ZyXEL 642 User Manual

Download

Page 1

Prestige 642

ADSL Router

User's Guide

Version 2.50

(May 2000)

ZyXEL

OTAL INTERNET ACCESS SOLUTION

Page 2

Getting Started

Part I:

Getting Started

Chapters 1-3 are structured as a step-by-step guide to help you connect, install and setup your

Prestige to operate on your network and access the Internet.

Page 3

Advanced Applications

Part II:

Advanced Applications

Advanced Applications (Chapters 4-7) describe the advanced applications of your Prestige, such

as Remote Node Setup IP Static routes and NAT.

Page 4

Advanced Management

Part III:

Advanced Management

Chapters 8 - 12 provide information on Prestige Filtering, SNMP, System Maintenance, IP Policy

Routing, Troubleshooting as well as some Appendices and a Glossary.

III

Page 5

Page 6

Prestige 642 ADSL Internet Access Router

Chapter 8

Filter Configuration

This chapter shows you how to create and apply filter(s).

8.1 About Filtering

Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be applied on either the WAN side or the Ethernet side. Call filtering is used to determine if a packet should be allowed to trigger a call. Remote node call filtering is only applicable when using encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following figure.

Call Filtering

PPPoE

Outgoing

Packet

Data Filtering

Match MatchMatch

Drop

packet

match

Call Filters

Drop packet if line not up

Built-in default

match

Or Or

Send packet

but do not reset

Idle Timer

User-defined

Call Filters

(if applicable)

Drop packet if line not up

Send packet

but do not reset

Idle Timer

match

Active Data

Initiate call

if line not up

Send packet

and reset

Idle Timer

Figure 8-1 Outgoing Packet Filtering Process

For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets.

Filter Configuration 8-1

Page 7

Prestige 642 ADSL Internet Access Router

8.1.1

A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Three sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnetting. A summary of their filter rules is shown in the figures that follow. The following diagram illustrates the logic flow when executing a filter rule.

The Filter Structure of the Prestige

8-2 Filter Configuration

Page 8

Filter Set

Prestige 642 ADSL Internet Access Router

Start

Packet into

filter

Fetch First

Filter Set

Fetch Next

Filter Set

Yes

Next Filter Set

Available?

Fetch Next

Filter Rule

Yes

Next filter

Rule

Available?

Fetch First

Filter Rule

Active?

Yes

Execute

Check

Next Rule

Figure 8-2 Filter Rule Process

You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.

Filter Rule

Forward

Drop

Accept PacketDrop Packet

Filter Configuration 8-3

Page 9

Prestige 642 ADSL Internet Access Router

8.2 Configuring a Filter Set

To configure a filter set, follow the procedure below.

Step 1.

Step 2. Step 3.

Step 4.

Enter 21 from the Main Menu to open Menu 21.

Menu 21 - Filter Set Configuration

Filter Filter Set # Comments Set # Comments

------ ----------------- ------ ---------------- 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______________ 3 TELNET_WAN 9 _______________ 4 PPPoE 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________

Enter Filter Set Number to Configure= 0

Edit Comments= N/A

Press ENTER to Confirm or ESC to Cancel:

Figure 8-3 Menu 21 – Filter Setup

Enter the index number of the filter set (no. 1-12) you wish to configure and press

Enter a descriptive name or comment in the Press

[ENTER]

Summary

at the message: [Press ENTER to confirm] to open

Edit Comments

field and press [

ENTER

Menu 21.1.1 - Filter Rules

[ENTER]

8-4 Filter Configuration

Page 10

Prestige 642 ADSL Internet Access Router

Menu 21.1 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- -------------------------------------------- --------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F

Enter Filter Rule Number (1-6) to Configure:

Press ENTER to Confirm or ESC to Cancel:

Figure 8-4 NetBIOS_WAN Filter Rules Summary

Menu 21.2 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- -------------------------------------------- --------- - - 1 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D F 2 Y 3 Y 4 Y 5 Y 6 Y

Enter Filter Rule Number (1-6) to Configure:

Figure 8-5 NetBIOS _LAN Filter Rules Summary

Menu 21.3 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- --------------------------------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N

Enter Filter Rule Number (1-6) to Configure:

Figure 8-6 Telnet_WAN Filter Rules Summary

Filter Configuration 8-5

Page 11

Prestige 642 ADSL Internet Access Router

Menu 21.4 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- --------------------------------------------------------------- - - 1 Y Gen Off=12, Len=2, Mask=ffff, Value=8863 N F N 2 Y Gen Off=12, Len=2, Mask=ffff, Value=8864 N F D 3 N 4 N 5 N 6 N

Enter Filter Rule Number (1-6) to Configure:

Figure 8-7 PPPoE Filter Rules Summary

8.2.1 Filter Rules Summary Menu

This screen shows the summary of the existing rules in the filter set. The following tables contain a brief description of the abbreviations used in the previous menus.

Table 8-1 Abbreviations Used in the Filter Rules Summary Menu

Abbreviations Description Display

# Refers to the filter rule number (1-6).

A Shows whether the rule is active or not. [Y] means the filter rule is active.

[N] means the filter rule is inactive.

Type Refers to the type of filter rule.

This shows GEN for generic, IP for TCP/IP

Filter Rules

The filter rule parameters will be displayed here (see below).

Refers to

More in a set behaves

like a logical AND i.e., the set is only matched if ALL rules in it are matched.

[Y] means an action can not yet be taken as there are more rules to check, which are concatenated with the present rule to form a rule chain. When the rule chain is complete an action can be taken.

[GEN] for Generic

[IP] for TCP/IP

[Y] means there are more rules to check.

[N] means there are no more rules to check.

8-6 Filter Configuration

Page 12

Prestige 642 ADSL Internet Access Router

[N] means you can now specify an action to be taken i.e., forward the packet, drop the packet or check the next rule. For the latter, the next rule is independent of the rule just checked.

If More is

Action Not Matched

Refers to

[F] means to forward the packet immediately and skip checking the remaining rules.

Refers to

[F] means to forward the packet immediately and skip checking the remaining rules.

Yes

Action Matched

Action Not Matched.

Action Matched

, then

will be

and

N/A

[F] means to forward the packet.

[D] means to drop the packet.

[N] means check the next rule.

[F] means to forward the packet.

[D] means to drop the packet.

[N] means check the next rule.

The protocol dependent filter rules abbreviation are listed as follows:

If the filter type is IP, the following abbreviations listed in the following table will be used.

Table 8-2 Abbreviations Used If Filter Type Is IP

Abbreviation Description

Pr Protocol

SA Source Address

SP Source Port number

DA Destination Address

DP Destination Port number

Abbreviations Used If Filter Type Is IPX

•

Table 8-3 Abbreviations Used If Filter Type Is IPX

Abbreviation Description

PT IPX Packet Type

SS Source Socket

DS Destination Socket

If the filter type is GEN (generic), the following abbreviations listed in the following table will be

used.

Filter Configuration 8-7

Page 13

Prestige 642 ADSL Internet Access Router

Table 8-4 Abbreviations Used If Filter Type Is GEN

Abbreviation Description

Off Offset

Len Length

Refer to the next section for information on configuring the filter rules.

8.2.2 Configuring a Filter Rule

To configure a filter rule, type its number in open

Menu 21.1.1

There are three types of filter rules: parameters below the type will be different. Use the space bar to select the type of rule that you wish to create in the To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn you and will not allow you to save.

for the rule.

Filter Type

TCP/IP, IPX

field and press ENTER to open the respective menu.

Menu 21.1 - Filter Rules Summary

and

Generic

. Depending on the type of rule, the

and press [

ENTER]

8.2.3 TCP/IP Filter Rule

This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers. To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press ENTER to open

Menu 21.1.1 - TCP/IP Filter Rule

, as shown below.

8-8 Filter Configuration

Page 14

Prestige 642 ADSL Internet Access Router

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0

Source: IP Addr= 0.0.0.0

TCP Estab= No More= No Log= None Action Matched= Drop

Action Not Matched= Check Next Rule

Press Space Bar to Toggle.

Press ENTER to Confirm or ESC to Cancel:

IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal

IP Mask= 0.0.0.0 Port #= Port # Comp= None

Figure 8-8 Menu 21.1.1.1 - TCP/IP Filter Rule

The following table describes how to configure your TCP/IP filter rule.

Table 8-5 TCP/IP Filter Rule Menu Fields

Field Description Option

Active This field activates/deactivates the filter rule.

IP Protocol Protocol refers to the upper layer protocol, e.g., TCP is 6,

UDP is 17 and ICMP is 1. This value must be between 0 and 255

IP Source Route If Yes, the rule applies to packet with IP source route

option; else the packet must not have source route option. The majority of IP packets do not have source route.

Destination: IP Address

Destination: IP Mask

Destination: Port # Enter the destination port of the packets that you wish to

Enter the destination IP Address of the packet you wish to filter. This field is a don’t-care if it is 0.0.0.0.

Enter the IP mask to apply to the Destination: IP Addr. IP mask

filter. The range of this field is 0 to 65535. This field is a don’t-care if it is 0.

Yes/No

0-255

Yes/No

IP address

0-65535

Filter Configuration 8-9

Page 15

Prestige 642 ADSL Internet Access Router

Field Description Option

Destination: Port # Comp

Source: IP Address Enter the source IP Address of the packet you wish to

Source: IP Mask Enter the IP mask to apply to the Source: IP Addr. IP Mask

Source: Port # Enter the source port of the packets that you wish to filter.

Source: Port # Comp

TCP Estab This field is applicable only when IP Protocol field is 6,

More If yes, a matching packet is passed to the next filter rule

Log Select the logging option from the following:

Action Matched Select the action for a matching packet.

Action Not Matched Select the action for a packet not matching the rule.

Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.

filter. This field is a don’t-care if it is 0.0.0.0.

The range of this field is 0 to 65535. This field is a don’tcare if it is 0.

Select the comparison to apply to the source port in the packet against the value given in Source: Port #.

TCP. If yes, the rule matches only established TCP connections; else the rule matches all TCP packets.

before an action is taken; else the packet is disposed of according to the action fields.

If More is Matched will be

Yes

, then Action Matched and Action Not

N/A

None

– No packets will be logged.

Action Matched

parameters will be logged.

Action Not Matched

match the rule parameters will be logged.

Both

– All packets will be logged.

- Only packets that match the rule

- Only packets that do not

None/Less/Greater/

Equal/Not Equal]

IP Address

0-65535

None/Less/Greater/

Equal/Not Equal

Yes/No

Yes / No

None

Action Matched

Action Not Matched

Both

Check Next Rule

Forward

Drop

Check Next Rule

Forward

Drop

8-10 Filter Configuration

Page 16

Prestige 642 ADSL Internet Access Router

Field Description Option

Once you have completed filling in [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on

Menu 21.1 - Filter Rules Summary

Menu 21.1.1 - TCP/IP Filter Rule

, press [ENTER] at the message

The following diagram illustrates the logic flow of an IP filter.

Filter Configuration 8-11

Page 17

Prestige 642 ADSL Internet Access Router

Packet

into IP Filter

Filter Active?

Yes

Apply SrcAddrMask

to Src Addr

Check Src

IP Addr

Matched

Apply DestAddrMask

to Dest Addr

Check Dest

IP Addr

Matched

Check

IP Protocol

Matched

Check Src &

Dest Port

Matched

More?

Not Matched

Yes

Action Matched

Drop

Drop Packet Accept Packet

Check Next Rule

Forward

Check Next Rule

Action Not Matched

Drop Forward

Figure 8-9 Executing an IP Filter

8-12 Filter Configuration

Page 18

Prestige 642 ADSL Internet Access Router

8.2.4 Generic Filter Rule

This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, e.g.,

FFFFFFFF

To configure a generic rule, select Generic Filter Rule in the Filter Type field in the [

ENTER]

to open Generic Filter Rule, as shown below.

Menu 21.6.1 - Generic Filter Rule

Filter #: 6,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule

Menu 21.6.1

and press

Press Space Bar to Toggle.

Press ENTER to Confirm or ESC to Cancel:

Figure 8-10 Generic Filter Rule

The following table describes the fields in the Generic Filter Rule Menu.

Table 8-6 Generic Filter Rule Menu Fields

Field Description Option

Filter # This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second

filter set and the third rule of that set.

Filter Type Use the [SPACE BAR] to toggle between both types of rules. Parameters

displayed below each type will be different.

Generic Filter Rule/

TCP/IP

Filter Rule

Active

Select

Yes

to turn on the filter rule.

Yes/No

Filter Configuration 8-13

Page 19

Prestige 642 ADSL Internet Access Router

Field Description Option

Offset Enter the starting byte of the data portion in the packet that you wish to

compare. The range for this field is from 0 to 255.

Length Enter the byte count of the data portion in the packet that you wish to

compare. The range for this field is 0 to 8.

Mask Enter the mask (in Hexadecimal) to apply to the data portion before

comparison.

