Date: Thu. Nov. 23, 2000
Ethernet:
Status: Down
TX Pkts: 0
RX Pkts: 0
Collisions: 0
COMMANDS: b-Drop PVC1 c-Drop PVC2 d-Drop PVC3 a-Reset Counters ESC-Exit
Figure 13-4 Menu 24.1.1 With Frame Relay Configured
DLCI
FIELD
Index
PVC 1, 2, 3 IP Addr
Table 13-2 Menu 24.1.1 With Frame Relay Configured
DESCRIPTION
This field shows you the DLCI (data link connection identifier) for the virtual circuit.
This is the virtual circuit index number.
This displays the IP address of the respective virtual circuit.
13.1.2 Route Status
Enter 5 in menu 24.1 to bring up the following screen showing detailed information on the status of the router.
System Information and Maintenance 13-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
Dest
192.168.1.0
default
FF
00
01
Press Enter to Exit:
Len
24
0
Device Gateway enet0
Idle
192.168.1.1
Scone
Metric
1
2
stat
041b
002b
Timer
0
0
Use
0
0
Figure 13-5 Menu 24.1.5 - Router Status
FIELD
Dest
FF
Len
DESCRIPTION
This is the destination IP address.
This is for ZyXEL internal debugging.
This is the length of the subnet mask (24 bits = 255.255.255.0).
Device This is the physical device. Enet0 is Ethernet.
Gateway This is the gateway IP address or the remote node name.
Metric
Stat
Timer
The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks.
This is the bitmap flags of the route status.
Use
This is the time left to route expiry. “0” means there is no expiry time, i.e., an infinite timeout.
This shows how many times the route has been used.
Step 1
Step 2
Select option 24 from the main menu to open Menu 24 - System Maintenance .
From Menu 24, select option 2 then select the first option from Menu 24.2 to view Menu 24.2.1.
Menu 24.2.1 - System Maintenance - Information
Name: MyPrestige
Routing: IP
ZyNOS S/W Version: V3.20(X.01)b02
LAN :
Ethernet Address: 00:a0:c5:30:00:b0
IP Address: 192.168.250.1
IP Mask: 255.255.255.0
Press ESC or RETURN to Exit:
Figure 13-6 Menu 24. 2.1 - System Maintenance Information
The following table describes the fields in this menu.
Name
FIELD
Routing
Table 13-3 Fields in System Maintenance
DESCRIPTION
Displays the system name of your Prestige. This information can be modified in Menu 1 - General Setup .
Refers to the routing protocol enabled.
13-4 System Information and Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
FIELD
ZyNOS S/W
Version
Refers to the ZyXEL Network Operating System software version.
DESCRIPTION
LAN:
Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.
IP Address This is the IP address of the Prestige in dotted decimal notation.
IP Mask This shows the subnet mask of the Prestige.
13.2.1 Console Port Speed
You can change the console port speeds through Menu 24.2.2 - Console Port Speed . Your Prestige supports 9600
(default), 19200, 38400, 57600, and 115200bps for the console port. Press [SPACE BAR] to select the desired speed in Menu 24.2.2, as shown next.
Select option 24 from the main menu to open Menu 24 - System Maintenance . From Menu 24, select option 2 then select the second option from Menu 24.2 to display Menu 24.2.2 - System Maintenance - Change Console
Port Speed.
Menu 24.2.2 – System Maintenance – Change Console Port Speed
Console Port Speed: 115200
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 13-7 Menu 24.2.2 - System Maintenance - Change Console Port Speed
13.3 Log and Trace
There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally.
The second is the UNIX syslog facility for message logging.
13.3.1 Viewing Error Log
The first place you should look for clues when something goes wrong is the error/trace log. Follow the procedure below to view the local error/trace log:
Step 1
Step 2
Select option 24 from the main menu to open Menu 24 - System Maintenance .
From Menu 24, select option 3 to open Menu 24.3 - System Maintenance - Log and Trace .
Step 3
Step 4
Select the first option from Menu 24.3 - System Maintenance - Log and Trace to display the error log in the system.
After the Prestige finishes displaying, you will have the option to clear the error log.
System Information and Maintenance 13-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
Examples of typical error and information messages are presented in the figure below.
0 1073808110 PINI INFO SMT Session Begin
1 1073808353 PP09 ERROR netMakeChannDial: err=-3001 rn_p=68fb0c
2 1073808416 PINI ERROR Last errorlog repeat 1 Times
3 1073808416 PINI INFO SMT Session End
4 1073808564 PP09 ERROR netMakeChannDial: err=-3001 rn_p=68fb0c
5 1073808799 PINI INFO SMT Session Begin
6 1073808831 PP09 WARN rt_drop: target = c0a80101 nmask=32 code=05
7 1073808864 PINI INFO SMT Session End
8 1073808927 PP0c -WARN SNMP TRAP 1: warm start
9 1073809498 PINI INFO IDSL port configuration start
10 1073809498 PINI INFO Board 0 Channel 0 config ok
11 1073809498 PINI INFO Board 0 Channel 1 config ok
12 1073809498 PINI INFO Board 0 Channel 2 config ok
13 1073809498 PINI INFO Board 0 Channel 3 config ok
14 1073809498 PINI INFO Board 0 Channel 4 config ok
15 1073809498 PINI INFO Board 0 Channel 5 config ok
16 1073809498 PINI INFO Board 0 Channel 6 config ok
Clear Error Log (y/n):
Figure 13-8 Examples of Error and Information Messages
13.3.2 Syslog And Accounting
The Prestige uses the UNIX syslog facility to log system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog and Accounting , as shown next.
Menu 24.3.2 -- System Maintenance - Syslog and Accounting
Syslog:
Active= No
Syslog IP Address= ?
Log Facility= Local 1
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 13-9 Syslog and Accounting
You need to configure the following three parameters described in the table below to activate syslog.
Table 13-4 System Maintenance Menu Syslog Parameters
PARAMETER
Active
Syslog IP
Address
Log Facility
DESCRIPTION
Press [SPACE BAR] to turn on or off syslog.
Enter the IP Address of your syslog server.
Press [SPACE BAR] to toggle between the 7 different
Local options. The log facility allows you to log the message in different files in the server. Please refer to your UNIX manual for more detail.
Note: If you want to use Syslog on a Windows 95,98 or NT system, you must install a Syslog client.
13-6 System Information and Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
13.4 Diagnostic
The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown next. “xDSL” refers to the network module type, i.e., ADSL, IDSL or SDSL.
Menu 24.4 - System Maintenance – Diagnostic
System
21. Reboot System
22. Command Mode
TCP/IP
12. Ping Host
Enter Menu Selection Number:
Host IP Address= N/A
Figure 13-10 Menu 24.4 - System Maintenance - Diagnostic
Follow this procedure to get to the Diagnostic screen.
Step 1 From the main menu, select option 24 to open Menu 24 - System Maintenance .
Step 2 From this menu, select option 4 . This will open Menu 24.4 - System Maintenance - Diagnostic .
The following table describes the diagnostic tests available in Menu 24.4
for your Prestige and the connections.
FIELD
Reboot System
Command Mode
Ping Host
Host IP Address
Table 13-5 System Maintenance Menu Diagnostic
DESCRIPTION
This option reboots the Prestige.
This option allows you to diagnose and test your Prestige using a specified set of commands.
This diagnostic test pings the host, which determines the functionality of the TCP/IP protocol on both systems and the links in between.
Enter the host IP address.
13.5 Boot Module Commands
System Information and Maintenance 13-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
Prestige boot module commands are shown below. For ATBAx, x denotes the number preceding the colon to give the speed following the colon in the list of numbers that follows; e.g. ATBA3 will give a baud of 9.6 Kbps. ATSE displays the seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH command shows product related information such as boot module version, vendor name, product model, RAS code revision, etc.
======= Debug Command Listing ======= athe
======= Debug Command Listing =======
AT just answer OK
ATHE print help
ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k
4:57.6k 5:115.2k
ATENx(,y) set BootExtension Debug Flag (y=password)
ATSE show the seed of password generator
ATTI(h,m,s) change system time to hour:min:sec or show current time
ATDA(y,m,d) change system date to year/month/day or show current date
ATDS dump RAS stack
ATDT dump Boot Module Common Area
ATDUx,y dump memory contents from address x for length y
ATRBx display the 8-bit value of address x
ATRBx display the 8-bit value of address x
ATRWx display the 16-bit value of address x
ATRLx display the 32-bit value of address x
ATGOx run program at addr x or boot ZyNOS
ATGR boot ZyNOS
ATGT run Hardware Test Program
ATRTw,x,y(,z) RAM Test level w, from address x to y (z iterations)
ATCB copy from FLASH ROM to working buffer
ATSH dump manufacturer related data in ROM
ATDOx,y download from address x for length y to PC via XMODEM
ATTD download configuration to PC via XMODEM
< press any key to continue >
ATUR upload RAS code to flash ROM
ATUR3 upload RAS configuration file
ATLC upload RAS configuration file
ATLOa,b,c,d Int/Trap Log Cmd
ATGM boot ZyNOS in main block
ATGB boot ZyNOS in backup block
ATUM upload RAS code to main block
ATUB upload RAS code to backup block
ATSW switch main block and backup block
Figure 13-11 Boot Module Commands
13.6 Command Interpreter Mode
This option allows you to enter the command line interpreter mode. The list of valid commands can be found by typing help or ? at the command prompt. To exit the CI mode and return to the menu mode, type exit.
