Prestige 480
User’s Guide
Version 2.40
June 1999
ZyXEL
TOTAL INTERNET ACCESS SOLUTION
Prestige 480 ISDN Router
Prestige 480
ISDN Router
Copyright
Copyright © 02.08.1999 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system,
translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical,
chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications
Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right
to make changes in any products described herein without notice. This publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of their
respective owners.
ii
Prestige 480 ISDN Router
Declaration of Conformity
ZyXEL Communications Services GmbH.
Standard Standard Item Version
• EN 55022
• EN 61000-3-2
• EN 61000-3-3
• EN 61000-4-2
• EN 61000-4-3
• EN 61000-4-4
• EN 61000-4-5
• EN 61000-4-6
• EN 61000-4-8
• EN61000-4-11
We, the Manufacturer/Importer
Thaliastrasse 125a/2/2/4
A-1160 Vienna - AUSTRIA
declare that the product
Prestige 480
is in conformity with
(Reference to the specification under which conformity is declared)
Radio disturbance characteristics – Limits and method of
measurement.
Disturbance in supply system caused by household appliances
and similar electrical equipment “Harmonics”.
Disturbance in supply system caused by household appliances
and similar electrical equipment “Voltage fluctuations”.
Electrostatic discharge immunity test – Basic EMC Publication 1995
Radiated, radio-frequency, electromagnetic field immunity test 1996
Electrical fast transient / burst immunity test - Basic EMC
Publication
Surge immunity test 1995
Immunity to conducted disturbances, induced by radio-frequency
fields
Power Magnetic Measurement 1993
Voltage dips, short interruptions and voltage variations immunity
tests
1994
1995
1995
1995
1996
1994
iii
Prestige 480 ISDN Router
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to two (2) years from the date of purchase. During the warranty period, and upon proof
of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its
discretion, repair or replace the defective products or components without charge for either parts or labor, and to
whatever extent it shall deem necessary to restore the product or components to proper operating condition. Any
replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be solely at
the discretion of ZyXEL. This warranty shall not apply if the product is modified, misused, tampered with, damaged by
an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu
of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular
use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to
the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty Card for your
Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the
unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will
be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or
replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid (USA and territories
only). If the customer desires some other return destination beyond the U.S. borders, the customer shall bear the cost of
the return shipment. This warranty gives you specific legal rights, and you may also have other rights that vary from state
to state.
iv
Prestige 480 ISDN Router
Customer Support
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL
Communications Corporation offices worldwide, in one of the following ways:
Method International North America Scandinavia
E-Mail-Tech
Support
support@zyxel.com.tw
support@zyxel.com support@zyxel.dk
support@europe.zyxel.com
E-Mail-Sales sales@zyxel.com.tw sales@zyxel.com sales@zyxel.dk
Web Site www.zyxel.com
www.europe.zyxel.com
Phone +886-3-5783942 +1-714-632-0882
Fax +886-3-5782439 +1-714-632-0858 +45-3955-0707
FTP -
Software and
ROM
upgrades
Regular Mail ZyXEL Communications Corp.,
ftp.europe.zyxel.com ftp.zyxel.com ftp.zyxel.dk
6 Innovation Road II, ScienceBased Industrial Park,
Hsinchu, Taiwan 300, R.O.C.
www.zyxel.com www.zyxel.dk
+45-3955-0700
800-255-4101
ZyXEL Communications
Inc., 1650 Miraloma
Avenue, Placentia, CA
92870, U.S.A.
ZyXEL Communications
A/S, Columbusvej 5, 2860
Soeborg, Copenhagen,
Denmark
v
Prestige 480 ISDN Router
Table of Contents
Declaration of Conformity..........................................................................................................iii
Table of Contents ......................................................................................................................vii
List of Figures...........................................................................................................................xiii
List of Tables ...........................................................................................................................xvii
Preface......................................................................................................................................xix
Prestige Scenarios...................................................................................................................xxi
Chapter 1 ..................................................................................................................................1-1
Getting to Know Your Router...................................................................................................1-1
1.1 Prestige 480 ISDN Router.............................................................................................1-1
1.2 Features of Prestige 480.................................................................................................1-1
1.3 Applications for Prestige 480 ...........................................................................................1-4
1.3.1 Internet Access ........................................................................................................1-5
1.3.2 LAN-to-LAN Connection........................................................................................1-7
1.3.3 Remote Access Server.............................................................................................1-8
Chapter 2 ..................................................................................................................................2-1
Hardware Installation & Initial Setup.......................................................................................2-1
2.1 Front Panel LEDs............................................................................................................2-1
2.2 Prestige 480 Rear Panel and Connections......................................................................2-2
2.3 Prestige Network Commander ........................................................................................2-3
2.4 Additional Installation Requirements................................................................................2-3
2.5 Housing ..........................................................................................................................2-4
2.6 Power On Your Prestige..................................................................................................2-4
2.7 Navigating the SMT Interface..........................................................................................2-5
2.7.1 System Management Terminal Interface Summary.................................................. 2-6
2.8 Changing the System Password......................................................................................2-7
2.9 Resetting the Prestige .....................................................................................................2-8
2.10 General Setup...........................................................................................................2-10
2.11 European ISDN Setup Menus....................................................................................2-11
2.11.1 Advanced Setup.................................................................................................2-12
Table of Contents vii
Prestige 480 ISDN Router
2.12 Ethernet Setup..........................................................................................................2-14
2.12.1 General Ethernet Setup......................................................................................2-15
Chapter 3 ..................................................................................................................................3-1
Internet Access .........................................................................................................................3-1
3.1 Factory Ethernet Defaults................................................................................................3-1
3.2 Route IP Setup ...............................................................................................................3-1
3.3 TCP/IP Parameters.........................................................................................................3-2
3.3.1 IP Address and Subnet Mask................................................................................... 3-2
3.3.2 RIP Setup................................................................................................................ 3-2
3.3.3 DHCP Configuration...............................................................................................3-3
3.4 TCP/IP Ethernet Setup and DHCP..................................................................................3-5
3.5 Internet Access Configuration .........................................................................................3-7
3.6 Single User Account........................................................................................................3-9
3.6.1 Advantages of SUA ...............................................................................................3-10
3.6.2 Single User Account Configuration .......................................................................3-11
3.7 Configuring Backup ISP Accounts.................................................................................3-12
3.7.1 Configure a Backup ISP........................................................................................3-12
3.7.2 To Switch ISP.......................................................................................................3-12
Chapter 4 ..................................................................................................................................4-1
Remote Node Configuration ....................................................................................................4-1
4.1 Remote Node Setup........................................................................................................4-1
4.1.1 Remote Node Profile............................................................................................... 4-1
4.1.2 Nailed-up Connection..............................................................................................4-5
4.1.3 Outgoing Authentication Protocol............................................................................ 4-5
4.1.4 PPP Multilink ..........................................................................................................4-6
4.1.5 Bandwidth on Demand............................................................................................ 4-6
4.1.6 Editing PPP Options................................................................................................ 4-8
4.1.7 Remote Node Filter...............................................................................................4-10
Chapter 5 ..................................................................................................................................5-1
Table of Contentsviii
Prestige 480 ISDN Router
Remote Node TCP/IP Configuration........................................................................................5-1
5.1 LAN-to-LAN Application ..................................................................................................5-1
5.2 Remote Node Setup........................................................................................................5-3
5.2.1 Static Route Setup...................................................................................................5-6
Chapter 6 ..................................................................................................................................6-1
Dial-in Server Configuration ....................................................................................................6-1
6.1 Remote Access Server ...................................................................................................6-2
6.2 LAN-to-LAN Server Application.......................................................................................6-3
6.3 Default Dial-in Setup.......................................................................................................6-4
6.3.1 Default Dial-in Filter...............................................................................................6-7
6.4 Dial-In Users Setup.........................................................................................................6-7
6.4.1 Remote Access under Windows.............................................................................6-10
6.4.2 CLID Authentication.............................................................................................6-12
6.4.3 Callback................................................................................................................6-12
6.4.4 Configuring the Prestige for Callback with CLID ..................................................6-14
6.5 Multiple Servers behind SUA.........................................................................................6-16
6.5.1 Configuring a Server behind SUA .........................................................................6-16
Chapter 7 ..................................................................................................................................7-1
Filter Configuration ..................................................................................................................7-1
7.1 About Filtering.................................................................................................................7-1
7.2 Configuring a Filter Set ...................................................................................................7-2
7.2.1 Filter Rules Summary Menus ..................................................................................7-3
7.3 Configuring a Filter Rule..................................................................................................7-5
7.3.1 Filter Types and SUA..............................................................................................7-6
7.3.2 TCP/IP Filter Rule...................................................................................................7-7
7.3.3 Generic Filter Rule..................................................................................................7-9
7.4 Applying Filters and Factory Defaults ............................................................................ 7-11
7.4.1 Ethernet traffic ......................................................................................................7-11
7.4.2 Remote Node Filters..............................................................................................7-11
Table of Contents ix
Prestige 480 ISDN Router
7.4.3 Default Dial-in Filter.............................................................................................7-12
Chapter 8 ..................................................................................................................................8-1
SNMP Configuration.................................................................................................................8-1
8.1 About SNMP...................................................................................................................8-1
8.2 Configuring SNMP..........................................................................................................8-1
Chapter 9 ..................................................................................................................................9-1
System Security .......................................................................................................................9-1
9.1 Changing the System Password......................................................................................9-1
9.2 Using RADIUS Authentication.........................................................................................9-3
9.2.1 Installing a RADIUS Server .................................................................................... 9-3
9.2.2 RADIUS Server Configuration................................................................................9-4
9.2.3 The Key Field .........................................................................................................9-5
9.2.4 Adding Users to the RADIUS Database...................................................................9-5
9.2.5 Using RADIUS Authentication for CLID................................................................9-6
9.3 RADIUS Accounting........................................................................................................9-6
Chapter 10...............................................................................................................................10-1
Telnet Configuration and Capabilities...................................................................................10-1
10.1 About Telnet Configuration ........................................................................................10-1
10.2 Telnet Under SUA .....................................................................................................10-2
10.3 Telnet Capabilities.....................................................................................................10-2
10.3.1 Single Administrator .........................................................................................10-2
10.3.2 System Timeout.................................................................................................10-2
Chapter 11............................................................................................................................... 11-1
System Maintenance..............................................................................................................11-1
11.1 System Status...........................................................................................................11-2
11.1.1 System Information ...........................................................................................11-6
11.1.2 Console Port Speed............................................................................................11-7
11.2 Log and Trace........................................................................................................... 11-7
11.2.1 Viewing Error Log ............................................................................................11-7
11.2.2 Syslog And Accounting.....................................................................................11-8
Table of Contentsx
Prestige 480 ISDN Router
11.3 Diagnostic................................................................................................................11-11
11.4 Backup Configuration.............................................................................................. 11-14
11.5 Restore Configuration ............................................................................................. 11-14
11.6 Firmware Update..................................................................................................... 11-14
11.6.1 Upload Router Firmware .................................................................................11-15
11.6.2 Uploading Router Configuration File...............................................................11-16
11.6.3 TFTP Transfer.................................................................................................11-17
11.6.4 Boot Module Command...................................................................................11-18
11.7 Command Interpreter Mode..................................................................................... 11-19
11.8 Call Control............................................................................................................. 11-19
11.8.1 Call Control Parameters...................................................................................11-20
11.8.2 Blacklist..........................................................................................................11-21
11.8.3 Budget Management ........................................................................................11-22
11.8.4 Call History.....................................................................................................11-23
11.9 Time and Date Setting ............................................................................................. 11-24
Chapter 12...............................................................................................................................12-1
Troubleshooting .....................................................................................................................12-1
12.1 Problems Starting Up the Prestige.............................................................................12-1
12.2 Problems With the ISDN Lines ..................................................................................12-2
12.3 Problems with the Ethernet Connection.....................................................................12-3
12.4 Problems Connecting to a Remote Node or ISP ........................................................12-3
12.5 Problems for Remote User to Dial-in .........................................................................12-4
Information Worksheet............................................................................................................... A
Enhanced Syslog.........................................................................................................................E
Acronyms and Abbreviations....................................................................................................G
Index .............................................................................................................................................I
Table of Contents xi
Prestige 480 ISDN Router
List of Figures
Figure 1-1 Internet Access Application.....................................................................................................1-5
Figure 1-2 Internet Access Application.....................................................................................................1-6
Figure 1-3 LAN-to-LAN Application .......................................................................................................1-7
Figure 1-4 Remote Access Server Application..........................................................................................1-8
Figure 2-1 Front Panel..............................................................................................................................2-1
Figure 2-2 Prestige 480 Rear Panel and Connections.................................................................................2-2
Figure 2-3 Power-On Display...................................................................................................................2-4