Value Enter the value (in Hexadecimal) to compare with the data portion.

More If yes, a matching packet is passed to the next filter rule before an action is

taken; else the packet is disposed of according to the action fields.

If More is

Log Select the logging option from the following:

Action Matched

Action Not Matched

Once you have completed filling in [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on

Select the action for a matching packet.

Select the action for a packet not matching the rule.

Menu 21.1.1 - Filter Rules Summary

Yes

, then Action Matched and Action Not Matched will be No.

None

– No packets will be logged.

Action Matched

be logged.

Action Not Matched

parameters will be logged.

Both

– All packets will be logged.

- Only packets that match the rule parameters will

- Only packets that do not match the rule

Menu 21.4.1.1 - Generic Filter Rule

, press [ENTER] at the message

Default = 0

Yes / No

None

Action

Matched

Action Not

Matched

Both

Check Next

Rule

Forward

Drop

Check Next

Rule

Forward

Drop

8.2.5 Novell IPX Filter Rule

This section shows you how to configure an IPX filter rule. IPX filters allow you to base the rules on the fields in the IPX headers.

8-14 Filter Configuration

Page 20

Prestige 642 ADSL Internet Access Router

To configure an IPX rules, select

Menu 21.1.5 IPX Filter Rule

Press Space Bar to Toggle.

, as shown in the figure below.

IPX Filter Rule

Menu 21.1.5 - IPX Filter Rule

Filter #: 5,1 Filter Type= IPX Filter Rule Active= No IPX Packet Type= Destination: Network #=

Source: Network #=

Operation= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

from the

Node #= Socket #= Socket # Comp= None

Filter Type

field and press [ENTER} to open

Figure 8-11 IPX Filter Rule

Filter Configuration 8-15

Page 21

Prestige 642 ADSL Internet Access Router

The table below describes the IPX Filter Rule.

Table 8-7 IPX Filter Rule Menu Fields

Field Description

IPX Packet Type Enter the IPX packet type (1-byte in hexadecimal) you wish to

filter.

The popular types are (in hexadecimal):

01 - RIP

04 - SAP

05 - SPX (Sequenced Packet eXchange)

11 - NCP (NetWare Core Protocol)

14 - Novell NetBIOS

Destination/Source Network #

Destination/Source Node#Enter in the destination/source node number (6-byte in

Destination/Source Socket #

Destination/Source Socket # Comp

Operation This field is applicable only if one of the Socket # fields is 0452

Once you have completed filling in message [Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on

Enter the destination/source network numbers (4-byte in hexadecimal) of the packet that you wish to filter.

hexadecimal) of the packet you wish to filter.

Enter the destination/source socket number (2-byte in hexadecimal) of the packets that you wish to filter.

Select the comparison you wish to apply to the destination/source socket in the packet against that specified above.

or 0453 indicating SAP and RIP packets. There are seven options for this field that specify the type of the packet.

z None.

z RIP Request.

z RIP Response.

z SAP Request.

z SAP Response.

z SAP Get Nearest Server Request.

z SAP Get Nearest Server Response

Menu 21.1.3 - IPX Filter Rule

Menu 21.1 - Filter Rules Summary

, press [Enter] at the

8-16 Filter Configuration

Page 22

Prestige 642 ADSL Internet Access Router

8.3 Example Filter

Let’s look at the third default ZyXEL filter, TELNET_WAN ( PNC Disk for more example filters. This filter is designed to block outside users telnetting into the Prestige.

see Figure

8-6) as an example. Please see our

Figure 8-12 Telnet Filter Example

Step 1. Step 2.

Step 3.

Step 4.

Step 5.

Filter Configuration 8-17

Enter Enter the index of the filter set you wish to configure (in this case, 3) and press

Enter a descriptive name or comment in the and press Press

Summary

Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure.

from the Main Menu to open

[ENTER].

[ENTER]

at the message: [Press ENTER to confirm] to open

Menu 21 - Filter Set Configuration

Edit Comments

field (in this case TELNET_WAN)

Menu 21.3 - Filter Rules

[ENTER]

Page 23

Prestige 642 ADSL Internet Access Router

Press S

ace Bar to Toggle.

There are no more rules to check.

Select

Drop

here so that the packet will be dropped if its destination is the telnet port.

Menu 21.3.1 - TCP/IP Filter Rule

Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0

Source: IP Addr= 0.0.0.0

TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal

IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None

Select here as we are looking for packets going to port 23 only.

Select the packet will be forwarded if its destination is not the telnet port.

Equal

Forward

Press the [SPACEBAR] to choose this filter rule type. The first filter rule type determines all subsequent filter types within a set.

Select

to make the rule

Yes

active.

is the TCP protocol.

The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services.

here so that

Figure 8-13 Example Filter – Menu 21.3.1

When you press

[ENTER]

to confirm, you will see the following screen. Note that there is only one filter

rule in this set.

8-18 Filter Configuration

Page 24

Prestige 642 ADSL Internet Access Router

Menu 21.3 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- --------------------------------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N

Enter Filter Rule Number (1-6) to Configure: 1

This shows you that you have configured and activated (

) a TCP/IP filter rule (

Y IP, Pr = 6

telnet ports (

) for destination

DP = 23

A =

Type =

means an action can be taken

M = N

immediately. The action is to drop the packet ( to forward the packet immediately (

) if the action is matched and

m = D

n = F

) if the action is not matched no matter whether there are more rules to be checked (there aren’t in this example).

Figure 8-14 Example Filter Rules Summary – Menu 21.3

After you’ve created the filter set, you must apply it.

Step 1. Step 2.

Step 3.

Step 4.

Enter 11 from the main menu to go to Menu 11. Go to the

[ENTER]

Edit Filter Sets

field, press the

[SPACEBAR]

to toggle

Yes

to No and press

This brings you to Menu 11.5. Apply the TELNET_WAN filter set (filter set 3) as shown in

Figure 8-17

Press

[ENTER

] to confirm after you enter the set numbers and to leave Menu 11.5.

8.4 Filter Types and SUA

There are two types of filter rules, rules.

Device Filter

rules act on the raw data from/to LAN and WAN.

Device Filter

and IPX packets. When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the

to the “native” IP address and port number before NAT/SUA for outgoing packets and after

filters

(Generic) rules and

Protocol Filter

(TCP/IP and IPX)

rules act on the IP

protocol

Filter Configuration 8-19

Page 25

Prestige 642 ADSL Internet Access Router

NAT/SUA for incoming packets. On the other hand, the generic, or

device filters

are applied to the raw packets that appear on the wire. They are applied at the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet, or any other hardware port. The following diagram illustrates this.

Figure 8-15 Protocol and Device Filter Sets

8.5 Applying a Filter and Factory Defaults

This section shows you where to apply the filter(s) after you design it (them). Sets of factory default filter rules have been configured in Menu 21 (but have not been applied) to prevent NetBIOS traffic from triggering calls, incoming telnet and sessions. The PPPoE filter filters out all packets going out from the Prestige to the ISP or remote node.

8.5.1 LAN traffic

LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to

Menu 3.1

appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the Prestige and Output filter sets filter outgoing traffic from the Prestige. The factory default set, NetBIOS_LAN, can be inserted in

filters –

field under

(shown next) and enter the number(s) of the filter set(s) that you want to apply as

Input Filter Sets

Menu 3.1

to block NetBIOS traffic to the Prestige from the LAN.

PPPoE packets

except

protocol

Menu 3.1 – LAN Port Filter Setup

Input Filter Sets: protocol filters= 2 device filters= Output Filter Sets: Protocol filters= device filters=

Press ENTER to Confirm or ESC to Cancel:

Apply Default Filter 2 here.

Figure 8-16 Filtering LAN Traffic

8-20 Filter Configuration

Page 26

Prestige 642 ADSL Internet Access Router

8.5.2 Remote Node Filters

Go to Menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas. The factory default filter set, NetBIOS_WAN, can be applied in Menu 11.5 to block local NetBIOS traffic from triggering calls to the ISP (when you are using only). Enter “1” in the

protocol filters

under

protocol filters Output Filter Sets – protocol filters

field under

Call Filter Sets

when using Ethernet encapsulation. Filter set

when using PPPoE encapsulation and in

“3”, Telnet_WAN, blocks telnet connections from the WAN Port to help prevent security breaches. Filter set “4”, PPPoE, blocks PPP connections from the WAN Port. Apply them as shown in the following figure.

PPPoE

encapsulation

Menu 11.5 - Remote Node Filter

Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 4 device filters= Call Filter Sets: protocol filters= 1 device filters

Enter here to CONFIRM or ESC to CANCEL:

Figure 8-17 Filtering Remote Node Traffic (PPPoE Encapsulation)

Apply Default Filters 1, 3 and 4 here. Enter 1 in

protocol filters

Output

under

Filter Sets

when using Ethernet encapsulation

Filter Configuration 8-21

Page 27

Page 28

Prestige 642 ADSL Internet Access Router

Chapter 9

SNMP Configuration

This chapter discusses SNMP (Simple Network Management Protocol) for network management

and monitoring.

9.1 About SNMP

Your Prestige 642 supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige.

9.2 Configuring SNMP

To configure SNMP, select

SNMP Configuration

simply SNMP’s terminology for password.

SNMP Configuration

, as shown in the figure below. The “community” for Get, Set and Trap fields is

Menu 22 - SNMP Configuration

SNMP:

Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public

Destination= 0.0.0.0

(enter 22) from the Main Menu to open

Menu 22 -

Press ENTER to Confirm or ESC to Cancel:

Figure 9-1 Menu 22 - SNMP Configuration

SNMP Configuration 9-1

Page 29

Prestige 642 ADSL Internet Access Router

The following table describes the SNMP configuration parameters.

Table 9-1 SNMP Configuration Menu Fields

Field Description Default

Get Community

Set Community

Trusted Host If you enter a trusted host, your Prestige will only respond to

Trap: Community

Trap: Destination

Once you have completed filling in message [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel.

Enter the get community, which is the password for the incoming Get- and GetNext- requests from the management station.

Enter the set community, which is the password for incoming Setrequests from the management station.

SNMP messages from this address. If you leave the field blank (default), your Prestige will respond to all SNMP messages it receives, regardless of source.

Enter the trap community, which is the password sent with each trap to the SNMP manager.

Enter the IP address of the station to send your SNMP traps to. blank

Menu 22 - SNMP Configuration

, press [ENTER] at the

public

blank

public

9-2 SNMP Configuration

Page 30

Prestige 642 ADSL Internet Access Router

Chapter 10

System Maintenance

This chapter covers the diagnostic tools that help you to maintain your Prestige.

The diagnostic tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Select menu 24 in the main menu to open

Figure 10-1 Menu 24 - System Maintenance

Menu 24 - System Maintenance

1. System Status

2. System Information and Console Port Speed

3. Log and Trace

4. Diagnostic

5. Backup Configuration

6. Restore Configuration

7. Upload Firmware

8. Command Interpreter Mode

Enter Menu Selection Number:

, as shown below.

System Maintenance 10-1

Page 31

Prestige 642 ADSL Internet Access Router

10.1 System Status

The first selection, System Status, gives you information on the status and statistics of the ports, as shown below. System Status is a tool that can be used to monitor your Prestige. Specifically, it gives you information on your ADSL line status, number of packets sent and received. To get to the System Status, enter number 24 to go to select number 1,

. Entering 1 resets the counters and

Status

System Status

There are two commands in

ESC

The table below describes the fields present in

Menu 24 - System Maintenance.

Menu 24.1 - System Maintenance -

takes you back to the previous screen.

Menu 24.1 - System Maintenance - Status

noted that these fields are READ-ONLY and are meant to be used for diagnostic purposes. Please note that displaying this screen degrades system performance.

Menu 24.1 -- System Maintenance – Status

Node-Lnk 1-1483 2 3 4 5 6 7 8

Status Up N/A N/A N/A N/A N/A N/A N/A

TxPkts

1462

RxPkts

0 0 0 0 0 0 0

1567

Errors

0 0 0 0 0 0 0

Tx B/s 0 0 0 0 0 0 0 0

222

Rx B/s

211 0 0 0 0 0 0 0

0 0 0 0 0 0 0

From this menu,

. It should be

Up Time 2:15:16 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00

Ethernet:

Status: 100M/Full Duplex

Collisions: 0

CPU Load = 4.25%

Tx Pkts: 1583 Rx Pkts: 1521

CMDS: 1-Reset Counters ESC-Exit

Press Command:

WAN: Line Status: Up Upstream Speed: 608 kbps Downstream Speed: 4000 kbps

Figure 10-2 Menu 24.1 - System Maintenance – Status

The following table describes the fields present in

Menu 24.1 - System Maintenance - Status

10-2 System Maintenance

Page 32

Prestige 642 ADSL Internet Access Router

Table 10-1 System Maintenance - Status Menu Fields

Field Description

This is the remote node index number and link type. Link types are :Node-Lnk

PPP, ENET, 1483, PPPoE

Status Shows the status of the remote node.