For more detailed information, refer to the list of CI commands appended at the end of this guide, check the ZyXEL
Web site.
13-8 System Information and Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
Enter Menu Selection Number: 8
Copyright (c) 2001 ZyXEL Communications Corp.
MyPrestig> ?
Valid commands are: sys exit device ether wan frelay config ip ppp hdap
MyPrestig>
Figure 13-12 Command Mode
13.7 Time and Date Setting
The Prestige has a battery powered real time clock. Set the time and date of your Prestige in Menu 24.9.
Real time is then displayed in the Prestige error logs and firewall logs.
Menu 24.9 - System Maintenance - Time and Date Setting
Current Time:
New Time (hh:mm:ss):
Current Date:
New Date (yyyy-mm-dd):
00 : 00 : 00
18 : 53 : 58
2000 - 11 - 23
2000 - 11 - 23
Figure 13-13 System Maintenance - Time and Date Setting
Table 13-6 Time and Date Setting Fields
DESCRIPTION FIELD
Current Time:
New Time Enter the new time in hour, minute and second format.
Current Date:
New Date Enter the new date in year, month and date format.
Once you have filled in the new time and date, press [ENTER] to save the setting and press [ESC] to return to Menu 24.
System Information and Maintenance 13-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 14
Configuration & Firmware Maintenance
This chapter describes how to backup and restore your configuration file as well as upload new firmware and a new configuration file.
14.1 Filenames
The configuration file contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP
Setup etc. It arrives from ZyXEL named “prestige.rom” or something similar. Once you have customized the
Prestige's settings, they can be saved back to your computer under a filename of your choosing. Choose something meaningful, e.g., “prestige.cfg”. Rename it as “rom-spt” or “rom-0” when transferring files to the Prestige.
Renaming is not necessary if you transfer files using the XMODEM protocol.
The ZyNOS firmware file (sometimes referred to as the ras file) is the file that contains the ZyXEL Network
Operating System firmware and is usually named the router model name with a “bin” extension, e.g.,
“prestige.bin”. Rename it as “ras-m” or “ras-b” when uploading to the Prestige main block and backup block respectively using TFTP or FTP. With serial (Xmodem) transfer and many ftp and tftp clients, the filenames on the computer are your choice.
ftp> put prestige.bin ras
This is a sample ftp session showing the transfer of the "prestige.bin" file on your computer to the Prestige.
ftp> get rom-0 prestige.cfg
This is a sample ftp session saving the current configuration to the “prestige.cfg” file on your computer.
If your (t)ftp client does not allow a destination filename different from the source, then you will need to rename them. Be sure you keep unaltered copies of both files for later use.
Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, i.e., on your workstation, local network or ftp site and so the name (but not the extension) will vary.
Always refer to Menu 24.2.1 to verify your current firmware version.
Configuration & Firmware Maintenance 14-1
Prestige 1400 WAN Router with Integrated Ethernet Switch
Password:
230 Logged in ftp> dir
External
Filename
200 Port command okay
150 Opening data connection for LIST
--w--w--w- 1 owner group 885146 Jul 01 12:00 ras
--w--w--w- 1 owner group 885146 Jul 01 12:00 ras-m
--w--w--w- 1 owner group 885570 Jul 01 12:00 ras-b
-rw-rw-rw- 1 owner group 131072 Jul 01 12:00 rom-spt
--w--w--w- 1 owner group 327680 Jul 01 12:00 rom-0
226 File sent OK ftp: 325 bytes received in 0.00Seconds 325000.00Kbytes/sec.
ftp> put prestige.rom rom-0
200 Port command okay
150 Opening data connection for STOR rom-0
Internal
Filenames
226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
ftp quit
INTERNAL
FILENAME rom-spt rom-0 ras ras-m ras-b
Figure 14-1 Internal and External Filenames
Table 14-1 Filenames
DESCRIPTION EXTERNAL
FILENAME
*.rom
The rom-spt file is the user configuration file. It contains your password, Prestige configurations such as IP addresses, Remote Node settings, etc.
The rom-0 configuration file is the entire factory configuration file. It includes rom-spt, default settings, file system, log, etc.
Uploading the rom-0 file replaces the entire ROM file system, including your
Prestige configurations, system-related data (speed of the console port and default password etc.), the error log and the trace log.
This is the firmware filename.
This is the router firmware filename on the Prestige when you transfer a file to the main block.
This is the router firmware filename on the Prestige when you transfer a file to the backup block.
*.rom
*.bin
*.bin
*.bin
FTP COMMAND
EXAMPLE get rom-spt (backup) put rom-spt (restore) put prestige.rom rom-0
(upload) put prestige.bin ras-m
(upload) put prestige.bin ras-b
(upload)
14-2 Configuration & Firmware Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
14.2.1 Backup using FTP
To transfer the configuration file using FTP to your workstation, follow the instructions as shown in the following screen. See also the FTP example later in this chapter. For details on FTP commands, please consult the documentation of your FTP client program.
Menu 24.5 – Back up Configuration
To transfer the configuration file to your workstation, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your SMT password as requested.
3.
Locate the “rom-spt” file.
4.
Type “get rom-spt” to back up the current Prestige configuration to your workstation.
For details on FTP commands, please consult the documentation of your FTP client program.
For details on backup using TFTP (note that you must remain in menu 24.5 to back up using
TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 14-2 Menu 24.5 as seen using Telnet
14.2.2 Backup using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the configuration file, follow the procedure below:
Step 1. Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Step 2. Put the SMT in Command Interpreter (CI) mode by entering 8 in Menu 24 - System Maintenance .
Step 3.
Step 4.
Step 5.
Step 6.
Type command sys stdio 0 to disable the SMT timeout, so the TFTP transfer will not be interrupted. Type command sys stdio 5 to restore the five-minute SMT timeout (default) when the file transfer is complete.
Launch the TFTP client on your workstation and connect to the Prestige.
Go to SMT menu 24.5. You must remain in this menu until backup is complete.
Use the TFTP client to transfer files between the Prestige and the workstation. The file name for the configuration file is “rom-spt”.
The telnet connection must be active before and during TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
14.2.3 Backup using the Console Port
Option 5 from Menu 24 - System Maintenance allows you to save the current Prestige configuration file to your computer. Backup is highly recommended once your Prestige is functioning properly.
Configuration & Firmware Maintenance 14-3
Prestige 1400 WAN Router with Integrated Ethernet Switch
You can perform the backup either through FTP or TFTP (preferred methods as they are faster) or through the RS-
232 console port (if the network is down). For backup via the console port any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload.
Menu 24.5 – Backup Configuration
FTP or TFTP are the preferred methods for backing up the current Prestige configuration to your workstation since FTP or TFTP is faster.
Ready to back up Configuration via Xmodem.
Do you want to continue (Y/N):
Step 1.
Step 2.
Step 3.
Figure 14-3 Menu 24.5 - Menu 24.5 as seen using the Console Port
Go to menu 24.5.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
Click Transfer in the HyperTerminal menu bar, then Receive File from the drop-down menu to display the following screen. Follow the instructions as shown in the next screen.
Finally, press
Receive .
Enter where you want to place the configuration file on your computer.
Choose the
Xmodem
Protocol.
Step 4.
Figure 14-4 Backup Example Using HyperTerminal
After a successful backup, you will see the following screen.
** Backup Configuration completed. OK.
### Hit any key to continue.###
Figure 14-5 Successful Backup Confirmation Screen
Option 6 from Menu 24 - System Maintenance allows you to restore the current workstation backup configuration to your Prestige.
14.3.1 Restore using FTP
To transfer your current workstation configuration to your Prestige, follow the instructions as shown in the following screen. See also the FTP example later in this chapter. For details on FTP commands, please consult the documentation of your FTP client program.
14-4 Configuration & Firmware Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 24.6 – Restore Configuration using FTP
To transfer your current workstation configuration to your Prestige, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your SMT password as requested.
3.
Type “put backupfilename rom-spt” where “backupfilename” is the name of your backup configuration file on your workstation and “rom-spt” is the remote file name on the
Prestige. This restores the configuration to your Prestige.
4.
The system reboots automatically after a successful file transfer.
For details on FTP commands, please consult the documentation of your FTP client program. For details on restoring using TFTP (note that you must remain in menu 24.6
to restore using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 14-6 Menu 24.6 as seen using Telnet
14.3.2 Restore using TFTP
Even though TFTP should work over WAN as well, it is not recommended. To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the configuration file, follow the procedure below. See also the
TFTP example later in this chapter. Follow steps 1 to 4 as outlined previously in 14.2.2, then continue with the steps below.
Step 1.
Step 2.
Step 3.
Go to SMT menu 24.6. You must remain in this menu until file transfer is complete.
Use the TFTP client to transfer files between the Prestige and the workstation. The remote file name on the Prestige is “rom-spt”.
