P-793H G.SHDSL.bis 4-port Security Gateway User’s Guide Version 3.40 1/2007 Edition 2 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away. It contains information on setting up your network and configuring for Internet access.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-793H may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings This product is recyclable. Dispose of it properly.
Safety Warnings 8 P-793H User’s Guide
Contents Overview Contents Overview Introduction, Wizards and Tutorials ..................................................................................... 37 Getting To Know Your ZyXEL Device ........................................................................................ 39 Introducing the Web Configurator .............................................................................................. 43 Wizards .....................................................................................
Contents Overview Firewall Setup .......................................................................................................................... 293 Filter Configuration .................................................................................................................. 295 SNMP Configuration ................................................................................................................ 309 System Password ............................................................
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents 3.1 Internet Setup Wizard .......................................................................................................... 54 3.1.1 Screen 1 ..................................................................................................................... 54 3.1.2 Screen 2 ..................................................................................................................... 55 3.1.3 Screen 3 .......................................................................
Table of Contents 5.5.2 Configuring More Connections Advanced Setup ....................................................... 84 5.6 Traffic Redirect .................................................................................................................... 85 5.7 Dial Backup Interface .......................................................................................................... 86 5.8 Configuring WAN Backup Setup ...........................................................................
Table of Contents Part III: Security and Advanced Setup ................................................115 Chapter 8 Firewalls................................................................................................................................. 117 8.1 Firewall Overview ...............................................................................................................117 8.2 Types of Firewalls ..........................................................................................
Table of Contents 9.7.2 Customized Services .............................................................................................. 139 9.7.3 Configuring A Customized Service ......................................................................... 139 9.8 Example Firewall Rule ....................................................................................................... 140 9.9 Anti-Probing .....................................................................................................
Table of Contents 13.2 Application-based Bandwidth Management .................................................................... 181 13.3 Subnet-based Bandwidth Management .......................................................................... 181 13.4 Application and Subnet-based Bandwidth Management ................................................. 182 13.5 Scheduler ........................................................................................................................ 182 13.5.
Table of Contents 16.1.1 How do I know if I'm using UPnP? ......................................................................... 205 16.1.2 NAT Traversal ........................................................................................................ 205 16.1.3 Cautions with UPnP ............................................................................................... 205 16.2 UPnP and ZyXEL ....................................................................................................
Table of Contents 21.2 SMT Menu Items ............................................................................................................. 240 21.3 Navigating the SMT Interface .......................................................................................... 242 Chapter 22 General Setup........................................................................................................................ 245 22.1 Configuring General Setup ..................................................
Table of Contents Chapter 28 NAT Setup.............................................................................................................................. 279 28.1 Using NAT ........................................................................................................................ 279 28.1.1 SUA (Single User Account) Versus NAT ................................................................ 279 28.1.2 Applying NAT .....................................................................
Table of Contents 33.1 Introduction to System Status .......................................................................................... 313 33.2 System Status .................................................................................................................. 313 33.3 System Information and Console Port Speed .................................................................. 315 33.3.1 System Information ..................................................................................
Table of Contents 35.1 Command Interpreter Mode ............................................................................................ 337 35.1.1 Command Syntax ................................................................................................... 337 35.1.2 Command Usage ................................................................................................... 338 35.2 Call Control Support ..........................................................................................
Table of Contents Appendix E IP Addresses and Subnetting ........................................................................... 389 Appendix F IP Address Assignment Conflicts ...................................................................... 397 Appendix G Common Services ............................................................................................ 401 Appendix H Command Interpreter........................................................................................
List of Figures List of Figures Figure 1 High-speed Internet Access with Your ZyXEL Device .............................................................. 39 Figure 2 Point-to-point Connections with Your ZyXEL Device ................................................................ 40 Figure 3 Point-to-2points Connections with Your ZyXEL Device ............................................................ 40 Figure 4 LEDs ........................................................................................
List of Figures Figure 39 LAN > IP > Advanced Setup .................................................................................................. 98 Figure 40 LAN > DHCP Setup ................................................................................................................ 99 Figure 41 LAN > Client List ................................................................................................................... 100 Figure 42 Physical Network & Partitioned Logical Networks .........
List of Figures Figure 82 VPN > Setup ........................................................................................................................ 162 Figure 83 VPN > Setup > Edit .............................................................................................................. 163 Figure 84 VPN > Setup > Edit > Advanced .......................................................................................... 167 Figure 85 VPN > Setup > Edit > Manual ................................
List of Figures Figure 125 Logs > View Log ................................................................................................................. 226 Figure 126 Logs > Log Settings ........................................................................................................... 227 Figure 127 Tools > Firmware ................................................................................................................ 229 Figure 128 Firmware Upload In Progress ........................
List of Figures Figure 168 Menu 15.1.1: Address Mapping Rules ............................................................................... 282 Figure 169 Menu 15.1.1.1: Address Mapping Rule .............................................................................. 284 Figure 170 Menu 15.2: NAT Server Sets .............................................................................................. 285 Figure 171 Menu 15.2: NAT Server Setup ............................................................
List of Figures Figure 211 Menu 24.5: Backup Configuration ...................................................................................... 325 Figure 212 FTP Session Example ........................................................................................................ 325 Figure 213 System Maintenance: Backup Configuration ..................................................................... 328 Figure 214 System Maintenance: Starting Xmodem Download Screen .................................
List of Figures Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 373 Figure 255 Windows XP: Advanced TCP/IP Properties ....................................................................... 374 Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties .......................................................... 375 Figure 257 Macintosh OS 8/9: Apple Menu ..................................................................................
List of Figures 30 P-793H User’s Guide
List of Tables List of Tables Table 1 LEDs ......................................................................................................................................... 42 Table 2 Web Configurator Screens Summary ....................................................................................... 46 Table 3 Status ........................................................................................................................................ 49 Table 4 Status > Packet Statistics .....
List of Tables Table 39 Firewall > General ................................................................................................................. 134 Table 40 Firewall > Rules .................................................................................................................... 135 Table 41 Firewall > Rules > Add/Edit ...................................................................................................
List of Tables Table 82 System > Time Setting .......................................................................................................... 221 Table 83 Logs > View Log ................................................................................................................... 226 Table 84 Logs > Log Settings .............................................................................................................. 227 Table 85 Tools > Firmware ........................................
List of Tables Table 125 General Commands for GUI-based FTP Clients ................................................................ 326 Table 126 General Commands for GUI-based TFTP Clients .............................................................. 327 Table 127 Menu 24.9.1 - Budget Management ................................................................................... 339 Table 128 Menu 24.10: System Maintenance - Time and Date Setting ...............................................
List of Tables Table 168 Syslog Logs ........................................................................................................................ 423 Table 169 RFC-2408 ISAKMP Payload Types .................................................................................... 423 Table 170 NetBIOS Filter Default Settings ..........................................................................................
List of Tables 36 P-793H User’s Guide
P ART I Introduction, Wizards and Tutorials Getting To Know Your ZyXEL Device (39) Introducing the Web Configurator (43) Wizards (53) Point-to-(2)point Configuration (63) 37
CHAPTER 1 Getting To Know Your ZyXEL Device This chapter introduces the main features and applications of your ZyXEL Device. 1.1 Overview This ZyXEL Device is a secure G.SHDSL.bis router with a 4-port switch. Set up your ZyXEL Device for high-speed Internet access or for high-speed point-to-point connections with other ZyXEL Devices of the same type. In either setup, the ZyXEL Device itself can act as a router or as a bridge.
Chapter 1 Getting To Know Your ZyXEL Device 1.1.2 High-speed Point-to-point Connections Use two ZyXEL Devices to create a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning. Figure 2 Point-to-point Connections with Your ZyXEL Device The ZyXEL Devices provide a simple, fast point-to-point connection between two geographically-dispersed networks. 1.1.
Chapter 1 Getting To Know Your ZyXEL Device 1.2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. See Chapter 2 on page 43. • Command Line Interface. Line commands are mostly used for troubleshooting by service engineers. See Appendix H on page 405. • SMT.
Chapter 1 Getting To Know Your ZyXEL Device The following table describes the LEDs. Table 1 LEDs LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly. Blinking The ZyXEL Device is rebooting or performing diagnostics. On Power to the ZyXEL Device is too low. Off The system is not ready or has malfunctioned. On This port has a successful Ethernet connection. Blinking This port is sending/receiving data.
CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy ZyXEL Device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 2 Introducing the Web Configurator Figure 5 Login Screen 6 If you entered the user password, the Status screen appears. See Section 2.4 on page 48. If you entered the admin password, the following screen appears. Figure 6 Change Password at Login It is highly recommended you change the default admin password. Enter a new password between 1 and 30 characters, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Chapter 2 Introducing the Web Configurator 7 Select Go to Wizard setup, and click Apply to display the wizard main screen. Select Go to Advanced setup, and click Apply to display the Status screen. Select Click here to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on and always go to the Status screen. See Section 2.4 on page 48.
Chapter 2 Introducing the Web Configurator Figure 8 Web Configurator: Main Screen Click the Logout icon at any time to exit the web configurator. Use submenus to configure ZyXEL Device " Click the icon (located in the top right corner of most screens) to view embedded help.
Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION LAN IP Use this screen to configure LAN TCP/IP settings and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name). IP Alias Use this screen to partition your LAN interface into subnets.
Chapter 2 Introducing the Web Configurator Table 2 Web Configurator Screens Summary (continued) LINK/ICON SUB-LINK FUNCTION Remote MGMT WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTPS or HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
Chapter 2 Introducing the Web Configurator Figure 9 Status The following table describes the labels shown in the Status screen. Table 3 Status LABEL DESCRIPTION Refresh Interval Select a number of seconds or None from the drop-down list box to refresh all screen statistics automatically at the end of every time interval or to not refresh the screen statistics. Apply Click this button to refresh the status screen statistics.
Chapter 2 Introducing the Web Configurator Table 3 Status (continued) LABEL DESCRIPTION VPI/VCI This is the Virtual Path Identifier and Virtual Channel Identifier that you entered in the Wizard or WAN screen. LAN Information IP Address This is the LAN port IP address. IP Subnet Mask This is the LAN port IP subnet mask. DHCP This is the WAN port DHCP role - Server, Relay or None. Security This section is not available if you use the user password to log in.
Chapter 2 Introducing the Web Configurator 2.4.2 Status: Packet Statistics Click the Packet Statistics hyperlink in the Status screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Figure 10 Status > Packet Statistics The following table describes the fields in this screen.
Chapter 2 Introducing the Web Configurator Table 4 Status > Packet Statistics (continued) LABEL DESCRIPTION Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Interface This field displays the type of port.