Figure 2-4 Login Screen...........................................................................................................................2-4
Figure 2-5 SMT Main Menu.....................................................................................................................2-6
Figure 2-6 Menu 23 - System Security......................................................................................................2-7
Figure 2-7 Menu 23.1 - System Security - Change Password .....................................................................2-8
Figure 2-8 Booting Up the Prestige ...........................................................................................................2-9
Figure 2-9 Menu 1 – General Setup........................................................................................................2-10
Figure 2-10 Menu 2 – ISDN Setup ......................................................................................................... 2-11
Figure 2-11 Menu 2.1 – ISDN Basic Setup ............................................................................................. 2-11
Figure 2-12 Menu 2.1.1 - ISDN Advanced Setup...................................................................................2-12
Figure 2-13 Loopback Test..................................................................................................................... 2-14
Figure 2-14 Menu 3 - Ethernet Setup...................................................................................................... 2-14
Figure 2-15 General Ethernet Setup........................................................................................................2-15
Figure 3-1 General Setup..........................................................................................................................3-1
Figure 3-2 Menu 3.2 – TCP/IP and DHCP Ethernet Setup.........................................................................3-5
Figure 3-3 Menu 4 – Internet Access Setup...............................................................................................3-7
Figure 3-4 Single User Account Topology.................................................................................................3-9
Figure 3-5 Menu 4 – Internet Access Setup for Single User Account....................................................... 3-11
Figure 4-1 Menu 11 – Remote Node Setup................................................................................................4-2
Figure 4-2 Menu 11.1 Remote Node Profile..............................................................................................4-2
Figure 4-3 Menu 11.2 - Remote Node PPP Options...................................................................................4-8
Figure 4-4 Menu 11.5 – Remote Node Filter........................................................................................... 4-10
Figure 5-1 TCP/IP LAN-to-LAN Application...........................................................................................5-1
Figure 5-2 LAN 1 Setup...........................................................................................................................5-2
Figure 5-3 LAN 2 Setup...........................................................................................................................5-2
List of Figures xiii
Prestige 480 ISDN Router
Figure 5-4 Menu 11.3- Remote Node TCP/IP Options...............................................................................5-3
Figure 5-5 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection..................................................5-4
Figure 5-6 Example of Static Routing Topology ........................................................................................5-6
Figure 5-7 Menu 12.1 – IP Static Route Setup...........................................................................................5-7
Figure 5-8 Edit IP Static Route Setup........................................................................................................5-7
Figure 6-1 Example of Remote Access Server Application........................................................................6-2
Figure 6-2 Example of a LAN-to-LAN Server Application........................................................................6-3
Figure 6-3 Menu 13 – Default Dial-in Setup..............................................................................................6-4
Figure 6-4 Default Dial-in Filter................................................................................................................6-7
Figure 6-5 Menu 14 - Dial-in User Setup...................................................................................................6-7
Figure 6-6 Edit Dial-in User......................................................................................................................6-8
Figure 6-7 Remote Access Example........................................................................................................6-10
Figure 6-8 Configuring Menu 13 for Remote Access...............................................................................6-11
Figure 6-9 Edit Dial-in-User for RAS......................................................................................................6-11
Figure 6-10 LAN 1 LAN-to-LAN Application ........................................................................................ 6-12
Figure 6-11 LAN2 LAN-to-LAN Application .........................................................................................6-13
Figure 6-12 Testing Callback with your Connection ................................................................................ 6-13
Figure 6-13 Callback with CLID Configuration....................................................................................... 6-14
Figure 6-14 Configuring CLID with Callback .........................................................................................6-15
Figure 6-15 Callback and CLID Connection Test....................................................................................6-15
Figure 6-16 Multiple Server Configuration.............................................................................................. 6-17
Figure 7-1 Outgoing Packet Filtering Process............................................................................................7-1
Figure 7-2 Menu 21 - Filter Set Configuration ...........................................................................................7-2
Figure 7-3 Menu 21.1 - Filter Rules Summary ...........................................................................................7-3
Figure 7-4 Menu 21.2 - Filter Rules Summary ...........................................................................................7-3
Figure 7-5 Protocol and Device Filter Sets ................................................................................................7-6
Figure 7-6 Menu 21.1.1 - TCP/IP Filter Rule.............................................................................................7-7
Figure 7-7 Menu 21.3.1 - Generic Filter Rule............................................................................................7-9
Figure 7-8 Filtering Ethernet traffic......................................................................................................... 7-11
Figure 7-9 Filtering Remote Node traffic................................................................................................7-12
Figure 7-10 Default Dial-in Filter............................................................................................................7-12
Figure 8-1 Menu 22 - SNMP Configuration ..............................................................................................8-1
Figure 9-1 Menu 23 - System Security ......................................................................................................9-1
List of Figuresxiv
Prestige 480 ISDN Router
Figure 9-2 Menu 23.1 - System Security - Change Password .....................................................................9-2
Figure 9-3 Menu 23.2 - System Security - External Server........................................................................9-4
Figure 9-4 Menu 24.3.3 – System Maintenance – Accounting Server ........................................................9-6
Figure 9-5 Examples of RADIUS Accounting Message ............................................................................9-7
Figure 10-1 Telnet Configuration on a TCP/IP Network..........................................................................10-1
Figure 11-1 Menu 24 - System Maintenance........................................................................................... 11-1
Figure 11-2 Menu 24.1 - System Maintenance – Status ........................................................................... 11-2
Figure 11-3 Menu 24.1 after Toggle Status.............................................................................................. 11-3
Figure 11-4 LAN Packet That Triggered Last Call .................................................................................. 11-5
Figure 11-5 System Maintenance - Information....................................................................................... 11-6
Figure 11-6 Menu 24.2.2 – System Maintenance – Change Console Port Speed ..................................... 11-7
Figure 11-7 Examples of Error and Information Messages ...................................................................... 11-8
Figure 11-8 Menu 24.3.2 - System Maintenance – UNIX Syslog and Accounting.................................... 11-8
Figure 11-9 Menu 24.4 - System Maintenance - Diagnostic....................................................................11-11
Figure 11-10 Trace Display for a Successful Manual Call..................................................................... 11-13
Figure 11-11 Trace Display for a Failed Authentication......................................................................... 11-13
Figure 11-12 Menu 24.7 - System Maintenance - Upload Firmware ...................................................... 11-15
Figure 11-13 Menu 24.7.1 - Uploading Router Firmware ...................................................................... 11-15
Figure 11-14 Menu 24.7.2 - System Maintenance - Upload Router Configuration File........................... 11-16
Figure 11-15 Boot Module Commands ................................................................................................. 11-18
Figure 11-16 Command Mode.............................................................................................................. 11-19
Figure 11-17 Menu 24.9 - System Maintenance - Call Control .............................................................. 11-20
Figure 11-18 Call Control Parameters................................................................................................... 11-20
Figure 11-19 Menu 24.9.2 - Blacklist.................................................................................................... 11-21
Figure 11-20 Menu 24.9.3 - Budget Management.................................................................................. 11-22
Figure 11-21 Call History..................................................................................................................... 11-23
Figure 11-22 System Maintenance – Time and Date Setting.................................................................. 11-24
List of Figures xv
Prestige 480 ISDN Router
List of Tables
Table 2-1 LED Functions..........................................................................................................................2-1
Table 2-2 Main Menu Commands .............................................................................................................2-5
Table 2-3 Main Menu Summary...............................................................................................................2-6
Table 2-4 General Setup Menu Fields .....................................................................................................2-10
Table 2-5 Menu 2.1 – ISDN Basic Setup................................................................................................. 2-12
Table 2-6 Menu 2.1.1 - ISDN Advanced Setup........................................................................................2-13
Table 3-1 DHCP Ethernet Setup Menu Fields ...........................................................................................3-6
Table 3-2 TCP/IP Ethernet Setup Menu Fields..........................................................................................3-6
Table 3-3 Internet Account Information....................................................................................................3-7
Table 3-4 Internet Access Setup Menu Fields ............................................................................................3-8
Table 3-5 Single User Account Menu Fields ........................................................................................... 3-11
Table 4-1 Remote Node Profile Menu Fields.............................................................................................4-3
Table 4-2 BTR v MTR for BOD ...............................................................................................................4-7
Table 4-3 Remote Node PPP Options Menu Fields....................................................................................4-9
Table 5-1 TCP/IP related fields in Remote Node Profile............................................................................5-4
Table 5-2 TCP/IP Remote Node Configuration .........................................................................................5-5
Table 5-3 Edit IP Static Route Menu Fields...............................................................................................5-8
Table 6-1 Remote Dial-in Users/Remote Nodes Comparison Chart ...........................................................6-1
Table 6-2 Default Dial-in Setup Fields......................................................................................................6-4
Table 6-3 Edit Dial-in User Menu Fields...................................................................................................6-9
Table 6-4 Services vs. Port number.........................................................................................................6-17
Table 7-1 Abbreviations Used in the Filter Rules Summary Menu.............................................................7-3
Table 7-2 Abbreviations used if Filter Type is IP ....................................................................................... 7-5
Table 7-3 Abbreviations used if Filter Type is GEN ..................................................................................7-5
Table 7-4 TCP/IP Filter Rule Menu Fields................................................................................................7-7
Table 7-5 Generic Filter Rule Menu Fields..............................................................................................7-10
Table 8-1 SNMP Configuration Menu Fields ............................................................................................8-2
Table 9-1 System Security - External Server Menu Fields .........................................................................9-5
Table 9-2 System Maintenance – Accounting Server Fields.......................................................................9-7
Table 9-3 Accounting Attributes...............................................................................................................9-8
Table 11-1 System Maintenance - Status Menu Fields............................................................................. 11-3
List of Tables xvii
Prestige 480 ISDN Router
Table 11-2 Fields in System Maintenance ................................................................................................11-6
Table 11-3 System Maintenance Menu - UNIX Syslog Parameters ..........................................................11-9
Table 11-4 System Maintenance Menu Diagnostic.................................................................................11-12
Table 11-5 Call Control Parameters Fields.............................................................................................11-21
Table 11-6 Call History Fields...............................................................................................................11-23
Table 11-7 Time and Date Setting Fields ...............................................................................................11-24
Table 12-1 Troubleshooting the Start-Up of your Prestige ........................................................................12-1
Table 12-2 Troubleshooting the ISDN Lines............................................................................................ 12-2
Table 12-3 Troubleshooting the Ethernet Connection............................................................................... 12-3
Table 12-4 Troubleshooting a Connection to a Remote Node or ISP.........................................................12-3
Table 12-5 Troubleshooting for Remote Users to Dial-in.........................................................................12-4
Table 12-6 IP Subnet Masks and the Number of Hosts ................................................................................. C
List of Tablesxviii
Prestige 480 ISDN Router
Preface
About Your Router
Congratulations on your purchase of the Prestige 480 ISDN Router.
The Prestige 480 is a high-performance router that offers a complete solution for your WAN (Wide
Area Network) applications such as Internet access, multi-protocol LAN-to-LAN connections,
telecommuting and remote access over ISDN (Integrated Service Digital Network).
Note: If you do not have the ISDN lines installed already, order it as soon as possible in order to install and
configure your P480. Contact your telephone company’s ISDN Ordering Center to find about the type of
ISDN service most suitable for your purpose.
Your Prestige 480 is easy to install and to configure since you do not need to set any switches.
You can use the PNC or the SMT interface to configure your Prestige. The PNC (Prestige Network
Commander) is a C++ based utility designed to allow users to manage the Prestige via Windows.
All functions of the Prestige 480 are software configurable via the SMT (System Management
Terminal) Interface. The SMT is a menu-driven interface that you can access from either a VT100
compatible terminal or a terminal emulation program on a PC.
Your Prestige also adheres to SNMP (Simple Network Management Protocol) standards. SNMP is
a management protocol for collecting information from devices on the network.
About This User's Manual
This user's guide shows you how to configure and manage your router.
It is designed to guide you through the configuration of your Prestige 480 for its various
applications.
Other Resources
For more information about the Prestige check the following sources:
♦ Prestige Support disk.
♦ Release notes for firmware upgrades and other information. These can be accessed through
ZyXEL FTP server site and ZyXEL web Page.
For ZyXEL support information see the Customer Support section in page v.
Preface xix
Prestige 480 ISDN Router
Syntax Conventions
• “Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to select one from the predefined choices.
• The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in
Bold Arial font. A single keystroke is in Arial font and enclosed in square brackets, for
instance, [ENTER] means the Enter, or carriage return, key; [ESC] means the Escape key.
• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a
shorthand for “that is” or “in other words” throughout this manual.
• The Prestige 480 will also be referred to as the Prestige or the P480 from now on, in this
manual
Prefacexx
Prestige 480 ISDN Router
Prestige Scenarios
For fast access to example SMT menus to show you how to configure the Prestige for various
scenarios go to the following sections
SCENARIO GO TO SECTION
To reset your Prestige 2.9
DHCP 3.4
Internet Access 3.5
To configure SUA 3.6.2
LAN-to-LAN application 5.1
Remote Access under Windows 6.4.1
Callback 6.4.3
Callback with CLID 6.4.4
To apply filters 7.4
Prestige Scenarios xxi
Prestige 480 ISDN Router
maintenance facilities.
General Structure of this Manual
Getting Started (Chapters 1-2)
This helps you connect, install and setup your Prestige
to operate on your network.
The Internet (Chapter 3)
This shows you how to configure your Prestige for
Internet access.
Advanced Applications (Chapters 4-9)
This shows how to configure remote nodes and dial-in
servers, how to create/apply filters and how to
Management & Maintenance (Chapter
10)
This provides information on management tools and
Troubleshooting (Chapter 11)
This provides information about solving common
problems.
Structure of the Manualxxii
Prestige 480 ISDN Router
Chapter 1
Getting to Know Your Router
This chapter describes the key features and applications of your Prestige.
1.1 Prestige 480 ISDN Router
The Prestige 480 is a dual-line ISDN router. The Prestige is ideal for everything from Internet
browsing or receiving calls from remote dial-in users to making LAN-to-LAN connections to
remote networks.
1.2 Features of Prestige 480
The following are the key features of the Prestige 480.
Dual ISDN Basic Rate Interface (BRI) Support
The P480 supports two BRI, with each BRI offering two 64Kbps channels. The channels can be
used independently for up to four destinations simultaneously in any incoming/outgoing
combination or be bundled in a single connection to speed up data transfer.
Dial-in Server
The four B-channels and the dial-in capability make the Prestige an ideal platform as a dial-in
server to provide remote access for up to four telecommuting employees.
Auto-negotiating 10/100 Mbps Ethernet
The LAN interface automatically detects if it’s on a 10 or a 100 Mbps Ethernet and adjusts itself
for the highest speed.
Single User Account (SUA)
The SUA™ (Single User Account) features allows multiple users on the LAN to share Internet
access for the price of a single ISP account.
Getting to know your Prestige 1-1
Prestige 480 ISDN Router
DNS Proxy
The DNS ( Domain Name System) proxy capability eliminates the need of statically configuring
the DNS servers.
DHCP Support
DHCP (Dynamic Host Configuration Protocol) server/relay support allows the workstations on
your LAN to obtain the configuration from the Prestige.
Dial-On-Demand
The Dial-On-Demand feature allows the Prestige to automatically place a call to a remote gateway
based on the triggering packet’s destination without user intervention.
TCP/IP and PPP Support
♦ TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
♦ PPP/MP (Point-to-Point Protocol/Multilink Protocol) link layer protocol.
PPP Multilink
The Prestige can bundle up to four B-channels in a single connection using the PPP Multilink
Protocol The number of links can be either statically configured or dynamically managed based on
traffic demand.
Bandwidth-On-Demand
The Prestige can dynamically allocate bandwidth by adding and dropping links according to traffic
demand. The telephone number of an additional link can be obtained either with BAP (Bandwidth
Allocation Protocol) or statically configured.
Full Network Management
♦ Windows based PNC (Prestige Network Commander).
♦ SNMP (Simple Network Management Protocol) support.
♦ SMT (System Management Terminal) access through telnet connection.