The system reboots automatically after the file transfer process is complete.
The telnet connection must be active before and during TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
14.3.3 Restore using the Console Port
You can restore the backup configuration on your computer either through FTP or TFTP (preferred methods as they are faster) or through the RS-232 console port (if the network is down). To restore via the console port any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload. The system reboots automatically after the file transfer process is complete.
Menu 24.6 - Restore Configuration
FTP or TFTP are the preferred methods for restoring your current workstation configuration to your Prestige since FTP or TFTP is faster. Please note that the system reboots automatically after the file transfer process is complete.
Ready to Restore Configuration via Xmodem.
Do you want to continue (Y/N):
Step 1.
Step 2.
Figure 14-7 Menu 24.6 as seen using the Console Port
Go to menu 24.6.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
Configuration & Firmware Maintenance 14-5
Prestige 1400 WAN Router with Integrated Ethernet Switch
Step 3. Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Step 4.
Step 5.
Enter the configuration filename on your computer.
Choose the Xmodem Protocol.
Step 6.
Step 7.
Finally, press Send .
After a successful restoration you will see the following screen.
Save to ROM
Hit any key to start system reboot.
Figure 14-8 Successful Restoration Confirmation Screen
Option 7 from Menu 24 - System Maintenance takes you to Menu 24.7 - System Maintenance - Upload
Firmware which allows you to upgrade the firmware. You can upgrade the firmware either through FTP or TFTP
(preferred methods as they are faster) or through the RS-232 console port (if the network is down). The system reboots automatically after the file transfer process is complete.
The Prestige P1400 internal filenames are ‘ras-m’ (main block) and ‘ras-b’ (backup block).
Menu 24.7 -- System Maintenance - Upload Firmware
1.
Upload ZyNOS Code
2.
Upload Router Configuration File
Enter Menu Selection Number:
Figure 14-9 Menu 24.7 - System Maintenance - Upload Firmware
14.4.1 Dual Firmware Block Structure
The Prestige employs a “dual firmware block structure” where one block is called the “main block” and the other block is called the “backup block”. The benefits of this approach are:
You can save the current firmware into the backup block before you upload new firmware. If the new firmware has problems, you may either revert to the old working firmware by using the “ATSW” command under Boot
Extension or selectively run the old firmware in the backup block by using the “ATGB” command under Boot
Extension.
If the firmware in the main block gets corrupted for some reason, the Prestige will try to boot from the backup block automatically.
14.4.2 Upload Prestige Firmware using FTP
To transfer the firmware, follow the instructions as shown in the following screen (Menu 24.7.1 using Telnet).
14-6 Configuration & Firmware Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 24.7.1 – Upload ZyNOS code using FTP
To upload the router firmware, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your SMT password as requested.
3.
Type “put firmwarefilename ras-m” where “firmwarefilename” is the name of your firmware upgrade file on your workstation and “ras-m” is the remote file name on the Prestige. Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the main block or “ras-b” if you want to upload firmware into the backup block.
4.
The system reboots automatically after a successful firmware upload.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain in menu 24.7.1 to upload router firmware using TFTP), please see the
Prestige manual.
Press ENTER to Exit:
Figure 14-10 Menu 24.7.1 as seen using Telnet
14.4.3 Example - Using the FTP command from the DOS Prompt
Use “put” to transfer files from the workstation to the Prestige, e.g., put prestige.bin ras transfers the firmware on your computer (“prestige.bin”) to the Prestige and renames it “ras”. Type “ quit ” to exit the ftp prompt.
331 Enter PASS command
Password:
230 Logged in ftp> bin
200 Type I OK ftp> put prestige.bin ras
200 Port command okay
150 Opening data connection for STOR ras
226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec.
ftp> quit
Figure 14-11 FTP Session Example
Note: The system reboots after a successful upload.
The following table describes some of the fields that you may see in third party FTP clients:
Table 14-2 Third Party FTP Clients - General Commands
COMMAND
Host Address
Login Type
Transfer Type
Initial Remote Directory
Initial Local Directory
DESCRIPTION
Enter the address of the host server.
•
Anonymous.
This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your
ISP or service administrator has enabled this option.
•
Normal.
The server requires a unique User ID and Password to login.
Transfer files in either ASCII (plain text format) or in binary mode.
Specify the default remote directory (path).
Specify the default local directory (path).
Configuration & Firmware Maintenance 14-7
Prestige 1400 WAN Router with Integrated Ethernet Switch
14.4.4 Upload Prestige Firmware using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. Follow steps 1 to 4 as outlined previously in 14.2.2, then continue with the steps below.
Step 1.
Step 2.
Go to SMT menu 24.7.1. You must remain in this menu until file transfer is complete.
Use the TFTP client to transfer files between the Prestige and the workstation.
Step 3.
Step 4.
Specify “ras-m” as the remote filename if you want to upload firmware from your workstation into the main block or “ras-b” if you want to upload firmware into the backup block of the Prestige.
The system reboots automatically after a successful firmware upload.
The telnet connection must be active before and during the TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
14.4.5 Third Party TFTP Clients - General Commands
The following table describes some of the fields that you may see in third party TFTP clients.
COMMAND
Send/Fetch
Local File
Binary
Abort
Table 14-3 Third Party TFTP Clients - General Commands
Remote File
DESCRIPTION
Press “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer.
This is the filename on the Prestige. The filename for the firmware is “ ras ” and for the configuration file, is “ rom-0 ”.
Transfer the file in binary mode.
Stop transfer of the file.
14.4.6 Upload Prestige Firmware via the Console Port
You can upload Prestige firmware to your Prestige either through FTP or TFTP (preferred methods as they are faster) or through the RS-232 console port (if the network is down). To upload Prestige firmware via the console port any serial communications program should work fine; however, you must use the XMODEM protocol to perform the download/upload.
Select 1 from Menu 24.7 - System Maintenance - Upload Firmware to display Menu 24.7.1 - System
Maintenance - Upload ZyNOS Code , then follow the instructions as shown in the following screen.
14-8 Configuration & Firmware Maintenance
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 24.7.1 - System Maintenance - Upload ZyNOS Code.
FTP or TFTP are the preferred methods for uploading router firmware to your Prestige since FTP or TFTP is faster.
To upload router firmware:
1. Enter "y" at the prompt below to go into debug mode.
2. Enter "atur" after the "Enter Debug Mode" message.
3. Wait for the "Starting XMODEM upload" message before activating
the Xmodem upload on your terminal.
4. The system reboots automatically after a successful firmware upload.
Warning: Proceeding with the upload will erase the current router firmware.
Do you want to continue:(Y/N)
Figure 14-12 Menu 24.7.1 as seen using the Console Port.
You can also type 'atum' to upload ras code to the P1400 main block as atur = atum. If you want to upload ras code to the backup block then you must type 'atub' instead of 'atur'.
After the "Starting XMODEM upload" message appears, activate the Xmodem protocol on your computer. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
Step 1.
Step 2.
Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Enter the path and name of the firmware file (“bin” extension) on your computer.
Step 3.
Step 4.
Step 5.
Choose the Xmodem Protocol.
Finally, press Send .
The system reboots automatically after a successful firmware upload.
14.5 Upload Prestige Configuration File
The configuration data, system-related data, error log and trace log are all stored in the configuration file. You can upload the configuration file either through FTP or TFTP (preferred methods as they are faster) or through the RS-
232 console port (if the network is down). You need to reboot the system after the configuration file upload process is complete. Uploading the configuration file replaces all previous configurations; the speed of the console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit (8n1) and the password will also be reset to the default of 1234.You will need to change your serial communication software to the defaults before you can connect to the Prestige again.
14.5.1 Upload Prestige Configuration File using FTP
To upload the Prestige configuration file, follow the instructions as shown in the following figure (Menu 24.7.2
using Telnet). See also the FTP example earlier in this chapter.
Configuration & Firmware Maintenance 14-9
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 24.7.2 – System Maintenance - Upload Router Configuration File
To upload the router configuration file, follow the procedure below:
1.
Launch the FTP client on your workstation.
2.
Type “open” and the IP address of your Prestige. Then type “root” and your SMT password as requested.
3.
Type “put configurationfilename rom-0” where “configurationfilename” is the name of your router configuration file on your workstation, which will be transferred to the “rom-0” file on the Prestige.
4.
The system reboots automatically after the upload is complete.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain in menu 24.7.2 to upload the router configuration file using TFTP), please see the Prestige manual.
Press ENTER to Exit:
Figure 14-13 Menu 24.7.2 as seen using Telnet
14.5.2 Upload Prestige Configuration File using TFTP
To use TFTP, your workstation must have both telnet and TFTP clients. Follow steps 1 to 4 as outlined previously in and then continue with the steps below.
Step 1.
Step 2.
Go to SMT Menu 24.7.2. You must remain in this menu until file transfer is complete.
Use the TFTP client to transfer files between the Prestige and the workstation.
Step 3.
Step 4.
Specify “rom-0” as the remote file name on the Prestige.
The system reboots automatically after the upload Prestige configuration file process is complete.
The telnet connection must be active before and during the TFTP transfer.