CHAPTER 3 Wizards Use these screens to configure Internet access or to configure basic bandwidth management. " See the advanced menu chapters for background information on these fields. To access the wizards, click Go to Wizard setup in Figure 7 on page 45, or click the wizard icon ( ) in the top right corner of the web configurator. The wizard main screen appears. Figure 11 Wizard Main Screen The following table describes the fields in this screen.
Chapter 3 Wizards 3.1 Internet Setup Wizard Use these screens to configure Internet access settings. To access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection. Figure 12 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
Chapter 3 Wizards 3.1.2 Screen 2 These screens let you enter the rest of the Internet settings, which depend on the encapsulation your Internet connection uses (and the mode you selected, for RFC1483). This screen appears if your Internet connection uses Ethernet encapsulation. Figure 13 Internet Setup Wizard: ISP Parameters (Ethernet) The following table describes the fields in this screen.
Chapter 3 Wizards Figure 14 Internet Setup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen. Table 8 Internet Setup Wizard: ISP Parameters (PPPoE) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above.
Chapter 3 Wizards Figure 15 Internet Setup Wizard: ISP Parameters (RFC1483) The following table describes the fields in this screen. Table 9 Internet Setup Wizard: ISP Parameters (RFC1483) LABEL DESCRIPTION IP Address Enter the static IP address provided by your ISP. Back Click Back to go back to the previous screen. Apply Click Apply to finish manual configuration. Exit Click Exit to close the wizard screen without saving your changes.
Chapter 3 Wizards The following table describes the fields in this screen. Table 10 Internet Setup Wizard: ISP Parameters (PPPoA) LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password Enter the password associated with the user name above. Back Click Back to go back to the previous screen. Apply Click Apply to finish manual configuration.
Chapter 3 Wizards Launch your web browser and navigate to www.zyxel.com. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. 3.
Chapter 3 Wizards Table 12 Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). WWW The World Wide Web (WWW) is an Internet system to distribute graphical, hyperlinked information, based on Hyper Text Transfer Protocol (HTTP) - a client/server protocol for the World Wide Web.
Chapter 3 Wizards 3.2.2 Screen 2 Use the second wizard screen to select the services that you want to apply bandwidth management, and select the priorities that you want to apply to the services listed. Figure 19 Bandwidth Management Wizard: Configuration The following table describes the labels in this screen. Table 14 Bandwidth Management Wizard: Configuration LABEL DESCRIPTION Active Select an entry’s Active check box to turn on bandwidth management for the service/ application.
Chapter 3 Wizards 3.2.3 Screen 3 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.
CHAPTER 4 Point-to-(2)point Configuration This chapter introduces point-to-point and point-to-2point connections. 4.1 Point-to-point Connection Overview You can set up point-to-point connection between two ZyXEL Devices. These connections offer a cost-effective, high-speed connection for high-bandwidth applications such as videoconferencing and distance learning. An example is shown below.
Chapter 4 Point-to-(2)point Configuration To establish a point-to-point connection, one of the ZyXEL Devices becomes the server (instead of the ISP). The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. Otherwise, there is no difference between the server and the client. Either one can initiate the point-to-point connection.
Chapter 4 Point-to-(2)point Configuration 3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server. 4 Scroll down to the Service Type section. See Figure 22 on page 64 above. 5 In the Service Mode field, select the same type of connection you selected for the server. 6 In the Service Type field, select Client. The rest of the fields will be negotiated with the server. 7 Click Apply. 4.2.
Chapter 4 Point-to-(2)point Configuration In a point-to-2points connection, the ZyXEL Device which has a physical connection to both client devices becomes the server. The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. 4.4 Point-to-2point Connection Procedure Follow these directions to set up a point-to-2point connection. 1 Set up the Server. 2 Set up the Clients. 3 Connect the ZyXEL Devices. 4.4.
Chapter 4 Point-to-(2)point Configuration 4.4.2 Set up the Clients 1 Log in to one of the ZyXEL Devices that will be the client. (See Chapter 2 on page 43.) 2 Click Network > WAN > Internet Connection. 3 Set the VPI, VCI, Multiplexing, and Encapsulation to the same values you set in the server. 4 Scroll down to the Service Type section. A screen similar to the following appears. 5 In the Service Mode field, select 2 wire mode. 6 In the Service Type field, select Client.
Chapter 4 Point-to-(2)point Configuration 68 P-793H User’s Guide
P ART II Network Setup WAN Setup (71) LAN Setup (93) Network Address Translation (NAT) Screens (103) 69
CHAPTER 5 WAN Setup This chapter describes how to configure WAN settings. 5.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 5.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 5.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
Chapter 5 WAN Setup 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection. The ZyXEL Device encapsulates the PPP session based on RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service Provider’s (ISP) DSLAM (DSL Access Multiplexer). Please refer to RFC 2364 for more information on PPPoA. Refer to RFC 1661 for more information on PPP. 5.1.1.
Chapter 5 WAN Setup 5.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway field. 5.1.4.2 IP Assignment with RFC 1483 Encapsulation In this case the IP Address Assignment must be static with the same requirements for the IP Address and ENET ENCAP Gateway fields as stated above. 5.1.4.
Chapter 5 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the ZyXEL Device tries the traffic-redirect route next. In the same manner, the ZyXEL Device uses the dial-backup route if the traffic-redirect route also fails.
Chapter 5 WAN Setup 5.3.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. 5.3.1.1 Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth.
Chapter 5 WAN Setup Figure 26 WAN > Internet Connection The following table describes the labels in this screen. Table 15 WAN > Internet Connection LABEL DESCRIPTION General 76 Name Enter the name of your Internet Service Provider, for example “MyISP”. This information is for descriptive purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
Chapter 5 WAN Setup Table 15 WAN > Internet Connection (continued) LABEL DESCRIPTION Password (PPPoA and PPPoE only) Enter the password associated with the user name above. Service Name (PPPoE only) Type the name of your PPPoE service here. Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit.
Chapter 5 WAN Setup Table 15 WAN > Internet Connection (continued) LABEL DESCRIPTION Enable Rate Adaption This field is enabled if Service Type is Server. Indicate whether or not the ZyXEL Device can adjust the speed of its connection to that of the other device. Transfer Max Rate (Kbps) This field is enabled if Service Type is Server. Set the maximum rate at which the ZyXEL Device sends and receives information.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 16 2wire-2line Service Mode LABEL DESCRIPTION Service Type Service Mode Select 2wire-2line mode for the DSL connection. This means that the ZyXEL Device is going to be a server connected to two client ZyXEL Devices. Service Type When you select 2wire-2line mode this field automatically changes to Server. Line1 / Line 2 You can configure different connection rate settings for Line 1 and Line 2 DSL connections.
Chapter 5 WAN Setup The following table describes the labels in this screen. Table 17 WAN > Internet Connection > Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.
Chapter 5 WAN Setup 5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gateway and the network behind it across a WAN connection. When you use the WAN > Internet Connection screen to set up Internet access, you are configuring the first WAN connection. Click Network > WAN > More Connections to display the screen as shown next.
Chapter 5 WAN Setup Figure 30 WAN > More Connections > Edit The following table describes the labels in this screen. Table 19 WAN > More Connections > Edit LABEL DESCRIPTION General 82 Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. Mode Select Routing from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Chapter 5 WAN Setup Table 19 WAN > More Connections > Edit (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. By prior agreement, a protocol is assigned a specific virtual circuit, for example, VC1 will carry IP. If you select VC, specify separate VPI and VCI numbers for each protocol.
Chapter 5 WAN Setup 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Device's advanced WAN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 31 WAN > More Connections > Advanced Setup The following table describes the labels in this screen.
Chapter 5 WAN Setup Table 20 WAN > More Connections > Advanced Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here. Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
Chapter 5 WAN Setup Figure 33 Traffic Redirect LAN Setup 5.7 Dial Backup Interface The Dial Backup port can be used in reserve, as a traditional dial-up connection should the broadband connection to the WAN port fail. To set up the auxiliary port (Dial Backup) for use in the event that the regular WAN connection is dropped, first make sure you have set up the switch and port connection. See the Quick Start Guide for more information. 5.
Chapter 5 WAN Setup Figure 34 WAN > WAN Backup Setup The following table describes the labels in this screen. Table 21 WAN > WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Chapter 5 WAN Setup Table 21 WAN > WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the ZyXEL Device times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.
Chapter 5 WAN Setup 5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Device’s advanced dial backup settings. Click WAN > WAN Backup Setup > Advanced Setup. The screen appears as shown. Figure 35 WAN > WAN Backup Setup > Advanced Setup The following table describes the labels in this screen. Table 22 WAN > WAN Backup Setup > Advanced Setup LABEL DESCRIPTION Basic Authentication Type Use the drop-down list box to select an authentication protocol for outgoing calls.
Chapter 5 WAN Setup Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Advanced Modem Setup Click Edit to change the advanced settings for the modem. TCP/IP Options Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost".
Chapter 5 WAN Setup Table 22 WAN > WAN Backup Setup > Advanced Setup (continued) LABEL DESCRIPTION Period Enter how often (in hours) the Allocated Budget is reset. For example, if you can call for thirty minutes every hour, set the Allocated Budget to 30, and set this field to 1. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 5.8.
Chapter 5 WAN Setup Table 23 WAN > WAN Backup Setup > Advanced Setup > Edit (continued) LABEL DESCRIPTION CLID Enter the keyword that precedes the CLID (Calling Line Identification) in the AT response string. This lets the ZyXEL Device capture the CLID in the AT response string that comes from the WAN device. CLID is required for CLID authentication. Called ID Enter the keyword preceding the dialed number. Speed Enter the keyword preceding the connection speed.
CHAPTER 6 LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 6.3 on page 97 to configure the LAN screens. 6.1.
Chapter 6 LAN Setup 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 6.1.2.
Chapter 6 LAN Setup • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fields are left as 0.0.0.0 in the DHCP Setup screen. 6.
Chapter 6 LAN Setup 6.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.168.255.
Chapter 6 LAN Setup 6.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Chapter 6 LAN Setup 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Device's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Figure 39 LAN > IP > Advanced Setup The following table describes the labels in this screen.
Chapter 6 LAN Setup Table 25 LAN > IP > Advanced Setup (continued) LABEL DESCRIPTION Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 6.4 DHCP Setup Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 40 LAN > DHCP Setup The following table describes the labels in this screen.
Chapter 6 LAN Setup Table 26 LAN > DHCP Setup (continued) LABEL DESCRIPTION Primary DNS Server Secondary DNS Server This field is not available when you set DHCP to Relay. Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. If the fields are left as 0.0.0.
Chapter 6 LAN Setup Table 27 LAN > Client List (continued) LABEL DESCRIPTION MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address.
Chapter 6 LAN Setup Figure 43 LAN > IP Alias The following table describes the labels in this screen. Table 28 LAN > IP Alias 102 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation. Alternatively, click the right mouse button to copy and/or paste the IP address.