PNC
The Prestige Network Commander (PNC) is a C++ based utility designed to allow users to access
the Prestige’s management settings via Windows.
1-2 Getting to know your Prestige
Prestige 480 ISDN Router
SNMP
The Simple Network Management Protocol (SNMP) is a management protocol for collecting
information from devices on the network. When TCP/IP is configured in your Prestige, the SNMP
agent functionality allows a manager station to manage and monitor the Prestige through the
network.
SMT
The System Management Terminal (SMT) is a menu-driven interface to configure your Prestige
using either console port (through RS232 cable) connection or telnet (through LAN) connection.
You can access the SMT from either a VT100 compatible terminal or a terminal emulation
program on a PC.
Logging and Tracing
♦ CDR (Call Detail Record) for assistance in analyzing and managing the telephone bill.
♦ Built-in message logging and packet tracing.
♦ UNIX syslog facility support.
RADIUS Support
RADIUS (Remote Authentication Dial-In User Service) is the most popular protocol for user
authentication on dial-up lines. RADIUS support allows you to use an external server for unlimited
number of users and helps in the centralized management of the users database.
PAP and CHAP Security
The Prestige supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake
Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on
more platforms.
CLID Support
CLID (Calling Line Identification) allows the Prestige to authenticate the caller before a call is
answered, thus saving the cost of a connection. The Prestige uses the caller ID in call setup
message to match against the CLID in database. (Note: The telephone company must support
Caller ID for CLID authentication to work on the Prestige.)
Getting to know your Prestige 1-3
Prestige 480 ISDN Router
Call Back
The Callback feature allows the Prestige to disconnect a call and then call back when an authorized
remote user dials into the system. This prevents intruders from accessing your network and makes
accounting easier when you use the Prestige as a dial-in server.
Packet Filtering
The Prestige supports packet filtering that stops leakage of private data to the outside world and
controls access to undesirable locations.
Call Control
Your Prestige provides budget management for outgoing calls and maintains a blacklist for
unreachable phone numbers, thus saving you the expense of unnecessary charges.
Data Compression
Your Prestige incorporates Stac data compression to speed up data transfer. Stac is the de facto
standard of data compression over PPP links.
Networking Compatibility
Your Prestige is compatible with remote access products from other manufacturers such as Ascend,
Cisco, and 3Com. Furthermore, it supports Microsoft Windows 95 and Windows NT dial-up
networking (DUN) capability.
Upgrade Firmware via LAN
In addition to the direct console port connection, the Prestige supports the up/downloading of
firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over the LAN.
Even though TFTP should work over the WAN as well, it is not recommended because of potential
data corruption problems.
Backup and Restore Configuration File
You can backup the configuration of the Prestige to your workstation and also restore the
configuration from your workstation.
1.3 Applications for Prestige 480
The following sections show you the possible applications for your Prestige.
1-4 Getting to know your Prestige
Prestige 480 ISDN Router
1.3.1 Internet Access
The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP
protocol that the Internet uses exclusively. It is also compatible with access servers manufactured
by major vendors such as Cisco and Ascend. A typical Internet Access application is shown next.
Figure 1-1 Internet Access Application
Internet Single User Account
For a SOHO (Small Office/Home Office) environment, your Prestige offers a Single User Account
(SUA) feature that allows multiple users on the LAN (Local Area Network) to access the Internet
concurrently for the cost of a single account. Single User Account address mapping can also be
used for other LAN to LAN connections.
Getting to know your Prestige 1-5
Prestige 480 ISDN Router
Intranet Application
Small/Medium Office users can access the Internet via one ISDN BRI at speed up to 128Kbps even
when the branch office users are connected remotely. The branch office users can access the
Internet without extra ISP subscription fee. The application is shown next in Figure 1.2 Internet
Access Application.
Figure 1-2 Internet Access Application
1-6 Getting to know your Prestige
Prestige 480 ISDN Router
1.3.2 LAN-to-LAN Connection
You can use the Prestige to connect two geographically dispersed networks at speeds of up to
256Kbps over two ISDN BRI lines. It incorporates PPP/MP (Point-to-Point Protocol/Multilink
Protocol) to bundle the B channels. The Prestige supports TCP/IP protocols. A typical LAN-toLAN application for your Prestige is shown next.
Figure 1-3 LAN-to-LAN Application
Getting to know your Prestige 1-7
Prestige 480 ISDN Router
1.3.3 Remote Access Server
Your Prestige allows remote users to dial in and gain access to your LAN. This feature enables
users that have workstations with remote access capabilities, e.g., Windows 95, to dial in to access
the network resources without physically being in the office. Either PAP (Password Authentication
Protocol) or CHAP (Challenge Handshake Authentication Protocol) authentication can be used to
control the access from the remote users. You can also use callback for security and/or accounting
purposes.
Figure 1-4 Remote Access Server Application
1-8 Getting to know your Prestige
Prestige 480 ISDN Router
Chapter 2
Hardware Installation & Initial Setup
This chapter shows you how to make the cable connections to your
Prestige as well as set up your ISDN connection using the SMT.
2.1 Front Panel LEDs
The LED indicators on the front panel indicate the router functional status of the Prestige. The
following table describes the LED functions:
Figure 2-1 Front Panel
Table 2-1 LED Functions
Field Description
PWR The PWR (power) LED is on when power is applied to the Prestige.
SYS The SYS (System) LED is on when the system is running normally, and off when the
system is not ready or failed. It flashes when the system is rebooting.
LAN 10M This green LED is on when the 10M Ethernet is connected and ready and off when
the 10M Ethernet is not ready or failed. This LED flashes when the Prestige is
sending or receiving packets.
100M This orange LED is on when the 100M Ethernet is connected and ready and off
when the 100M Ethernet is not ready or failed. This LED flashes when the Prestige
is sending or receiving packets.
ISDN 1 & 2 LNK
B1/B2
Hardware Installation and Setup 2-1
The LNK (Link) LED is on when the Prestige is connected to an ISDN switch and
the line has been successfully initialized; otherwise, it is off.
The B1/B2 LED is on when the corresponding B Channel is in use.
Prestige 480 ISDN Router
Power
SMT Management
ISDN 2
ISDN 1
Hub
Power
Outlet
2.2 Prestige 480 Rear Panel and Connections
This section outlines how to connect your Prestige 480 to the LAN and to the ISDN network.
The figure below shows the rear panel of your Prestige 480 and the connection diagram.
Adapter
LAN
Figure 2-2 Prestige 480 Rear Panel and Connections
Step 1. Connecting the ISDN lines
Connect the Prestige to the ISDN network using the included ISDN (black) cable. Plug one end of
the cable into the port labeled ISDN BRI and the other to the ISDN wall jack.
Step 2. Connecting Ethernet to your Prestige
Use a Shielded Twisted Pair (UTP) cable and RJ-45 connectors that look like a bigger telephone
plug with eight pins to connect your Prestige to a 10/100M LAN.
Warning: Please verify the correct cable before connecting. If one of these cables is accidentally
used to connect your Prestige to the ISDN lines, it may damage your Prestige.
2-2 Hardware Installation and Setup
Prestige 480 ISDN Router
Step 3. Connecting the Power Adapter to your Prestige
Connect the power adapter to the port labeled POWER on the rear panel of your Prestige.
Step 4. Connecting the Console Port
For the initial configuration of your Prestige, you need to use a terminal emulator software on a
workstation and connect it to the Prestige through the console port. Connect the 9-pin (smaller)
end of the console cable to the console port of the Prestige and the 25-pin (bigger) end to a serial
port (COM1, COM2 or other COM port) of your workstation. You can use an extension RS-232
cable if the enclosed one is too short.
After the initial setup, you can also modify the configuration remotely through telnet connections.
See the chapter Telnet Configuration and Capabilities for detailed instructions on using telnet to
configure your Prestige.
2.3 Prestige Network Commander
You can also setup the Prestige using the Prestige Network Commander (PNC). The PNC is a
Windows-based tool that provides a quick and simple way to configure your Prestige. For more
information on installing PNC insert the PNC installation disc in the relevant drive of your
computer and follow the on-screen directions.
Note: You cannot access the PNC if you use the RS232 cable. You must use only the Ethernet
cable.
2.4 Additional Installation Requirements
In addition to the contents of your package, there are other hardware and software requirements
you need before you can install and use your Prestige. These requirements include:
1. A computer with Ethernet 10Base-T NIC (Network Interface Card).
2. A computer equipped with communications software configured to the following parameters:
♦ VT100 terminal emulation.
♦ 9600 Baud.
♦ No parity, 8 Data bits, 1 Stop bit.
Hardware Installation and Setup 2-3
Prestige 480 ISDN Router
Press ENTER to continue...
2.5 Housing
Your Prestige's housing has ventilation slots for cooling and clip-out legs that fit snugly into
grooves for sturdy stacking with better airflow. ZyXEL recommends that you do not stack more
than 4 routers for maximum stack stability and cooling.
2.6 Power On Your Prestige
At this point, you should have connected the console port, the ISDN BRI port, the Ethernet port
and the power port to the appropriate devices or lines.
Step 1. Initial Screen
When you power on your Prestige, it performs several internal tests as well as line initialization.
After the initialization, the Prestige asks you to press [Enter] to continue, as shown.
Copyright (c) 1994 - 1999 ZyXEL Communications Corp.
initialize ch =0, ethernet address: 00:a0:c5:ff:00:35
(2) DSS1:
(2) DSS1:
Resetting ISDN 1...
Resetting ISDN 2...
Figure 2-3 Power-On Display
Step 2. Entering Password
The login screen appears after you press [Enter], prompting you to enter the password, as shown
next.
For your first login, enter the default password 1234. As you type the password, the screen
displays a (X) for each character you type.
Enter Password : XXXX
Figure 2-4 Login Screen
2-4 Hardware Installation and Setup
Prestige 480 ISDN Router
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will
automatically log you out and will display a blank screen. If you see a blank screen, press [Enter]
to bring up the login screen again.
2.7 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration
are listed in the table below.
Table 2-2 Main Menu Commands
Operation Press/<read> Description
Move forward to
another menu
Move backward to
a previous menu
Move to a submenu Press the [Space
Move the cursor
Enter information Fill in, or
Required fields
N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol
Save your
configuration
Exit the SMT Type 99, then
[Enter] To move forward to a sub-menu, type in the number of the
desired sub-menu and press [Enter].
[Esc] Press the [Esc] key to move back to the previous menu.
Fields beginning with “Edit” have a default setting of No. Press
bar] to change NO
to YES then press
[ENTER].
[Enter] or
[Up]/[Down] arrow
keys
Press the [Space
bar] to toggle
<?>
[Enter] Save your configuration by pressing [Enter] at the message
press [Enter].
the [Space bar] to change No to Yes, then press [ENTER] to go
to a submenu.
Within a menu, press [Enter] to move to the next field. You can
also use the [Up]/[Down] arrow keys to move to the previous and
the next field, respectively.
You need to fill in two types of fields. The first requires you to type
in the appropriate information. The second allows you to cycle
through the available choices by pressing the [Space] bar.
All fields with the symbol <?> must be filled in order be able to
save the new configuration.
refers to an option that is Not Applicable.
[Press ENTER to confirm or ESC to cancel]. Saving the data on
the screen will take you, in most cases to the previous menu.
Type 99 at the Main Menu prompt and press [Enter] to exit the
SMT interface.
Hardware Installation and Setup 2-5
Prestige 480 ISDN Router
After you enter the password, the SMT displays the Main Menu, as shown next.
Copyright (c) 1994 – 1999 ZyXEL Communications Corp.
Getting Started
1. General Setup
2. ISDN Setup
3. Ethernet Setup
4. Internet Access Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
13. Default Dial-in Setup
14. Dial-in User Setup
15. SUA Server Setup
Prestige 480 Main Menu
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Security
24. System Maintenance
99. Exit
Enter Menu Selection Number:
Figure 2-5 SMT Main Menu
2.7.1 System Management Terminal Interface Summary
Table 2-3 Main Menu Summary
# Menu Title Description
1 General Setup Use this menu to setup general information.
2 ISDN Setup Use this menu to setup the ISDN.
3 Ethernet Setup Use this menu to setup Ethernet.
4 Internet Access Setup A quick and easy way to setup Internet connection.
11 Remote Node Setup Use this menu to setup the Remote Node for LAN-to-LAN connection,
including Internet connection.
12 Static Routing Setup Use this menu to setup static route for different protocols.
13 Default Dial-in Setup Use this menu to setup default dial-in parameters so that your Prestige
can be used as a dial-in server.
14 Dial-in User Setup Use this menu to setup dial-in users.
15 SUA Server Setup
21 Filter Set Configuration Use this menu to setup filters to provide security, call control, etc.
22 SNMP Configuration Use this menu to setup SNMP related parameters.
Use this menu to specify inside servers when SUA is enabled.
2-6 Hardware Installation and Setup
Prestige 480 ISDN Router
23 System Security Use this menu to setup security related parameters.
24 System Maintenance This menu provides system status, diagnostics, firmware upload, etc.
99 Exit To exit from SMT and return to the blank screen.
2.8 Changing the System Password
The first thing your should do before anything else is to change the default system password by
following the steps below.
Step 1. Enter 23 in the Main Menu to open Menu 23 - System Security as shown next.
Menu 23 - System Security
1. Change Password
2. External Server
Enter Menu Selection Number:
Figure 2-6 Menu 23 - System Security
Step 2. Enter 1 in Menu 23 to open Menu 23.1 - System Security – Change Password.
Hardware Installation and Setup 2-7
Prestige 480 ISDN Router
When the Menu 23.1- System Security-Change Password appears, as shown in the next figure ,
type in your existing default system password, i.e., 1234, and press [Enter].
Menu 23.1 – System Security - Change Password
Old Password= ?
New Password= ?
Retype to confirm= ?
Enter here to CONFIRM or ESC to CANCEL:
Figure 2-7 Menu 23.1 - System Security - Change Password
Step 3. Enter your new system password and press [Enter].
Step 4. Re-type your new system password for confirmation and press [Enter].
Note that as you type a password, the screen displays an (*) for each character you type.
2.9 Resetting the Prestige
If you have forgotten your password or for some reason cannot access the SMT menu you will need to
reinstall the configuration file. Uploading the configuration file replaces the current configuration file
with the default configuration file. This means that you will lose all configurations that you had before
and the speed of the console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1
stop bit (8n1). The password will be reset to the default of 1234, also.