TxPkts The number of packets transmitted to this remote node.

RxPkts The number of packets received from this remote node.

Errors The number of error packets on this connection.

Tx B/s Shows the transmission rate in bytes per second.

Rx B/s Shows the receiving rate in bytes per second.

Up Time Time this channel has been connected to the remote node.

Ethernet

Status Shows the current status of the LAN.

Tx Pkts The number of transmitted packets to the LAN.

Rx Pkts The number of received packets from the LAN.

Collision Number of collisions.

WAN

Line Status

Upstream Speed Shows the ADSL line upstream speed.

Downstream Speed Shows the ADSL line downstream speed

CPU Load Specifies the percentage of CPU utilization.

Press Command

1 - Reset Counters Press 1 to reset all the above statistics to 0.

ESC - Exit Press ESC to go back to Menu 24.

Shows the current status of the ADSL line which can be

Wait for Init

Initializing

Up, Down,

Menu 24.2 System Information and Console Port Speed

is as follows.

System Maintenance 10-3

Page 33

Prestige 642 ADSL Internet Access Router

Menu 24.2 - System Information and Console Port Speed

1. System Information

2. Console Port Speed

Figure 10-3 System Information and Console Port Speed

Press 1 to display the next screen,

LAN

Press ESC or RETURN to Exit:

Menu 24.2.1 - System Maintenance - Information.

Menu 24.2.1 – System Maintenance - Information

Name: Johnny Routing: IP ZyNOS S/W Version: V2.50(AJ.0)b4 | 5/11/2000 ADSL Chipset Vendor: Alcatel, Version 1.6.25 Operational Command: Multi-Mode

Ethernet Address:00:a0:c5:02:34:56 IP Address: 192.168.1.1 IP Mask: 255.255.255.0 DHCP: Server

Figure 10-4 System Maintenance - Information

Table 10-2 Fields in System Maintenance - Information

Field Description

Name Displays the system name of your Prestige. This information can be modified in

Menu 1 - General Setup

Routing Refers to the routing protocol used.

ZyNOS S/W Version

ADSL Chipset

Refers to the ZyNOS (ZyXEL Network Operating System) software version. ZyNOS is a registered trademark of ZyXEL Communications Corporation.

Displays the vendor of the ADSL chipset and ADSL modem software version.

Vendor

Operational Command

This refers to the operational protocol the Prestige and the DSLAM (Digital Subscriber Line Access Multiplexer) is using. Please see the section on “Standards” in Part 0 of this manual.

Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.

IP Address This is the IP address of the Prestige in dotted decimal notation.

IP Mask This shows the subnet mask of the Prestige.

10-4 System Maintenance

Page 34

Prestige 642 ADSL Internet Access Router

Field Description

DHCP

This field shows the DHCP setting (

None, Relay

Server

) of the Prestige.

10.1.1 Console Port Speed

You can change the speed of the console port through

Menu 24.2.2 – Console Port Speed

supports 9600 (default), 19200, 38400, 57600, and 115200 bps for the console port. Use the space bar to select the desired speed in Menu 24.2.2, as shown in the following figure.

Menu 24.2.2 – System Maintenance – Console Port Speed

Console Port Speed: 115200

Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

Figure 10-5 Menu 24.2.2 – System Maintenance – Console Port Speed

. Your Prestige

10.2 Log and Trace

There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.

10.2.1 Viewing Error Log

The first place you should look for clues when something goes wrong is the error log. Follow the procedure below to view the local error/trace log:

Step 1. Step 2.

Enter 24 from the Main Menu to open From Menu 24, enter 3 to open

Menu 24.3 - System Maintenance - Log and Trace

1. View Error Log

2. UNIX Syslog

Menu 24.3 - System Maintenance - Log and Trace

Menu 24 - System Maintenance

Figure 10-6 Log and Trace

Step 3.

Enter 1 in

Menu 24.3 - System Maintenance - Log and Trace

to display the error log in the

system.

After the Prestige finishes displaying the error log, you will have the option to clear it.

System Maintenance 10-5

Page 35

Prestige 642 ADSL Internet Access Router

Examples of typical error and information messages are presented in the following figure.

45 7203 PINI INFO Channel 11 ok 46 7204 PINI INFO Channel 10 ok 47 7205 PINI INFO Channel 9 ok 48 7206 PINI INFO Channel 8 ok 49 7207 PINI INFO Channel 7 ok 50 7208 PINI INFO Channel 6 ok 51 7209 PINI INFO Channel 5 ok 52 7210 PINI INFO Channel 4 ok 53 7211 PINI INFO Channel 3 ok 54 7212 PINI INFO Channel 2 ok 55 7213 PINI INFO Channel 1 ok Clear Error Log (y/n):

Figure 10-7 Examples of Error and Information Messages

10.2.2 Syslog And Accounting

The Prestige uses the UNIX syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in

and Accounting

, as shown next.

Menu 24.3.2 -- System Maintenance - UNIX Syslog and Accounting

Press Space Bar to Toggle.

Press ENTER to Confirm or ESC to Cancel:

UNIX Syslog: Active= No Syslog IP Address= ? Log Facility= Local 1

Types: CDR= No Packet triggered= No Filter log= No PPP log= No

Menu 24.3.2 - System Maintenance - Syslog

Figure 10-8 Menu 24.3.2 - System Maintenance - Syslog and Accounting

You need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log.

10-6 System Maintenance

Page 36

Prestige 642 ADSL Internet Access Router

Table 10-3 System Maintenance Menu Syslog Parameters

Parameter Description

UNIX Syslog:

Active Use the space bar to turn on or off syslog.

Syslog IP Address Enter the IP Address of the server that will log the CDR (Call Detail Record) and

system messages i.e., the syslog server.

Log Facility Use the space bar to toggle between the 7 different Local options. The log facility

allows you to log the message in different files in the server. Please refer to your UNIX manual for more detail.

Types:

CDR

Call Detail Record (CDR) logs all data phone line activity if set to

Yes.

Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the

Yes.

No.

Filters with the individual filter

Yes.

Filter log

PPP log

UNIX syslog server when this field is set to

No filters are logged when this field is set to

Filter

field set to

Yes

are logged when this field is set to

PPP events are logged when this field is set to

Your Prestige sends four types of syslog messages. Some examples of these syslog messages with their message formats are shown next:

CDR

CDR Message Format

SdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String ); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.)

L02 Tunnel Connected(L2TP) C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call Number)

L02 Call Terminated C02 Call Terminated

Log

Jul 19 11:19:27 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002

System Maintenance 10-7

Page 37

Prestige 642 ADSL Internet Access Router

Jul 19 11:20:06 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C02 Call Terminated

Packet triggered

Packet triggered Message Format

sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );

Jul 19 11:28:39 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6 f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd4000002040 5b4 Jul 19 11:29:06 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d1430135004000077600000

Filter log

Filter log Message Format

String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD

IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).

spo: Source port dpo: Destination port

Jul 19 14:43:55 192.168.102.2 ZyXEL Communications Corp.: IP[Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]}S03>R01mF Jul 19 14:44:00 192.168.102.2 ZyXEL Communications Corp.: IP[Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]}S03>R01mF Jul 19 14:44:04 192.168.102.2 ZyXEL Communications Corp.: IP[Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]}S03>R01mF

String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server

SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );

Src: Source Address Dst: Destination Address prot: Protocol (“TCP”,”UDP”,”ICMP”)

PPP log

PPP Log Message Format

sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / IPXCP

Jul 19 11:42:44 192.168.102.2 ZyXEL Communications Corp.: ppp:LCP Closing Jul 19 11:42:49 192.168.102.2 ZyXEL Communications Corp.: ppp:IPCP Closing

Jul 19 11:42:54 192.168.102.2 ZyXEL Communications Corp.: ppp:CCP Closing

10-8 System Maintenance

Page 38

Prestige 642 ADSL Internet Access Router

10.3 Diagnostic

The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown.

Menu 24.4 - System Maintenance - Diagnostic

WAN

1. Reset ADSL

TCP/IP

12. Ping Host

Enter Menu Selection Number:

Host IP Address= N/A

Figure 10-9 Menu 24.4 - System Maintenance - Diagnostic

Follow the procedure below to get to Diagnostic

Step 1. Step 2.

From the Main Menu, enter 24 to open From this menu, enter 4 to open

Menu 24.4 - System Maintenance - Diagnostic

The following table describes the diagnostic tests available in Menu 24.4 for your Prestige and the connections.

System

21. Reboot System

22. Command Mode

Menu 24 - System Maintenance

Table 10-4 System Maintenance Menu Diagnostic

Field Description

Reset ADSL This command re-initializes the ADSL link to the telephone company.

Ping Host This diagnostic test pings the host, which determines the functionality of the

TCP/IP protocol on both systems and the links in between.

Reboot System This option reboots the Prestige.

Command Mode This option allows you to enter the command mode. This mode allows you to

diagnose and test your Prestige using a specified set of commands.

10.4 Transferring Files - Filename conventions

The configuration file (often called the romfile or romfile-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup etc. It arrives from ZyXEL with a name of

System Maintenance 10-9

Page 39

Prestige 642 ADSL Internet Access Router

P642.ROM or similar. Once you have customized the Prestige's setting, they can be saved back to PC/workstation under a filename of your choosing. Choose something meaningful, e.g. “MyP642.cfg”. The ZyNOS firmware file (sometimes referred to as the ras file) is the file that contains the ZyXEL Network Operating System firmware and usually is the router model name with a *.bin extension, e.g., P642.bin. With serial (xmodem) transfer, the filenames on the PC are your choice. With many ftp and tftp clients, they are as well as seen next.

ftp>

put P642.bin ras

This is a sample ftp session showing the transfer of the PC file "P642.bin" to the Prestige.

ftp>

get rom-0 MyP642.cfg

This is a sample ftp session saving the current configuration to the PC file MyP642.cfg.

If your [t]ftp client does not allow you to have a destination filename different from the source, you will need to rename them as the Prestige only recognizes "rom-0" and "ras". Be sure you keep unaltered copies of both files for later use. The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, i.e., on your workstation, local network or ftp site and so the name (but not the extension) will vary. The AT command is the command you enter after you press “Y” when prompted in the SMT menu to go into debug mode.

Table 10-5 Filename Conventions

File Type Internal

Configuration File

Firmware

Rom-0 *.rom This is the router configuration filename

Ras *.bin This is the generic name for the ZyNOS

Name

External

Name

Description AT

Command

ATLC on the Prestige. Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the baud rate and default password), the error log and the trace log.

ATUR firmware on the Prestige.

10.4.1 Firmware Development

It is important to upgrade your firmware regularly, especially if there are problems. If you discover an unexpected behavior, or bug, see if your problem is mentioned in the release notes. Load it according to instructions (e.g., see if the default configuration file is needed also). If the problem still exists, e-mail or call tech support.

10-10 System Maintenance

Page 40

Prestige 642 ADSL Internet Access Router

10.5 Backup Configuration

Option 5 in

Menu 24 - System Maintenance

your workstation. Backup is highly recommended once your Prestige is functioning properly. You must perform the backup and restore through the console port. Any serial communications program should work fine; however, you must use XMODEM protocol to perform the download/upload.

Step 1.

Go to Menu 24.5 (shown next).

Ready to backup Configuration via Xmodem. Do you want to continue (y/n):

Figure 10-10 Backup Configuration

allows you to backup the current Prestige configuration to

Step 2.

Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.

Step 3.

Click “Transfer”, then “Receive File” to display the following screen.

Enter where you want to place the rom configuration file on your computer.

Choose the X-Modem Protocol.

Figure 10-11 HyperTerminal Screen

Step 4.

Enter where you want to place the rom configuration file on your computer, give it a suitable name, e.g., p642.rom and make sure you choose the X-Modem Protocol. Then press “Receive”.

Step 5.

After a successful backup you will see the following screen. Press any key to return to the SMT menu.

** Backup Configuration completed. OK. ### Hit any key to continue.###

Figure 10-12 Successful Backup

Please note that terms “download” and “upload” are relative to the workstation. Download means to transfer from the Prestige to the workstation, while upload means from your workstation to the Prestige.

System Maintenance 10-11

Page 41

Prestige 642 ADSL Internet Access Router

10.6 Restore Configuration

Selecting option 6 from

Menu 24 - System Maintenance

workstation to the Prestige. Again, you must use the console port and XMODEM protocol to restore the configuration.

Step 1.

Go to Menu 24.6 (shown next).

Ready to restore Configuration via Xmodem. Do you want to continue (y/n):

Figure 10-13 Restore Configuration

to restore the configuration from your

Step 2.

Step 3.

Step 4.

Step 5.

Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.

Click “Transfer”, then “Send File” to display the following screen.

Enter where the rom configuration file is on your computer.