CHAPTER 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 7.1 NAT Overview NAT (Network Address Translation, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 7.1.
Chapter 7 Network Address Translation (NAT) Screens 7.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 7 Network Address Translation (NAT) Screens Figure 45 NAT Application With IP Alias 7.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address.
Chapter 7 Network Address Translation (NAT) Screens The following table summarizes these types. Table 30 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1ÅÆ IGA1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 7.
Chapter 7 Network Address Translation (NAT) Screens The following table describes the labels in this screen. Table 31 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
Chapter 7 Network Address Translation (NAT) Screens " If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. 7.4.2 Port Forwarding: Services and Port Numbers Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network. The most often used port numbers are shown in Appendix G on page 401.
Chapter 7 Network Address Translation (NAT) Screens " If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. See Appendix G on page 401 for port numbers commonly used for particular services. Figure 48 NAT > Port Forwarding The following table describes the fields in this screen.
Chapter 7 Network Address Translation (NAT) Screens Table 32 NAT > Port Forwarding (continued) LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 7.5.
Chapter 7 Network Address Translation (NAT) Screens 7.6 Address Mapping " The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify. When a rule matches the current packet, the ZyXEL Device takes the corresponding action and the remaining rules are ignored.
Chapter 7 Network Address Translation (NAT) Screens Table 34 NAT > Address Mapping (continued) LABEL DESCRIPTION Type 1-1: One-to-one mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. M-1: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (in other words PAT, port address translation), ZyXEL's Single User Account feature that previous ZyXEL routers supported only.
Chapter 7 Network Address Translation (NAT) Screens Table 35 NAT > Address Mapping > Edit (continued) LABEL DESCRIPTION Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-One and Server mapping types. Global Start IP This is the starting global IP address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP.
Chapter 7 Network Address Translation (NAT) Screens 114 P-793H User’s Guide
P ART III Security and Advanced Setup Firewalls (117) Firewall Configuration (129) Content Filtering (149) IPSec VPN (153) Static Route (177) Bandwidth Management (181) Dynamic DNS Setup (191) Remote Management Configuration (195) Universal Plug-and-Play (UPnP) (205) 115
CHAPTER 8 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network.
Chapter 8 Firewalls 8.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
Chapter 8 Firewalls 8.3.1 Denial of Service Attacks Figure 52 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks. 8.4.
Chapter 8 Firewalls 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems. • Ping of Death uses a "ping" utility to create an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP specification. The oversize packet is then sent to an unsuspecting system. Systems may crash, hang or reboot. • Teardrop attack exploits weaknesses in the re-assembly of IP packet fragments.
Chapter 8 Firewalls Figure 54 SYN Flood • In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself. 7 A brute-force attack, such as a "Smurf" attack, targets a feature in the IP specification known as directed or subnet broadcasting, to quickly flood the target network with useless data.
Chapter 8 Firewalls 8.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 36 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTAMP_REQUEST 14 TIMESTAMP_REPLY 17 ADDRESS_MASK_REQUEST 18 ADDRESS_MASK_REPLY 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Chapter 8 Firewalls are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By default, the ZyXEL Device’s stateful inspection allows all communications to the Internet that originate from the LAN, and blocks all traffic to the LAN that originates from the Internet. In summary, stateful inspection: • Allows all sessions originating from the LAN (local network) to the WAN (Internet).
Chapter 8 Firewalls 6 Later, an inbound packet reaches the interface. This packet is part of the connection previously established with the outbound packet. The inbound packet is evaluated against the inbound access list, and is permitted because of the temporary access list entry previously created. 7 The packet is inspected by a firewall rule, and the connection's state table entry is updated as necessary.
Chapter 8 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the Internet. Assuming that this is an acceptable part of the security policy (as is the case with the default policy), the connection will be allowed. A cache entry is added which includes connection information such as IP addresses, TCP ports, sequence numbers, etc.
Chapter 8 Firewalls 8.6 Guidelines for Enhancing Security with Your Firewall • Change the default password. • Limit who can telnet into your router. • Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. • For local services that are enabled, protect against misuse.
Chapter 8 Firewalls • Always shred confidential information, particularly about your computer, before throwing it away. Some hackers dig through the trash of companies or individuals for information that might help them in an attack. 8.7 Packet Filtering vs. Firewall Below are some comparisons between the ZyXEL Device’s filtering and firewall functions. 8.7.1 Packet Filtering • The router filters packets as they pass through the router’s interface according to the filter rules you designed.
Chapter 8 Firewalls • To selectively block/allow inbound or outbound traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traffic originating from an inside host or an outside host by IP address. • The firewall performs better than filtering if you need to check many rules. • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur.
CHAPTER 9 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. CLI (Command Line Interpreter) commands provide limited configuration options and are only recommended for advanced users. 9.
Chapter 9 Firewall Configuration " If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
Chapter 9 Firewall Configuration 3 Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
Chapter 9 Firewall Configuration 9.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
Chapter 9 Firewall Configuration Figure 58 “Triangle Route” Problem 9.5.2 Solving the “Triangle Route” Problem You can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the WAN to go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection. Another way to solve the triangle route problem is to use IP alias. IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Chapter 9 Firewall Configuration Figure 60 Firewall > General The following table describes the labels in this screen. Table 39 Firewall > General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL Device firewall permit the use of triangle route topology on the network.
Chapter 9 Firewall Configuration Table 39 Firewall > General (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 9.7 Firewall Rules Summary " The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 117 for more information. Click Security > Firewall > Rules to bring up the following screen.
Chapter 9 Firewall Configuration Table 40 Firewall > Rules (continued) LABEL DESCRIPTION Active This field displays whether a firewall is turned on or not. Select the check box to enable the rule. Clear the check box to disable the rule. Source IP This drop-down list box displays the source addresses or ranges of addresses to which this firewall rule applies. Please note that a blank source or destination address is equivalent to Any.
Chapter 9 Firewall Configuration Figure 62 Firewall > Rules > Add/Edit The following table describes the labels in this screen. Table 41 Firewall > Rules > Add/Edit LABEL DESCRIPTION Edit Rule # Active Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewall is to do with packets that match this rule.
Chapter 9 Firewall Configuration Table 41 Firewall > Rules > Add/Edit (continued) LABEL DESCRIPTION Source/Destination Address Address Type Do you want your rule to apply to packets with a particular (single) IP, a range of IP addresses (for example 192.168.1.10 to 192.169.1.50), a subnet or any IP address? Select an option from the drop-down list box that includes: Single Address, Range Address, Subnet Address and Any Address. Start IP Address This is enabled if the Address Type is not Any Address.
Chapter 9 Firewall Configuration 9.7.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further information on these services, please read Appendix G on page 401. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen. Refer to Section 8.
Chapter 9 Firewall Configuration Figure 64 Firewall > Rules > Add/Edit > Edit Customized Services > Edit The following table describes the labels in this screen. Table 43 Firewall > Rules > Add/Edit > Edit Customized Services > Edit LABEL DESCRIPTION Config Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Chapter 9 Firewall Configuration Figure 65 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
Chapter 9 Firewall Configuration Figure 67 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " 142 Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Chapter 9 Firewall Configuration Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Chapter 9 Firewall Configuration Figure 69 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. The ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed.
Chapter 9 Firewall Configuration The following table describes the labels in this screen. Table 44 Firewall > Anti Probing LABEL DESCRIPTION Respond to PING on The ZyXEL Device does not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests. Do Not Respond to Requests for Unauthorized Services.
Chapter 9 Firewall Configuration 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "halfopen" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 53 on page 120). For UDP, "half-open" means that the firewall has detected no return traffic.
Chapter 9 Firewall Configuration Figure 71 Firewall > Threshold The following table describes the labels in this screen. Table 45 Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low Type the rate of new half-open sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number. See One Minute High for an example.
Chapter 9 Firewall Configuration Table 45 Firewall > Threshold (continued) LABEL DESCRIPTION Action taken when TCP Maximum Incomplete reached threshold 148 Delete the Oldest Half Open Session when New Connection Request Comes. Select this to clear the oldest half-open session when a new connection request comes. Deny New Connection Request for Select this, and specify for how long the ZyXEL Device should block new connection requests when TCP Maximum Incomplete is reached.
CHAPTER 10 Content Filtering This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering.
Chapter 10 Content Filtering The following table describes the labels in this screen. Table 46 Content Filter > Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that contain these keywords in the URL: This box contains the list of all the keywords that you have configured the ZyXEL Device to block. Delete Highlight a keyword in the box and click Delete to remove it. Clear All Click Clear All to remove all of the keywords from the list.
Chapter 10 Content Filtering The following table describes the labels in this screen. Table 47 Content Filter > Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active. Active Select the check box to have the content filtering to be active on the selected day.
Chapter 10 Content Filtering 152 P-793H User’s Guide
CHAPTER 11 IPSec VPN This chapter explains how to set up and maintain IPSec VPNs in the ZyXEL Device. 11.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 11 IPSec VPN Figure 76 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by the tunneling, encryption, and authentication of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first.
Chapter 11 IPSec VPN 11.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 77 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The ZyXEL Device sends one or more proposals to the remote IPSec router. (In some devices, you can set up only one proposal.
Chapter 11 IPSec VPN 11.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Device and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below. Their identities are encrypted using the encryption algorithm and encryption key the ZyXEL Device and remote IPSec router selected in previous steps.
Chapter 11 IPSec VPN Table 49 VPN Example: Matching ID Type and Content ZYXEL DEVICE REMOTE IPSEC ROUTER Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: tomasz@yourcompany.com In the following example, the authentication fails, so they cannot establish an IKE SA. Table 50 VPN Example: Mismatching ID Type and Content ZYXEL DEVICE REMOTE IPSEC ROUTER Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.
Chapter 11 IPSec VPN Aggressive mode does not provide as much security as main mode because the identity of the ZyXEL Device and the identity of the remote IPSec router are not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared keys for authentication (for example, telecommuters). 11.1.2.2 VPN, NAT and NAT Traversal In the following example, there is another router (A) between router X and router Y.
Chapter 11 IPSec VPN " An IPSec SA stays connected even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA. 11.1.3.1 Local Network and Remote Network In IPSec SA terminology, the local network, the one(s) connected to the ZyXEL Device, may be called the local policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be called the remote policy. 11.1.3.
Chapter 11 IPSec VPN • Inside header: The inside IP header contains the IP address of the computers behind the ZyXEL Device or remote IPSec router. In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet.
Chapter 11 IPSec VPN In IPSec SAs using manual keys, the ZyXEL Device and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs. 11.1.4.1.
Chapter 11 IPSec VPN Figure 82 VPN > Setup The following table describes the fields in this screen. Table 51 VPN > Setup LABEL DESCRIPTION No. This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active. Name This field displays the identification name for this VPN policy.