Download the "romfile.zip" file from the Internet, unzip it and save it in a folder. Turn off the
Prestige and begin a Telnet session with the default console port settings.
2-8 Hardware Installation and Setup
Prestige 480 ISDN Router
Turn on the Prestige again. You should see the following screen.
Bootbase Version: V1.10 | 6/11/1999 15:04:51
RAM: Size = 8192 Kbytes
DRAM POST: Testing: 8192k OK
FLASH: intel 8M* 2
ZyNOS Version: V2.40(o.00)b02/ 7/13/1999 15:37:32
Press any key to enter debug mode within 3 seconds.
........................................
Enter Debug Mode
atur3
Starting XMODEM upload (CRC mode). . . .
C . .
Total 16384 bytes received
Erasing . . .
. . . . .
Programming successful...
OK
Figure 2-8 Booting Up the Prestige
When you see the message "Press Any key to enter Debug Mode within 3 seconds", press any key to
enter debug mode. Follow the procedure below to upload the configuration file:
1. Enter “atur3” after the “Enter Debug Mode” message.
2. Wait for the “Starting XMODEM upload” message before activating Xmodem
upload on your terminal.
3. After successful firmware upload, enter “atgo” to restart the Prestige.
The Prestige is now reinitialized with default configuration file including the default password of
1234.
NOTE:
The configuration filename is the router model name with a rom extension, e.g., p480.rom. The ZyNOS
firmware filename is the router model name with a bin extension, e.g., p480.bin. Rename the latter
filename to “ras” when uploading to the Prestige.
Hardware Installation and Setup 2-9
Prestige 480 ISDN Router
2.10 General Setup
Menu 1 - General Setup contains administrative and system-related information.
To enter Menu 1 and fill in the required information, follow these steps:
Step 1. Enter 1 in the Main Menu to open Menu 1 – General Setup.
Step 2. The Menu 1 - General Setup screen appears, as shown next. Fill in the required fields
marked [?] as explained in the following table.
Menu 1 - General Setup
System Name= ?
Location=
Contact Person's Name=
Press ENTER to Confirm or ESC to Cancel:
Figure 2-9 Menu 1 – General Setup
Table 2-4 General Setup Menu Fields
Field Description Example
System Name Choose a descriptive name for identification purposes. This name
can be up to 8 alphanumeric characters long. Spaces are not
allowed, but dashes “-” and underscores "_" are accepted. This
name can be retrieved remotely via SNMP, used for CHAP
authentication, and will be displayed at the prompt in the
Command Mode.
Location
(optional)
Contact Person's
Name (optional)
Enter the geographic location (up to 31 characters) of your
Prestige.
Enter the name (up to 30 characters) of the person in charge of
this Prestige.
2-10 Hardware Installation and Setup
P480
MyHouse
JohnDoe
Prestige 480 ISDN Router
Press Space Bar to Toggle.
2.11 European ISDN Setup Menus
Menu 2 is for you to enter the information about your ISDN lines. Please note that the Prestige
only accepts digits in phone number fields; please do not include ‘-‘ or spaces in these fields.
Menu 2 - ISDN Setup
1. ISDN Line 1 Setup
2. ISDN Line 2 Setup
Enter Menu Selection Number:
Figure 2-10 Menu 2 – ISDN Setup
From Menu 2 select 1 or 2 to display Menu 2.1 - ISDN Basic Setup.
Menu 2.1 - ISDN Basic Setup
ISDN Line= 1
Switch Type: DSS-1
B Channel Usage= Switch/Switch
Incoming Phone Numbers:
ISDN Data =
Edit Advanced Setup = No
Press ENTER to Confirm or ESC to Cancel:
Figure 2-11 Menu 2.1 – ISDN Basic Setup
Hardware Installation and Setup 2-11
Prestige 480 ISDN Router
Table 2-5 Menu 2.1 – ISDN Basic Setup
Field Description.
ISDN Line Refers to ISDN line 1 or line 2 setup that you selected in Menu 2 - ISDN Setup
Switch Type This field is fixed as DSS-1 for European switches.
B Channel Usage
In general, this will be Switch/Switch (the default). If you are only using one B
channel (e.g., your Prestige is sharing the ISDN BRI line with another device),
then select Switch/Unused. If your second B channel is a leased line, select
Switch/Leased. Press the [Space bar] to toggle through all the options. These
options are
Incoming Phone
Switch/Switch
Switch/Leased
Leased/Switch
Determines how incoming calls are routed.
Leased/Unused
Unused/Leased
Leased/Leased
Switch/Unused
Number Matching
ISDN Data Enter the telephone number assigned to ISDN data calls for the Prestige. The
maximum number of digits is 25 for the telephone number.
Edit Advanced Setup Select Yes and press [Enter] to go to the advanced setup submenu. See below.
2.11.1 Advanced Setup
Select Yes in the Advanced Setup field of Menu 2.1 – ISDN Basic Setup to display Menu 2.1.1.
Menu 2.1.1 - ISDN Advanced Setup
ISDN Line= 1
Calling Line Indication= Enable
PABX Outside Line Prefix=
PABX Number (Include S/T Bus Number) for Loopback=
Outgoing Calling Party Number:
ISDN Data =
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 2-12 Menu 2.1.1 - ISDN Advanced Setup
2-12 Hardware Installation and Setup
Prestige 480 ISDN Router
Table 2-6 Menu 2.1.1 - ISDN Advanced Setup
Field Description
Calling Line Indication The Calling Line Indication, or Caller ID, governs whether the other party can
see your number when you call. If set to Enable, the Prestige sends the caller
ID and the party you call can see your number; if it is set to Disable, the caller
ID is blocked.
PABX Outside Line Prefix A PABX (Private Automatic Branch eXchange) generally requires you to dial a
number (a single digit in most cases) when you need an outside line. If your
Prestige is connected to a PABX, enter this number in PABX Outside Line
Prefix, otherwise, leave it blank. Please note that the PABX prefix is for calls
initiated by the Prestige only.
PABX Number (Include
S/T Bus Number)
Outgoing Calling Party
Number
ISDN Data If this field is not blank, the Prestige will use its value as the calling party
The PABX number is used for an outside loopback test when the ISDN PABX
cannot support a local loopback test. If the Prestige is connected to an ISDN
PABX enter this number. Note that this number is used exclusively for
loopback testing; for regular outgoing calls, the Prestige dials the phone
number in the remote node. If this field is blank it indicates either that the
PABX supports local loopback testing or that the Prestige is not connected to a
PABX.
number for "ISDN Data" outgoing calls. Otherwise, the individual entry for
"ISDN Data" in Menu 2.1 will be used as the calling party number. You only
need to fill in this field if your switch or PABX requires a specific calling party
number for outgoing calls; otherwise, leave it blank.
When you are finished, press [Enter] at the message: ‘Press [Enter] to confirm’, the Prestige uses
the information that you entered to initialize the ISDN lines. It should be noted that whenever the
switch type is changed, the ISDN initialization takes slightly longer.
Hardware Installation and Setup 2-13
Prestige 480 ISDN Router
At this point, the Prestige asks if you wish to test your ISDN. If you select Yes, the Prestige will
perform a loop-back test to check the ISDN lines. If the loop-back test fails, please note the error
Setup LoopBack Test...
Dialing to 40000 ...
Sending and Receiving Data ...
Disconnecting...
LoopBack Test OK
### Hit any key to continue. ###
message that you receive and take the appropriate troubleshooting action.
Figure 2-13 Loopback Test
2.12 Ethernet Setup
This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup. From the
Main Menu, enter 3 to open Menu 3.
Menu 3 - Ethernet Setup
1. General Setup
2. TCP/IP and DHCP Setup
Enter Menu Selection Number:
Figure 2-14 Menu 3 - Ethernet Setup
2-14 Hardware Installation and Setup
Prestige 480 ISDN Router
2.12.1 General Ethernet Setup
This menu allows you to specify the filter sets that you wish to apply to the Ethernet traffic. You
seldom need to filter Ethernet traffic, however, the filter sets may be useful to block certain
packets, reduce traffic and prevent security breaches.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters= 2
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 2-15 General Ethernet Setup
If you need to define filters, please read Chapter 9 - Filter Set Configuration, then return to this
menu to define the filter sets.
Hardware Installation and Setup 2-15
Prestige 480 ISDN Router
Press ENTER to Confirm or ESC to Cancel:
Chapter 3
Internet Access
This chapter shows you how to configure the LAN as well as the WAN of
your Prestige for Internet access.
3.1 Factory Ethernet Defaults
The Ethernet parameters of the Prestige are preset in the factory with the following values:
1. IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits).
2. DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If the parameters are satisfactory,
you can skip to section 3.4 TCP/IP Ethernet Setup and DHCP to enter the DNS server
address(es) if your ISP gives you explicit DNS server address(es). If you wish to change the factory
defaults or to learn more about TCP/IP, please read on.
3.2 Route IP Setup
The first step is to enable the IP routing in Menu 1 - General Setup.
Menu 1 - General Setup
System Name= ?
Location=
Contact Person's Name=
Figure 3-1 General Setup
To edit Menu 1, enter 1 in the Main Menu to select General Setup and press [Enter].
Internet Access 3-1
Prestige 480 ISDN Router
3.3 TCP/IP Parameters
3.3.1 IP Address and Subnet Mask
Similar to the houses on a street that share a common street name, the machines on a LAN share
one common network number, also.
Where you obtain your network number depends on your particular situation. If the ISP or your
network administrator assigns you a block of registered IP addresses, follow their instructions in
selecting the IP addresses and the subnet mask.
If the ISP did not explicitly give you an IP network number, then most likely you have a single user
account and the ISP will assign you a dynamic IP address when the connection is established. If
this is the case, it is recommended that you select a network number from 192.168.0.0 to
192.168.255.0 (ignoring the trailing zero) and you must enable the Single User Account feature of
the Prestige. The Internet Assigned Number Authority (IANA) reserved this block of addresses
specifically for private use; please do not use any other number unless you are told otherwise.
Let’s say you select 192.168.1.0 as the network number; which covers 254 individual addresses,
from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first 3 numbers
specify the network number while the last number identifies an individual workstation on that
network.
Once you have decided on the network number, pick an IP address that is easy to remember, e.g.,
192.168.1.1, for your Prestige.
The subnet mask specifies the network number portion of an IP address. Your Prestige will
compute the subnet mask automatically based on the IP address that you entered. You don’t need
to change the subnet mask computed by the Prestige unless you are instructed to do otherwise.
3.3.2 RIP Setup
RIP (Routing Information Protocol) allows a router to exchange routing information with other
routers. The RIP Direction field controls the sending and receiving of RIP packets. When set to
Both, the Prestige will broadcast its routing table periodically and incorporate the RIP information
that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets
received.
The Version field controls the format and the broadcasting method of the RIP packets that the
Prestige sends (it recognizes both formats when receiving). RIP-1 is universally supported; but
3-2 Internet Access
Prestige 480 ISDN Router
RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have a
unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-
2B uses subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on
non-router machines since they generally do not listen to the RIP multicast address and so will not
receive the RIP packets. However, if one router uses multicasting, then all routers on your network
must use multicasting, also.
By default, RIP direction is set to Both and the Version set to RIP-1.
3.3.3 DHCP Configuration
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to
obtain the TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has builtin DHCP Server capability, enabled by default, which means it can assign IP addresses, an IP
default gateway and DNS servers to Windows 95, Windows NT and other systems that support the
DHCP client. Your Prestige can also be configured as a Relay. When configured as a relay, the
Prestige relays the requests and responses between the clients and the real DHCP server.
IP Pool Setup
The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to
192.168.1.64. This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower
range for other server machines, e.g., server for mail, FTP, telnet, web, etc., that you may have.
DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and
vice versa, e.g., the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely
important because without it, a user must know the IP address of a machine before s/he can access
it. The DNS server addresses that you enter in the DHCP setup are passed to the client machines
along with the assigned IP address and subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to
tell a customer the DNS server addresses, usually in the form of an information sheet, when s/he
signs up. If your ISP does give you the DNS server addresses, enter them in the DNS Server fields
in DHCP Setup.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP
Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers,
Internet Access 3-3
Prestige 480 ISDN Router
chances are the DNS servers are conveyed through IPCP negotiation. The Prestige supports the
IPCP DNS server extensions through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in DHCP Setup are not specified, i.e., left as
0.0.0.0, the Prestige tells the DHCP clients that it itself is the DNS server. When a workstation
sends a DNS query to the Prestige, the Prestige forwards the query to the real DNS server learned
through IPCP and relays the response back to the workstation.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It
does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If
your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the DHCP
Setup menu. This way, the Prestige can pass the DNS servers to the workstations and the
workstations can query the DNS server directly without the Prestige’s intervention.
Relay Server Address
When the DHCP is set to Relay, the Prestige will request IP addresses from a real DHCP server
and relay the address to the workstation making the request.
3-4 Internet Access
Prestige 480 ISDN Router
First address
IP addresses
3.4 TCP/IP Ethernet Setup and DHCP
You will now use Menu 3.2 to configure your Prestige for TCP/IP.
To edit Menu 3.2, select the menu option Ethernet Setup in the Main Menu. When Menu 3
appears, select the submenu option TCP/IP and DHCP Setup and press [Enter]. The screen now
displays Menu 3.2 - TCP/IP and DHCP Ethernet Setup, as shown next.
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 32
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP- 1
Enter here to CONFIRM or ESC to CANCEL:
Figure 3-2 Menu 3.2 – TCP/IP and DHCP Ethernet Setup
Follow the instructions in the next table on how to configure the DHCP fields.
in the IP
Pool
Size of the
IP Pool
of the DNS
servers
Internet Access 3-5
Prestige 480 ISDN Router
Table 3-1 DHCP Ethernet Setup Menu Fields
Field Description Example
DHCP This field enables/disables the DHCP server. If it is set to Server,
your Prestige will act as a DHCP server. If set to None, the DHCP
server will be disabled. If set to Relay, the Prestige acts as a
surrogate DHCP server and relays requests and responses
between the remote server and the clients.
When DHCP is used, the following four items need to be set:
Client IP Pool
Starting Address
Size of Client IP
Pool
Primary DNS
Server
Secondary DNS
Server
Remote DHCP
Server
This field specifies the first of the contiguous addresses in the IP
address pool.