Choose the X-Modem Protocol.

Figure 10-14 HyperTerminal Screen

Enter where the rom configuration file is on your computer, and make sure you choose the XModem Protocol. Then press “Send”.

After a successful restoration you will see the following screen. Press any key to return to reboot the system.

Save to ROM Hit any key to start system reboot.

Figure 10-15 Successful Backup

Keep in mind that the configuration is stored in the flash ROM in the Prestige, so even if power failure should occur, your configuration is safe.

10-12 System Maintenance

Page 42

Prestige 642 ADSL Internet Access Router

10.7 Upload Firmware

Menu 24.7 -- System Maintenance - Upload Firmware

configuration file via the console port. Note that this function erases the old data before installing the new one; please do not attempt to update unless you have the new firmware at hand. There are 2 components in the system: the router firmware and the configuration file, as shown next.

Menu 24.7 -- System Maintenance - Upload Firmware

1. Upload Router Firmware

2. Upload Router Configuration File

Enter Menu Selection Number:

Figure 10-16 Menu 24.7 - System Maintenance - Upload Firmware

10.7.1 Upload Router Firmware

The firmware is the program that controls the functions of the Prestige. Menu 24.7.1 shows you the instructions for uploading the firmware. If you answer yes to the prompt, the Prestige will go into debug mode. Follow the procedure below to upload the firmware:

Step 1. Step 2.

Step 3.

Enter “ Wait for the “

” after the “

atur

Enter Debug Mode

Starting XMODEM upload

your terminal. After successful firmware upload, enter “

allows you to upgrade the firmware and the

” message.

” message before activating Xmodem upload on

” to restart the Prestige.

atgo

Menu 24.7.1 -- System Maintenance - Upload Router Firmware

To upload router firmware:

1. Enter "y" at the prompt below to go into debug mode.

2. Enter "atur" after "Enter Debug Mode" message.

3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.

4. After successful firmware upload, enter "atgo" to restart the router.

Warning: Proceeding with the upload will erase the current router firmware.

Do You Wish To Proceed:(Y/N)

Figure 10-17 Menu 24.7.1 - Uploading Router Firmware

System Maintenance 10-13

Page 43

Prestige 642 ADSL Internet Access Router

10.7.2 Uploading Router Configuration File

The configuration data, system-related data, the error log and the trace log are all stored in the configuration file. Please be aware that uploading the configuration file replaces everything contained within. Menu 24.7.2 shows you the instructions for uploading the configuration file. If you answer yes to the prompt, the Prestige will go into debug mode. Follow the procedure below to upload the configuration file:

Menu 24.6 replaces the current configuration with your customized configuration you

backed up previously. Menu 24.7.2 shows you the instructions for uploading the Router

Configuration file that replaces the current configuration file with the default

configuration file, i.e., P312.rom. You will lose all configurations that you had before

and the speed of the console port will be reset to the default of 9600 bps with 8 data

communications software to the default before you can connect to the Prestige again.

Step 1. Step 2.

Step 3.

If you replace the current configuration file with the default configuration file, i.e., P642.rom, you will lose all configurations that you had before and the speed of the console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit (8n1) . You will need to change your serial communications software to the default before you can connect to the Prestige again. The password will be reset to the default of 1234, also.

To upload router configuration file:

1. Enter "y" at the prompt below to go into debug mode.

2. Enter "atlc" after "Enter Debug Mode" message.

3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.

4. After successful firmware upload, enter "atgo" to restart the router.

Warning:

1. Proceeding with the upload will erase the current router configuration file.

2. The router's console port speed (Menu 24.2.2) may change when it is restarted; Please adjust your terminal's speed accordingly. The

bit, no parity and 1 stop bit (8n1). You will need to change your serial

The password will be reset to the default of 1234, also.

Enter “ Wait for the “

” after the “

atlc

Enter Debug Mode

Starting XMODEM upload

” message.

” message before activating Xmodem upload on your terminal. After successful firmware upload, enter “

Menu 24.7.2 - System Maintenance - Upload Router Configuration File

3. When uploading the DEFAULT configuration file, the console port speed

password (menu 23) may change also.

will be reset to 9600 bps and the password to "1234".

Do You Which To Proceed:(Y/N)

” to restart the Prestige.

atgo

Figure 10-18 Menu 24.7.2 - System Maintenance - Upload Router Configuration File

10-14 System Maintenance

Page 44

Prestige 642 ADSL Internet Access Router

10.8 TFTP Transfer

In addition to the direct console port connection, the Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure below:

Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.

Step 1.

Step 2.

Step 3.

Step 4.

Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “ other way around, and “

Put the SMT in command interpreter (CI) mode by entering 8 in

Maintenance

Enter command “ interrupted. Enter command “

sys stdio 0

” to disable the SMT timeout, so the TFTP transfer will not be

sys stdio 5

” to restore the five-minute SMT timeout

Menu 24 – System

(default) when the file transfer is complete.

Launch the TFTP client on your workstation and connect to the Prestige. Set the transfer mode to binary before starting data transfer.

Use the TFTP client (see the example below) to transfer files between the Prestige and the workstation. The file name for the firmware is “

” and for the configuration file, is “

ras

rom-0

(rom-zero, not capital o).

Note: If you upload the firmware to the Prestige, it will reboot automatically when the

file transfer is completed (the SYS LED will flash).

” to transfer from the Prestige to the workstation, “

get

binary

” to set binary transfer mode.

put

” the

”

10.8.1 Example TFTP Command

The following is an example tftp command:

TFTP [-i] host put p312.bin ras

where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige IP address, “put” transfers the file source on the workstation (p312.bin – name of the firmware on the workstation) to the file destination on the remote host (ras - name of the firmware on the Prestige). The following table describes some of the fields that you may see in third party TFTP clients.

Table 10-6 Third Party TFTP Clients –General fields

Host

System Maintenance 10-15

Enter the IP address of the Prestige. 192.168.1.1 is the Prestige default IP address when shipped.

Page 45

Prestige 642 ADSL Internet Access Router

Send/Fetch

Local File

Remote File

Binary

Abort

Press “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.

Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer.

This is the filename on the Prestige. The filename for the firmware is “

Transfer the file in binary mode.

Stop transfer of the file.

” and for the configuration file, is “

ras

rom-0

”.

TFTP over WAN will not work if:

1. You have applied a filter in Menu 3.1 (LAN) or in Menu 11.5 (WAN) to block Telnet service.

2. You have an SMT console session running.

10.9 FTP File Transfer

In addition to uploading the firmware and configuration via the console port and TFTP client, you can also upload the Prestige firmware and configuration files using FTP. To use this feature, your workstation must have an FTP client. When you telnet into the Prestige, you will see the following screens for uploading firmware and the configuration file using FTP.

10-16 System Maintenance

Page 46

Prestige 642 ADSL Internet Access Router

Menu 24.7.1 - System Maintenance - Upload Router Firmware

To upload the router firmware, follow the procedure below:

1. Launch the FTP client on your workstation.

2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.

3. Type "put firmwarefilename ras" where "firmwarefilename" is the name of your firmware upgrade file on your workstation and "ras" is the remote file name on the router.

4. The system reboots automatically after a successful firmware upload.

For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain on this menu to upload router firmware using TFTP), please see your router manual.

Press ENTER to Exit:

Figure 10-19 Telnet into Menu 24.7.1

You see the following screen when you telnet into Menu 24.7.2.

Menu 24.7.2 - System Maintenance - Upload Router Configuration File

To upload the router configuration file, follow the procedure below:

1. Launch the FTP client on your workstation.

2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.

3. Type "put configurationfilename rom-0" where "configurationfilename" is the name of your router configuration file on your workstation, which will be transferred to the "rom-0" file on the router.

4. The system reboots automatically after the upload router configuration file process is complete.

Press ENTER to Exit:

Figure 10-20 Telnet into Menu 24.7.2 - System Maintenance

To transfer the firmware and the configuration file, follow these examples:

10.9.1 Using the FTP command from the DOS Prompt

Step 1.

System Maintenance 10-17

Launch the FTP client on your workstation.

Page 47

Prestige 642 ADSL Internet Access Router

Step 2. Step 3. Step 4. Step 5.

Step 6.

Type

and the IP address of your Prestige.

open

You may press the [ENTER] when prompted for a username. Type Type

and your SMT password as requested. The default is 1234.

root

to set transfer mode to binary.

bin

Use “put” to transfer files from the workstation to the Prestige, e.g.,

put p642.bin ras

transfers the firmware on your computer (p642.bin) to the Prestige and renames it “ras”. Similarly

put p642.rom rom-0

(p642.rom) to the Prestige and renames it “rom-0”. See

transfers the configuration file on your computer

section 10.4

for more information on

filename conventions.

Step 7.

Type

Connected to 312.x.x.x 220 P312 FTP version 1.0 ready at Thu Jan 20 18:00:02 2000 User (312.x.x.x:(none)): <Enter> 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put p312e.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit

to exit the ftp prompt.

quit

Figure 10-21 FTP Session Example

The system reboots after a successful upload.

The following table describes some of the fields that you may see in third party FTP clients.

Table 10-7 Third Party FTP Clients –General fields

Host Address

Transfer Type

Enter the address of the host server.

Anonymous.

•

This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option.

Normal.

•

The server requires a unique User ID and Password to login.

Transfer files in either ASCII (plain text format) or in binary

10-18 System Maintenance

Page 48

Prestige 642 ADSL Internet Access Router

mode.

Initial Remote Directory.

Initial Local Directory.

Specify the default remote directory (path).

Specify the default local directory (path).

10.10 Command Interpreter Mode

This option allows you to enter the command interpreter mode. A list of valid commands can be found by typing [help] at the command prompt. For more detailed information, check the ZyXEL Web site or send email to the ZyXEL Support Group.

Enter Menu Selection Number: 8

Figure 10-22 Command mode

10.11 Boot module commands

Prestige boot module commands with accompanying explanations are shown in the following table. For ATBAx, x denotes the number preceding the colon to give the console port speed following the colon in the list of numbers that follows; e.g. ATBA3 will give a console port speed of 9.6 Kbps. ATSE displays the seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH command shows product related information such as boot module version, vendor name, product model, RAS code revision, etc.

System Maintenance 10-19

Page 49

Prestige 642 ADSL Internet Access Router

======= Debug Command Listing ======= AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(w,y,m,d) change system date to week year/month/day or show current date ATDS dump RAS stack ATDT dump Boot Module Common Area ATDUx,y dump memory contents from address x for length y ATRBx display the 8-bit value of address x ATRWx display the 16-bit value of address x ATRLx display the 32-bit value of address x ATGO(x) run program at addr x or boot ZyNOS ATGR boot ZyNOS ATGT run Hardware Test Program ATRTw,x,y(,z) RAM test level w, from address x to y (z iterations) ATSH dump manufacturer related data in ROM ATDOx,y download from address x for length y to PC via XMODEM ATUR upload RAS code to flash ROM ATLC upload RAS configuration file

Figure 10-23 Boot module commands

10-20 System Maintenance

Page 50

Prestige 642 ADSL Internet Access Router

Chapter 11

IP Policy Routing

11.1 Introduction

Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.

11.1.1 Benefits

Source-Based Routing – Network administrators can use policy-based routing to direct traffic from

•

different users through different connections. Quality of Service (QoS) – Organizations can differentiate traffic by setting the precedence or TOS

•

(Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic. Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost

•

paths while using low-cost paths for batch traffic. Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.

•

11.1.2 Routing Policy

A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP, etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets. The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header.

IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set.

11.1.3 IP Policy Routing Setup

Menu 25 shows all the policies defined

IP Policy Routing 11-1

Page 51

Prestige 642 ADSL Internet Access Router

Menu 25 - IP Routing Policy Setup

Policy Policy Set # Name Set # Name

------ ----------------- ------ ---------------- 1 test 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________

Enter Policy Set Number to Configure= 0

Edit Name= N/A

Press ENTER to Confirm or ESC to Cancel:

Figure 11-1 IP Routing Policy Setup

To setup a routing policy, follow the procedures below:

Step 1. Step 2.

Enter 25 in the Main Menu to open

Menu 25 – IP Policy Routing Setup.

Enter the index of the policy set you wish to configure to open

Summary

Menu 25.1 - IP Policy Routing

Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet, and the latter is the action. Between these two parts, separator ‘|’ means the action is taken on criteria matched and separator ‘=’ means the action is taken on criteria not matched.