Chapter 11 IPSec VPN Table 51 VPN > Setup (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the VPN configuration. Click the Remove icon to remove an existing VPN configuration. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 11.3 Editing VPN Policies See Section 11.1 on page 153 for background information. Use this screen to edit VPN policies.
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 52 VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup 164 Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box. Select Yes to have the ZyXEL Device automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic.
Chapter 11 IPSec VPN Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION End / Subnet Mask When the Local Address Type field is configured to Single, this field is N/A. When the Local Address Type field is configured to Range, enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a subnet mask on the LAN behind your ZyXEL Device.
Chapter 11 IPSec VPN Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
Chapter 11 IPSec VPN Table 52 VPN > Setup > Edit (continued) LABEL DESCRIPTION Encryption Algorithm Select DES, 3DES, AES or NULL from the drop-down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key.
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 53 VPN > Setup > Edit > Advanced LABEL DESCRIPTION VPN - IKE Advanced Setup Protocol Enter the IP protocol number whose traffic is allowed to use the VPN tunnel. Enter 0 to allow all IP protocols to use the VPN tunnel. See Appendix G on page 401 for some common IP protocols. Enable Replay Detection Select this to enable replay detection.
Chapter 11 IPSec VPN Table 53 VPN > Setup > Edit > Advanced (continued) LABEL DESCRIPTION Key Group You must choose a DH key group for the IKE SA. The longer the key group, the stronger the encryption, but also the more processing is required. DH1 refers to Diffie-Hellman Group 1, a 768-bit random number. DH2 refers to Diffie-Hellman Group 2, a 1024-bit (1Kb) random number. Phase 2 Active Protocol Select the active protocol the IPSec SA uses.
Chapter 11 IPSec VPN Figure 85 VPN > Setup > Edit > Manual The following table describes the fields in this screen. Table 54 VPN > Setup > Edit > Manual LABEL DESCRIPTION IPSec Setup 170 Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box.
Chapter 11 IPSec VPN Table 54 VPN > Setup > Edit > Manual (continued) LABEL DESCRIPTION Local Local IP addresses must be static and correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both. You can configure multiple SAs between the same local and remote IP addresses, as long as only one is active at any time.
Chapter 11 IPSec VPN Table 54 VPN > Setup > Edit > Manual (continued) LABEL DESCRIPTION Security Protocol IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described next). Encryption Algorithm Select DES, 3DES or NULL from the drop-down list box.
Chapter 11 IPSec VPN Figure 86 VPN > Monitor The following table describes the fields in this screen. Table 55 VPN > Monitor LABEL DESCRIPTION No This is the security association index number. Name This field displays the identification name for this VPN policy. Encapsulation This field displays Tunnel or Transport mode. IPSec Algorithm This field displays the security protocol, encryption algorithm, and authentication algorithm used in each VPN tunnel.
Chapter 11 IPSec VPN The following table describes the fields in this screen. Table 56 VPN > VPN Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that (NetBIOS over TCP/IP) enable a computer to find other computers. It may sometimes be necessary to allow NetBIOS packets to pass through VPN tunnels in order to allow local computers to find computers on the remote network and vice versa.
Chapter 11 IPSec VPN Table 57 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Public static IP address Secure Gateway IP Address: Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.10 Remote IP Address: 192.168.1.10 0.0.0.0 (N/A) 11.
Chapter 11 IPSec VPN Table 58 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.
CHAPTER 12 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Chapter 12 Static Route Figure 91 Static Route > Static Route The following table describes the labels in this screen. Table 59 Static Route > Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route. Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 12 Static Route Figure 92 Static Route > Static Route > Edit The following table describes the labels in this screen. Table 60 Static Route > Static Route > Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Chapter 12 Static Route 180 P-793H User’s Guide
CHAPTER 13 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 13.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Chapter 13 Bandwidth Management Figure 93 Subnet-based Bandwidth Management Example 13.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
Chapter 13 Bandwidth Management 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 13.
Chapter 13 Bandwidth Management The ZyXEL Device divides up the unbudgeted 2048 kbps among the classes that require more bandwidth. If the administration department only uses 1024 kbps of the budgeted 2048 kbps, the ZyXEL Device also divides the remaining 1024 kbps among the classes that require more bandwidth. Therefore, the ZyXEL Device divides a total of 3072 kbps of unbudgeted and unused bandwidth among the classes that require more bandwidth. 13.6.2.
Chapter 13 Bandwidth Management 13.6.3 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent. The following is an example.
Chapter 13 Bandwidth Management Figure 94 Bandwidth MGMT > Summary The following table describes the labels in this screen. Table 67 Bandwidth MGMT > Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
Chapter 13 Bandwidth Management 13.8 Bandwidth Management Rule Setup See Section 13.1 on page 181 for background information. You must use the Bandwidth Management Summary screen to enable bandwidth management on an interface before you can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rule Setup to open the following screen. Figure 95 Bandwidth MGMT > Rule Setup The following table describes the labels in this screen.
Chapter 13 Bandwidth Management 13.8.1 Rule Configuration See Section 13.1 on page 181 for background information. Use this screen to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. To open this screen, click the Edit icon or select User define in the Service field Figure 96 Bandwidth MGMT > Rule Setup > Add/Edit The following table describes the labels in this screen.
Chapter 13 Bandwidth Management Table 69 Bandwidth MGMT > Rule Setup > Add/Edit (continued) LABEL DESCRIPTION Service This field simplifies bandwidth class configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the bandwidth filter fields (other than enabling or disabling the filter).
Chapter 13 Bandwidth Management Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules.
CHAPTER 14 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
Chapter 14 Dynamic DNS Setup Figure 98 Dynamic DNS > Dynamic DNS The following table describes the fields in this screen. Table 70 Dynamic DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Chapter 14 Dynamic DNS Setup Table 70 Dynamic DNS > Dynamic DNS (continued) LABEL DESCRIPTION Use specified IP Address Type the IP address of the host name(s). Use this if you have a static IP address. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 14 Dynamic DNS Setup 194 P-793H User’s Guide
CHAPTER 15 Remote Management Configuration This chapter provides information on configuring remote management. 15.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. " When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Chapter 15 Remote Management Configuration 15.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
Chapter 15 Remote Management Configuration Table 71 Remote MGMT > WWW (continued) LABEL DESCRIPTION Secured Client IP A secured client is a “trusted” computer that is allowed to communicate with the ZyXEL Device using this service. Select All to allow any computer to access the ZyXEL Device using this service. Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. Apply Click Apply to save your settings back to the ZyXEL Device.
Chapter 15 Remote Management Configuration The following table describes the labels in this screen. Table 72 Remote MGMT > Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Chapter 15 Remote Management Configuration Table 73 Remote MGMT > FTP (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. 15.6 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite.
Chapter 15 Remote Management Configuration The managed devices contain object variables/managed objects that define each piece of information to be collected about a device. Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. SNMP itself is a simple request/response protocol based on the manager/agent model.
Chapter 15 Remote Management Configuration 15.6.3 Configuring SNMP See Section 15.1 on page 195 for background information. Use this screen to change your ZyXEL Device’s SNMP settings. Click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 104 Remote MGMT > SNMP The following table describes the labels in this screen.
Chapter 15 Remote Management Configuration 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. See Section 15.1 on page 195 for background information. Click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
Chapter 15 Remote Management Configuration Figure 106 Remote MGMT > ICMP The following table describes the labels in this screen. Table 78 Remote MGMT > ICMP LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and directly apparent to the application user.
Chapter 15 Remote Management Configuration " In this example a.b.c.d is the IP address of CNM Access. You must change this value to reflect your actual management server IP address or domain name. See Table 79 on page 204for detailed descriptions of the commands. Figure 107 Enabling TR-069 ras> wan tr069 load ras> wan tr069 acsUrl a.b.c.d Auto-Configuration Server URL: http://a.b.c.
CHAPTER 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 16 Universal Plug-and-Play (UPnP) When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only. All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. 16.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC).
Chapter 16 Universal Plug-and-Play (UPnP) Table 80 UPnP > General (continued) LABEL DESCRIPTION Apply Click Apply to save the setting to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 16.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 110 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 16 Universal Plug-and-Play (UPnP) Figure 112 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 113 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 16 Universal Plug-and-Play (UPnP) 16.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 115 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 117 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 118 System Tray Icon 7 Double-click on the icon to display your current Internet connection status.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 119 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 120 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
Chapter 16 Universal Plug-and-Play (UPnP) Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
Chapter 16 Universal Plug-and-Play (UPnP) 216 P-793H User’s Guide
P ART IV Maintenance System (219) Logs (225) Tools (229) Diagnostic (235) 217
CHAPTER 17 System This chapter explains how to configure the ZyXEL Device’s system name, domain name, password, and time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
Chapter 17 System Figure 123 System > General The following table describes the labels in this screen. Table 81 System > General LABEL DESCRIPTION System Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
Chapter 17 System Table 81 System > General (continued) LABEL DESCRIPTION New Password Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the ZyXEL Device. Retype to Confirm Type the new password again for confirmation. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 17.
Chapter 17 System Table 82 System > Time Setting (continued) LABEL DESCRIPTION Time and Date Setup Manual Select this radio button to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. New Time (hh:mm:ss) This field displays the last updated time from the time server or the last time configured manually.
Chapter 17 System Table 82 System > Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 17 System 224 P-793H User’s Guide
CHAPTER 18 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 18.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 18.1.
Chapter 18 Logs Figure 125 Logs > View Log The following table describes the fields in this screen. Table 83 Logs > View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
Chapter 18 Logs Figure 126 Logs > Log Settings The following table describes the fields in this screen. Table 84 Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends.
Chapter 18 Logs Table 84 Logs > Log Settings LABEL DESCRIPTION Log Schedule This drop-down menu is used to configure the frequency of log messages being sent as E-mail: Daily Weekly Hourly When Log is Full None. If you select Weekly or Daily, specify a time of day when the E-mail should be sent. If you select Weekly, then also specify which day of the week the E-mail should be sent. If you select When Log is Full, an alert is sent when the log fills up. If you select None, no log messages are sent.
CHAPTER 19 Tools This chapter covers uploading new firmware, managing configuration and restarting your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. Only use firmware for your device’s specific model.
Chapter 19 Tools Table 85 Tools > Firmware (continued) LABEL DESCRIPTION Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes. Note: Do not turn off the device while firmware upload is in progress.
Chapter 19 Tools Figure 130 Error Message 19.2 Configuration Use this screen to back up or restore the configuration of the ZyXEL Device. You can also use this screen to reset the ZyXEL Device to the factory default settings. To access this screen, click Maintenance > Tools > Configuration. Figure 131 Tools > Configuration The following table describes the labels in this screen.