This field specifies the size, or count, of the IP address pool. 32
Enter the IP addresses of the DNS servers. The DNS servers are
passed to the DHCP clients along with the IP address and the
subnet mask.
If Relay is selected in the above DHCP= field, then enter the IP
address of the actual, remote DHCP server here.
None
Server (default)
Relay
192.168.1.33
Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port.
Table 3-2 TCP/IP Ethernet Setup Menu Fields
Field Description Example
IP Address Enter the IP address of your Prestige in dotted decimal notation 192.168.1.1
IP Subnet
Mask
RIP Direction Press the space bar to select the RIP direction from
Version Press the space bar to select the RIP version from RIP-1/RIP-
When you have completed this menu, press [Enter] at the prompt [Press ENTER to Confirm…] to save your
configuration, or press [Esc] at any time to cancel.
Your Prestige will automatically calculate the subnet mask based
on the IP address that you assign. Unless you are implementing
subnetting, use the subnet mask computed by the Prestige
Both/None/In Only/Out Only.
2B/RIP-2M.
255.255.255.0
Both (default)
RIP-1 (default)
3-6 Internet Access
Prestige 480 ISDN Router
Enter the
Enter your
3.5 Internet Access Configuration
Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a
simplified setup for one of the remote nodes that you can access in Menu 11. Before you configure
your Prestige for Internet access, you need to collect your Internet account information from your
ISP. Use the table below to record your Internet Account Information.
Table 3-3 Internet Account Information
Internet Account Information
IP Address of the ISP's Gateway (Optional)
Write your account
information here
−
Telephone Number(s) of your ISP
Login Name
Password for ISP authentication
DNS server address(es) for your
workstation
−
−
−
−
From the Main Menu, enter option Internet Access Setup to go to Menu 4 - Internet Access
Setup, as displayed next. The table following the figure contains instructions on how to configure
your Prestige for Internet access.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Pri Phone #= 1234
Sec Phone #=
My Login= ChangeMe
My Password= ********
Single User Account= Yes
IP Addr= 0.0.0.0
Telco Options:
Transfer Type= 64K
Multilink= Off
Idle Timeout= 100
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 3-3 Menu 4 – Internet Access Setup
phone
number of
your ISP
login and
password
Internet Access 3-7
Prestige 480 ISDN Router
Table 3-4 Internet Access Setup Menu Fields
Field Description
ISP’s Name Enter the name of your Internet Service Provider, e.g., myISP. This
information is for identification purposes only.
Pri Phone and Sec Phone
Number
My Login Name Enter the login name given to you by your ISP.
My Password Enter the password associated with the login name above.
Single User Account Please see the following section for a more detailed discussion on the
IP Address If your ISP did not assign you a static IP address, enter [0.0.0.0] here;
Telco options Transfer
Type
Multilink The Prestige uses the PPP Multilane Protocol to bundle multiple links in
Idle Timeout This value specifies the number of idle seconds that elapses before the
Both the Primary and the Secondary Phone number refer to the number
that the Prestige dials to connect to the ISP.
Single User Account feature. The default is Yes.
otherwise, enter that IP address here.
This field specifies the type of connection between the Prestige and this
remote node. Select 64K, or Leased.
a single connection to boost the effective throughput between two nodes.
This option is only available if the transfer type is 64K. See Menu 11.2
for more details.
remote node is automatically disconnected. Idle seconds is the period of
time when no data is transmitted from your Prestige. Administrative
packets such as RIP are not counted as data. The default is 100
seconds. This option only applies when the Prestige initiates the call.
At this point, the SMT will ask if you wish to test the Internet connection. If you select Yes, your
Prestige will call the ISP to test the Internet connection. If the test fails, note the error message that
you receive on the screen and take the appropriate troubleshooting steps.
3-8 Internet Access
Prestige 480 ISDN Router
192.168.1.34
192.168.1.36
Prestige 480
3.6 Single User Account
Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, you
will have to lease a block of legal, or globally unique, IP addresses from the ISP.
The Single User Account (SUA) feature allows you to have the same benefits as having multiple
legal addresses, but only pay for one IP address, thus saving significantly on the subscription fees.
(Check with your ISP before you enable this feature).
192.168.1.33
Same Network
Number
192.168.1.1
192.168.1.35
ISP
The SUA network appears as a
single host to the Internet.
Figure 3-4 Single User Account Topology
INTERNET
The Single User Account feature may also be used on connections to remote networks other than
the ISP. For example, this feature can be used to simplify the allocation of IP addresses when
connecting branch offices to the corporate network.
Internet Access 3-9
Prestige 480 ISDN Router
The IP address for the SUA can be either fixed or dynamically assigned when a call is connected.
In addition, you can designate servers using Menu 15, e.g., a web server and a telnet server, on
your local network and make them accessible to the outside world. For more information on setting
up servers see the section Multiple Servers behind SUA in the chapter Dial-in Server
Configuration.
If you do not define any server, SUA offers the additional benefit of firewall protection. If no
server is defined, all incoming inquiries will be filtered out by your Prestige and thus preventing
intruders from probing your network.
Your Prestige accomplishes this address sharing by translating the internal LAN IP addresses to a
single address that is globally unique on the Internet. For more information on IP address
translation, refer to RFC 1631, The IP Network Address Translator (NAT).
3.6.1 Advantages of SUA
In summary:
l SUA is a cost-effective solution for small offices with less than 64 hosts to access the Internet
or other remote TCP/IP networks.
l SUA supports servers to be accessible to the outside world.
l SUA can provide firewall protection if you do not specify a server. All incoming inquiries
will be filtered out by your Prestige.
l UDP and TCP packets can be routed. In addition, partial ICMP, including echo and trace
route, is supported.
3-10 Internet Access
Prestige 480 ISDN Router
3.6.2 Single User Account Configuration
The steps for configuring your Prestige for Single User Account are identical to the conventional
Internet access with the exception that you need to fill in two extra fields in Menu 4 - Internet
Access Setup, as shown next.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Pri Phone #= 1234
Sec Phone #=
My Login= ChangeMe
My Password= ********
Single User Account= Yes
IP Addr= 0.0.0.0
Telco Options:
Transfer Type= 64K
Multilink= Off
Idle Timeout= 100
Enter here to CONFIRM or ESC to CANCEL:
Figure 3-5 Menu 4 – Internet Access Setup for Single User Account
To enable the SUA feature in Menu 4, move the cursor to the Single User Account field and select
Yes (or No to disable SUA). Then follow the instructions on how to configure the SUA fields.
Table 3-5 Single User Account Menu Fields
Field Description
Single User Account Select Yes to enable SUA.
IP Address If your ISP did not assign you a static IP address, enter [0.0.0.0] here; otherwise,
enter that IP address here.
Press [Enter] at the message [Press ENTER to Confirm ...] to save your configuration, or press [Esc] at any
time to cancel.
Internet Access 3-11
Prestige 480 ISDN Router
At this point, your Prestige will ask if you wish to test the Internet connection. If you select Yes,
the Prestige will call the ISP and test the configuration. If the test fails, note the error messages on
the screen and take the appropriate troubleshooting steps.
3.7 Configuring Backup ISP Accounts
If you have more than one ISP account, you can configure the secondary ISP as a backup. You can
switch to the backup ISP in the event that the primary ISP is out of service. The SUA feature can
be enabled for all these accounts.
3.7.1 Configure a Backup ISP
To configure a backup ISP Account, follow these steps:
Step 1. Configure your primary ISP using Menu 4, as described earlier in this chapter.
Step 2. Enter Menu 11, then select an unused remote node.
Step 3. In Menu 11.1, choose a name for your backup ISP account, then set the Active field to
No, and enter your outgoing login name, password, and phone number(s). The Remote
IP Address field should be set to 1.1.1.1.
Step 4. In Menu 11.3, set the remote node's subnet mask to 0.0.0.0, and set RIP to None.
Step 5. Save the new configuration.
Please note that the remote IP address of 1.1.1.1 is only a placeholder to avoid conflicting with
that of the primary ISP, which is implicitly set at 0.0.0.0. When the backup ISP is activated, the
remote IP address of 1.1.1.1 combined with the subnet mask of 0.0.0.0 creates a default route that
is equivalent to the one derived form the primary ISP.
3.7.2 To Switch ISP
Follow these steps when you need to switch from your primary ISP to a backup ISP:
Step 1. Enter Menu 11 and select your Primary ISP.
Step 2. In Menu 11.1, set the Active field to No.
Step 3. Enter Menu 11 again and select your Backup ISP.
Step 4. In Menu 11.1, set the Active field to Yes.
You will now be able to access the Internet through the backup ISP Remote Node.
3-12 Internet Access
Prestige 480 ISDN Router
Chapter 4
Remote Node Configuration
This chapter covers the parameters that are protocol independent. The
protocol-dependent configuration (TCP/IP) is covered in the next chapter.
A remote node is required for placing calls to a remote gateway. A remote node represents both
the remote gateway and the network behind it across a WAN connection. Note that when you use
Menu 4 to set up Internet access, you are actually configuring one of the remote nodes. Once a
remote node is configured correctly, traffic to the remote network will trigger your Prestige to
make a call automatically, i.e., Dial On Demand.
4.1 Remote Node Setup
This section describes the protocol-independent parameters for a remote node.
4.1.1 Remote Node Profile
To configure a remote node, follow these steps:
Step 1. From the Main Menu, select menu option 11 to open Menu 11 - Remote Node
Setup.
Step 2. When Menu 11 appears, as shown next, enter the number of the remote node that you
wish to configure.
Remote Node Configuration 4-1
Prestige 480 ISDN Router
Menu 11 - Remote Node Setup
1. ChangeMe (ISP, SUA)
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
9. ________
10. ________
11. ________
12. ________
Enter Node # to Edit:
Figure 4-1 Menu 11 – Remote Node Setup
When Menu 11.1. - Remote Node Profile appears, fill in the fields as described in the table below
to define this remote profile. The Remote Node Profile Menu Fields table shows how to configure
the Remote Node Menu.
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe
Active= Yes
Call Direction= Outgoing
Incoming:
Rem Login= N/A
Rem Password= N/A
Rem CLID= N/A
Call Back=N/A
Outgoing:
My Login= ChangeMe
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 1234
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 0.0.0.0
Edit IP = No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)= 0
Period(hr)= 0
Carrier Access Code=
Nailed-Up Connection= No
Toll Period (sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
Figure 4-2 Menu 11.1 Remote Node Profile
4-2 Remote Node Configuration
Prestige 480 ISDN Router
Table 4-1 Remote Node Profile Menu Fields
Field Description Options
Rem Node Name This is a required field [?]. Enter a descriptive name for the
remote node, for example, Corp.
This field can be up to eight characters. This name must be
unique from any other remote node name or remote dial-in user
name.
Active Press the space bar to toggle between Yes and No. Inactive
nodes are displayed with a minus sign (-) at the beginning of the
name in Menu 11.
Call Direction
If this parameter is set to Both, your Prestige can both
place and receive calls to/from this remote node.
Press space
bar to toggle
Yes/No
Both
If set to Incoming, your Prestige will not place a call to this
remote node.
If set to Outgoing, your Prestige will drop any incoming
calls from this remote node.
Several other fields in this menu depend on this parameter. For
example, in order to enable Callback, the Call Direction must
be Both.
Incoming: Rem
Node
Login
Name
Incoming: Rem
Node
Password
Incoming: Rem
CLID
Incoming: Callback This field is applicable only if Call Direction is Both. Otherwise,
Enter the login name that this remote node will use when it calls
your Prestige.
The login name in this field combined with the Rem Node
Password will be used to authenticate this node.
Enter the password used when this remote node calls your
Prestige.
This field is applicable only if Call Direction is either Both or
Incoming. Otherwise, a N/A appears in the field.
This is the Calling Line ID (the telephone number of the calling
party) of this remote node.
If you enable the CLID Authen field in Menu 13 – Default Dial In,
your Prestige will check the CLID in the incoming call against the
CLIDs in the database. If no match is found and CLID Authen is
Required, the call will be dropped.
a N/A appears in the field.
This field determines whether or not your Prestige will call back
after receiving a call from this remote node.
If this option is enabled, your Prestige will disconnect the initial
Incoming
Outgoing
Enable
Disable
Remote Node Configuration 4-3
Prestige 480 ISDN Router
Outgoing: My Login
Name
Outgoing: My
Password
Outgoing: Authen
call from this node and call it back at the Outgoing Primary
Phone Number (see below).
This is a required field [?] if Call Direction is either Both or
Outgoing. Enter the login name for your Prestige when it calls
this remote node.
This is a required field [?] if Call Direction is either Both or
Outgoing. Enter the password for your Prestige when it calls this
remote node.
This field sets the authentication protocol used for outgoing calls.
Options for this field are:
CHAP/PAP - Your Prestige will accept either CHAP or PAP
when requested by this remote node.
CHAP - accept CHAP only. CHAP
PAP - accept PAP only.
CHAP/ PAP
PAP
Outgoing: Pri(mary)
Sec(onda
ry) Phone
Numbers
Edit PPP Options To edit the PPP options for this remote node, move the cursor to
Rem IP Addr Enter the IP address of the remote gateway.
Telco Options:
Allocated Budget (min)
Period (hr) This field sets the time interval to reset the above outgoing call
Transfer Type This field specifies the type of connection between the Prestige
Your Prestige always calls this remote node using the Primary
Phone number first for a dial-up line.
If the Primary Phone number is busy or does not answer, your
Prestige will dial the Secondary Phone number if available.
Some areas require dialing the pound sign # before the phone
number for local calls. A # symbol may be included at the
beginning of the phone numbers as required.
this field, use the space bar to select Yes and press [Enter]. This
will bring you to Menu 11.2 - Remote Node PPP Options. For
more information on configuring PPP options, see the section
Editing PPP Options.
This field sets a ceiling for outgoing call time for this remote
node. The default for this field is 0 for no budget control.
budget control.
and this remote node. When set to Leased, the Allocated
Budget and Period do not apply.
Press space
bar to toggle
Yes then
press
[Enter]
Default = 0
64k/
Leased
4-4 Remote Node Configuration
Prestige 480 ISDN Router
Carrier Access Code This field allows you to select a specific carrier to take advantage
of discount telephone rates. Enter the carriers access code.
Nailed-up Connection This field specifies if you want to make the connection to this
remote node a nailed-up connection. See below for more details.
Session Option:
Edit Filter Sets
Session Option:
Idle Timeout (sec)
Once you have completed filling in Menu 11.1.1 – Remote Node Profile, press [Enter] at the message
[Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.