11-2 IP Policy Routing

Page 52

Prestige 642 ADSL Internet Access Router

Menu 25.1 - IP Routing Policy Summary

# A Criteria/Action

- - ------------------------------------------------------------------------- 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________

Enter Policy Rule Number (1-6) to Configure:

Figure 11-2 Menu 25 - IP Routing Policy Summary

Table 11-1 IP Routing Policy Summary

Abbreviation Meaning

Criteria

SA Source IP address

SP Source port

DA Destination IP address

DP Destination port

P IP layer 4 protocol number(TCP=6,UDP=17…)

T Type Of Service of Incoming packet

PR Precedence of incoming packet

Action

GW Gateway IP address

T Outgoing Type of Service

P Outgoing Precedence

Type Of Service

NM Normal

mD Minimum Delay

IP Policy Routing 11-3

Page 53

Prestige 642 ADSL Internet Access Router

MT Maximum Throughput

MR Maximum Reliability

MC Minimum Cost

Enter a number from 1 to 6 to display

Menu 25.1.1 – IP Routing Policy

allows you to configure a policy rule.

Menu 25.1.1 - IP Routing Policy

Policy Set Name= test Active= Yes Criteria: IP Protocol = 6 Type of Service= Normal Packet length= 40 Precedence = 0 Len Comp= Source: addr start= 1.1.1.1 end= 1.1.1.1 port start= 20 end= 20 Destination: addr start= 2.2.2.2 end= 2.2.2.2 port start= 20 end= 20 Action= Matched Gateway addr = 192.168.1.1 Log= No Type of Service= Max Thruput Precedence = 0

Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.

Figure 11-3 IP Routing Policy

(see the next figure). This menu

Table 11-2 IP Routing Policy

Field Description

Policy Set Name This is the name of the policy set assigned in Menu 25 - IP Routing Policy

Setup.

Active Press the [SPACEBAR] to select [Yes] to activate the policy.

Criteria

IP Protocol IP layer 4 protocol, e.g., UDP, TCP, ICMP, etc.

Type of Service Prioritize incoming network traffic by choosing from [Don’t Care] / [Normal] /

[Min Delay] / [Max Thruput] / [Max Reliability].

Packet Length Enter the length of incoming packets (in bytes). The operators in the [Len

Comp] (next) apply to packets of this length.

Len Comp Press the [SPACEBAR] to choose from [Equal] / [Not Equal] / [Less] / [Greater]

/ [Less or Equal] / Greater or Equal].

Precedence Precedence value of the incoming packet. Values range from [0] to [7] or [Don’t

11-4 IP Policy Routing

Page 54

Prestige 642 ADSL Internet Access Router

Care].

Source:

addr start= / end=

port start= / end=

Destination:

addr start= / end=

port start= / end=

Action= Specifies whether action should be taken on criteria [Matched] or [Not

Gateway addr Defines the outgoing gateway address. The gateway must be on the same

Log Press the [SPACEBAR] to select [Yes] to make an entry in the system log when

Type of Service Set the new TOS value of the outgoing packet. Choose from Prioritize incoming

Precedence Set the new precedence value of the outgoing packet. Values range from [0] to

Source IP address range from start to end.

Source port number range from start to end; applicable only for TCP/UDP.

Destination IP address range from start to end.

Destination port number range from start to end; applicable only for TCP/UDP.

Matched].

subnet as the Prestige if it’s on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0.

a policy is executed.

network traffic by choosing from [No Change] / [Normal] / [Min Delay] / [Max Thruput] / [Max Reliability].

[7] or [No Change].

11.2 Applying an IP Policy

This section shows you where to apply the IP Policies after you design them.

11.2.1 Ethernet IP Policies

From Menu 3 - Ethernet Setup, enter 2 to go to Menu 3.2 -General Ethernet Setup. You can choose up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 2, 4, 7, 9.

IP Policy Routing 11-5

Page 55

Prestige 642 ADSL Internet Access Router

Menu 3.2 - TCP/IP and DHCP Ethernet Setup

DHCP Setup:

DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A

TCP/IP Setup:

IP Address= 192.68.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-2B Multicast = IGMP-v2 IP Policies= 2,4,7,9 Edit IP Alias= No

Press Space Bar to Toggle.

Enter here to CONFIRM or ESC to CANCEL:

Enter your IP Policy sets here.

Figure 11-4 Menu 3.2 - General Ethernet Setup

11.2.2 Remote Node IP Routing Policies

Go to Menu 11.3 (shown next) and enter the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by entering their numbers separated by commas.

Menu 11.3 - Remote Node Network Layer Options

VPI/VCI LLC-mux or PPP/PPPoE Encap : VPI #= 1 VCI #= 1 IP Options : Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 Single User Account= No Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= None IP Policies= 1,3,5,10

IPX Options :

Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1

Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A

Dial-On-Query= N/A

Bridge Options: Dial-On-Broadcast= N/A

Ethernet Addr Timeout(min)=

Enter your IP Policy sets here.

Enter here to CONFIRM or ESC to CANCEL:

Figure 11-5 Menu 11.3 - Remote Node Network Layer Options

11-6 IP Policy Routing

Page 56

Prestige 642 ADSL Internet Access Router

Chapter 12

Troubleshooting

This chapter covers the potential problems you may run into and the possible remedies. After

each problem description, some instructions are provided to help you to diagnose and to solve the

problem.

12.1 Problems Starting Up the Prestige

Table 12-1 Troubleshooting the Start-Up of your Prestige

Problem Corrective Action

None of the LEDs are on when you power on the Prestige

Cannot access the Prestige via the console port.

Check the connection between the AC adapter and the Prestige.

If the error persists, you may have a hardware problem. In this case you should contact technical support.

1.Check to see if the Prestige is connected to your computer’s serial port.

2. Check to see if the communications program is configured correctly. The communications software should be configured as follows:

VT100 terminal emulation

9600 bps

No parity, 8 Data bits, 1 Stop bit.

Troubleshooting 12-1

Page 57

Prestige 642 ADSL Internet Access Router

12.2 Problems With the WAN Interface

Table 12-2 Troubleshooting the ADSL connection

Problem Corrective Action

Initialization of the PVC connection failed.

Ensure that the cable is connected properly from the ADSL port to the wall jack. The ADSL LED on the front panel of the Prestige should be on. Check that your VPI, VCI, type of encapsulation and type of multiplexing settings are the sama as what you collected from your telephone company and ISP. Reboot the Prestige. If you still have problems, you may need to verify these variables with the telephone company and/or ISP.

12.3 Problems with the LAN Interface

Table 12-3 Troubleshooting the LAN Interface

Problem Corrective Action

Can’t ping any station on the LAN

Check the Ethernet LEDs on the front panel. The LED should be on for a port that has a station connected. If it is off, check the cables between your Prestige and the station.

Verify that the IP address and the subnet mask are consistent between the Prestige and the workstations.

12.4 Problems Connecting to a Remote Node or ISP

Table 12-4 Troubleshooting a Connection to a Remote Node or ISP

Problem Corrective Action

Can’t connect to a remote node or ISP

Check Menu 24.1 to verify the line status. If it indicates [down], then refer to the section on the line problems.

In Menu 11.1, verify your login name and password for the remote node.

12-2 Troubleshooting

Page 58

10BaseT

ADSL

ARP

Backbone Bandwidth Bit

Byte CDR CHAP

Client

crossover Ethernet cable CSU/DSU

DCE

DHCP

DNS

Prestige 642 ADSL Internet Access Router

Glossary

The 10-Mbps baseband Ethernet specification that uses two pairs of twisted-pair cabling (Category 3 or 5): one pair for transmitting data and the other for receiving data. Asymmetrical Digital Subscriber Line is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable. Address Resolution Protocol is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. A high-speed line or series of connections that forms a major pathway within a network. This is the capacity on a link usually measured in bits-per-second (bps) (Binary Digit) -- A single digit number in base-2, in other words, either a 1 or a zero. The smallest unit of computerized data. A set of bits that represent a single character. There are 8 bits in a Byte. Call Detail Record. This is a name used by telephone companies for call related information. Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending passwords over the wire by using a challenge/response technique A software program that is used to contact and obtain data from a Server software program on another computer. Each Client program is designed to work with one or more specific kinds of Server programs, and each Server requires a specific kind of Client. A Web Browser is a specific kind of Client A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable connects two similar devices, for example, two data terminal equipment (DTE) or data communications equipment (DCE) devices. Channel Service Unit/Data Service Unit. CSUs (channel service units) and DSUs (data service units) are actually two separate devices, but they are used in conjunction and often combined into the same box. The devices are part of the hardware you need to connect computer equipment to digital transmission lines). The Channel Service Unit device connects with the digital communication line and provides a termination for the digital signal. The Data Service Unit device, sometimes called a digital service unit, is the hardware component you need to transmit digital data over the hardware channel. The device converts signals from bridges, routers, and multiplexors into the bipolar digital signals used by the digital lines. Multiplexors mix voice signals and data on the same line. Data Communications Equipment is typically a modem or other type of communication device. The DCE sits between the DTE (data terminal equipment) and a transmission circuit such as a phone line. Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they log on. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses for a period of time which means that addresses are made available to assign to other systems. Domain Name System links names to IP addresses. When you access Web sites on the Internet, you can type the IP address of the site or the DNS name. When you type a domain name in a Web browser, a query is sent to the primary DNS server defined in your Web browser’s configuration dialog box. The DNS server converts the name you specified to an IP address and returns this address to your system. From then on, the IP address is used in all

Glossary

Page 59

Prestige 642 ADSL Internet Access Router

subsequent communications.

Domain Name

DRAM DSL

DSLAM

DTE

EMI

Ethernet

FAQ

FCC

Flash memory Gateway

Host

IANA

ICMP

internet

The unique name that identifies an Internet site. Domain Names always have 2 or more parts, separated by dots. The part on the left is the most specific, and the part on the right is the most general. Dynamic RAM that stores information in capacitors that must be refreshed periodically. Digital Subscriber Line technologies enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). DSL connections are point-to-point dedicated circuits, meaning that they are always connected. There is no dial-up. There is also no switching, which means that the line is a direct connection into the carrier’s frame relay, ATM (Asynchronous Transfer Mode), or Internet-connect system. A Digital Subscriber Line Access Multiplexer (DSLAM) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM, frame relay, or IP networks. Originally, the DTE (data terminal equipment) was a dumb terminal or printer, but today it is a computer, or a bridge or router that interconnects local area networks. ElectroMagnetic Interference. The interference by electromagnetic signals that can cause reduced data integrity and increased error rates on transmission channels. A very common method of networking computers in a LAN. There are a number of adaptations to the IEEE 802.3 Ethernet standard, including adaptations with data rates of 10 Mbits/sec and 100 Mbits/sec over coaxial cable, twisted-pair cable, and fiber-optic cable. The latest version of Ethernet, Gigabit Ethernet, has a data rate of 1 Gbit/sec. (Frequently Asked Questions) -- FAQs are documents that list and answer the most common questions on a particular subject. The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems. The nonvolatile storage that can be electrically erased and reprogrammed so that data can be stored, booted, and rewritten as necessary. A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols, data formatting structures, languages, and/or architecture. Any computer on a network that is a repository for services available to other computers on the network. It is quite common to have one host machine provide several services, such as WWW and USENET. Internet Assigned Number Authority acts as the clearinghouse to assign and coordinate the use of numerous Internet protocol parameters such as Internet addresses, domain names, protocol numbers, and more. The IANA Web site is at http://www.isi.edu/iana. Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and are not directly apparent to the application user. (Lower case i) Any time you connect 2 or more networks together, you have an internet.

B Glossary

Page 60

Prestige 642 ADSL Internet Access Router

Internet

Intranet

IPCP (PPP) IPX

ISP

LAN

MAC

NAT

Network

NIC

Node PAP

PNC Port

POTS

PPP

(Upper case I) The vast collection of inter-connected networks that all use the TCP/IP protocols and that evolved from the ARPANET of the late 60’s and early 70’s. The Internet now (July 1995) connects roughly 60,000 independent networks into a vast global internet A private network inside a company or organization that uses the same kinds of software that you would find on the public Internet, but that is only for internal use. Internet Protocol he IP (currently IP version 4, or IPv4), is the underlying protocol for routing packets on the Internet and other TCP/IP-based networks. IP Control Protocol allows changes to IP parameters such as the IP address. Internetwork Packet eXchange The native NetWare internetworking protocol is IPX (Internetwork Packet Exchange). Like IP (Internet Protocol), IPX is an internetworking protocol that provides datagram services. Internet Service Providers provide connections into the Internet for home users and businesses. There are local, regional, national, and global ISPs. You can think of local ISPs as the gatekeepers into the Internet. Local Area Network is a shared communication system to which many computers are attached. A LAN, as its name implies, is limited to a local area. This has to do more with the electrical characteristics of the medium than the fact that many early LANs were designed for departments, although the latter accurately describes a LAN as well. LANs have different topologies, the most common being the linear bus and the star configuration. On a local area network (LAN) or other network, the MAC (Media Access Control) address is your computer's unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet address.) The MAC layer frames data for transmission over the network, then passes the frame to the physical layer interface where it is transmitted as a stream of bits. Network Address Translation is the translation of an Internet Protocol address used within one network to a different IP address known within another network. Any time you connect 2 or more computers together so that they can share resources, you have a computer network. Connect 2 or more networks together and you have an internet. Network Interface Card. A board that provides network communication capabilities to and from a computer system. Also called an adapter. Any single computer connected to a network Password Authentication Protocol PAP is a security protocol that requires users to enter a password before accessing a secure system. The user’s name and password are sent over the wire to a server, where they are compared with a database of user account names and passwords. This technique is vulnerable to wiretapping (eavesdropping) because the password can be captured and used by someone to log onto the system. Prestige Network Commander, a Windows-based setup wizard for Prestige routers (not all). An Internet port refers to a number that is part of a URL, appearing after a colon (:) right after the domain name. Every service on an Internet server listens on a particular port number on that server. Most services have standard port numbers, e.g. Web servers normally listen on port 80. Plain Old Telephone Service is the analog telephone service that runs over copper twistedpair wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and businesses to a neighborhood central office. This is called the local loop. The central office is connected to other central offices and long-distance facilities. Point to Point Protocol. PPP encapsulates and transmits IP (Internet Protocol) datagrams over serial point-to-point links. PPP works with other protocols such as IPX (Internetwork Packet Exchange). The protocol is defined in IETF (Internet Engineering Task Force) RFC

Glossary

Page 61

Prestige 642 ADSL Internet Access Router

1661 through 1663. PPP provides router-to-router, host-to-router, and host-to-host connections.