Chapter 19 Tools Table 86 Tools > Configuration (continued) LABEL DESCRIPTION Upload Click this to restore the selected configuration file. See below for more information about this. Note: Do not turn off the device while configuration file upload is in progress. Reset to Factory Default Settings Reset 1 Click this to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. There is no warning screen. See Section 2.
Chapter 19 Tools Figure 134 Configuration Upload Error Click Return to go back to the previous screen. 19.3 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 19 Tools 234 P-793H User’s Guide
CHAPTER 20 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a computer on the network. Click Maintenance > Diagnostic to open the screen shown next. Figure 136 Diagnostic > General The following table describes the fields in this screen. Table 87 Diagnostic > General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
Chapter 20 Diagnostic Figure 137 Diagnostic > DSL Line The following table describes the fields in this screen. Table 88 Diagnostic > DSL Line LABEL DESCRIPTION ATM Status Click this button to view ATM status. Capture All Logs Click this button to display all logs generated by the DSL line. 236 DSL Line Status Click this button to view the DSL port’s line operating values and line bit allocation. Reset DSL Line Click this button to reinitialize the DSL line.
P ART V SMT and Troubleshooting Introducing the SMT (239) General Setup (245) WAN Setup (249) LAN Setup (257) Internet Access Setup (263) Remote Node Setup (265) Static Route Setup (275) NAT Setup (279) Firewall Setup (293) Filter Configuration (295) SNMP Configuration (309) System Password (311) System Information & Diagnosis (313) Firmware and Configuration File Maintenance (323) Menus 24.8 to 24.
CHAPTER 21 Introducing the SMT The System Management Terminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describes how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use Telnet to access the SMT. Follow these steps. 1 In Windows, click Start > Run. 2 Type “telnet w.x.y.z”, and click OK. w.x.y.z is the IP address of the ZyXEL Device; the default address is 192.168.1.1. The ZyXEL Device prompts you for the password.
Chapter 21 Introducing the SMT Figure 139 SMT Main Menu Copyright (c) 1994 - 2006 ZyXEL Communications Corp. P-793H Main Menu Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4. Internet Access Setup Advanced Applications 11. Remote Node Setup 12. Static Routing Setup 15. NAT Setup Advanced Management 21. Filter and Firewall Setup 22. SNMP Configuration 23. System Password 24. System Maintenance 25. IP Routing Policy Setup 26. Schedule Setup 99.
Chapter 21 Introducing the SMT Table 89 Main Menu Summary MENU FUNCTION 15 NAT Setup Use this menu to configure Network Address Translation (NAT) on the ZyXEL Device. 21 Filter and Firewall Setup Use this menu to configure filters and to activate or deactivate the firewall. 22 SNMP Configuration Use this menu to configure SNMP. 23 System Password Use this menu to change your password.
Chapter 21 Introducing the SMT Table 90 SMT Menus Overview (continued) MENUS SUB MENUS 23 System Password 24 System Maintenance 24.1 System Maintenance Status 24.2 System Information and Console Port Speed 24.2.1 System Maintenance Information 24.2.2 System Maintenance Change Console Port Speed 24.3 System Maintenance Log and Trace 24.3.1 View Error Log 24.3.2 System Maintenance UNIX Syslog 24.4 System Maintenance Diagnostic 24.5 Backup Configuration 24.6 Restore Configuration 24.
Chapter 21 Introducing the SMT Table 91 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Within a menu, press [ENTER] to move to the next field. You can also use the [UP]/[DOWN] arrow keys to move to the previous and the next field, respectively. Entering information Type in or press [SPACE BAR], then press [ENTER]. You need to fill in two types of fields. The first requires you to type in the appropriate information.
Chapter 21 Introducing the SMT 244 P-793H User’s Guide
CHAPTER 22 General Setup Use this menu to set up device mode, dynamic DNS and administrative information. 22.1 Configuring General Setup 1 Enter 1 in the main menu to open Menu 1 - General Setup. 2 The Menu 1 - General Setup screen appears, as shown next. Fill in the required fields. Figure 140 Menu 1: General Setup Menu 1 - General Setup System Name= P-793H Location= Contact Person's Name= Domain Name= Edit Dynamic DNS= No Route IP= Yes Bridge= No The following table describes the fields in this menu.
Chapter 22 General Setup Table 92 Menu 1: General Setup (continued) FIELD DESCRIPTION Route IP Select Yes to enable IP-based routing in the ZyXEL Device. This is not effective for a specific remote node unless you enable IP-based routing in the remote node too. See Menu 11.1: Remote Node Profile (nodes 1-7) in Section 26.3 on page 265. You should enable Route IP, Bridge, or both in this screen. If you disable Route IP and Bridge, the device does not send traffic between the LAN ports and remote node.
Chapter 22 General Setup Follow the instructions in the next table to configure Dynamic DNS parameters. Table 93 Menu 1.1: Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the name of your Dynamic DNS service provider. Active Press [SPACE BAR] to select Yes and then press [ENTER] to make dynamic DNS active. DDNSType Press [SPACE BAR] and then [ENTER] to select DynamicDNS if you have the Dynamic DNS service. Select StaticDNS if you have the Static DNS service.
Chapter 22 General Setup 248 P-793H User’s Guide
CHAPTER 23 WAN Setup Use this menu to configure the DSL connection, traffic redirect, and dial-backup interface. 23.1 WAN Setup From the main menu, enter 2 to open menu 2. Figure 142 Menu 2: WAN Setup Menu 2 - WAN Setup Service Mode= 2wire Service Type= Server Rate Adaption= Disable Transfer Max Rate(Kbps)= 5696 Transfer Min Rate(Kbps)= 192 Standard Mode= ETSI(ANNEX_B) Wan Backup Setup: Check Mechanism = ICMP Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.0 Check WAN IP Address3 = 0.0.0.
Chapter 23 WAN Setup Table 94 Menu 2: WAN Setup (continued) FIELD DESCRIPTION Transfer Max Rate(Kbps) This field is enabled if Service Type is Server. Press [SPACE BAR] to set the maximum rate at which the ZyXEL Device sends and receives information. If you enable Rate Adaption, the ZyXEL Device adjusts to the speed of the other device and may exceed this rate. Transfer Min Rate(Kbps) This field is enabled if Service Type is Server.
Chapter 23 WAN Setup 23.1.1 2wire-2line Service Mode From the main menu, enter 2 to open menu 2, then select 2wire-2line in the Service Mode field to see the screen as shown below. Figure 143 Menu 2: 2wire-2line Service Mode Menu 2 - WAN Setup Service Mode= 2wire-2line Service Type= N/A Rate Adaption= Disable Transfer Max Rate(Kbps)= 4480 Transfer Min Rate(Kbps)= 4480 Standard Mode= ANSI(ANNEX_A) Wan Backup Setup: Check Mechanism = DSL Link Check WAN IP Address1 = 0.0.0.0 Check WAN IP Address2 = 0.0.0.
Chapter 23 WAN Setup Table 95 Menu 2: 2wire-2line Service Mode (continued) FIELD DESCRIPTION Check Mechanism Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
Chapter 23 WAN Setup The following table describes the fields in this menu. Table 96 Menu 2.1: Traffic Redirect Setup FIELD DESCRIPTION Active Use this field to turn the traffic redirect feature on (Yes) or off (No). Configuration Backup Gateway IP Address Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates.
Chapter 23 WAN Setup The following table describes the fields in this menu. Table 97 Menu 2.2: Dial Backup Setup FIELD DESCRIPTION Dial-Backup: Active Use this field to turn the dial-backup feature on (Yes) or off (No). Port Speed Press [SPACE BAR] and then press [ENTER] to select the speed of the connection between the Dial Backup port and the external device. Available speeds are: 9600, 19200, 38400, 57600, 115200 or 230400 bps.
Chapter 23 WAN Setup The following table describes fields in this menu. Table 98 Menu 2.2.1: Advanced Dial Backup Setup FIELD DESCRIPTION AT Command Strings: Dial Enter the AT Command string to make a call. Drop Enter the AT Command string to drop a call. “~” represents a one second wait, for example “~~~+++~~ath” can be used if your modem has a slow response time. Answer Enter the AT Command string to answer a call. Drop DTR When Hang Up Press the [SPACE BAR] to choose either Yes or No.
Chapter 23 WAN Setup 256 P-793H User’s Guide
CHAPTER 24 LAN Setup Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup. Figure 147 Menu 3: LAN Setup Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup 6. Port Based VLAN Setup 24.2 LAN Port Filter Setup This menu allows you to specify the filter sets that you wish to apply to the LAN traffic.
Chapter 24 LAN Setup 24.3 TCP/IP and DHCP Setup Menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1155) and DHCP setup. From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ENTER]. The screen now displays Menu 3.2 - TCP/IP and DHCP Ethernet Setup, as shown next. Not all fields are available on all models. Figure 149 Menu 3.2: TCP/IP and DHCP Ethernet Setup Menu 3.2 - TCP/IP and DHCP Setup DHCP Setup DHCP= Server Client IP Pool Starting Address= 192.168.
Chapter 24 LAN Setup Table 99 Menu 3.2: TCP/IP and DHCP Ethernet Setup (continued) FIELD DESCRIPTION Primary DNS Server Secondary DNS Server The ZyXEL Device passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). The IP Address field below displays the (readonly) DNS server IP address that the ISP assigns.
Chapter 24 LAN Setup Figure 150 Menu 3.2.1: IP Alias Setup Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= Outgoing protocol filters= IP Alias 2= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= Outgoing protocol filters= N/A N/A N/A N/A Use the instructions in the following table to configure IP alias parameters. Table 100 Menu 3.2.
Chapter 24 LAN Setup Figure 151 Menu 3.6: Port Based VLAN Setup Menu 3.6 - Port Based VLAN Setup 1 2 3 4 1 - 2 Yes - 3 Yes Yes - 4 Yes Yes Yes - Press [SPACE BAR] to select Yes or No to allow or block layer-2 traffic between each pair of ports.
Chapter 24 LAN Setup 262 P-793H User’s Guide
CHAPTER 25 Internet Access Setup Use this menu to configure your Internet connection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you should use. 25.1 Internet Access Setup Enter 4 in the main menu.
Chapter 25 Internet Access Setup Table 101 Menu 4: Internet Access Setup (continued) FIELD DESCRIPTION VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. ATM QoS Type Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
CHAPTER 26 Remote Node Setup Use this menu to configure detailed remote node settings (for example, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node. 26.
Chapter 26 Remote Node Setup Figure 154 Menu 11.1: Remote Node Profile (nodes 1-7) Menu 11.