Use the space bar to toggle this field to Yes and press [Enter] to
open Menu 11.5 to edit the filter sets. See the Remote Node
Filter section for more details.
This value specifies the number of idle seconds that elapses
before the remote node is automatically disconnected. Idle
seconds is the period of time when no data is transmitted from
your Prestige. Administrative packets such as RIP are not
counted as data. This option only applies when the Prestige
initiates the call.
Yes/No
Default=
Blank
Default=
100 secs for
the first
remote
node and
300 secs for
the others.
4.1.2 Nailed-up Connection
A nailed-up connection is a dial-up line where the connection is always up regardless of traffic
demand. The Prestige does two things when you specify a nailed-up connection. The first is that
idle timeout is disabled. The second is that the Prestige will try to bring up the connection at
power-on and whenever the connection is down.
A nailed-up connection can be very expensive for obvious reasons. Please do not specify a nailedup connection unless your telephone company offers flat-rate service or you need a constant
connection and the cost is of no concern.
4.1.3 Outgoing Authentication Protocol
Generally speaking, you should employ the strongest authentication protocol possible, for obvious
reasons. However, some vendor’s implementation includes specific authentication protocol in the
user profile. It will disconnect if the negotiated protocol is different from that in the user profile,
even when the negotiated protocol is stronger than specified. If you encounter the case where the
peer disconnects right after a successful authentication, please make sure that you specify the
correct authentication protocol when connecting to such an implementation.
Remote Node Configuration 4-5
Prestige 480 ISDN Router
4.1.4 PPP Multilink
The Prestige uses the PPP Multilink Protocol (PPP/MP) to bundle multiple links in a single
connection to boost the effective throughput between two nodes. The bundle works best when the
member links are of the same type of call and at approximately the same speed.
Due to the fragmentation/reconstruction overhead associated with MP, you may not get a linear
increase in throughput when a link is added.
The number of links in an MP bundle can be statically configured, or dynamically determined at
runtime, as explained in the following section.
4.1.5 Bandwidth on Demand
The Bandwidth on Demand (BOD) feature adds or subtracts links dynamically according to traffic
demand. After the initial call, the Prestige uses BAP (Bandwidth Allocation Protocol) to ask the
peer for an additional telephone number if BACP (Bandwidth Allocation Control Protocol) is
negotiated. Otherwise, the Prestige uses the statically configured (primary and secondary)
telephone numbers of the remote node.
The configuration of bandwidth on demand focuses on the Base Transmission Rate (BTR) and the
Maximum Transmission Rate (MTR). The relationship between BTR and MTR are shown next:
4-6 Remote Node Configuration
Prestige 480 ISDN Router
Table 4-2 BTR v MTR for BOD
BTR & MTR Setting No. of channel(s) used Max No. of channel(s) used Bandwidth
on demand
BTR = 64, MTR = 64 1 1 Off
BTR = 64, MTR = 128 1 2 On
BTR = 128, MTR = 128 2 2 Off
BTR = 256, MTR = 256 4 4 On
The Min. Channels and Max. Channels allows you to force the Prestige to use a minimum and
maximum number of channels.
When bandwidth on demand is enabled, a second channel will be brought up if traffic on the initial
channel is higher than the high Target Utility for second channel number for longer than the
specified Add Persist value. Similarly, the second channel will be dropped if the traffic level falls
below the low Target Utility number for longer than the Subtract Persist value.
When the Max. Channels is set to 3 or 4 and the threshold set in the Target Utility is reached for
the second channel a third and fourth channel is opened. The Bandwidth increment for
Additional Channels specifies the line utilization range at which you want the Prestige to add or
subtract the third and fourth channel.
The Target Utility specifies the line utilization range at which you want the Prestige to add or
subtract bandwidth. The range is 30 to 64 kbps (kilobits per second). The parameters are separated
by a ‘-’. For example, ‘30-60’ means the add threshold is 30 kbps and subtract threshold is 60 kbps.
The Prestige performs bandwidth on demand only if it initiates the call. Addition and subtraction
are based on the values set in the BOD Calculation field. If this field is set to Transmit or
Receive, then traffic in either direction will be included to determine if a link should be added or
dropped. Transmit will only use outgoing traffic to make this determination and Receive will
only use incoming traffic to make this determination.
After making the call to bring up a second channel, if the second channel does not succeed in
joining the Multilink Protocol bundle (because the remote device does not recognize the second
call as coming from the same device), the Prestige will hang up the second call and continue with
the first channel alone.
You can do the BOD configuration using Menu 11.2 - Remote Node PPP Options.
Remote Node Configuration 4-7
Prestige 480 ISDN Router
4.1.6 Editing PPP Options
To edit the remote node PPP Options, move the cursor to the Edit PPP Options field in Menu
11.1 - Remote Node Profile, and use the space bar to select Yes. Press [Enter] to open Menu
11.2, as shown next.
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP
Compression= No
BACP= Enable
Multiple Link Options:
BOD Calculation= Transmit or Receive
Min. Channels= 1
Max. Channels= 1
Target Utility for 2nd Channel(Kbps)= 32-48
Bandwidth increment for Additional Channels(Kbps)= 64
Add Persist(sec)= 5
Subtract Persist(sec)= 5
Press Space Bar to Toggle.
Figure 4-3 Menu 11.2 - Remote Node PPP Options
Press ENTER to CONFIRM or ESC to CANCEL:
The following table describes the Remote Node PPP Options Menu, and contains instructions on
how to configure the PPP options fields.
4-8 Remote Node Configuration
Prestige 480 ISDN Router
Table 4-3 Remote Node PPP Options Menu Fields
Field Description Option
Standard PPPEncapsulation Select the CISCO PPP only when this remote node
is a Cisco machine; otherwise, select the Standard
PPP.
CISCO PPP
Compression You can turn on or off Stac Compression. The
default for this field is Yes.
BACP Allows you to enable or disable the Bandwidth
Allocation Control Protocol (BACP).
The default for this field is Enable.
Multiple Link
Options:
BOD
Calculation
Min. Channel Allows you to set the minimum number of channels
Max.
Channels
Target Utility
(kbps)
Bandwidth
Increment
Add Persist This parameter specifies the number of seconds
Subtract
Persist
Select the direction of the traffic you wish to use in
determining when to add or subtract a link. The
default for this field is Transmit or Receive.
the Prestige uses.
Allows you to set the maximum number of channels
the Prestige uses.
Enter the two thresholds separated by a [-] for
subtracting and adding the second port.
Allows you set bandwidth increment for the
additional channels, once the threshold is reached
additional channels are opened if the Min. Channels
is greater than one.
where traffic is above the adding threshold before
the Prestige will bring up an additional link.
This parameter specifies the number of seconds
where traffic is below the subtraction threshold
before your Prestige drops a link.
Yes/No
(Default = Yes)
Enable/Disable
Default = Enable
Default = Transmit
or Receive
1~4
1~4
Default=32-48
Default = 64 Kbps
0-64
Default = 5 sec
Default = 5 sec
Once you have completed filling in Menu 11.2 - Remote Node PPP Options, press [Enter] at
the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to
cancel.
Remote Node Configuration 4-9
Prestige 480 ISDN Router
4.1.7 Remote Node Filter
Move the cursor to the field Edit Filter Sets in Menu 11.1, then press the space bar to toggle and
set the value to YES. Press [ENTER] to open Menu 11.5 – Remote Node Filter.
Use Menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between
this remote node and the Prestige and to prevent certain packets from triggering calls. You can
specify up to 4 filter sets separated by a comma, e.g., 1, 5, 9, 12, in each filter field. The default is
no filters.
Note that spaces are accepted in this field. For more information on defining the filters, see
Chapter 9. The Prestige comes with a prepackaged filter set, NetBIOS_WAN, that blocks
NetBIOS packets. You can include this in the call filter sets if you wish to prevent NetBIOS
packets from triggering calls to a remote node.
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Call Filter Sets:
protocol filters= 1
device filters=
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-4 Menu 11.5 – Remote Node Filter
4-10 Remote Node Configuration
Prestige 480 ISDN Router
Chapter 5
Remote Node TCP/IP Configuration
This chapter shows you an example of LAN-to-LAN application and
explains how to configure the TCP/IP parameters of a remote node.
5.1 LAN-to-LAN Application
A typical LAN-to-LAN application is to use your Prestige to connect a branch office (remote LAN)
to the headquarters (office LAN), as depicted in the following diagram.
Figure 5-1 TCP/IP LAN-to-LAN Application
Remote Node TCP/IP Configuration 5-1
Prestige 480 ISDN Router
IP address
IP address
LAN 1
For the branch office, you need to configure a remote node in order to dial out to the headquarters.
Additionally, you may also need to define static routes if some services reside beyond the
immediate remote LAN.
LAN 1 Setup
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN_2
Active= Yes
Call Direction= Both
Incoming:
Rem Login= lan2
Rem Password= *******
Rem CLID=
Call Back= No
Outgoing:
My Login= lan1
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 1234
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 192.168.2.1
Edit IP= No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)=
Period(hr)=
Carrier Acess Code=
Nailed-Up Connection= No
Toll Period(sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
Figure 5-2 LAN 1 Setup
of the
Prestige on
LAN 2
LAN 2 Setup
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN_1
Active= Yes
Call Direction= Both
Incoming:
Rem Login= lan1
Rem Password= *******
Rem CLID=
Call Back= No
Outgoing:
My Login= lan2
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 1234
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 192.168.1.1
Edit IP= No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)=
Period(hr)=
Carrier Acess Code=
Nailed-Up Connection= No
Toll Period(sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
of the
Prestige on
Figure 5-3 LAN 2 Setup
5-2 Remote Node TCP/IP Configuration
Prestige 480 ISDN Router
5.2 Remote Node Setup
Follow the procedure in Chapter 4 - Remote Node Configuration to configure the protocolindependent parameters in Menu 11 - Remote Node Profile. For the TCP/IP parameters, follow the
instructions below. If you are configuring your Prestige to receive incoming calls, you also need to
set the default dial-in parameters in Menu 13.
Follow the steps below to edit Menu 11.3 - Remote Node Network Layer Options shown next.
Move the cursor to the Edit IP field in Menu 11.1, then press the space bar to toggle and set the
value to Yes. Press [Enter] to open Menu 11.3 - Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
Single User Account= No
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-2B
Enter here to CONFIRM or ESC to CANCEL:
Figure 5-4 Menu 11.3- Remote Node TCP/IP Options
Remote Node TCP/IP Configuration 5-3
Prestige 480 ISDN Router
192.168.2.0
192.168.3.2
192.168.3.1
ISDN
The following diagram explains the Sample IP Addresses to help you to understand the field of My
Wan Addr in Menu 11.3.
Remote Network
Local Network
192.168.1.0
Prestige 480
Prestige 480
Figure 5-5 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection
To configure the TCP/IP parameters of a remote node, first configure the two fields in Menu 11-1
Remote Node Profile, as shown in the table below. For more details on the IP Option fields, refer to
Chapter 3 – Internet Access Application.
Table 5-1 TCP/IP related fields in Remote Node Profile
Field Description Option
Rem IP
Address
Edit IP Press the space bar to select Yes and press [Enter] to go to Menu
Enter the IP address of the remote gateway in Remote Node Profile.
11.3 - Remote Node Network Layer Options Menu.
Yes
(Yes/No)
The next table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer
Options.
5-4 Remote Node TCP/IP Configuration
Prestige 480 ISDN Router
Table 5-2 TCP/IP Remote Node Configuration
Rem IP
Address
Rem IP
Subnet
Mask
My WAN
Addr
Single
User
Account
Metric The metric represents the “cost” of transmission for routing purposes. IP
Private This parameter determines if the Prestige will include the route to this
RIP Press the space bar to select the RIP direction from Both/ None/In
Version= Press the space bar to select the RIP version from RIP-1/RIP-2B/RIP-2M. RIP-1 (default)
Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to Menu 11.
Press [Enter] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at
any time to cancel.
This will show the IP address you entered for this remote node in the
previous menu.
Enter the subnet mask for the remote network.
Some implementations, especially the UNIX derivatives, require the ISDN
link to have a separate IP network number from the LAN and each end
must have a unique address within the WAN network number. If this is the
case, enter the IP address assigned to the ISDN port of your Prestige.
Note that this is the address assigned to your local Prestige, not the
remote router.
Set this field to Yes to enable the Single User Account feature for your
Prestige. Use the space bar to toggle between Yes and No. See Chapter
3 - Internet Access Application for more information on the Single User
Account feature.
routing uses hop count as the measurement of cost, with a minimum of 1
for directly connected networks. Enter a number that approximates the
cost for this link. The number need not be precise, but it must be between
1 and 15. In practice, 2 or 3 is usually a good number.
remote node in its RIP broadcasts. If set to Yes, this route is kept private
and not included in RIP broadcast. If No, the route to this remote node will
be propagated to other hosts through RIP broadcasts.
Only/Out Only.
Yes/No
1 to 15
Yes/No
(Default=Both)
Remote Node TCP/IP Configuration 5-5
Prestige 480 ISDN Router
N1
N2
N3
Router 2
Prestige 480
5.2.1 Static Route Setup
Static routes tell the Prestige routing information that it cannot learn automatically through other
means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond
the one that is directly connected to a remote node.
Router 1
Figure 5-6 Example of Static Routing Topology
Each remote node specifies only the network to which the gateway is directly connected, and the
Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network
N2 in the following diagram through remote node Router 1. However, the Prestige is unable to
route a packet to network N3 because it doesn’t know that there is a route through remote node
Router 1 (via gateway Router 2). Static routes are for you to tell the Prestige about networks
beyond the remote nodes.
5-6 Remote Node TCP/IP Configuration
Prestige 480 ISDN Router
Enter selection number:
To configure an IP static route, use Menu 12 -IP Static Route Setup, as displayed next.
Menu 12 - IP Static Route Setup
1. ________
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
Figure 5-7 Menu 12.1 – IP Static Route Setup
Menu 12.1 - Edit IP Static Route
Route #: 1
Route Name= ?
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to Confirm or ESC to Cancel:
Figure 5-8 Edit IP Static Route Setup
Remote Node TCP/IP Configuration 5-7
Prestige 480 ISDN Router
The following table describes the fields for Menu 12.1 – Edit IP Static Route Setup.