For UNIX, use “binary” to set binary transfer mode before using “get” to transfer from the Prestige to the computer. For details on TFTP commands, please consult the documentation of your TFTP client program.
14.5.3 Upload Prestige Configuration File using the Console Port
Select 2 from Menu 24.7 - System Maintenance - Upload Firmware to display Menu 24.7.2 - System
Maintenance - Upload Router Configuration File . Follow the instructions as shown in the following screen.
Menu 24.7.2 - System Maintenance - Upload Router Configuration File
FTP or TFTP are the preferred methods for uploading the router configuration file to your Prestige since FTP or TFTP is faster.
To upload the router configuration file:
1.
Enter "y" at the prompt to go into debug mode.
2.
Enter "atlc" after the "Enter Debug Mode" message
3.
Wait for the "Starting XMODEM upload" message before activating the Xmodem upload on your terminal.
4.
After successful file transfer, enter "atgo" to restart the router.
Proceeding with the upload will erase the current router configuration file.
The router's console port speed will be reset to 9600 bps and the password to
"1234".
Do you want to continue: (Y/N)
Figure 14-14 Menu 24.7.2 as seen using the Console Port
After the "Starting XMODEM upload" message appears, activate the Xmodem protocol on your computer. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
14-10 Configuration & Firmware Maintenance
Step 1.
Step 2.
Step 3.
Step 4.
Prestige 1400 WAN Router with Integrated Ethernet Switch
Click Transfer in the HyperTerminal menu bar, then Send File from the drop-down menu.
Enter the configuration filename on your computer.
Choose the Xmodem Protocol.
Finally, click Send .
Configuration & Firmware Maintenance 14-11
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 15
IP Policy Routing
This chapter helps you to configure IP Policy Routing.
15.1 Introduction
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.
15.1.1 Benefits
Source-Based Routing - Network administrators can use policy-based routing to direct traffic from different users through different connections.
Quality of Service (QoS) - Organizations can differentiate traffic by setting the precedence or TOS (Type of
Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.
Cost Savings - IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost paths while using low-cost paths for batch traffic.
Load Sharing - Network administrators can use IPPR to distribute traffic among multiple paths.
15.1.2 Routing Policy
A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP, etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets.
The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header.
IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are twelve policy sets with six policies in each set.
15-1 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
15.2 IP Routing Policy Setup
Menu 25 shows all the policies defined.
Menu 25 - IP Routing Policy Setup
Policy Policy
Set # Name Set # Name
------ ----------------- ------ -----------------
1 test 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Policy Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 15-1 Menu 25 - IP Routing Policy Setup
To setup a routing policy, follow the procedure below:
Step 1.
Step 2.
Enter 25 in the main menu to open Menu 25 - IP Routing Policy Setup.
Enter the index of the policy set you wish to configure to open Menu 25.1 - IP Routing Policy
Summary .
Menu 25.1
shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet, and the latter is the action. Between these two parts, separator “|” means the action is taken on criteria matched and separator “=” means the action is taken on criteria not matched.
Menu 25.1 - IP Routing Policy Summary
# A Criteria/Action
- - -------------------------------------------------------------------
1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5
SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0
2 N ___________________________________________________________________
___________________________________________________________________
3 N ___________________________________________________________________
___________________________________________________________________
4 N ___________________________________________________________________
___________________________________________________________________
5 N ___________________________________________________________________
___________________________________________________________________
6 N ___________________________________________________________________
___________________________________________________________________
Enter Policy Rule Number (1-6) to Configure:
Figure 15-2 Menu 25 - IP Routing Policy Summary
15-2 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Table 15-1 IP Routing Policy Summary
ABBREVIATION
Criteria
SA
SP
DA
DP
P
T
PR
T
P
Action
GW
Type Of Service
NM
MEANING
Source IP address
Source port
Destination IP address
Destination port
IP layer 4 protocol number(TCP=6,UDP=17…)
Type Of Service of Incoming packet
Precedence of incoming packet
Gateway IP address
Outgoing Type of Service
Outgoing Precedence mD
MT
MR
MC
Normal
Minimum Delay
Maximum Throughput
Maximum Reliability
Minimum Cost
Enter a number from 1 to 6 to display Menu 25.1.1 - IP Routing Policy (see the next figure). This menu allows you to configure a policy rule.
Menu 25.1.1 - IP Routing Policy
Policy Set Name= test
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Normal
Precedence = 0
Packet length= 40
Len Comp=
Source:
addr start= 1.1.1.1
port start= 20 end= 1.1.1.1
end= 20
Destination:
addr start= 2.2.2.2
port start= 20 end= 2.2.2.2
end= 20
Action= Matched
Gateway addr = 192.168.1.1
Log= No
Type of Service= Max Thruput
Precedence = 0
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 15-3 Menu 25.1.1 - IP Routing Policy
15-3 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Table 15-2 IP Routing Policy
FIELD
Policy Set Name
DESCRIPTION
This is the name of the policy set assigned in Menu 25 - IP Routing Policy
Setup .
Active
Criteria
IP Protocol
Type of Service
Press the spacebar to select Yes to activate the policy.
Packet Length
Len Comp
Precedence
IP layer 4 protocol, e.g., UDP, TCP, ICMP, etc.
Prioritize incoming network traffic by choosing from Don’t Care/
Normal / Min Delay / Max Thruput / Max Reliability .
Enter the length of incoming packets (in bytes). The operators in the
Len Comp (next) apply to packets of this length.
Press the spacebar to choose from Equal / Not Equal / Less /
Greater / Less or Equal / Greater or Equal .
Precedence value of the incoming packet. Values range from 0 to 7 or Don’t Care.
Source: addr start= / end= port start= / end=
Source IP address range from start to end.
Source port number range from start to end; applicable only for
TCP/UDP.
Destination: addr start= / end= port start= / end=
Action=
Gateway addr
Log
Type of Service
Precedence
Destination IP address range from start to end.
Destination port number range from start to end; applicable only for
TCP/UDP.
Specifies whether action should be taken on criteria Matched or Not
Matched .
Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it’s on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0.
Press the spacebar to select Yes to make an entry in the system log when a policy is executed.
Set the new TOS value of the outgoing packet. Choose from Prioritize incoming network traffic by choosing from No Change / Normal / Min
Delay / Max Thruput / Max Reliability .
Set the new precedence value of the outgoing packet. Values range from 0 to 7 or No Change.
15.3 Applying an IP Policy
This section shows you where to apply the IP Policies after you design them.
15.3.1 Ethernet IP Policies
From Menu 3 - Ethernet Setup , enter 2 to go to Menu 3.2 -TCP/IP Ethernet Setup .
15-4 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
You can choose up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 2, 4,
7, 9.
Menu 3.2 - TCP/IP Ethernet Setup
TCP/IP Setup:
IP Address= 192.168.1.14
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast = IGMP-v2
IP Policies= 2,4,7,9
Enter your
IP policy sets here
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 15-4 Ethernet IP Policies
15.3.2 Remote Node Routing Policies
Go to Menu 11.3 and enter the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by entering their numbers separated by commas.
Menu 11.3 - Remote Node Network Layer Options
Rem IP Addr: 192.0.0.0
Rem Subnet Mask= 255.255.255.0
My WAN Addr= 192.0.0.0
Network Address Translation= Full Feature
Address Mapping Set= 2
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= N/A
IP Policies= 1,3,5,8
Enter your
IP Policy
Sets here
Enter here to CONFIRM or ESC to CANCEL:
Figure 15-5 Remote Node Routing Policies
15.4 IP Policy Routing Example
If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
15-5 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Figure 15-6 Example of IP Policy Routing
To force Web packets coming from clients with IP addresses of 192.168.1.2 to 192.168.1.222 to be routed to the
Internet via the WAN port of the Prestige, follow these steps as shown next.
15-6 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Step 1.
Step 2.
Create a routing policy set in Menu 25.
Create a rule for this set in Menu 25.1 - IP Routing Policy as shown next.
Menu 25.1 - IP Routing Policy
Policy Set Name= set1
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Don't Care
Precedence = Don't Care
Source:
addr start= 192.168.1.2
port start= 0
Destination:
Packet length= 10
Len Comp= N/A end= 192.168.1.222
end= N/A
addr start= 0.0.0.0
port start= 80
Action= Matched end= N/A end= 80
Gateway addr = 192.168.1.1
Log= No
Type of Service= No Change
Precedence = No Change
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Step 3.
Step 4.
Step 5.
Figure 15-7 IP Routing Policy Example
Check Menu 25.1 - IP Routing Policy Setup to see if the rule is added correctly.
Create another policy set in Menu 25 .
Create a rule this set in Menu 25.2 to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100).
Menu 25.2 - IP Routing Policy
Policy Set Name= set2
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Don't Care
Precedence = Don't Care
Source:
addr start= 0.0.0.0
port start= 0
Destination:
addr start= 0.0.0.0
port start= 20
Action= Matched
Gateway addr =192.168.1.100
Type of Service= No Change
Precedence = No Change
Packet length= 10
Len Comp= N/A end= N/A end= N/A end= N/A end= 21
Log= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Step 6.
Step 7.