Chapter 26 Remote Node Setup Table 102 Menu 11.1: Remote Node Profile (nodes 1-7) (continued) FIELD DESCRIPTION Bridge If Route is IP, select Yes in this field to enable bridging to this remote node for protocols that are not supported by IP-based routing (for example, SNA). If Route is None, select Yes in this field to enable bridging to this remote node for all protocols. In either case, this setting is not effective unless you enable bridging in the ZyXEL Device too.
Chapter 26 Remote Node Setup Figure 155 Menu 11.1: Remote Node Profile (node 8) Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Active= Yes Outgoing: My Login= My Password= ******** Authen= CHAP/PAP Pri Phone #= ? Sec Phone #= Edit PPP Options= No Rem IP Addr= ? Edit IP= No Edit Script Options= No Telco Option: Allocated Budget(min)= 0 Period(hr)= 0 Nailed-Up Connection= No Session Options: Edit Filter Sets= No Idle Timeout(sec)= 100 The following table describes the labels in this menu.
Chapter 26 Remote Node Setup Table 103 Menu 11.1: Remote Node Profile (node 8) (continued) FIELD DESCRIPTION Allocated Budget(min) Enter the maximum amount of time (in minutes) each call can last. Enter 0 if there is no limit. With Period, you can set a limit on the total outgoing call time of the ZyXEL Device within a certain period of time. When the total outgoing call time exceeds the limit, the current call will be dropped and any future outgoing calls will be blocked.
Chapter 26 Remote Node Setup The following table describes the fields in this menu. Table 104 Menu 11.3: Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Select Dynamic if your ISP did not give you a fixed (static) IP address. Select Static if your ISP gave you a fixed (static) IP address. The next three fields are not available if you select Dynamic. These fields appear if you selected Ethernet in Encapsulation in menu 11.
Chapter 26 Remote Node Setup Table 104 Menu 11.3: Remote Node Network Layer Options (continued) FIELD DESCRIPTION Version Select which version of RIP the ZyXEL Device uses when it sends or receives information on the subnet. RIP-1 - The ZyXEL Device uses RIPv1 to exchange routing information. RIP-2B - The ZyXEL Device broadcasts RIPv2 to exchange routing information. RIP-2M - The ZyXEL Device multicasts RIPv2 to exchange routing information.
Chapter 26 Remote Node Setup Figure 157 Menu 11.5: Remote Node Filter Menu 11.5 - Remote Node Filter Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Call Filter Sets: protocol filters= device filters= The following table describes the labels in this menu. Table 105 Menu 11.5: Remote Node Filter FIELD DESCRIPTION Input Filter Sets protocol filters Enter up to four filter sets. If you enter more than one, separate each one with a comma ( , ).
Chapter 26 Remote Node Setup Figure 158 Menu 11.6: Remote Node ATM Layer Options Menu 11.6 - Remote Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 VC Options for Bridge: VPI #= 0 VCI #= 38 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 Menu 11.
Chapter 26 Remote Node Setup 26.7 Advance Setup Options Move the cursor to the Edit Advance Options field in menu 11.1 (only for remote node 1), then press [SPACE BAR] to select Yes. Press [ENTER] to open Menu 11.8 - Advanced Setup Options. Figure 159 Menu 11.8: Advance Setup Options Menu 11.8 - Advance Setup Options PPPoE pass-through= No The following table describes the fields in this menu. Table 107 Menu 11.
CHAPTER 27 Static Route Setup Use this menu to configure IP and bridge (MAC) static routes. 27.1 IP Static Route Setup Enter 1 from the menu 12. Select one of the IP static routes as shown next to configure IP static routes in menu 12.1. Figure 160 Menu 12.1: IP Static Route Setup Menu 12.1 - IP Static Route Setup 1. ________ 2. ________ 3. ________ 4. ________ 5. ________ 6. ________ 7. ________ 8. ________ 9. ________ 10. ________ 11. ________ 12. ________ 13. ________ 14. ________ 15. ________ 16.
Chapter 27 Static Route Setup Figure 161 Menu 12.1.1: Edit IP Static Route Menu 12.1.1 - Edit IP Static Route Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No The following table describes the fields in this screen. Table 108 Menu 12.1.1: Edit IP Static Route FIELD DESCRIPTION Route # This is the index number of the static route that you chose in menu 12. Route Name Enter a descriptive name for this route.
Chapter 27 Static Route Setup Figure 162 Menu 12.3: Bridge Static Route Setup Menu 12.3 - Bridge Static Route Setup 1. 2. 3. 4. ________ ________ ________ ________ Now, enter the index number of the static route that you want to configure. Figure 163 Menu 12.3.1: Edit Bridge Static Route Menu 12.3.1 - Edit Bridge Static Route Route #: 1 Route Name= ? Active= No Ether Address= ? IP Address= Gateway Node= 1 The following table describes the fields in this screen. Table 109 Menu 12.3.
Chapter 27 Static Route Setup 278 P-793H User’s Guide
CHAPTER 28 NAT Setup Use this menu to configure Network Address Translation (NAT) on the ZyXEL Device. 28.1 Using NAT " You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. 28.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See Section 28.2.
Chapter 28 NAT Setup Figure 164 Menu 4: Applying NAT for Internet Access Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= 0.0.0.0 IP Address Assignment= Static IP Address= 0.0.0.
Chapter 28 NAT Setup The following table describes the fields in this menu. Table 110 Applying NAT in Menus 4 & 11.3 FIELD DESCRIPTION OPTIONS Network Address Translation When you select this option the SMT will use the specified address mapping set (menu 15.1 - see Section 28.2.1 on page 281 for further discussion). You can configure any of the mapping types described in Chapter 7 on page 103. Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device.
Chapter 28 NAT Setup Figure 167 Menu 15.1: Address Mapping Sets Menu 15.1 - Address Mapping Sets 1. ACL Default Set 2. 3. 4. 5. 6. 7. 8. 255. SUA (read only) Select the address mapping set you want to modify. The fields in address 255 are used for SUA and are read-only. 28.2.1.1 User-Defined Address Mapping Sets " The entire set will be deleted if you leave the Set Name field blank and press [ENTER] at the bottom of the screen. Figure 168 Menu 15.1.1: Address Mapping Rules Menu 15.1.
Chapter 28 NAT Setup " The Type, Local and Global Start/End IPs are configured in menu 15.1.1.1 (described later) and the values are displayed here. Table 111 Menu 15.1.1: Address Mapping Rules FIELD DESCRIPTION Set Name This is the name of the set you selected in menu 15.1 or enter the name of a new set you want to create. Idx This is the index or rule number. Local Start IP Local Start IP is the starting local IP address (ILA). Local End IP Local End IP is the ending local IP address (ILA).
Chapter 28 NAT Setup Figure 169 Menu 15.1.1.1: Address Mapping Rule Menu 15.1.1.1 Address Mapping Rule Type= Server Local IP: Start= N/A End = N/A Global IP: Start= 0.0.0.0 End = N/A Server Mapping Set= 2 The following table describes the fields in this menu. Table 112 Menu 15.1.1.1: Address Mapping Rule FIELD DESCRIPTION Type Press [SPACE BAR] and then [ENTER] to select from a total of five types. These are the mapping types discussed in Chapter 7 on page 103.
Chapter 28 NAT Setup Follow these steps to configure a server behind NAT: 1 Enter 15 in the main menu to go to Menu 15 - NAT Setup. 2 Enter 2 to open menu 15.2 (and configure the address mapping rules for the WAN port on a ZyXEL Device with a single WAN port). Figure 170 Menu 15.2: NAT Server Sets Menu 15.2 - NAT Server Sets 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Chapter 28 NAT Setup The first entry is for the Default Server. The following table describes the labels in this menu. Table 113 Menu 15.2: NAT Server Setup FIELD DESCRIPTION Rule This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each active rule in order, and it only follows the first one that applies. Start Port This field displays the beginning of the range of port numbers forwarded by this rule.
Chapter 28 NAT Setup Figure 173 Menu 4: Internet Access & NAT Example Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= ENET ENCAP Multiplexing= LLC-based VPI #= 0 VCI #= 33 ATM QoS Type= UBR Peak Cell Rate (PCR)= 0 Sustain Cell Rate (SCR)= 0 Maximum Burst Size (MBS)= 0 My Login= N/A My Password= N/A ENET ENCAP Gateway= 0.0.0.0 IP Address Assignment= Static IP Address= 0.0.0.
Chapter 28 NAT Setup Figure 175 Menu 15.2: Specifying an Inside Server Menu 15.2 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 192.168.1.10 2. 21 25 192.168.1.33 3. 0 0 0.0.0.0 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 0.0.0.0 7. 0 0 0.0.0.0 8. 0 0 0.0.0.0 9. 0 0 0.0.0.0 10. 0 0 0.0.0.0 11. 0 0 0.0.0.0 12. 0 0 0.0.0.0 28.4.
Chapter 28 NAT Setup 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 177 on page 289. 2 Then enter 15 from the main menu. 3 Enter 1 to configure the Address Mapping Sets. 4 Enter 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then enter 1 for the Select Rule field. Press [ENTER] to confirm.
Chapter 28 NAT Setup Figure 179 Example 3: Final Menu 15.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= Example3 Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Local Start IP Local End IP Global Start IP Global End IP Type --------------- --------------- --------------- --------------- -192.168.1.10 10.132.50.1 1-1 192.168.1.11 10.132.50.2 1-1 0.0.0.0 255.255.255.255 10.32.50.3 M-1 10.132.50.3 Serve+ Action= None Select Rule= N/A Now configure the IGA3 to map to our web server and mail server on the LAN.
Chapter 28 NAT Setup 28.4.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One) NAT mapping types. The following figure illustrates this. Figure 181 NAT Example 4 " Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream.
Chapter 28 NAT Setup Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- --------------- --------------- --------------- -1. 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50.3 M-M N+ 2. 3. 4. 5. 6. 7. 8. 9. 10.
CHAPTER 29 Firewall Setup Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next. Figure 184 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 29.1.1 Activating the Firewall Enter option 2 in this menu to bring up the following screen.
Chapter 29 Firewall Setup Figure 185 Menu 21.2: Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. The default Policy sets 1. allow all sessions originating from the LAN to the WAN and 2.
CHAPTER 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Your ZyXEL Device uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens the data to determine if the packet should be allowed to pass.
Chapter 30 Filter Configuration 30.1.1 The Filter Structure of the ZyXEL Device A filter set consists of one or more filter rules. Usually, you would group related rules, for example all the rules for NetBIOS, into a single set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter rules and protocol filter rules within the same set.
Chapter 30 Filter Configuration Figure 187 Filter Rule Process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 30.2 Configuring a Filter Set The ZyXEL Device includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below.
Chapter 30 Filter Configuration 1 Enter 21 in the main menu to open menu 21. Figure 188 Menu 21: Filter and Firewall Setup Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup 2 Enter 1 to bring up the following menu. Figure 189 Menu 21.1: Filter Set Configuration Menu 21.