Table 5-3 Edit IP Static Route Menu Fields
Field Description
Route Name Enter a descriptive name for this route. This is for identification purposes only.
Active This field allows you to activate/deactivate this static route.
Destination IP
Address
IP Subnet
Mask
Gateway IP
Address
Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses
Private This parameter determines if the Prestige will include the route to this remote node in its
This parameter specifies the IP network address of the final destination. Routing is
always based on network number. If you need to specify a route to a single host, use a
subnet mask of 255.255.255.255 in the subnet mask field to force the network number to
be identical to the host ID.
Enter the subnet mask for this destination. Follow the discussion on IP subnet mask in
this chapter.
Enter the IP address of the gateway. The gateway is an immediate neighbor of your
Prestige that will forward the packet to the destination. On the LAN, the gateway must be
a router on the same segment as your Prestige; over WAN, the gateway must be the IP
address of one of the remote nodes.
hop count as the measurement of cost, with a minimum of 1 for directly connected
networks. Enter a number that approximates the cost for this link. The number need not
be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good
number.
RIP broadcasts. If set to Yes, this route is kept private and not included in RIP
broadcast. If No, the route to this remote node will be propagated to other hosts through
RIP broadcasts.
5-8 Remote Node TCP/IP Configuration
Prestige 480 ISDN Router
Chapter 6
Dial-in Server Configuration
This chapter shows you how to configure your Prestige to receive calls
from remote dial-in users, e.g., telecommuters, as well as remote nodes.
There are several differences between dial-in users and remote nodes, as summarized in the table.
Table 6-1 Remote Dial-in Users/Remote Nodes Comparison Chart
Remote Dial-in Users Remote Nodes
Your Prestige will only answer calls from remote
dial-in users; it will not make calls to them.
All remote dial-in users share one common set of
parameters, as defined in the Default Dial In
Setup (Menu 13).
This chapter discusses how to setup default dial-in parameters for both remote node and remote
dial-in users. The following sections give two examples of how your Prestige can be configured as
a dial-in server.
Your Prestige can make calls to and receive calls
from the remote node.
Each remote node can have its own set of
parameters such as Bandwidth On Demand,
Protocol, Security, etc.
Due to memory constraints, your Prestige can only store a finite number of users locally. If there
are more remote dial-in users than what Prestige can support locally, you can use an external
RADIUS server to provide authentication service. For details on using a RADIUS server, see the
Using RADIUS Authentication section in Chapter 12 - System Security.
Dial-In Server Configuration 6-1
Prestige 480 ISDN Router
6.1 Remote Access Server
Telecommuting enables people to work at remote sites and yet still have access to the resources in
the business office. Typically, a telecommuter will use a client workstation with TCP/IP and dialout capabilities, e.g., a Windows PC or a Macintosh. For telecommuters to call in to your Prestige,
you need to configure a dial-in user profile for each telecommuter. Additionally, you need to
configure the Default Dial-In Setup to set the operational parameters for all dial-in users.
An example of remote access server for telecommuters is shown next.
Figure 6-1 Example of Remote Access Server Application
6-2 Dial-In Server Configuration
Prestige 480 ISDN Router
Local Network
Remote Network
Prestige 480
Prestige 480
LAN-to-LAN
6.2 LAN-to-LAN Server Application
Your Prestige can also be used as a dial-in server for LAN-to-LAN application to provide access
for the workstations on a remote network. For your Prestige to be set up as a LAN-to-LAN server,
you need to configure the Default Dial-In Setup to set the operational parameters for incoming
calls. Additionally, you must create a remote node for the router on the remote network (see
Chapter 5 - Remote Node Configuration).
An example of your Prestige being used as a LAN-to-LAN server is shown next.
Server
ISDN
Dial-In Server Configuration 6-3
Figure 6-2 Example of a LAN-to-LAN Server Application
Prestige 480 ISDN Router
6.3 Default Dial-in Setup
This section covers the default dial-in parameters. The parameters in Menu 13 affect incoming calls
from both remote dial-in users, and remote nodes until authentication is completed. Once
authentication is completed and if it matches a remote node, your Prestige will use parameters from
that particular remote node.
Menu 13 - Default Dial-in Setup
Telco Options:
CLID Authen= None
PPP Options:
Recv Authen= CHAP/PAP
Compression= Yes
Mutual Authen= No
O/G Login= 3
O/G Password= ****
Multiple Link Options:
Max Trans Rate= 256
Callback Budget Management:
Allocated Budget(min)=
Period(hr)=
Press Space Bar to Toggle.
Press ENTER to CONFIRM or ESC to CANCEL:
IP Address Supplied By:
Dial-in User= Yes
IP Pool= No
IP Start Addr= 192.168.129.1
IP Count(1,4)= 2
Session Options:
Edit Filter Sets= No
Figure 6-3 Menu 13 – Default Dial-in Setup
From the Main Menu, enter 13 to go to Menu 13 – Default Dial-in Setup. This section describes
how to configure the protocol-independent fields in this menu. For the protocol-dependent fields,
refer to the appropriate chapters.
The table below describes and contains information on how to configure each parameter in Menu
13 – Default Dial-in Setup.
Table 6-2 Default Dial-in Setup Fields
Field Description Option
Telco Options:
CLID Authen
6-4 Dial-In Server Configuration
This field sets the CLID authentication parameter for all incoming calls.
There are three options for this field:
l None - No CLID is required.
l Required – CLID must be available, or the Prestige will not
None
Required
Prestige 480 ISDN Router
answer the call.
l Preferred - If the CLID is available then CLID will be used;
otherwise, authentication is performed in PPP negotiation.
PPP Options:
Recv. Authen This field sets the authentication protocol for incoming calls. For
security reason, setting authentication to none is strongly discouraged.
Options for this field are:
l CHAP/PAP - Your Prestige will try CHAP first, but PAP will be
used if CHAP is not available.
l CHAP – Use CHAP only.
l PAP – Use PAP only.
l None – Your Prestige tries to acquire CHAP/PAP first, but no
authentication is required if CHAP/PAP is not available.
Compression You can turn on or off Stac Compression. The default for this field is
Yes.
Mutual Authen Some vendors, e.g., Cisco, require mutual authentication, i.e., the
node that initiates the call will request a user name and password from
the far end that it is dialing to. If the remote node requires mutual
authentication, set this field to Yes.
O/G Login Enter in the login name to be used to respond to the peer’s
authentication request.
O/G Password Enter in the outgoing password to be used to respond to the peer’s
authentication request.
Preferred
CHAP/PAP
CHAP
PAP
None
Yes/No
Yes/No
Multiple Link
Options:
Max Trans Rate Enter the maximum data transfer rate between your Prestige and the
remote dial-in user. 64 - At most, one B channel is used. 128 - A
maximum of two channels can be used.. When the Prestige calls back
to the remote dial-in user, the maximum data transfer rate is always
64.
Callback Budget
Management:
Allocated Budget
(min)
This field sets the budget callback time for all the remote dial-in users.
The default for this field is 0 for no budget control.
64
128
192
256
Default = 0
Dial-In Server Configuration 6-5
Prestige 480 ISDN Router
Period (hr) This field sets the time interval to reset the above callback budget
control.
IP Address
Supplied By:
Dial-in User If set to Yes, the Prestige will allow a remote host to specify its own IP
address.
If set to No, the remote host must use the IP address assigned by your
Prestige from the IP pool, configured below. This is to prevent the
remote host from using an invalid IP address and potentially disrupting
the whole network.
(Default =
Yes)
Yes/No
IP Pool This field tells your Prestige to provide the remote host with an IP
address from the pool. This field is required if IP Address Supplied
By: Dial-in User is set to No. You can configure this field even if Dialin User is set to Yes, in which case your Prestige will accept the IP
address if the remote peer specifies one; otherwise, an IP address is
assigned from the pool.
IP Pool: IP Start
Addr
IP Count (1,4) In this field, enter the number (1 or 4,) of addresses in the IP Pool. For
Session Options:
Edit Filter
Sets
Once you have completed filling in Menu 13 - Default Dial-in Setup, press [Enter] at the message [Press
ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.
This field is applicable only if you selected Yes in the Dial-In IP
Address Supplied By: IP Pool field.
The IP pool contains contiguous IP addresses and this field specifies
the first one in the pool.
example, if the starting address is 192.168.135.5 and the count is 4,
then the pool will have 192.68.135.5 and 192.68.135.8
Press Yes, then [Enter] to edit the filter sets. Keep in mind that the
filter set(s) will only apply to remote dial-in users but not the remote
nodes.
Note that spaces and [-] symbol, are accepted in this field. For more
information on customizing your filter sets, see Chapter 9 - Filter
Configuration. The default is blank, i.e., no filters.
Yes/No
(Default =
No)
1, 4
6-6 Dial-In Server Configuration
Prestige 480 ISDN Router
6.3.1 Default Dial-in Filter
Move cursor to the field Edit Filter Sets in Menu 13, press space bar to toggle and set the value to
Yes and then press [Enter] to open Menu 13.1 – Default Dial-in Filter.
Use this menu to specify the filter set(s) to apply to the incoming and outgoing traffic between all
dial-in users and your Prestige. Note that the filter set(s) only applies to the dial-in users but not
the remote nodes. You can specify up to 4 filter sets separated by comma, e.g., 1, 5, 9, 12, in each
filter field. The default is no filters.
Spaces are accepted in this field. For more information on defining the filters, see Chapter 9.
Menu 13.1 - Default Dial-in Filter
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Figure 6-4 Default Dial-in Filter
6.4 Dial-In Users Setup
The following steps describe the setup procedure for setting up a remote dial-in application.
Step 1. From the Main Menu, enter option 14 to go to Menu 14 - Dial-in User Setup, as shown
in the next figure.
Menu 14 - Dial-in User Setup
1. ---------
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
Enter Menu Selection Number:
Figure 6-5 Menu 14 - Dial-in User Setup
Dial-In Server Configuration 6-7
Prestige 480 ISDN Router
Step 2. Select one of the users by number, this will bring you to Menu 14.1 - Edit Dial-in User,
as shown next.
Menu 14.1 - Edit Dial-in User
User Name= ?
Active= Yes
Password= ?
Callback= No
Phone # Supplied by Caller= N/A
Callback Phone #= N/A
Rem CLID=
Idle Timeout= 300
Press ENTER to Confirm or ESC to Cancel:
Figure 6-6 Edit Dial-in User
6-8 Dial-In Server Configuration
Prestige 480 ISDN Router
The following table provides instructions on how to fill in the Edit Dial-In User fields.
Table 6-3 Edit Dial-in User Menu Fields
Field Description Option
User
Name
Active You can disallow dial-in access to this user by setting this field to No.
Password Enter the password for the remote dial-in user.
This is a required field. This will be used as the login name for
authentication. Choose a descriptive word for login, for example,
[JohnDoe].
Yes/No
Inactive users are displayed with a [-] (minus sign) at the beginning of
the name in Menu 14.
Callback This field determines if your Prestige will allow call back to this user
upon dial-in. If this option is enabled, your Prestige will call back to the
user if requested. In such a case, your Prestige will disconnect the initial
call from this user and dial back to the specified callback number (see
below).
l No - The default is no callback.
l Optional - The user can choose to disable callback.
l Mandatory - The user can not disable callback.
Phone #
Supplied
by Caller
Callback
Phone #
Rem CLID If you enable CLID Authen field in Menu 13, then you need to specify the
This option allows the user to specify the call back telephone number on
a call-by-call basis. This is useful when your Prestige returns a call back
to a mobile user at different numbers, e.g., a sales rep. in a hotel.
l If the setting is Yes, the user can specify and send to the Prestige
the callback number of his/her choice.
l The default is No, i.e., your Prestige always calls back to the fixed
callback number.
If Phone # Supplied by Caller is No, then this is a required field.
Otherwise, a N/A will appear in the field. Enter the telephone number to
which your Prestige will call back.
telephone number from which this user calls. Your Prestige will check
the CLID in the incoming call against the CLIDs in the database. If they
do not match and CLID Authen is Required, your Prestige will not
answer the call.
Default=No
No
Optional
Mandatory
Default=No
Yes
No
Dial-In Server Configuration 6-9
Prestige 480 ISDN Router
Idle Timeout
Once you have completed filling in Menu 14.1 - Edit Dial-in User, press [Enter] at the message
[Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.
Enter the idle time (in seconds). This time-out determines how long the
dial-in user can be idle before your Prestige disconnects the call when
the Prestige is calling back.
Idle time is defined as the period of time where there is no data traffic
between the dial-in user and your Prestige. The default is 300 seconds
(5 minutes).
Default=300
seconds
6.4.1 Remote Access under Windows
Figure 6-7 Remote Access Example
6-10 Dial-In Server Configuration
Prestige 480 ISDN Router
This must be
IP Pool for
Configuring your Prestige
Menu 13 - Default Dial-in Setup
Telco Options:
CLID Authen= None
PPP Options:
Recv Authen= PAP
Compression= Yes
Mutual Authen= No
PAP Login= N/A
PAP Password= N/A
Multiple Link Options:
Max Trans Rate= 256
Callback Budget Management:
Allocated Budget(min)=
Period(hr)=
Press Space Bar to Toggle.
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-8 Configuring Menu 13 for Remote Access
IP Address Supplied By:
Dial-in User= Yes
IP Pool= Yes
IP Start Addr= 192.168.250.250
IP Count(1,4)= 2
Session Options:
Edit Filter Sets= No
RAS Clients
PAP for
Windows
Note: The caller always controls Idle Timeout, so the Idle Timeout field does not apply when there
is callback.
Dial-In Server Configuration 6-11
Menu 14.1 - Edit Dial-in User
Active= Yes
Password= --- Callback= No
Phone # Supplied by Caller= N/A
Callback Phone #= N/A
Rem CLID=
Idle Timeout= 300
Press ENTER to Confirm or ESC to Cancel:
User Name= ----
Figure 6-9 Edit Dial-in-User for RAS
The User
name and
Password
must be the
same as in
Dial-Up
Networking in
Windows.
Prestige 480 ISDN Router
Set Call Direction
6.4.2 CLID Authentication
CLID (Calling Line IDentification) authentication affords you the security of limiting a user to
only initiate connections from a fixed location. The Prestige uses the caller ID sent by the switch to
match against the CLIDs in the database. Please note that for CLID authentication to work on the
Prestige, your telephone company must support caller ID.