Figure 15-8 IP Policy Routing
Check Menu 25.1 - IP Routing Policy Setup to see if the rule is added correctly.
Apply both policy sets in Menu 3.2 as shown next.
15-7 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= Server
Client IP Pool Starting Address= 192.168.1.1
Size of Client IP Pool= 220
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
TCP/IP Setup:
IP Address= 192.68.1.254
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-1
Multicast= N/A
IP Policies= 1,2
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 15-9 Applying IP Policies
15-8 IP Policy Routing
Prestige 1400 WAN Router with Integrated Ethernet Switch
Chapter 16
Troubleshooting
16.1 Problems Starting Up the Prestige
Table 16-1 Troubleshooting the Start-Up of your Prestige
PROBLEM
None of the LEDs are on when you power on the Prestige.
Cannot access the
Prestige via the console port.
CORRECTIVE ACTION
Check the connection between the power cord and your Prestige.
If the error persists you may have a hardware problem. In this case you should contact technical support.
Check to see if the Prestige is connected to your computer's serial port.
Check to see if the communications program is configured correctly. The communications software should be configured as mentioned here.
VT100 terminal emulation
9600 Baud
No parity, 8 Data bits, 1 Stop bit
Flow Control set to None
16.2 Problems with the WAN Port
Table 16-2 Troubleshooting the WAN Port Connection
PROBLEM
Cannot connect to WAN device.
CORRECTIVE ACTION
Check if the WAN port is connected to an external WAN device.
Check if the power of the external WAN device is turned on.
16-1 Troubleshooting
Prestige 1400 WAN Router with Integrated Ethernet Switch
16.3 Problems with the LAN Interface
Table 16-3 Troubleshooting the LAN Interface
PROBLEM
Can’t ping any station on the LAN
CORRECTIVE ACTION
Check the Ethernet LED on the front panel of your Prestige. If it is off, check the cables connecting your Prestige to the hub.
Verify that the IP address and the subnet mask in Menu 3.2 are consistent between the Prestige and the workstations.
16.4 Problems Connecting to a Remote Node or ISP
Table 16-4 Troubleshooting a Connection to a Remote Node or ISP
PROBLEM
Can’t connect to a remote node or ISP
CORRECTIVE ACTION
Check Menu 24.1 to verify the line status. If it indicates [down], then refer to the section on the line problems.
Check the error log in Menu 24.3.1. If it does indicate that something has gone wrong, it may be an IP address configuration error.
Check your Internet access account information given to you by your ISP – see Table 5-4 .
If you have other problems, you can try the following options.
♦
Check the Menu 24.1 System Maintenance - Status , Menu 24.2.1 - System Information and Menu 24.3
System Maintenance - Log and Trace in order to locate the problem.
♦
Check the Troubleshooting section in the Support Notes.
♦
Use Debug commands to diagnose problems. In general, ZyXEL recommends that you use these commands with the direction of your customer support representative.
16-2 Troubleshooting
Prestige 1400 WAN Router with Integrated Ethernet Switch
Hardware Specifications
Physical Dimensions
!
Chassis (in centimeters): 44 (W) x 31 (L) x 4.4 (H)
!
Rack-mounting options: EIA 48
Power Requirement
!
Built-in 100V-240VAC, 50-60 Hz switching power supply
Operating Environment
!
Temperature: 0ºC - 50º C
!
Humidity: 20 - 95%
Hardware Specifications A
System Related Commands
CI COMMAND sys
cbuf cpu cnt disp disp disp clear
[a|f|u] dir edit errctl
<filename>
[level]
OPTIONS
B
Prestige 1400 WAN Router with Integrated Ethernet Switch
CI Commands
Use Menu 24.8 to enter command line mode.
Please refer to the section 13.6 Command Interpreter Mode for details about the SMT menu. The following table describes the syntax used to configure your Prestige using
Command Interface (CI) commands. For details on other CI commands to configure your Prestige, please consult the supporting CD.
ZyXEL recommends that you use CI Commands for debugging purposes only. You are advised to configure the Prestige through menu interface.
Command Syntax
CI user interface uses the following syntax: command < iface | device > subcommand [ Parma ] command subcommand [ Parma ] command ? | help command subcommand ? | help
[channel-name]: enet0 for Ethernet port, wan00 for WAN port
[iface-name]: enif0 for Ethernet port, wanif0 for WAN port
event feature fid
filter display trace [display|clear] display
DESCRIPTION
Display cbuf static
Display cbuf a: all f: free u: used
Display CPU utilization
Display file directory
Edit a text file
Set the error control level
0:crash no save, not in debug mode
(default)
1:crash no save, in debug mode
2:crash save, not in debug mode
3:crash save, in debug mode
Display tag flags information
Display system event information
Display feature bit
Display function id list
CI Commands
pro
queue quit
reboot mq <address> <len> mcell msecs mid [f|u] disp stack ps disp
[TAG]
[TAG]
[a|f|u] [start#] [end#] ndisp [#]
[code]
Prestige 1400 WAN Router with Integrated Ethernet Switch
CI COMMAND disp clear hostname sw iface
log disp
[on|off]
mbuf disp clear online cnt link pool status
[on|off]
[disp|cl] link
[id] [type] disp
memutil usage
<address>
OPTIONS DESCRIPTION
Display filter statistic counters
Clear filter statistic counter
Display system hostname
Display iface list
Display error
Clear log error
Turn on/off error log online display
Display or clear system mbuf count
List system mbuf link
List system mbuf pool
Display system mbuf status
Display mbuf status
Display memory allocate and heap status
Display memory queues
Display memory cells by given ID
Display memory sections
Display all process information
Display process's stack by a give TAG
Display process's status by a give TAG
Display queue by given status and range numbers
Display a queue by a given number
Quit CI command mode reslog roadrun disp
[disp|clear]
<iface-name> debug <level> code = 0 cold boot,
= 1 immediately boot
= 2 bootModule debug mode
Display resources trace
Display roadrunner information iface-name: enif0, wanif0, wanifn
(n=01~32)
Enable/disable roadrunner service
CI Commands C
Prestige 1400 WAN Router with Integrated Ethernet Switch
CI COMMAND OPTIONS DESCRIPTION
0: diable <default>
1: enable
socket spt stdio
timer
.
trcdisp
.
restart <iface-name> dump size
[root|rn|user|slot]
[second] disp brief .
[a|f|u]
Dump spt raw data
Display spt record size
Change terminal timeout value
Display timer cell
Online display packet content briefly
.
.
trcl
trcp parse call clear disp level
.
[#] online [on|off] switch [on|off] type <bitmap>
Online parse packet content
Display call event
Display trace log
Set trace level of trace log #:1-10
Set on/off trace log online
Set system trace log
Set trace type of trace log chann <channel
[none|incoming|outgoing|bothway]
Set packet trace direction for a given channel create <entry> <size>
<channel name>=enet0, wan00, idsln
(n=00~31)
Create packet trace buffer destroy disp
Packet trace related commands string switch [on|off] version parse view udp brief
[sw|addr|port]
[[begin_idx], end_idx]
<filename>
wdog switch [on|off] cnt <value>
Turn on/off the packet trace
Send packet trace to other system
Display packet content briefly
Parse packet content
Display RAS code and driver version
View a text file
Set on/off wdog
Display watchdog counts value: 0-34463
D CI Commands
Prestige 1400 WAN Router with Integrated Ethernet Switch
IP related CI Commands
ip
CI
COMMAND address
OPTIONS
arp add addr> drop flush publish resolve status dhcp
<hostid> arpcount dnsserver gateway hostname leasetime
<num>
<hostname>
<period> netmask pool rebindtime
<netmask>
<period> renewaltime <period> reset status
<iface-name> st
dns table stats
icmp check data echo status trace
ifconfig ping client release client renew
[disp|clear]
[cmd|rsp|indication]
[on|off]
[on|off]
<hostid>
DESCRIPTION display host ip address add arp add proxy arp display ip arp status set dhcp configuration display iface DHCP information iface-name wanif2, wanif1, wanif0, enif1, enif0 release DHCP client IP renew DHCP client IP display dns table display or clear dns statistics display icmp statistic counter turn on/off trace for debugging ping remote host
CI Commands E
Prestige 1400 WAN Router with Integrated Ethernet Switch ip
pong interval>]
rip accept activate
<gateway> dialin_user [show|in|out|both|none] merge mode refuse
[on|off]
<iface> [in|out] [mode]
<gateway> rip
route request reverse status trace add pong remote host
[on|off] RIP Poisoned Reverse display rip statistic counters mode: 0 - 3 add route
<gateway> [<metric>] addprivate drop errcnt flush
<host address> [/bits]
[disp|clear] add private route drop a route display|clear routing statistic counters flush route table lookup status status
sua iface disp
<iface> display routing table display ip statistic counters display single user account statistic
tcp kick irtt set ceiling floor limit mss reset rtt status syndata trace window
<IP addr> <Port #>
<value>
<value>
<value>
<value>
<size>
[on|off]
[on|off]
[size]
TCP maximum round trip time
TCP minimum rtt
TCP default init rtt
TCP input MSS display TCP statistic counters
TCP syndata piggyback turn on/off trace for debugging
TCP input window size
F CI Commands
tftp stats support
udp status
Prestige 1400 WAN Router with Integrated Ethernet Switch
CI Commands G
Prestige 1400 WAN Router with Integrated Ethernet Switch
Ethernet Related CI Commands
CI COMMAND ether config
driver ether driver cnt mac reg status rxmod
OPTIONS disp <ch-name> clear <ch-name>
<macaddr>
<ch-name>
<mode>
DESCRIPTION display LAN configuration information display ether driver counters
ch-name: enet0, enet1
Set LAN Mac address display LAN hardware related registers ch-name: enet0, enet1 set LAN receive mode. mode: 1: turn off receiving
2: receive only packets of this interface
3: mode 2+ broadcast
5: mode 2 + multicast
6: all packets debug disp level
arp disp event
sap
version
<ch-name>
<ch-name> <level>
[ip-addr]
[ch-name] [on|off]
[1|2|3] display ethernet debug infomation display ethernet debug infomation set the ethernet debug level level 0: disable debug log level 1:enable debug log (default)
H CI Commands
J
Prestige 1400 WAN Router with Integrated Ethernet Switch
10BaseT
ADSL
ARP
ATU-C and ATU-R
Backbone
Bandwidth bandwidth-on-demand
Bit bps
Byte
Call Filtering
CDR
CHAP
CI/CLI Commands
CIR
Client
Committed Information
Rate
CPE crossover Ethernet cable
CSU/DSU
Data Filtering
DCE
Device Filter Rules
Glossary
The 10-Mbps baseband Ethernet specification that uses two pairs of twisted-pair cabling (Category 3 or 5): one pair for transmitting data and the other for receiving data.