PSTN

PVC

RFC

RIP

SAP

Server

SNMP

STP

Straight through Ethernet cable SUA

TCP

Telnet

Terminal

Terminal Software

Public Switched Telephone Network was put into place many years ago as a voice telephone call-switching system. The system transmits voice calls as analog signals across copper twisted cables from homes and businesses to neighborhood COs (central offices); this is often called the local loop. The PSTN is a circuit-switched system, meaning that an end-toend private circuit is established between caller and callee. Permanent Virtual Circuit. A PVC is a logical point-to-point circuit between customer sites. PVCs are low-delay circuits because routing decisions do not need to be made along the way. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session. An RFC (Request for Comments) is an Internet formal document or standard that is the result of committee drafting and subsequent review by interested parties. Some RFCs are informational in nature. Of those that are intended to become Internet standards, the final version of the RFC becomes the standard and no further comments or changes are permitted. Change can occur, however, through subsequent RFCs. Routing Information Protocol is an interior or intra-domain routing protocol that uses the distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare environment as a method for exchanging routing information between routers. In NetWare, the SAP (Service Advertising Protocol) broadcasts information about available services on the network that other network devices can listen to. A server sends out SAP messages every 60 seconds. A server also sends out SAP messages to inform other devices that it is closing down. Workstations use SAP to find services they need on the network. A computer, or a software package, that provides a specific kind of service to client software running on other computers. System Network Management Protocol is a popular management protocol defined by the Internet community for TCP/IP networks. It is a communication protocol for collecting information from devices on the network. Twisted-pair cable consists of copper-core wires surrounded by an insulator. Two wires are twisted together to form a pair, and the pair form a balanced circuit. The twisting prevents interference problems. STP (shielded twisted-pair) provides protection against external crosstalk. A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for example, a data terminal equipment (DTE) and a data communications equipment (DCE) device. A straight through Ethernet cable is the most common cable used.

Single User Account – The Prestige's SUA (Single User Account) feature allows multiple user Internet access for the cost of a single ISP account - see also NAT. Transmission Control Protocol handles flow control and packet recovery and IP providing basic addressing and packet-forwarding services. Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. A device that allows you to send commands to a computer somewhere else. At a minimum, this usually means a keyboard and a display screen and some simple circuitry. Software that pretends to be (emulates) a physical terminal and allows you to type commands to a computer somewhere else.

D Glossary

Page 62

Prestige 642 ADSL Internet Access Router

TFTP

UDP

URL

VCI

VPI WAN

WWW

Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP (File Transfer Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). UDP is a connectionless transport service that dispenses with the reliability services provided by TCP. UDP gives applications a direct interface with IP and the ability to address a particular application process running on a host via a port number without setting up a connection session. (Uniform Resource Locator) URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video, and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser. The URL is basically a pointer to the location of an object. Virtual Channel Identifier Identifies virtual channels between users or between users and networks. Virtual Path Identifier Identifies virtual paths between users or between users and networks. Wide Area Network s link geographically dispersed offices in other cities or around the globe. Just about any long-distance communication medium can serve as a WAN link, including switched and permanent telephone circuits, terrestrial radio systems, and satellite systems. (World Wide Web) -- Frequently used (incorrectly) when referring to "The Internet", WWW has two major meanings - First, loosely used: the whole constellation of resources that can be accessed using Gopher, FTP, HTTP, telnet, USENET, WAIS and some other tools. Second, the universe of hypertext servers (HTTP servers).

Glossary

Page 63

Page 64

Prestige 642 ADSL Internet Access Router

Appendix A

PPPoE in Action

An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.

Benefits of PPPoE

PPPoE offers the following benefits:

1. It provides you with a familiar dial-up networking (DUN) user interface.

2. It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users. For GSTN (PSTN & ISDN), the switching fabric is already in place.

3. It allows the ISP to use the existing dial-up model to authenticate and (optionally) to provide differentiated services.

Traditional Dial-up Scenario

The following diagram depicts a typical hardware configuration where the PCs use traditional dial-up networking.

Diagram 1 Single-PC per Modem Hardware Configuration

How PPPoE Works

The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is

Appendix A G

Page 65

Prestige 642 ADSL Internet Access Router

acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP. The L2TP tunnel is capable of carrying multiple PPP sessions. With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP.

Prestige as a PPPoE Client

When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.

Diagram 2 Prestige as a PPPoE Client

H Appendix A

Page 66

Prestige 642 ADSL Internet Access Router

Appendix B

VPI & VCI

ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows:

z VC (virtual channel) z VP (virtual path)

Think of a VP as a cable that contains a bundle of wires. The cable connects two points, and wires within the cable provide individual circuits between the two points. In an ATM cell header, a Identifier) identifies a link formed by a virtual path and a channel within a virtual path. The switches as shown. Your telephone company should supply you with these numbers.

Logical connections between end stations

A bundle of VCs

(Virtual Channel Identifier) identifies a

VCI

VPI

and

are identified and correspond to termination points at ATM

VCI

(Virtual Path

VPI

Diagram 3 VPI's & VCI's.

Appendix B I

Page 67

Page 68

always on...........................................................xix

AT command ................................................10-10

ATBAx........................................................... 10-19

...........................................................

atgo

Authentication ............................................4-3, 4-4

10-14

Bridge ................................................See Bridging

Bridging..................................... 2-10, 4-4, 7-1, 7-3

Ethernet Setup ...................................................... 7-1

Handle IPX

Remote Node........................................................ 7-3

Static Route .......................................................... 7-4

..........................................................

7-2

CDR ................................................................ 10-7

CHAP................................................................ 4-4

collaborative computing ..................................... xix

Connecting the Prestige....................................2-2

Connections

Additional Requirements...................................... 2-2

ADSL Line........................................................... 2-2

Console Port ......................................................... 2-2

LAN Port.............................................................. 2-2

Power Adapter...................................................... 2-2

Rear Panel ............................................................2-1

Customer Support................................................ v

Diagnostic Tools ....................................10-1, 10-9

Backup..............................................................10-11

Boot Module Commands..................................10-19

Command Interpreter Mode ............................. 10-19

Firmware Update.............................................. 10-13

Upload Router Configuration....................... 10-14

P312 Broadband Access Security Gateway

Index

Upload Router Firmware ............................. 10-13

Reset ADSL ....................................................... 10-9

Restore .............................................................10-12

Digital Subscriber Line Access Multiplexer....... 1-3

distance learning ...............................................xix

DNS.................................................................. 3-6

Domain Name System...................................... 3-3

DSL (Digital Subscriber Line) .......................... xviii

DSLAMSee Digital Subscriber Line Access

Multiplexer

Dynamic Host Configuration Protocol........ 1-2, 3-3

Encapsulation........... 1-2, 3-8, 3-10, 3-11, 4-3, 4-5

ENET ENCAP .....................................................3-8

PPP....................................................................... 3-9

PPP over Ethernet ........................................... 3-8, G

RFC 1483............................................................. 3-9

End User............................................................ xix

Ethernet............................................................ 2-9

FAQ ................................................................... xvi

FCC Rules ........................................................... iii

Filename Conventions.................................... 10-9

Filter ................................................................. 2-9

About.................................................................... 8-1

Applying............................................................. 8-20

Configuring.......................................................... 8-4

Example ............................................................. 8-17

Filter log

Generic Filter Rule............................................. 8-13

IPX

IPX Rule............................................................. 8-14

Remote Node........................................................ 4-6

Structure............................................................... 8-2

SUA.................................................................... 8-19

Filter log.......................................................... 10-8

Filters

Executing a Filter Rule......................................... 8-2

............................................................

Packet Types.................................................. 8-16

10-7

Index K

Page 69

P312 Broadband Access Security Gateway

Logic Flow of an IP Filter...................................8-11

Frame Relay..................................................... 1-3

Frame Types .............................................6-1, 6-4

FTP File Transfer.......................................... 10-16

Full Rate .....................................................xxi, 2-3

G.Lite................................................................. xxi

Gateway .............................................5-7, 6-9, 7-5

General Setup .................................................. 2-8

Hop Count .................................................6-7, 6-9

IANA ................................................................. 3-2

Initialization....................................................... 2-4

Interactive Applications................................... 11-1

3-1

11-5

Internet access ...............................................

Internet Accessxvi, 1-1, 1-3, 1-4, 2-7, 2-10,

3-9, 3-10, 3-11, 3-12, 3-13, 5-5

Internet Assigned Numbers Authority .....See IANA

IP Address............................3-7, 4-4, 5-4, 5-7, 7-5

IP Address Assignment .................................... 3-9

ENET ENCAP......................................................3-9

PPP or PPPoE .......................................................3-9

RFC 1483..............................................................3-9

IP Multicast

Internet Group Management Protocol(IGMP) ......1-2

IP network number ........................................... 3-2

IP Policies....................................................... 11-5

IP Policy Routing (IPPR)...................1-2, 3-4, 11-1

Applying an IP Policy.........................................11-5

Benefits...............................................................11-1

Cost Savings .......................................................11-1

Criteria................................................................11-1

Ethernet IP Policies.............................................11-5

Gateway

Load Sharing.......................................................11-1

Remote Node IP Policies....................................11-6

Setup...................................................................11-1

IP Pool.............................................................. 3-3

...........................................................