6.4.3 Callback
Callback serves two purposes. One is security. When set to callback to a fixed number, an intruder
will not gain access to your network even if he/she stole the password from your user, because the
Prestige always calls back to the pre-configured number.
The other is ease of accounting. For instance, your company pays for the connection charges for
telecommuting employees and you use your Prestige as the dial in server. When you turn on the
callback option for the dial-in users, all usage is charged to the company instead of the employees,
and your accounting department can avoid the hassles of accountability and reimbursement.
Configuring the Prestige for Callback
In this scenario, LAN 1 first calls LAN 2, then LAN 2 calls back to LAN 1. These are the
respective SMT menus.
LAN 1
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN_2
Active= Yes
Call Direction= Both
Incoming:
Rem Login= lan2
Rem Password= *******
Rem CLID=
Call Back= No
Outgoing:
My Login= lan1
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 1234
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 192.168.2.1
Edit IP= No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)=
Period(hr)=
Carrier Acess Code=
Nailed-Up Connection= N/A
Toll Period (Sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
and Call Back to
Both and No
respectively.
Figure 6-10 LAN 1 LAN-to-LAN Application
6-12 Dial-In Server Configuration
Prestige 480 ISDN Router
Set Call Direction
Prestige on LAN1
PAP
Successful
Connection
LAN 2
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN_1
Active= Yes
Call Direction= Both
Incoming:
Rem Login= lan1
Rem Password= *******
Rem CLID=
Call Back= Yes
Outgoing:
My Login= lan2
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 5678
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 192.168.1.1
Edit IP= No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)=
Period(hr)=
Carrier Acess Code=
Nailed-Up Connection= N/A
Toll Period (Sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
and Call Back to
Both and Yes
respectively.
Figure 6-11 LAN2 LAN-to-LAN Application
Testing Callback with your Connection
Go to Menu 24.4.5 of the Prestige on LAN 1 and enter the numbers that correspond to the menu in
the above LAN 1.
Dial-In Server Configuration 6-13
Start dialing for node <LAN_2>…
### Hit any key to continue ###
$$$ DIALING dev=2 ch=0…..
$$$ OUTGOING-CALL phone (123)
$$$ CALL CONNECT speed <64000> type<2> chan<0>
$$$ LCP opened
$$$ PAP sending user/pswd
$$$ LCP closed
$$$ Recv’d TERM-REQ
$$$ Recv’d TERM-ACK state 4
$$$ LCP stopped
$$$ ANSWER CONNECTED ch=7743 bc
$$$ LCP opened
$$$ IPCP negotiation started
$$$ IPCP opened
Figure 6-12 Testing Callback with your Connection
calls Prestige on
LAN2
authentication
Prestige 480 ISDN Router
This is how
6.4.4 Configuring the Prestige for Callback with CLID
The only difference between callback with CLID (Calling Line Identification) and callback
described above is that you do not pay for the first call i.e., when the Prestige on LAN 1 calls the
Prestige on LAN 2. The Prestige (LAN 2) looks at the ISDN D-Channel and verifies that the
calling number corresponds with that configured in Menu 11. If they do, the Prestige (LAN 2)
hangs up and calls the Prestige on LAN 1 back.
Prestige on LAN 2
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN_1
Active= Yes
Call Direction= Both
Incoming:
Rem Login= lan1
Rem Password= *******
Rem CLID= 1234
Call Back= Yes
Outgoing:
My Login= lan2
My Password= ********
Authen= CHAP/PAP
Pri Phone #= 5678
Sec Phone #=
Enter here to CONFIRM or ESC to CANCEL:
Edit PPP Options= No
Rem IP Addr= 192.168.1.1
Edit IP= No
Telco Option:
Transfer Type= 64K
Allocated Budget(min)=
Period(hr)=
Carrier Acess Code=
Nailed-Up Connection= N/A
Toll Period (Sec)= 0
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
the Prestige
on LAN 2
identifies
the Prestige
on LAN 1
Figure 6-13 Callback with CLID Configuration
6-14 Dial-In Server Configuration
Prestige 480 ISDN Router
$$$ IPCP opened
CLID
Prestige on LAN
Connection
Menu 13
Telco Options:
CLID Authen= Required
PPP Options:
Recv Authen= CHAP/PAP
Compression= Yes
Mutual Authen= No
PAP Login= N/A
PAP Password= N/A
Multiple Link Options:
Max Trans Rate= 256
Callback Budget Management:
Allocated Budget(min)=
Period(hr)=
Press Space Bar to Toggle.
Menu 13 - Default Dial-in Setup
IP Address Supplied By:
Dial-in User= Yes
IP Pool= No
IP Start Addr= N/A
IP Count(1,4)= N/A
Session Options:
Edit Filter Sets= No
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-14 Configuring CLID with Callback
Set this field
to Required
Testing your Connection with Callback and CLID
Go to Menu 24.8 (Prestige on LAN 2) and type “sys trcl call”. The Prestige displays all
communication traces as shown in the next figure. If CLID authentication fails, this means that the
calling number does not match the Rem CLID number in Menu 11.1.
Dial-In Server Configuration 6-15
Copyright (c) 1994 - 1999 ZyXEL Communications Corp.
LAN_2>sys trcl call
Tracelog type 9080 level 1
### Hit any key to terminate
*** INTL CLID check: ch=7743bc reason=-3026
*** INTL chanErr: chp=7743bc state=6 evt=0300
$$$ CALL CONNECT speed<64000> type<2> chan<0>
$$$ LCP opened
$$$ CHAP login to remote OK
$$$ IPCP negotiation started
Figure 6-15 Callback and CLID Connection Test
Authentication
2 calls back.
Established
Prestige 480 ISDN Router
6.5 Multiple Servers behind SUA
If you wish, you can make inside servers for different services, e.g., web or FTP, visible to the
outside users, even though SUA makes your whole inside network appear as a single machine to
the outside world. A service is identified by the port number, e.g., web service is on port 80 and
FTP on port 21.
As an example, if you have a web server at 192.168.1.2 and an FTP server 192.168.1.3, then you
need to specify for port 80 (web) the server at IP address 192.168.1.2 and for port 21 (FTP) another
at IP address 192.168.1.3.
Please note that a server can support more than one service, e.g., a server can provide both FTP and
DNS service, while another provides only web service. Also, since you need to specify the IP
address of a server in the Prestige, a server must have a fixed IP address and not be a DHCP client
whose IP address potentially changes each time it is powered on.
In addition to the servers for specific services, SUA supports a default server. A service request
that does not have a server explicitly designated for it is forwarded to the default server. If the
default server is not defined, the service request is simply discarded.
To make a server visible to the outside world, specify the port number of the service and the inside
IP address of the server in Menu 15, Multiple Server Configuration. For more information on
configuring supporting applications behind SUA refer to the ZyNOS Support Note documentation
in your PNC disc.
6.5.1 Configuring a Server behind SUA
Follow the steps below to configure a server behind SUA:
1. Enter 15 in the main menu to go to Menu 15, Multiple Server Configuration.
2. Enter an index number in menu 15 to go to Menu 15.1, SUA Server Configuration.
3. Enter the service port number in the Port # field and the inside IP address of the server in the IP
Address field.
4. Press [Enter] at the “Press ENTER to confirm …” prompt to save your configuration after you
define all the servers or press ESC at any time to cancel.
6-16 Dial-In Server Configuration
Prestige 480 ISDN Router
Menu 15 - Multiple Server Configuration
Port #
1.Default
2. 0
3. 0
4. 0
5. 0
6. 0
7. 0
8. 0
----
Press ENTER to Confirm or ESC to Cancel:
IP Address
---------------
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
Figure 6-16 Multiple Server Configuration
The most often used port numbers are:
Table 6-4 Services vs. Port number
Services Port Number
FTP (File Transfer Protocol) 21
Telnet 23
SMTP (Simple Mail Transfer Protocol) 25
DNS(Domain Name System) 53
HTTP (Hyper Text Transfer protocol or WWW, Web) 80
PPTP (Point-to-Point Tunneling Protocol) 1723
Dial-In Server Configuration 6-17
Prestige 480 ISDN Router
Chapter 7
Filter Configuration
This chapter shows you how to create and apply filter(s).
7.1 About Filtering
Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make
a call. There are two types of filters: data filters and call filters. These filters are further subdivided
into device and protocol filters, which are discussed later.
Data filters screen the data to determine if the packet should be allowed to pass. Data filters are
further divided into incoming and outgoing filters, depending on the direction of the packet relative
to a port. Call filters are used to determine if a packet should be allowed to trigger a call.
Outgoing packets must pass through the data filters before they encounter the call filters. Call
filters are divided into two groups, the built-in call filters and the user-defined call filters. Your
Prestige has built-in call filters that prevent administrative, e.g., RIP packets from triggering calls.
These filters are always enabled and not accessible to you. Your Prestige applies the built-in filters
first and then the user-defined call filters, if applicable, as illustrated in the next figure.
Call Filters
Outgoing
Packet
Data
Filters
Drop
packet
No
match
Match MatchMatch
Call Filters
Drop packet
if line not up
Built-in
default
No
match
Or Or
Send packet
but do not reset
Idle Timer
User-defined
Call Filters
(if applicable)
Drop packet
if line not up
Send packet
but do not reset
No
match
Idle Timer
Active Data
Initiate call
if line not up
Send packet
and reset
Idle Timer
Figure 7-1 Outgoing Packet Filtering Process
Filter Configuration 7-1
Prestige 480 ISDN Router
For incoming packets, your Prestige applies data filters only. Packets are processed depending
upon whether a match is found. The following sections describe how to configure filter sets.
The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the
rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to
configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the
system.
You can apply up to four filter sets to a particular port to block multiple types of packets. With
each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
7.2 Configuring a Filter Set
To configure a filter sets, follow the procedure below:
Step 1. Select option 21. Filter Set Configuration from the Main Menu to open Menu 21.
Menu 21 - Filter Set Configuration
Filter
Set #
-----1
2
3
4
5
6
Comments
-----------------1
2
______________
______________
______________
______________
Filter
Set #
-----7
8
9
10
11
12
Comments
-----------------______________
______________
______________
______________
______________
______________
Enter Filter Set Number to Configure=
Edit Comments=
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-2 Menu 21 - Filter Set Configuration
Step 2. Select the filter set you wish to configure (no. 1-12) and press [Enter].
Step 3. Enter a descriptive name or comment in the Edit Comments field and press Enter.
Step 4. Press [Enter] at the message: [Press ENTER to confirm] to open Menu 21.1 - Filter
Rules Summary.
7-2 Filter Configuration
Prestige 480 ISDN Router
m n
Enter Filter Rule Number (1-6) to Configure: 1
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure:
# A Type Filter Rules M
- - ---- ----------------------------------------------------- - - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F
2 N
3 N
4 N
5 N
6 N
Menu 21.1 - Filter Rules Summary
Figure 7-3 Menu 21.1 - Filter Rules Summary
Menu 21.2 - Filter Rules Summary
Figure 7-4 Menu 21.2 - Filter Rules Summary
7.2.1 Filter Rules Summary Menus
The preceeding screens show summaries of the existing rules in the filter set. The following tables
contain a brief description of the abbreviations used in Menu 21.1and Menu 21.2.
Table 7-1 Abbreviations Used in the Filter Rules Summary Menu
Abbreviations Description Display
# Refers to the filter rule number (1-6).
A Refers to Active. [Y] means the filter rule is active.
[N] means the filter rule is inactive.
Filter Configuration 7-3
Prestige 480 ISDN Router
Type Refers to the type of filter rule. This
shows GEN for Generic and IP for
TCP/IP.
Filter Rules The filter rule parameters will be
displayed here (see below).
M Refers to More.
[Y] means an action can not yet be taken
as there are more rules to check, which
are concatenated with the present rule
to form a rule chain. When the rule chain
is complete an action can be taken.
[N] means you can now specify an action
to be taken i.e., forward the packet, drop
the packet or check the next rule. For the
latter, the next rule is independent of the
rule just checked
If More is Yes, then Action Matched and
Action Not Matched will be N/A.
m Refers to Action Matched.
[F] means to forward the packet
immediately and skip checking the
remaining rules.
n Refers to Action Not Matched
[F] means to forward the packet
immediately and skip checking the
remaining rules.
[GEN] for Generic.
[IP] for TCP/IP.
[Y] means there are more rules to check.
[N] means there are no more rules to check.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
The protocol dependent filter rules abbreviation are listed as follows:
l If the filter type is IP, the following abbreviations listed in the following table will be used.
7-4 Filter Configuration
Prestige 480 ISDN Router
Table 7-2 Abbreviations used if Filter Type is IP
Abbreviation Description
Pr Protocol
SA Source Address
SP Source Port number
DA Destination Address
DP Destination Port number
l If the filter type is GEN (generic), the following abbreviations listed in the following table will
be used.
Table 7-3 Abbreviations used if Filter Type is GEN
Abbreviation Description
Off Offset
Len Length
Refer to the next section for information on configuring the filter rules.
7.3 Configuring a Filter Rule
To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press Enter
to open Menu 21.1.1 for the rule.
There are two types of filter rules: TCP/IP and Generic. Depending on the type of rule, the
parameters below the type will be different. Use the space bar to select the type of rule that you
wish to create in the Filter Type field and press [ENTER] to open the respective menu.
Filter Configuration 7-5
Prestige 480 ISDN Router
7.3.1 Filter Types and SUA
There are two categories of filter rules, Device Filter (Generic) rules and Protocol Filter (TCP/IP)
rules. Device Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on
the IP packets. Generic and TCP/IP filter rules are discussed in more detail in the next section.
When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP
address and port number are replaced on a connection-by-connection basis, which makes it
impossible to know the exact address and port on the wire. Therefore, the Prestige applies the
protocol filters to the “native” IP address and port number before NAT/SUA for outgoing packets
and after NAT/SUA for incoming packets. On the other hand, the generic, or device filters are
applied to the raw packets that appear on the wire. They are applied at the point when the Prestige
is receiving and sending the packets; i.e. the interface. The interface can be Ethernet, or any other
hardware port. The following diagram illustrates this.
S
Incoming
Device
Filters
U
A
Incoming
Route
Protocol
Filters
S
Outgoing
Device
Filters
Figure 7-5 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or
generic filters. The class of a filter set is determined by the first rule that you create. When
applying the filter sets to a port, separate menu fields are provided for protocol and device filter
sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn
you and will not allow you to save.
7-6 Filter Configuration
U
A
Outgoing
Protocol
Filters
Loading...