Asymmetric Digital Subscriber Line. A digital subscriber line (DSL) technology in which the transmission of data from server to client is much faster than the transmission from the client to the server.
Address Resolution Protocol is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.
ADSL Transmission Unit, Central or Remote: the device at the end of an ADSL line that stands between the line and the first item of equipment in the subscriber premises or telephone switch. It may be integrated within an access node.
A high-speed line or series of connections that forms a major pathway within a network.
This is the capacity on a link usually measured in bits-per-second (bps).
The ability of a user to dynamically set upstream and downstream line speeds to a particular rate of speed.
(Binary Digit) -- A single digit number in base-2, in other words, either a one or a zero. The smallest unit of computerized data.
Bits per second. A standard measurement of digital transmission speeds.
A set of bits that represent a single character. There are 8 bits in a Byte.
Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering.
Call Detail Record. This is a name used by telephone companies for call related information.
Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending passwords over the wire by using a challenge/response technique.
CI/CLI (Command Interface/Command Line Interface) commands can be accessed via Menu 24.8. For details on
CI commands to configure your Prestige, please consult the supporting CD. ZyXEL recommends use of the CI
Commands only for debugging purposes.
See Committed Information Rate.
A software program that is used to contact and obtain data from a Server software program on another computer.
Each Client program is designed to work with one or more specific kinds of Server programs and each Server requires a specific kind of Client. A Web Browser is a specific kind of Client.
The carrier programs virtual circuits into the network between your sites and charges you for a specific level of service called the committed information rate (CIR). The CIR is a negotiated rate and is basically a guarantee that the carrier will always have that bandwidth available. The CIR limit for the Prestige is 8000Kbps. The sum of CIRs from all channels in a line cannot exceed 8000Kbps due to the processing limit of the P1400 CPU.
Customer Premises Equipment: that portion of the ADSL system residing within the customer's premises.
A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable connects two similar devices, for example, two data terminal equipment (DTE) or data communications equipment (DCE) devices.
Channel Service Unit/Data Service Unit. CSUs (channel service units) and DSUs (data service units) are actually two separate devices, but they are used in conjunction and often combined into the same box. The devices are part of the hardware you need to connect computer equipment to digital transmission lines. The Channel Service
Unit device connects with the digital communication line and provides a termination for the digital signal. The Data
Service Unit device, sometimes called a digital service unit, is the hardware component you need to transmit digital data over the hardware channel. The device converts signals from bridges, routers and multiplexors into the bipolar digital signals used by the digital lines. Multiplexors mix voice signals and data on the same line.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be applied on either the WAN side or the LAN side.
Data Communications Equipment is typically a modem or other type of communication device. The DCE sits between the DTE (data terminal equipment) and a transmission circuit such as a phone line.
For Device rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
Glossary
DHCP
DLCI
DNS
Domain Name
DRAM
DSL
DSLAM
DTE
Dual Firmware Block
Structure
E1
EIR (Excess Information
Rate)
EMI
Ethernet
FAQ
FCC
Filters
Flash memory
Frame Relay
FTP
Gateway
Glossary
Prestige 1400 WAN Router with Integrated Ethernet Switch
Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they log on. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses for a period of time which means that addresses are made available to assign to other systems.
For Frame Relay connections, DLCI (Data Link Connection Identifier) is a path number of a portion of the PVC
(the DLCI changes for each hop through the network). It is a logical identifier with local significance only and is not the address of the destination.
Domain Name System links names to IP addresses. When you access Web sites on the Internet, you can type the IP address of the site or the DNS name. When you type a domain name in a Web browser, a query is sent to the DNS server defined in your Web browser’s configuration dialog box. The DNS server converts the name you specified to an IP address and returns this address to your system. From then on, the IP address is used in all subsequent communications.
The unique name that identifies an Internet site. Domain Names always have two or more parts, separated by dots. The part on the left is the most specific and the part on the right is the most general.
Dynamic RAM that stores information in capacitors that must be refreshed periodically.
Digital Subscriber Line technologies enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical
(traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). DSL connections are point-to-point dedicated circuits, meaning that they are always connected. There is no dial-up. There is also no switching, which means that the line is a direct connection into the carrier’s frame relay, ATM (Asynchronous Transfer Mode), or Internet-connect system.
A Digital Subscriber Line Access Multiplexer (DSLAM) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM, frame relay, or IP networks.
Originally, the DTE (data terminal equipment) was a dumb terminal or printer, but today it is a computer, or a bridge or router that interconnects local area networks.
The Prestige employs a “dual firmware block structure” where one block is called the “main block” and the other block is called the “backup block”. You can save the current firmware into the backup block before you try to upload new firmware. If the firmware in the main block gets corrupted, the Prestige will try to boot from the backup block automatically so the service will not get interrupted.
European basic multiplex rate which packs thirty voice channels into a 256 bit frame and transmitted at 2.048
Mbps.
This is the burst capability of the connection, i.e., the maximum allowable data transfer rate.
ElectroMagnetic Interference. The interference by electromagnetic signals that can cause reduced data integrity and increased error rates on transmission channels.
A very common method of networking computers in a LAN. There are a number of adaptations to the IEEE 802.3
Ethernet standard, including adaptations with data rates of 10 Mbits/sec and 100 Mbits/sec over coaxial cable, twisted-pair cable and fiber-optic cable. The latest version of Ethernet, Gigabit Ethernet, has a data rate of 1
Gbit/sec.
(Frequently Asked Questions) -- FAQs are documents that list and answer the most common questions on a particular subject.
The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems.
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering.
The nonvolatile storage that can be electrically erased and reprogrammed so that data can be stored, booted and rewritten as necessary.
Frame relay is a metropolitan and wide area networking solution that implements a form of packet-switching technology. It routes frames of information from source to destination over a switching network.
File Transfer Protocol. The Internet protocol (and program) used to transfer files between hosts.
A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols, data formatting structures, languages, and/or architecture.
K
Prestige 1400 WAN Router with Integrated Ethernet Switch
HDLC hop count
Host
IANA
ICMP
IGMP
Internet
Internet
Intranet
IP
IP Multicast
IP Policy Routing (IPPR)
IPCP (PPP)
ISO
ISP
ITU-T
LAN
LEC
MAC
MIB
NAT
NAT - Global
NAT - Inside
NAT - Local
HDLC (High-level Data Link Control) is a bit-oriented (the data is monitored bit by bit), link layer protocol for the transmission of data over synchronous networks.
A measure of distance between two points on the Internet. It is equivalent to the number of gateways that separate the source and destination.
Any computer on a network that is a repository for services available to other computers on the network. It is quite common to have one host machine provide several services, such as WWW and USENET.
Internet Assigned Number Authority acts as the clearinghouse to assign and coordinate the use of numerous
Internet protocol parameters such as Internet addresses, domain names, protocol numbers, and more. The IANA
Web site is at http://www.isi.edu/iana.
Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the
TCP/IP software and are not directly apparent to the application user.
IGMP (Internet Group Management Protocol) is a session-layer protocol used to establish membership in a multicast group - it is not used to carry user data.
(Lower case i) Any time you connect two or more networks together, you have an internet.
(Upper case I) The vast collection of inter-connected networks that all use the TCP/IP protocols and that evolved from the ARPANET of the late 60’s and early 70’s.
A private network inside a company or organization that uses the same kinds of software that you would find on the public Internet, but that is only for internal use.
Internet Protocol (currently IP version 4, or IPv4), is the underlying protocol for routing packets on the Internet and other TCP/IP-based networks.