Chapter 30 Filter Configuration The following table describes the labels in this screen. Table 114 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION # This is an index number. A Active: “Y” means the rule is active. “N” means the rule is inactive. Type The type of filter rule: “GEN” for Generic, “IP” for TCP/IP. Filter Rules These parameters are displayed here. M More. “Y” means there are more rules to check which form a rule chain with the present rule.
Chapter 30 Filter Configuration 30.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, for example, UDP and TCP headers. To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next. Figure 191 Menu 21.1.1.1: TCP/IP Filter Rule Menu 21.1.1.
Chapter 30 Filter Configuration Table 116 Menu 21.1.1.1: TCP/IP Filter Rule FIELD DESCRIPTION IP Addr Enter the source IP Address of the packet you wish to filter. This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr. Port # Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0.
Chapter 30 Filter Configuration Figure 192 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
Chapter 30 Filter Configuration For generic rules, the ZyXEL Device treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers.
Chapter 30 Filter Configuration Table 117 Menu 21.1.1.1: Generic Filter Rule (continued) FIELD DESCRIPTION Action Matched Select the action for a packet matching the rule. Options are Check Next Rule, Forward and Drop. Action Not Matched Select the action for a packet not matching the rule. Options are Check Next Rule, Forward and Drop. Once you have completed filling in Menu 21.1.1.
Chapter 30 Filter Configuration Figure 195 Example Filter: Menu 21.1.3.1 Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= IP Mask= Port #= 23 Port # Comp= Equal Source: IP Addr= IP Mask= Port #= Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services.
Chapter 30 Filter Configuration 5 Press [ENTER] to confirm after you enter the set numbers and to leave menu 11.1.4. 30.4 Filter Types and NAT There are two classes of filter rules, Generic Filter (Device) rules and protocol filter (TCP/ IP) rules. Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter rules act on the IP packets. Generic and TCP/IP filter rules are discussed in more detail in the next section.
Chapter 30 Filter Configuration 30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, for example 3, 4, 6, 11.
Chapter 30 Filter Configuration 308 P-793H User’s Guide
CHAPTER 31 SNMP Configuration Use this menu to configure SNMP. See Section 15.6 on page 199 for more information about SNMP. 31.1 SNMP Configuration To configure SNMP, enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next. The “community” for Get, Set and Trap fields is SNMP terminology for password. Figure 200 Menu 22: SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.
Chapter 31 SNMP Configuration 310 P-793H User’s Guide
CHAPTER 32 System Password Use this menu to change your password. This is the same password used to access the web configurator. To open this menu, enter 23 in the main menu. Figure 201 Menu 23: System Password Menu 23 - System Password Old Password= ? New Password= ? Retype to confirm= ? The following table describes the labels in this menu. Table 119 Menu 23: System Password FIELD DESCRIPTION Old Password Enter the current administrator password for the ZyXEL Device.
Chapter 32 System Password 312 P-793H User’s Guide
CHAPTER 33 System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. 33.1 Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your ZyXEL Device. These tools include updates on system status, port status and log and trace capabilities. Select menu 24 in the main menu to open Menu 24 - System Maintenance, as shown below. Figure 202 Menu 24: System Maintenance Menu 24 - System Maintenance 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Chapter 33 System Information & Diagnosis Figure 203 Menu 24.1: System Maintenance - Status Menu 24.1 - System Maintenance - Status Node-Lnk 1-ENET 2 3 4 5 6 7 8 Status N/A N/A N/A N/A N/A N/A N/A N/A TxPkts 0 0 0 0 0 0 0 0 RxPkts 0 0 0 0 0 0 0 0 Errors 0 0 0 0 0 0 0 0 Tx B/s 0 0 0 0 0 0 0 0 06:28:45 Sat. Jan. 01, 2000 Rx B/s 0 0 0 0 0 0 0 0 Up Time 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 My WAN IP (from ISP): 0.0.0.
Chapter 33 System Information & Diagnosis Table 120 Menu 24.1: System Maintenance - Status (continued) FIELD DESCRIPTION WAN This section displays information about the WAN port. Note: In a point-to-2points connection this field only displays line 1 status.
Chapter 33 System Information & Diagnosis Figure 205 Menu 24.2.1: System Maintenance - Information Menu 24.2.1 - System Maintenance - Information Name: P-793H Routing: IP ZyNOS F/W Version: V3.40(RQ.0)b1_20060614 | 06/14/2006 SHDSL Chipset Vendor: IFX Soc2U 1.1-1.5.2__001 Standard: ANSI(ANNEX_A) LAN Ethernet Address: 00:13:49:65:43:21 IP Address: 192.168.1.1 IP Mask: 255.255.255.0 DHCP: Server The following table describes the fields in this screen. Table 121 Menu 24.2.
Chapter 33 System Information & Diagnosis 33.4 Log and Trace There are two logging facilities in the ZyXEL Device. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging. 33.4.1 Viewing Error Log The first place you should look for clues when something goes wrong is the error/trace log. Follow the procedure below to view the local error/trace log: 1 Select option 24 from the main menu to open Menu 24 - System Maintenance.
Chapter 33 System Information & Diagnosis 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 System Maintenance - Syslog Logging, as shown next. Figure 209 Menu 24.3.2: System Maintenance - UNIX Syslog Menu 24.3.2 - System Maintenance - UNIX Syslog UNIX Syslog: Active= No Syslog IP Address= 0.0.0.
Chapter 33 System Information & Diagnosis 2 Packet triggered Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c02000100616263646566676869 6a6b6c6d6e6f7071727374 Jul 19 11:28:56 192.
Chapter 33 System Information & Diagnosis 4 PPP log PPP Log Message Format SdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / IPXCP Jul 19 11:42:44 192.168.102.2 ZyXEL: ppp:LCP Closing Jul 19 11:42:49 192.168.102.2 ZyXEL: ppp:IPCP Closing Jul 19 11:42:54 192.168.102.
Chapter 33 System Information & Diagnosis Figure 210 Menu 24.4: System Maintenance - Diagnostic Menu 24.4 - System Maintenance - Diagnostic xDSL 1. System 21. Reboot System 22. Command Mode Reset xDSL TCP/IP 12. Ping Host Enter Menu Selection Number: Host IP Address= N/A The following table describes the labels in this screen. Table 123 Menu 24.4: System Maintenance - Diagnostic FIELD DESCRIPTION Reset xDSL Enter 1 to reset the DSL connection on the WAN port.
Chapter 33 System Information & Diagnosis 322 P-793H User’s Guide
CHAPTER 34 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file. 34.1 Introduction Use the instructions in this chapter to change the ZyXEL Device’s configuration file or upgrade its firmware. After you configure your ZyXEL Device, you can backup the configuration file to a computer.
Chapter 34 Firmware and Configuration File Maintenance The following table is a summary. Please note that the internal filename refers to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your computer, local network or FTP site and so the name (but not the extension) may vary. After uploading new firmware, see the ZyNOS F/W Version field in Menu 24.2.
Chapter 34 Firmware and Configuration File Maintenance Figure 211 Menu 24.5: Backup Configuration Menu 24.5 - Backup Configuration To transfer the configuration file to your computer, follow the procedure below: 1. Launch the FTP client on your computer. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3. Locate the 'rom-0' file. 4. Type 'get rom-0' to back up the current system configuration to your computer.
Chapter 34 Firmware and Configuration File Maintenance 34.3.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 125 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access.
Chapter 34 Firmware and Configuration File Maintenance 4 Launch the TFTP client on your computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer. 5 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is “rom-0” (rom-zero, not capital o). Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer.
Chapter 34 Firmware and Configuration File Maintenance Figure 213 System Maintenance: Backup Configuration Ready to backup Configuration via Xmodem. Do you want to continue (y/n): 2 The following screen indicates that the Xmodem download has started. Figure 214 System Maintenance: Starting Xmodem Download Screen You can enter ctrl-x to terminate operation any time. Starting XMODEM download... 3 Run the HyperTerminal program by clicking Transfer, then Receive File as shown in the following screen.
Chapter 34 Firmware and Configuration File Maintenance 1 Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. When the Restore Configuration process is complete, the ZyXEL Device will automatically restart. 34.4.1 Restore Using FTP For details about backup using (T)FTP please refer to earlier sections on FTP and TFTP file upload in this chapter. Figure 217 Menu 24.6: Restore Configuration Menu 24.
Chapter 34 Firmware and Configuration File Maintenance 34.4.2 Restore Using FTP Session Example Figure 218 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Refer to Section 34.3.5 on page 326 to read about configurations that disallow TFTP and FTP over WAN. 34.4.
Chapter 34 Firmware and Configuration File Maintenance Figure 222 Successful Restoration Confirmation Screen Save to ROM Hit any key to start system reboot. 34.5 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files. You can upload configuration files by following the procedure in Section 34.4 on page 328 or by following the instructions in Menu 24.7.2 - System Maintenance - Upload System Configuration File (for console port).
Chapter 34 Firmware and Configuration File Maintenance Figure 224 Menu 24.7.2: System Maintenance - Upload System Configuration File Menu 24.7.2 - System Maintenance - Upload System Configuration File To upload the system configuration file, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your system. Then type "root" and SMT password as requested. 3.
Chapter 34 Firmware and Configuration File Maintenance 34.5.4 FTP Session Example of Firmware File Upload Figure 225 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit More commands (found in GUI-based FTP clients) are listed earlier in this chapter.
Chapter 34 Firmware and Configuration File Maintenance 34.5.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the ZyXEL Device).
Chapter 34 Firmware and Configuration File Maintenance Figure 227 Example Xmodem Upload After the firmware upload process has completed, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configuration File Via Console Port 1 Select 2 from Menu 24.7 – System Maintenance – Upload Firmware to display Menu 24.7.2 - System Maintenance - Upload System Configuration File. Follow the instructions as shown in the next screen. Figure 228 Menu 24.7.2 As Seen Using the Console Port Menu 24.7.
Chapter 34 Firmware and Configuration File Maintenance Figure 229 Example Xmodem Upload After the configuration upload process has completed, restart the ZyXEL Device by entering “atgo”.
CHAPTER 35 Menus 24.8 to 24.11 This chapter leads you through SMT menus 24.8 to 24.11. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. Access can be by Telnet or by a connection to the console port, although some commands are only available with a console connection.
Chapter 35 Menus 24.8 to 24.11 The optional fields in a command are enclosed in square brackets []. The |symbol means “or”. For example, sys filter netbios config means that you must specify the type of netbios filter and whether to turn it on or off. 35.1.2 Command Usage A list of commands can be found by typing help or ? at the command prompt. Always type the full command. Type exit to return to the SMT main menu when finished.