IP Routing Policy............................................ 11-4

IP Routing Policy Setup.................................. 11-3

IP static route ................................................... 5-6

IPX ................................................................... 6-1

Ethernet Setup ......................................................6-4

LAN-to-LAN........................................................ 6-5

Network Number..................................................6-1

Node Number ....................................................... 6-1

Novell...................................................................6-5

Prestige.................................................................6-2

Remote Node Setup.............................................. 6-6

Static Route ..........................................................6-7

IPX

Network Number..................................................6-1

LAN ................................................................ 10-3

LAN-to-LAN...................................................... 5-1

LED Indicators.................................................. 2-1

Log and Trace ................................................ 10-5

View Error Log...................................................10-5

Log Facility ..................................................... 10-7

MAC ................................................................. 7-1

Main Menu........................................................ 2-7

Media Access Control ............................ See MAC

Metric ........................................................ 5-5, 5-8

Multiplexing

LLC-based............................................................3-8

VC-based..............................................................3-8

Multiplexing ...............1-2, 3-8, 3-10, 3-11, 4-3, 5-1

LLC-based............................................................5-2

VC-based..............................................................5-1

Multiprotocol Encapsulation ............................. 3-9

NetWare Clients ............................................... 6-3

Network Service Provider (NSP) ......................xviii

NIC ................................................................... 2-2

Novell ............................................................... 6-1

L Index

Page 70

P312 Broadband Access Security Gateway

Packet triggered.....................................10-7, 10-8

Packing List Card.............................................. xvii

PAP................................................................... 4-4

Password ................................................... 2-5, 2-8

Ping................................................................. 10-9

Point-to-Point ................................................... xviii

PPP............................................................4-4, 4-5

PPP log..................................................10-7, 10-8

PPPoE Encapsulation....................................... 4-6

Precedence............................................11-1, 11-4

Prestige Network Commander............ xvi, xvii, 1-3

Private........................................................5-5, 5-8

private, secure channel......................................xix

Protocols...........................................................2-9

Quality of Service............................................ 11-1

RAS code...................................................... 10-13

Read Me First ....................................................xvi

real-time, interactive......................................... xviii

Related Documentation .....................................xvi

Remote DHCP Server....................................... 3-7

Remote Node...........................................4-1, 10-3

Profile................................................................... 4-1

Setup..................................................................... 4-1

RIP.............................................................3-7, 5-5

Route ................................................................ 4-4

Routing Information Protocol ............................ 3-2

Routing Policy.................................................11-1

Trusted Host ....................................................9-2

Socket............................................................... 6-9

Splitters............................................................. 2-3

Static Route Setup............................................ 5-5

STP................................................................... 2-2

Structure of this Manual.................................... xvii

SUA ..................................................1-4, 3-12, 5-5

Advantages......................................................... 3-12

Configuration ..................................................... 3-12

Multiple Servers................................................. 3-13

Submenus ........................................................ 2-6

Subnet Mask................................3-2, 3-7, 5-4, 5-7

Support Notes.................................................... xvi

Syntax Conventions.......................................... xvii

Syslog IP Address .......................................... 10-7

System

Syslog And Accounting .....................................10-6

System Maintenance.................................... 10-17

System Management Terminal......................... 2-6

System Status ................................................ 10-2

TCP/IP............. 5-1, 8-6, 8-8, 8-9, 8-11, 8-13, 10-9

TCP/IP filter rule ............................................... 8-8

TCP/IP Parameters .......................................... 3-2

Telephone Microfilters ...................................... 2-3

Terminal Speed .............................................. 10-5

TFTP Transfer .............................................. 10-15

Tick Count .................................................6-7, 6-9

TOS (Type of Service).................................... 11-1

Transmission Rates.................................... xvi, 1-1

Troubleshooting.............................................. 12-1

ADSL ................................................................. 12-2

LAN ...................................................................12-2

Remote Node...................................................... 12-2

Type of Service....................11-1, 11-3, 11-4, 11-5

Security............................................................. 1-3

Seed Router...............................................6-3, 6-4

Single User Account ...................... 3-11. See SUA

SNMP ...............................................................9-1

About.................................................................... 9-1

Configuring ..........................................................9-1

Community ......................................................9-1

Trap.................................................................. 9-2

Universal ADSL Working Group (UAWG).......... xxi

Universal DSL.................................................... xxi

UNIX Syslog .......................................... 10-6, 10-7

Index M

Page 71

P312 Broadband Access Security Gateway

video conferencing ............................................xix

video-on-demand............................................... xix

VPI & VCI ...................................................... 3-8, I

WAN Address ................................................... 5-4

watchdog.......................................................... 6-7

XMODEM protocol ....................................... 10-12

ZyNOS................................................. 10-10, 11-1

N Index

Page 72

Prestige 642 ADSL Internet Access Router

Chapter 4

Remote Node Configuration

In this chapter, we discuss the parameters that are protocol independent.

The protocol-dependent configuration will be covered in subsequent chapters.

A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use Menu 4 to set up Internet access, you are actually configuring one of the remote nodes.

4.1 Remote Node Setup

This section describes the protocol-independent parameters for a remote node.

4.1.1 Remote Node Profile

To configure a remote node, follow these steps:

Step 1. Step 2.

From the Main Menu, select menu option When Menu 11 appears, as shown below, enter the number of the remote node that you wish to configure.

Menu 11 - Remote Node Setup

1. nodename

2. ________

3. ________

4. ________

5. ________

6. ________

7. ________

1. Remote Node Setup

Enter Node # to Edit:

Figure 4-1 Menu 11 – Remote Node Setup

When

Menu 11.1 - Remote Node Profile

define this remote profile. The Remote Node Profile Menu Fields table shows how to configure the Remote Node Menu.

appears fill in the fields as described in the table that follows to

4.1.2 Encapsulation & Multiplexing Scenarios

For Internet Access you should use the encapsulation and multiplexing methods used by your ISP. For a LAN-to-LAN application, e.g., branch office and corporate headquarters, prior mutual agreement on

Remote Node Configuration 4-1

Page 73

Prestige 642 ADSL Internet Access Router

methods used is necessary because there is no mechanism to automatically determine encapsulation/multiplexing. Selection of which encapsulation and multiplexing methods to use depends on how many VCs you have and how many different network protocols you need. The extra overhead that PPP over Ethernet (

PPPoE

) and

ENET ENCAP

encapsulation entail makes them a poor choice in a LAN-to-

LAN application. Here are some examples of more suitable combinations in such an application.

Scene 1. One VC, Multiple Protocols

(RFC 2364) encapsulation with

PPP

protocol identifying headers that

VC-based

LLC-based

multiplexing is the best combination because the extra

multiplexing uses is unneeded. The

protocol already

PPP

contains this information.

Scene 2. One VC, One Protocol (IP)

Select

RFC-1483

encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select

encapsulation instead of

PPP

RFC-1483

, so you don’t need to reconfigure either machine when the

time comes.

Scene 3. Multiple VCs

If you have an equal number (or more) of VCs than the number of protocols, then select encapsulation and

VC-based

multiplexing.

RFC-1483

Menu 11.1 - Remote Node Profile

Rem Node Name= nodename Active= Yes

Encapsulation= PPP Multiplexing= VC-based Incoming: Rem Login= Rem Password=******** Outgoing: My Login= oscar My Password= ******** Authen= CHAP/PAP

Enter here to CONFIRM or ESC to CANCEL:

Route= IP Bridge= No

Edit PPP Options= No Rem IP Addr= 0.0.0.0 Edit IP/IPX/Bridge= No

Session Options: Edit Filter Sets= No

PPPoE Idle Timeout(sec)= 100 PPPoE Service Name= N/A

Enter a unique name of less than 8 characters for the remote name.

Enter the IP address of the remote gateway here.

Figure 4-2 Menu 11.1 Remote Node Profile

4-2 Remote Node Configuration

Page 74

Prestige 642 ADSL Internet Access Router

Table 4-1 Remote Node Profile Menu Fields

Field Description Options

Rem Node Name This is a required field [?]. Enter a descriptive name for the

remote node, for example, Corp. This field can be up to eight characters. This name must be unique from any other remote node name.

Active Press the spacebar to toggle between Yes and No. Inactive

nodes are displayed with a minus sign (-) at the beginning of the name in Menu 11.

Encapsulation= PPPoE refers to RFC 2516 and PPP refers to RFC 2364,

"PPP Encapsulation over ATM Adaptation Layer 5". If RFC 1483 ("Multiprotocol Encapsulation over ATM Adaptation Layer 5") or ENET ENCAP are selected, then the Rem Login, Rem Password, My Login, My Password, Edit PPP Options and Authen fields will not be applicable (N/A). Moreover, ENET ENCAP encapsulation does not apply for IPX routing.

Multiplexing= Press the spacebar to the select the multiplexing method.

Yes/No

PPPoE,

PPP,

RFC 1483

or ENET

ENCAP

VC-based

LLC-based

Incoming: Rem

Name

Incoming: Rem

Password

Outgoing: My Login Enter the login name for your Prestige when it calls this

Outgoing: My

Password

Outgoing: Authen This field sets the authentication protocol used for outgoing

Enter the login name that this remote node will use when it calls your Prestige.

The login name in this field combined with the Rem Node Password will be used to authenticate this node.

Enter the password used when this remote node calls your Prestige.

remote node. If you are using PPPoE encapsulation, then this field must be of the form identifies your ISP. Some ISPs append this field to the Service Name field below (e.g., PPPoE server.

Enter the password for your Prestige when it calls this remote node.

calls.

Options for this field are:

user@domain

jim@poellc

where domain

) to access the

Remote Node Configuration 4-3

Page 75

Prestige 642 ADSL Internet Access Router

Field Description Options

CHAP/PAP - Your Prestige will accept either CHAP or

PAP when requested by this remote node.

CHAP - accept CHAP only.

PAP - accept PAP only.

Route This field determines the protocols that your Prestige will

route.

Bridge Bridging is used for protocols that the Prestige does not

support, e.g., SNA, or not turned on in the previous Route field. When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. Press space bar to toggle the options.

Edit PPP Options To edit the PPP options for this remote node, move the

cursor to this field, use the space bar to select Yes and press [ENTER]. This will bring you to Menu 11.2 - Remote Node PPP Options. For more information on configuring PPP options, see the section Editing PPP Options. Press space bar to toggle

Rem IP Addr Enter the IP address of the remote gateway.

Edit IP/IPX/Bridge Press the space bar to select Yes and press ENTER to go

to Menu 11.3 - Remote Node Network Layer Options menu.

Session Option:

Edit Filter Sets

PPPoE Idle Timeout(sec)=

PPPoE Service Name

Use the space bar to toggle this field to Yes and press [ENTER] to open Menu 11.5 to edit the filter sets. See the Remote Node Filter section for more details.

This value specifies the number of idle seconds that elapse before the Prestige automatically disconnects the PPPoE session.

This is valid only when you have chosen encapsulation. If you are using PPPoE encapsulation, then type the name of your PPPoE service here.

Yes

then press [ENTER].

PPPoE

CHAP/PAP

CHAP

PAP

Yes or No

Default=

100

(default)

poellc

Once you have completed filling in Menu 11.1 – Remote Node Profile, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.

4.1.3 Outgoing Authentication Protocol

Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons. However, some vendor’s implementation includes specific authentication protocol in the user profile. It

4-4 Remote Node Configuration

Page 76

Prestige 642 ADSL Internet Access Router

will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified. If you encounter the case where the peer disconnects right after a successful authentication, please make sure that you specify the correct authentication protocol when connecting to such an implementation.

4.1.4 Editing PPP Options

To edit the remote node PPP Options, move the cursor to the

Remote Node Profile

, and use the space bar to select

Yes

. Press

Edit PPP Options

ENTER

field in

Menu 11.1 -

to open Menu 11.2, as shown

next.

Menu 11.2 - Remote Node PPP Options

Encapsulation= Standard PPP Compression= No

Press Space Bar to Toggle.

Press ENTER to CONFIRM or ESC to CANCEL:

Figure 4-3 Menu 11.2 - Remote Node PPP Options

The following table describes the Remote Node PPP Options Menu, and contains instructions on how to configure the PPP options fields.

Table 4-2 Remote Node PPP Options Menu Fields

Field Description Option

Encapsulation Select the CISCO PPP only when this remote node is

a Cisco machine; otherwise, select the Standard PPP.

Compression Turn on/off Stac Compression. The default for this

Off

field is

Standard

PPP

CISCO

PPP

On/Off

(Default =

Off

)

Once you have completed filling in Menu 11.2 – Remote Node PPP Options, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.

Remote Node Configuration 4-5

Page 77

Prestige 642 ADSL Internet Access Router

4.1.5 Remote Node Filter

Menu 11.5 – Remote Node Filter

Use

traffic between this remote node and the Prestige. You can specify up to 4 filter sets separated by comma, e.g., 1, 5, 9, 12, in each filter field. The default is no filters. Note that spaces are accepted in this field. For more information on defining the filters, see the

Configuration

chapter. Note that there are two versions of this menu depending on whether you use PPPoE

encapsulation or not. When using PPPoE encapsulation, you can also specify remote node call filter sets.

Menu 11.5 - Remote Node Filter

Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 1 device filters=

Figure 4-4 Menu 11.5 – Remote Node Filter

to specify the filter set(s) to apply to the incoming and outgoing

Enter here to CONFIRM or ESC to CANCEL:

Menu 11.5 - Remote Node Filter

Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 1 device filters= Call Filter Sets: protocol filters= device filters=

Filter

Enter here to CONFIRM or ESC to CANCEL:

Figure 4-5 Remote Node Filter (PPPoE Encapsulation)

4-6 Remote Node Configuration

Page 78

Prestige 642 ADSL Internet Access Router

Chapter 5

Remote Node TCP/IP Configuration

This chapter shows you how to configure the TCP/IP parameters of a remote node.

A typical LAN-to-LAN application is to use your Prestige to connect a branch office to the headquarters, as depicted in the following diagram.

5.1 LAN-to-LAN Application

Figure 5-1 TCP/IP LAN-to-LAN Application

For the branch office, you need to configure a remote node in order to dial out to the headquarters. Additionally, you may also need to define static routes if some services reside beyond the immediate remote LAN.

5.1.1 Editing TCP/IP Options

Follow the steps below to edit In Menu 11.1, move the cursor to the value to There are two versions of menu 11.3 for the P642, depending on whether you chose

based VC-Based Multiplexing

Remember that for virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX etc.

Remote Node TCP/IP Configuration 5-1

Yes

. Press

Multiplexing

[ENTER]

in menu 11.1.

VC-based

Menu 11.3 - Remote Node Network Layer Options

Edit IP/IPX/Bridge

to open

multiplexing, by prior mutual agreement, a protocol is assigned a specific

Menu 11.3 - Network Layer Options

, then press the space bar to toggle and set the

shown next.