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast
(1 sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network - not everybody.
IPPR provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis prior to the normal routing.
IP Control Protocol allows changes to IP parameters such as the IP address.
International Standards Organization. A voluntary, non-treaty organization founded in 1946, responsible for creating international standards in many areas, including computers and communications.
Internet Service Provider: an organization offering and providing Internet services to the public and having its own computer servers to provide the services offered.
International Telecommunications Union, Standardization Sector. ITU-T is the telecommunication standardization sector of ITU and is responsible for making technical recommendations about telephone and data (including fax) communications systems for service providers and suppliers.
Local Area Network is a shared communication system to which many computers are attached. A LAN, as its name implies, is limited to a local area. This has to do more with the electrical characteristics of the medium than the fact that many early LANs were designed for departments, although the latter accurately describes a LAN as well. LANs have different topologies, the most common being the linear bus and the star configuration.
Local Exchange Carrier: one of the new U.S. telephone access and service providers that have grown up with the recent U.S. deregulation of telecommunications.
On a local area network (LAN) or other network, the MAC (Media Access Control) address is your computer's unique hardware number. (On an Ethernet LAN, it is the same as your Ethernet address.) The MAC layer frames data for transmission over the network, then passes the frame to the physical layer interface where it is transmitted as a stream of bits.
A Management Information Base is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects.
Network Address Translation is the translation of an Internet Protocol address used within one network to a different IP address known within another network - see also SUA.
This refers to the packet address (source or destination) as the packet travels on the WAN.
This refers to the host on the LAN.
This refers to the packet address (source or destination) as the packet travels on the LAN.
L Glossary
RIP
RS-232
Server
SMT
SNMP
Splitter
STP
NAT -Outside
NAT Server Set
NDIS
Network
NIC
Node
PAP
Phoneline networking
Port
POTS
PPP
PSTN
PTT
PVC
RFC
Glossary
Prestige 1400 WAN Router with Integrated Ethernet Switch
This refers to the host on the WAN.
A NAT server set is a list of inside servers (behind NAT on the LAN) that you can make visible to the outside world.
Network Driver Interface Specification is a Windows® specification for how communication protocol programs
(such as TCP/IP) and network device drivers should communicate with each other.
Any time you connect two or more computers together so that they can share resources, you have a computer network. Connect two or more networks together and you have an internet.
Network Interface Card. A board that provides network communication capabilities to and from a computer system. Also called an adapter.
Any single computer connected to a network.
Password Authentication Protocol PAP is a security protocol that requires users to enter a password before accessing a secure system. The user’s name and password are sent over the wire to a server, where they are compared with a database of user account names and passwords. This technique is vulnerable to wiretapping
(eavesdropping) because the password can be captured and used by someone to log onto the system.
Phoneline networking is a new technology that provides network connectivity over existing telephone wires without any impact on POTS services.
An Internet port refers to a number that is part of a URL, appearing after a colon (:) right after the domain name.
Every service on an Internet server listens on a particular port number on that server. Most services have standard port numbers, e.g. Web servers normally listen on port 80.
Plain Old Telephone Service is the analog telephone service that runs over copper twisted-pair wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and businesses to a neighborhood central office. This is called the local loop. The central office is connected to other central offices and longdistance facilities.
Point to Point Protocol. PPP encapsulates and transmits IP (Internet Protocol) datagrams over serial point-to-point links. PPP works with other protocols such as IPX (Internetwork Packet Exchange). The protocol is defined in
IETF (Internet Engineering Task Force) RFC 1661 through 1663. PPP provides router-to-router, host-to-router and host-to-host connections.
Public Switched Telephone Network was put into place many years ago as a voice telephone call-switching system. The system transmits voice calls as analog signals across copper twisted cables from homes and businesses to neighborhood COs (central offices); this is often called the local loop. The PSTN is a circuitswitched system, meaning that an end-to-end private circuit is established between caller and callee.
The generic European name is usually used to refer to state-owned telephone companies.
Permanent Virtual Circuit. A PVC is a logical point-to-point circuit between customer sites. PVCs are low-delay circuits because routing decisions do not need to be made along the way. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session.
An RFC (Request for Comments) is an Internet formal document or standard that is the result of committee drafting and subsequent review by interested parties. Some RFCs are informational in nature. Of those that are intended to become Internet standards, the final version of the RFC becomes the standard and no further comments or changes are permitted. Change can occur, however, through subsequent RFCs.
Routing Information Protocol is an interior or intra-domain routing protocol that uses the distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare environment as a method for exchanging routing information between routers.
An EIA standard which is the most common way of linking data devices together.
A computer, or a software package that provides a specific kind of service to client software running on other computers.
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
System Network Management Protocol is a popular management protocol defined by the Internet community for
TCP/IP networks. It is a communication protocol for collecting information from devices on the network.
A filter to separate ADSL signals from POTS signals to prevent mutual interference.
Twisted-pair cable consists of copper-core wires surrounded by an insulator. Two wires are twisted together to form a pair and the pair form a balanced circuit. The twisting prevents interference problems. STP (shielded twisted-pair) provides protection against external crosstalk.
M
Prestige 1400 WAN Router with Integrated Ethernet Switch
Straight-through Ethernet
Cable
SUA
Subnet Mask
SYSLOG
T1
TCP
TCP/IP Filter Rules
Telco
Telnet
Terminal
Terminal Software
TFTP
UDP
UNI
URL
Virtual Connection (VC)
VLAN
WAN
WWW
A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for example, a data terminal equipment (DTE) device and a data communications equipment (DCE) device. A straight-through
Ethernet cable is the most common cable used.
SUA (Single User Account) is a proprietary ZyXEL implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server - see also NAT.
A bit mask used to select bits from an Internet address for subnet addressing. The mask is 32 bits long and selects the network portion of the Internet address and one or more bits of the local portion.
SYSLOG allows you to log significant system information to a remote server.
Twenty-four voice channels packed into a 193 bit frame and transmitted at 1.544 Mbps. The unframed version, or payload, is 192 bits at a rate of 1.536 Mbps.
Transmission Control Protocol. The major transport protocol in the Internet suite of protocols providing reliable, connection-oriented full-duplex streams.
TCP/IP filter rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and
TCP headers.
The generic name for telephone companies throughout the world which encompasses RBOCs, LECs and PTTs.
The virtual terminal protocol in the Internet suite of protocols. Allows users of one host to log into a remote host and act as normal terminal users of that host.
A device that allows you to send commands to a computer somewhere else. At a minimum, this usually means a keyboard and a display screen and some simple circuitry.
Software that pretends to be (emulates) a physical terminal and allows you to type commands to a computer somewhere else.
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP (File Transfer Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP uses the UDP (User Datagram
Protocol) rather than TCP (Transmission Control Protocol).
UDP is a connectionless transport service that dispenses with the reliability services provided by TCP. UDP gives applications a direct interface with IP and the ability to address a particular application process running on a host via a port number without setting up a connection session.
User Network Interface defines the connection between user equipment and the Frame Relay network, i.e. if your
Prestige is connected to a service provider.
(Uniform Resource Locator) URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser. The URL is basically a pointer to the location of an object.
A link that seems and behaves like a dedicated point-to-point line or a system that delivers packets in sequence, as happens on an actual point-to-point network. In reality, the data is delivered across a network via the most appropriate route. The sending and receiving devices do not have to be aware of the options and the route is chosen only when a message is sent. There is no pre-arrangement, so each virtual connection exists only for the duration of that one transmission.
VLAN stands for Virtual Local Area Network. It is a logical segmentation within a device(s) as opposed to traditional LANs, which are physically segmented with a bridge, switch or router. VLAN provides improved security and management of network broadcasts.
Wide Area Network s link geographically dispersed offices in other cities or around the globe. Just about any longdistance communication medium can serve as a WAN link, including switched and permanent telephone circuits, terrestrial radio systems and satellite systems.
(World Wide Web) - Frequently used when referring to "The Internet", WWW has two major meanings - First, loosely used: the whole constellation of resources that can be accessed using Gopher, FTP, HTTP, telnet,
USENET, WAIS and some other tools. Second, the universe of hypertext servers (HTTP servers).
N Glossary
A
Action Matched...................................................... 9-4
ANSI (American National Standards Institute) ..... 4-3
Authentication ........................................................ 6-2
Outgoing............................................................. 6-3
B
Boot Module Commands ..................................... 13-7
C
CHAP ..................................................................... 6-2
CI Commands...........