Chapter 35 Menus 24.8 to 24.11 Figure 233 Menu 24.9.1 - Budget Management Menu 24.9.1 - Budget Management Remote Node Connection Time/Total Budget 1.MyISP 2.-------3.-------4.-------5.-------6.-------7.-------8.-------- Elapsed Time/Total Period No Budget --------------- No Budget --------------- The total budget is the time limit on the accumulated time for outgoing calls to a remote node.
Chapter 35 Menus 24.8 to 24.11 Figure 234 Menu 24: System Maintenance Menu 24 - System Maintenance 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control Time and Date Setting Remote Management Enter 10 to go to Menu 24.
Chapter 35 Menus 24.8 to 24.11 Table 128 Menu 24.10: System Maintenance - Time and Date Setting (continued) FIELD DESCRIPTION Current Time This field displays an updated time only when you reenter this menu. New Time (hh:mm:ss) Enter the new time in hour, minute and second format. This field is available when you select None in the Time Protocol field. Current Date This field displays an updated date only when you reenter this menu.
Chapter 35 Menus 24.8 to 24.11 Figure 236 Menu 24.11 – Remote Management Control Menu 24.11 - Remote Management Control TELNET Server: Server Port = 23 Secured Client IP = 0.0.0.0 Server Access = ALL FTP Server: Server Port = 21 Secured Client IP = 0.0.0.0 Server Access = ALL Web Server: Server Port = 80 Secured Client IP = 0.0.0.0 Server Access = ALL The following table describes the fields in this screen. Table 129 Menu 24.
CHAPTER 36 IP Routing Policy Setup Use this menu to look at and configure policy routes. 36.1 Policy Route Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Chapter 36 IP Routing Policy Setup IPPR follows the existing packet filtering facility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy routes. To open this menu, enter 25 in the main menu.
Chapter 36 IP Routing Policy Setup Figure 238 Menu 25.1: IP Routing Policy Setup Menu 25.1 - IP Routing Policy Setup # A Criteria/Action - - ---------------------------------------------------------------------1 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2.2.2.5 SP=20-25 DP=20-25 P=6 T=NM PR=0 |GW=192.168.1.
Chapter 36 IP Routing Policy Setup 36.6 IP Routing Policy Use this menu to configure policy routes. To open this menu, select Edit and enter the appropriate rule number in menu 25. Figure 239 Menu 25.1.1: IP Routing Policy Menu 25.1.1 - IP Routing Policy Policy Set Name= ex1 Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 0.0.0.0 port start= N/A Destination: addr start= 0.0.0.0 port start= N/A Action= Matched Gateway addr = 0.0.0.
Chapter 36 IP Routing Policy Setup Table 132 Menu 25.1.1: IP Routing Policy (continued) FIELD DESCRIPTION Action Specifies whether action should be taken on criteria Matched or Not Matched. Gateway addr Enter the IP address of the gateway to which the ZyXEL Device forwards the packet. The gateway is an immediate neighbor of your ZyXEL Device and must be on the same subnet as the ZyXEL Device, if it is on the LAN, or the IP address of a remote node, if it is on the WAN. Enter 0.0.0.
Chapter 36 IP Routing Policy Setup Figure 241 IP Routing Policy Example 1 Menu 25.1.1 - IP Routing Policy Policy Set Name= example1 Active= Yes Criteria: IP Protocol = 6 Type of Service= Don't Care Precedence = Don't Care Source: addr start= 192.168.1.33 port start= 0 Destination: addr start= 0.0.0.0 port start= 80 Action= Matched Gateway addr = 192.168.1.1 Type of Service= Max Thruput Precedence = 0 Packet length= 10 Len Comp= Equal end= 192.168.1.
CHAPTER 37 Schedule Setup Use this menu to look at and configure the schedule sets in the ZyXEL Device. 37.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) allows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler that lets you specify a time period to record a television program in a VCR or TiVo. 37.
Chapter 37 Schedule Setup The following table describes the labels in this menu. Table 133 Menu 26: Schedule Setup FIELD DESCRIPTION 1-12 This field shows the beginning of the name of each schedule set. Lower numbered sets take precedence over higher numbered sets. This avoids scheduling conflicts. For example, if sets 1, 2, 3 and 4 in are applied in the remote node, then set 1 takes precedence over set 2, 3 and 4.
Chapter 37 Schedule Setup The following table describes the labels in this menu. Table 134 Menu 26.1: Schedule Set Setup FIELD DESCRIPTION Active Press [SPACE BAR] to select Yes or No. Choose Yes and press [ENTER] to activate the schedule set. Start Date Should this schedule set recur weekly or be used just once only? Press the [SPACE BAR] and then [ENTER] to select Once or Weekly. Both these options are mutually exclusive. If Once is selected, then all weekday settings are N/A.
Chapter 37 Schedule Setup 352 P-793H User’s Guide
CHAPTER 38 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • • • • Power, Hardware Connections, and LEDs ZyXEL Device Access and Login Internet Access Advanced Features 38.1 Power, Hardware Connections, and LEDs V The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on.
Chapter 38 Troubleshooting 38.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the ZyXEL Device. 3 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 38 Troubleshooting 6 If the problem continues, contact the network administrator or vendor, or try the advanced suggestion. Advanced Suggestion • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings, firewall rules, and SMT filters to find out why the ZyXEL Device does not respond to HTTP. See Section 21.1 on page 239. V I can see the Login screen, but I cannot log in to the ZyXEL Device.
Chapter 38 Troubleshooting V I cannot use the console port to access the ZyXEL Device. Make sure that you are using the included console cable and that the CON/AUX switch on the ZyXEL Device is set to CON. See the Quick Start Guide. 38.3 Internet Access V I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page 41. 2 Make sure you entered your ISP account information correctly in the wizard.
Chapter 38 Troubleshooting • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. See Chapter 13 on page 181. V I cannot access a web site (on Mondays). Check your content filtering settings and make sure you do not block yourself access to any web sites. See Chapter 10 on page 149. V My dial backup or traffic redirect do not work.
Chapter 38 Troubleshooting 2 Press and hold the RESET button for ten seconds. Release the RESET button when the POWER LED begins to blink. The default settings have been restored. If the ZyXEL Device restarts automatically, wait for the ZyXEL Device to finish restarting, and log in to the web configurator. The password is “1234”. If the ZyXEL Device does not restart automatically, disconnect and reconnect the ZyXEL Device’s power. Then, follow the directions above again.
P ART VI Appendices and Index Product Specifications (361) Wall-mounting Instructions (365) Setting up Your Computer’s IP Address (367) Pop-up Windows, JavaScripts and Java Permissions (383) IP Addresses and Subnetting (389) IP Address Assignment Conflicts (397) Common Services (401) Command Interpreter (405) Log Descriptions (411) NetBIOS Filter Commands (427) Legal Information (429) Customer Support (433) Index (437) 359
APPENDIX A Product Specifications Table 135 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password user: “user” administrator: “1234” DHCP Pool 192.168.1.33 to 192.168.1.64 Dimensions (W x D x H) 180 x 128 x 36 mm Power Specification 12V AC 1A Built-in Switch Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports G.
Appendix A Product Specifications Table 136 Firmware (continued) 362 ATM Support Multiple protocols over AAL5 (RFC1483) PPP over ATM (RFC 2364) PPP over Ethernet (RFC2516) ATM AAL5 supported Support 8 PVCs ATM Forum UNI3.0/4.0 PVC UBR CBR, and VBR traffic shaping Internet Access Sharing NAT (includes multi-to-multi NAT) / SUA, 2048 NAT sessions Port restricted cone NAT NAT server (Port forwarding) Multi-NAT Dynamic DNS (www.dyndns.
Appendix A Product Specifications Table 137 Firmware Features FEATURE DESCRIPTION Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, an FTP or a TFTP tool to put it on the ZyXEL Device. Note: Only upload firmware for your specific model! Configuration Backup & Restoration Make a copy of the ZyXEL Device’s configuration. You can put it back on the ZyXEL Device later if you decide to revert back to an earlier configuration.
Appendix A Product Specifications Table 137 Firmware Features FEATURE DESCRIPTION Bandwidth Management You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and/or to particular computers. Remote Management This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device.
APPENDIX B Wall-mounting Instructions Do the following to hang your ZyXEL Device on a wall. " See the product specifications appendix for the size of screws to use and how far apart to place them. 1 Locate a high position on a wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws. Make sure the distance between the centers of the holes matches what is listed in the product specifications appendix.
Appendix B Wall-mounting Instructions 366 P-793H User’s Guide
APPENDIX C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
Appendix C Setting up Your Computer’s IP Address Figure 247 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK.
Appendix C Setting up Your Computer’s IP Address Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 248 Windows 95/98/Me: TCP/IP Properties: IP Address 3 Click the DNS Configuration tab.
Appendix C Setting up Your Computer’s IP Address Figure 249 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted.
Appendix C Setting up Your Computer’s IP Address Figure 250 Windows XP: Start Menu 2 In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 251 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
Appendix C Setting up Your Computer’s IP Address Figure 252 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 253 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically.
Appendix C Setting up Your Computer’s IP Address Figure 254 Windows XP: Internet Protocol (TCP/IP) Properties 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: • In the IP Settings tab, in IP addresses, click Add. • In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add.
Appendix C Setting up Your Computer’s IP Address Figure 255 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Appendix C Setting up Your Computer’s IP Address Figure 256 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix C Setting up Your Computer’s IP Address Figure 257 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 258 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • From the Configure box, select Manually.
Appendix C Setting up Your Computer’s IP Address • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Appendix C Setting up Your Computer’s IP Address Figure 260 Macintosh OS X: Network 4 For statically assigned settings, do the following: • From the Configure box, select Manually. • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted).
Appendix C Setting up Your Computer’s IP Address " Make sure you are logged in as the root administrator. Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network. Figure 261 Red Hat 9.0: KDE: Network Configuration: Devices 2 Double-click on the profile of the network card you wish to configure.
Appendix C Setting up Your Computer’s IP Address • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. 3 Click OK to save the changes and close the Ethernet Device General screen. 4 If you know your DNS server IP address(es), click the DNS tab in the Network Configuration screen.
Appendix C Setting up Your Computer’s IP Address Figure 265 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp USERCTL=no PEERDNS=yes TYPE=Ethernet • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Appendix C Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 269 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.
APPENDIX D Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix D Pop-up Windows, JavaScripts and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 271 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix D Pop-up Windows, JavaScripts and Java Permissions Figure 272 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix D Pop-up Windows, JavaScripts and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 274 Internet Options: Security 2 3 4 5 6 386 Click the Custom Level... button. Scroll down to Scripting.
Appendix D Pop-up Windows, JavaScripts and Java Permissions Figure 275 Security Settings - Java Scripting Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Appendix D Pop-up Windows, JavaScripts and Java Permissions JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