See Command Interpreter Mode
Clock Source .......................................................... 4-1
Command Interpreter Mode.........................xvii, 13-8
Command Syntax ......................................................B
Committed Information Rate ................................. 4-4
Community........................................................... 10-2
Compression........................................................... 6-4
Connections
Console Port ....................................................... 3-2
Power Cord ........................................................ 3-3
WAN Device...................................................... 3-2
Console Port Speed .............................................. 13-5
Contacting Customer Support .................................. iv
Copyright .................................................................. ii
Current Date ......................................................... 13-9
Current Time ........................................................ 13-9
Customer Support .................................................... iv
D
DHCP ..................................................................... 5-1
DHCP (Dynamic Host Configuration Protocol) .... 5-1
Disclaimer ................................................................. ii
DLCI .............................................................4-4, 13-3
DNS.................................................................5-2, 5-3
Domain Name ...............................................5-2, 8-10
E
EIR (Excess Information Rate) .............................. 4-4
Encapsulation ..................................................4-5, 6-4
PPP ..................................................................... 4-4
RFC 1490 ........................................................... 4-4
Ethernet Related CI Command ................................ H
F
Feature Overview
Quick.................................................................. 1-1
Filename Conventions.......................................... 14-1
Filter
NAT ................................................................... 9-5
Index
Prestige 1400 WAN Router with Integrated Ethernet Switch
Index
Filters
About.................................................................. 9-1
Applying .......................................................... 9-11
Ethernet ........................................................ 9-11
Remote Node................................................ 9-12
Call Filtering ...................................................... 9-1
Configuring a Filter Rule ................................... 9-5
Configuring a Filter Set...................................... 9-3
Data Filtering ..................................................... 9-1
Device
Abbreviations ................................................. 9-5
Device Filter Rule .............................................. 9-9
Executing a Filter Rule ...................................... 9-1
IP
Abbreviations ................................................. 9-5
Logic Flow of an IP Filter.................................. 9-8
More................................................................... 9-4
Rules Summary .................................................. 9-4
Session Options.................................................. 6-2
Structure............................................................. 9-1
TCP/IP Filter Rule ............................................. 9-6
Flow Control ........................................................ 16-1
Frame Relay ........................................................... 4-2
Remote Node ..................................................... 4-5
Standards............................................................ 4-3
Frame Relay Solution ............................................ 4-2
Frame Relay Support ............................................. 1-1
FTP Server ........................................................... 8-13
G
General Setup......................................................... 3-9
Menu Fields ....................................................... 3-9
Glossary .....................................................................J
H
Hidden Menus ........................................................ 3-5
HTTP.................................................................... 8-10
HyperTerminal ..................................................... 14-4
I
IGMP (Internet Group Multicast Protocol)............ 5-2
Initial Screen .......................................................... 3-4
Interactive Applications ....................................... 15-1
Interface
WAN .................................................................. 1-1
Internal Filename ................................................. 14-2
Internet Access Configuration
Primary............................................................... 5-4
Internet Access Setup............................................. 8-3
IP address ............................................................... 5-3
IP Address................................................5-1, 6-2, 6-5
O
Prestige 1400 WAN Router with Integrated Ethernet Switch
IP Multicast ............................................................5-2
M
Main Menu .............................................................3-7
Summary ............................................................3-7
Management Information Base (MIB) .................10-1
Metric .....................................................................6-5
My WAN Addr................................................5-6, 6-5
N
Internet Group Management Protocol (IGMP) ..1-2
IP Policies.............................................................15-4
IP Policy Routing (IPPR) ...................... 1-1, 5-2, 15-1
Applying an IP Policy ......................................15-4
Benefits.............................................................15-1
Cost Savings .....................................................15-1
Criteria..............................................................15-1
Ethernet IP Policies ..........................................15-4
Gateway............................................................15-4
Load Sharing ....................................................15-1
Remote Node IP Policies..................................15-5
Setup.................................................................15-2
IP Pool ....................................................................5-2
IP related CI Commands ...........................................E
IP Routing Policy .................................................15-4
IP Routing Policy Setup .......................................15-3
ITU – T (International Telecommunication Union –
Telecommunications Standardization Sector) ....4-3
L
LAN...............................................................5-1, 13-3
Receiving..........................................................13-3
Transmitting .....................................................13-3
Len Comp .............................................................15-4
Link Management...................................................4-3
Link Type ...............................................................4-3
Log Facility ..........................................................13-6
Login ...............................................................5-5, 6-2
Login Screen ..........................................................3-4
NAT........................................................................9-5
Applying NAT in the SMT Menus.....................8-3
Configuring ........................................................8-5
Definitions ..........................................................8-1
Ethernet Port.....................................................8-14
Examples ..........................................................8-10
How NAT Works ...............................................8-2
Inside Servers .....................................................8-9
Mapping Types...................................................8-2
Non NAT Friendly Application Programs .......8-14
Ordering Rules ...................................................8-7
Port Numbers....................................................8-10
Remote Management........................................12-2
Server Sets...................................................8-5, 8-9
Type.................................................................... 8-8
What NAT does.................................................. 8-1
Navigating the SMT Interface................................ 3-5
Network Address Translation (NAT)..................... 8-1
Network Address Translation (SUA) ................... 12-2
Network Interface Card.......................................... 3-1
Network Management ............................................ 1-2
NIC ..................................
See Network Interface Card
No-Change ............................................................. 8-2
O
Operating Environment ............................................ A
P
PAP ........................................................................ 6-2
PAP/CHAP............................................................. 6-2
Password ....................... 3-4, 3-8, 5-5, 6-2, 10-2, 11-1
Physical Dimensions ................................................ A
Power Requirement .................................................. A
PPP ......................................................................... 6-2
Cisco................................................................... 6-4
Editing PPP Options........................................... 6-3
Standard.............................................................. 6-4
Precedence...................................................15-1, 15-4
Private .............................................................6-5, 7-3
Q
Quality of Service ................................................ 15-1
R ras ......................................................................... 14-2 ras-b...................................................................... 14-2 ras-m..................................................................... 14-2
Related Documentation ......................................... xvii
Remote Configuration .......................................... 12-1
Remote Firmware Upgrades................................... 1-2
Remote Node.................................................6-1, 13-2
Setup................................................................... 6-1
Required fields ....................................................... 3-5
Resetting................................................................. 3-8
RIP5-4. See Routing Information Protocol . See
Routing Information Protocol
Version ............................................................... 6-5
RJ-45 .........................................2-1, 2-2, 2-3, 2-4, 3-3 rom-0 .................................................................... 14-2 rom-spt ................................................................. 14-2
Routing Information Protocol
Direction............................................................. 5-1
Version ............................................................... 5-1
Routing Policy...................................................... 15-1
S
Security .................................................................. 1-2
P Index
Server .......5-2, 5-3, 8-2, 8-3, 8-4, 8-6, 8-8, 8-10, 8-12
SMT .....................
See System Management Terminal
SNMP
Community....................................................... 10-3
Configuration ................................................... 10-2
Get .................................................................... 10-2
Manager ........................................................... 10-1
MIBs................................................................. 10-2
Trap .................................................................. 10-2
Trusted Host ..................................................... 10-3
SNMP ( Simple Network Management Protocol) 10-1
Static Route ............................................................ 7-1
Configuration ..................................................... 7-1
Static Route Setup
Menu Fields........................................................ 7-2
SUA (Single User Account)..........................
See NAT
SUA Only............................................................... 8-5
Subnet mask ........................................................... 5-3
Subnet Mask....................................................5-1, 6-5
Syntax Conventions .............................................. xvii
System Information.............................................. 13-4
System Maintenance ............................................ 13-9
Backup ............................................................. 14-3
Console Port ................................................. 14-3
FTP............................................................... 14-3
TFTP ............................................................ 14-3
Console Port Speed .......................................... 13-5
Diagnostic ........................................................ 13-7
Ping .............................................................. 13-7
Reboot .......................................................... 13-7
Log & Trace ..................................................... 13-5
Viewing ........................................................ 13-5
Menu 24 ........................................................... 13-1
Restore ............................................................. 14-4
Console Port ................................................. 14-5
FTP............................................................... 14-4
TFTP ............................................................ 14-5
Syslog & Accounting ....................................... 13-6
System Status ................................................... 13-1
System Management Terminal .............................. 3-5
System Management Terminal (SMT ................... xvii
System Related Commands.......................................B
Prestige 1400 WAN Router with Integrated Ethernet Switch
System Security .....................................3-7, 3-8, 11-1
Password .......................................................... 11-1
System Status
Route Status ..................................................... 13-3
WAN/LAN....................................................... 13-2
System Up Time................................................... 13-3
T
TCP/IP..................................... 1-2, 5-1, 5-3, 9-5, 13-7
Telnet ................................................................... 12-1
Terminal Emulation ........................................2-4, 3-1
Time and Date Setting...................................1-2, 13-9
TOS (Type of Service)......................................... 15-1
Type of Service ..................................15-1, 15-3, 15-4
Type Of Service ................................................... 15-3
U
UNIX syslog ........................................................ 13-6
Up Time ............................................................... 13-2
Upload Firmware ................................................. 14-6
Upload Router Configuration File ....................... 14-9
V
W
WAN port............................................................... 3-2
WAN Port Setup .................................................... 4-1
Z
Capabilities ...................................................... 12-2
Single Administrator ........................................ 12-2
Timeout ............................................................ 12-2
Console Port..................................................... 14-8
Dual Firmware Block Structure ....................... 14-6
FTP................................................................... 14-6
TFTP ................................................................ 14-8
FTP................................................................... 14-9
TFTP .............................................................. 14-10
VT100 ....................................................2-4, 3-1, 16-1
ZyNOS .................................................8-4, 14-8, 15-1
ZyXEL Limited Warranty........................................ iii
Index Q
Advertisement