VC-based

LLC-

Page 79

Prestige 642 ADSL Internet Access Router

Menu 11.3 - Remote Node Network Layer Options

IPX Options: Rem LAN Net #= N/A My WAN Net #= N/A IP Options: Hop Count= N/A Rem IP Addr: 0.0.0.0 Tick Count= N/A Rem Subnet Mask= 0.0.0.0 W/D Spoofing(min)= N/A My WAN Addr= 0.0.0.0 SAP/RIP Timeout(min)= N/A Single User Account= Yes Dial-On-Query= N/A Metric= 2 VPI #= N/A Private= No VCI #= N/A RIP Direction= None Version= RIP-1 Bridge Options: Multicast= None Dial-On-Broadcast= N/A IP Policies= Ethernet Addr Timeout(min)= N/A VPI #= 0 VPI #= N/A VCI #= 35 VCI #= N/A Enter here to CONFIRM or ESC to CANCEL:

Figure 5-2 Menu 11.3 for VC-based multiplexing.

In this case, separate VPI and VCI numbers must be specified for each protocol.

LLC-based multiplexing

LLC-based

For

multiplexing, one VC may carry different protocols with protocol identifying information

being contained in each packet header.

Menu 11.3 - Remote Node Network Layer Options

IPX Options :

Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1

Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A

Dial-On-Query= N/A

Bridge Options: Dial-On-Broadcast= N/A

Ethernet Addr Timeout(min)= 0

Separate VPI and VCI numbers must be specified for each protocol when using VC-based multiplexing as there must be a distinct PVC for each protocol.

Only one set of VPI and VCI numbers need be specified

LLC-based

as for multiplexing, one VC may carry different protocols.

Enter here to CONFIRM or ESC to CANCEL:

Figure 5-3 Menu 11.3 for LLC-based multiplexing

5-2 Remote Node TCP/IP Configuration

Page 80

Prestige 642 ADSL Internet Access Router

In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 1 to 255 and for the VCI is 32 to 65535 (1 to 32 is reserved for local management of ATM traffic).

The following diagram explains the Sample IP Addresses to help you to understand the field of

in Menu 11.3. Refer to the following figure for a brief review of what a WAN IP is.

Addr

indicates the local Prestige WAN IP while

Rem IP Address

indicates the peer WAN IP.

My Wan

My WAN Addr

Figure 5-4 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection

To configure the TCP/IP parameters of a remote node, first configure the two fields in

Node Profile

Remote Node TCP/IP Configuration 5-3

, as shown in the table below.

Menu 11 – Remote

Page 81

Prestige 642 ADSL Internet Access Router

Table 5-1 TCP/IP related fields in Remote Node Profile

Field Description Option

Route

Rem IP Address

Edit IP

The following table shows the TCP/IP related fields in

Options

Make sure IP is among the protocols in the [Route] field in

Menu 11.1 - Remote Node Profile

Enter the IP address of the remote gateway in

Remote Node Profile

Prestige WAN IP address or the remote Prestige LAN IP address. This depends on the remote router’s WAN IP i.e., for the (remote) Prestige, the

11.3 – Remote Node Network Layer Options

if the remote WAN IP is set to 172.16.0.2 (the remote router’s WAN IP), then you should enter 172.16.0.2 in the

Address

192.168.1.1(the remote router’s LAN IP) in the

Address

Press the [SPACE BAR] to toggle this field to press [ENTER] to go to

Layer Options

field. If the remote WAN IP is 0.0.0.0, then enter

field).

. You must fill in either the remote

My WAN Addr

Menu 11.3 - Remote Node Network

menu.

Menu 11.1 -

settings in

). For example

Rem IP

Yes

and then

Menu 11.3 - Remote Node Network Layer

Table 5-2 TCP/IP Remote Node Configuration

Field Description Option

Yes

Yes/No

(

)

VPI Enter the Virtual Path Identifier (VPI) number that your

telephone company supplies.

VCI Enter the Virtual Channel Identifier (VCI) number that your

telephone company supplies.

Rem IP Address This will show the IP address you entered for this remote node in

the previous menu.

Rem IP Subnet Mask

My WAN Addr Some implementations, especially the UNIX derivatives, require

Enter the subnet mask for the remote network.

the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige.

Note that this is the address assigned to your local Prestige WAN, not the remote router. If the remote router is a Prestige, then this entry determines the local Prestige

Rem IP Address

5-4 Remote Node TCP/IP Configuration

Page 82

Prestige 642 ADSL Internet Access Router

Field Description Option

menu 11.1.

Single User Account

Metric The metric represents the “cost” of transmission for routing

Private This parameter determines if the Prestige will include the route to

RIP Direction

Version=

Multicast IGMP (Internet Group Multicast Protocol) is a session-layer

IP Policies

Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11. Press [ENTER] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at any time to cancel.

Set this field to your Prestige. Use the space bar to toggle between See Chapter 3 - Internet Access Application for more information on the Single User Account feature.

purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.

this remote node in its RIP broadcasts. If set to kept private and not included in RIP broadcast. If No, the route to this remote node will be propagated to other hosts through RIP broadcasts.

Press the space bar to select the

Only/Out Only

Press the space bar to select the RIP version from

2B/RIP-2M.

protocol used to establish membership in a Multicast group. The Prestige supports both IGMP version 1 ( Press the space bar to enable IP Multicasting or select disable it. Please see Part 1 for more information on these two fields.

Create policies using SMT Menu 25 (see the IP Policy Routing chapter in Part 3) and apply them on the Prestige LAN interface here. You can apply up to four IP Policy sets (from twelve) by entering their numbers here separated by commas, e.g., 2, 4, 7,

Yes

to enable the Single User Account feature for

Yes

, this route is

None

RIP direction

IGMP-v1

from

RIP-1/RIP-

) and

Both/In

and No.

IGMP-v2 None

Yes/No

Both/In Only/Out

Only

None

RIP-1/RIP-

2B/RIP-2M

IGMP-v1 IGMP-v2

None

5.1.2 Static Route Setup

Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.

Remote Node TCP/IP Configuration 5-5

Page 83

Prestige 642 ADSL Internet Access Router

Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following diagram through remote node Router 1. However, the Prestige is unable to route a packet to network N3 because it doesn’t know that there is a route through remote node Router 1 (via Router 2). The static routes are for you to tell the Prestige about the networks beyond the remote nodes.

Figure 5-5 Example of Static Routing Topology

To configure an IP static route, use

Step 1.

Enter 12 from the main menu to bring up the following screen.

Menu 12.1 – IP Static Route Setup

. Follow this procedure.

Menu 12 - Static Route Setup

1. IP Static Route

2. IPX Static Route

3. Bridge Static Route

Please enter selection:

Figure 5-6 Menu 12 – Static Route Setup

Step 2.

From Menu 12, enter 1 to bring up the next screen.

5-6 Remote Node TCP/IP Configuration

Page 84

Prestige 642 ADSL Internet Access Router

Menu 12.1 - IP Static Route Setup

1. Tokyo

2. Seoul

3. Taipei

4. ________

5. ________

6. ________

7. ________

8. ________

Enter selection number:

Figure 5-7 Menu 12.1 - IP Static Route Setup

From Menu 12.1, enter the index of the static route you wish to edit to open

Route.

Menu 12.1.1 - Edit IP Static Route

Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No

Press ENTER to Confirm or ESC to Cancel:

Menu 12.1.1 -Edit IP Static

Figure 5-8 Edit IP Static Route

The following table describes the fields for

Menu 12.1.1 – Edit IP Static Route Setup

Table 5-3 Edit IP Static Route Menu Fields

Field Description

Route Name Enter a descriptive name for this route. This is for identification purpose only.

Active This field allows you to activate/deactivate this static route.

Destination IP Address

This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.

IP Subnet Mask Enter the subnet mask for this destination. Follow the discussion on IP subnet

mask in this chapter.

Gateway IP Enter the IP address of the gateway. The gateway is an immediate neighbor of

Remote Node TCP/IP Configuration 5-7

Page 85

Prestige 642 ADSL Internet Access Router

Address your Prestige that will forward the packet to the destination. On the LAN, the

gateway must be a router on the same segment as your Prestige; over WAN, the gateway must be the IP address of one of the remote nodes.

Metric The metric represents the “cost” of transmission for routing purposes. IP

routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.

Private This parameter determines if the Prestige will include the route to this remote

node in its RIP broadcasts. If set to included in RIP broadcast. If No, the route to this remote node will be propagated to other hosts through RIP broadcasts.

Yes

, this route is kept private and not

5-8 Remote Node TCP/IP Configuration

Page 86

Prestige 642 ADSL Internet Access Router

Chapter 6

IPX Configuration

This chapter shows you how to configure the IPX parameters of the Prestige 642.

6.1 IPX Network Environment

Novell bundles the protocol stack, the server software and routing functionality in their NetWare server products, so a NetWare server is not only a file or print server, it is also a router.

6.1.1 Network and Node Number

Every IPX machine has a network number and a node number, together they form the complete address of the machine. The IPX network number is a 32-bit quantity and is usually expressed in 8 hexadecimal digits, e.g., 0893A8CF. The host number is a 48-bit quantity and usually is taken from the MAC (Media Access Control) address of the Ethernet hardware, so you don’t have to explicitly configure the node number. An IPX client obtains its network number from a server that has the network numbers statically configured. If there are multiple servers on a network, only one server need to have the network numbers configured and all other stations (clients and servers) can obtain the network numbers from it. The server with configured network numbers is called a seed router. If you have a NetWare server on the same LAN as the Prestige 642, we recommend that you set up a NetWare server as a seed router. Even though the Prestige 642 is capable as a seed router, a NetWare server offers a much more extensive facility for network management.

6.1.2 Frame Types

IPX can run on top of four different frame types on the Ethernet. These frame types are 802.2, 802.3, Ethernet II (DIX), and SNAP (Sub-Network Access Protocol). Each frame type is a separate logical network, even though they exist on one physical cable (see the following diagram). Although there are four frame types available on the Ethernet, you should configure as few frame types as possible on your NetWare server and use automatic frame detection on the clients to simplify management and to reduce network overhead.

6.1.3 External Network Number

Each of the four logical networks (based on frame type) has its own external network number.

IPX Configuration 6-1

Page 87

Prestige 642 ADSL Internet Access Router

6.1.4 Internal Network Number

In addition to the external network numbers, each NetWare server has its own internal network number that is a virtual network to which the server is attached. It is important to remember that every network number must be unique for that entire internetwork, either internal or external.

Figure 6-1 NetWare Server

6.2 Prestige 642 in an IPX Environment

There are two scenarios in which your Prestige 642 is deployed, depending on whether there is a NetWare server on the LAN, as depicted in the following diagram.

6-2 IPX Configuration

Page 88

Prestige 642 ADSL Internet Access Router

Figure 6-2 Prestige 642 in an IPX Environment

6.2.1 Prestige 642 on LAN with Server

If your Prestige 642 is on a LAN with a seed router, you do not need to configure the LAN network numbers. Your Prestige 642 will learn the network number from the seed router and add the routes to its routing table.

6.2.2 Prestige 642 on LAN without Server

Each IPX network must have a seed router. If you only have NetWare clients on your network, then you must configure the Prestige 642 as a seed router and set up unique network numbers for each frame type enabled using the Ethernet Setup Menu.

IPX Configuration 6-3

Page 89

Prestige 642 ADSL Internet Access Router

6.3 IPX Ethernet Setup

From

Menu 3 - Ethernet Setup

figure below.

, enter 3 to go to

Menu 3.3 - Novell IPX Ethernet Setup

Seed Router= No

Frame Type 802.2= Yes

IPX Network #= N/A

Frame Type 802.3= No

IPX Network #= N/A

Frame Type Ethernet II= No

IPX Network #= N/A

Frame Type SNAP= No

IPX Network #= N/A

Menu 3.3 - Novell IPX Ethernet Setup

as shown in the

Press Space Bar to Toggle.

Enter here to CONFIRM or ESC to CANCEL:

Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup

The following table describes the Novell IPX Ethernet Setup Menu.

Table 6-1 Novell IPX Ethernet Setup Fields

Field Description Options

Seed Router Determine if your Prestige 642 is to act as a seed

router.

Frame Type Enable/Disable the individual frame type.

Remember to enable only the ones that are actually used on your network.

IPX Network#If your Prestige 642 is a seed router, enter a unique

network number for each frame type enabled.

Press [ENTER] at the message [Press ENTER to Confirm ...] to save your configuration, or press [Esc] at any time to cancel.

Yes/No

802.2

802.3

Ethernet

SNAP

6-4 IPX Configuration

Page 90

Prestige 642 ADSL Internet Access Router

6.4 LAN-to-LAN Application with Novell IPX

A typical LAN-to-LAN application is to use your Prestige 642 to call from a branch office to the corporate headquarters to enable the stations in the branch office to access the NetWare servers at the headquarters, as depicted in the figure below.

Figure 6-4 LAN-to-LAN Application with Novell IPX

IPX Configuration 6-5

Page 91

Prestige 642 ADSL Internet Access Router

6.4.1 IPX Remote Node Setup

Follow the procedure in

Remote Node Profile Options

Step 1.

follow the instructions below.

In Menu 11.1, make sure display

Step 2.

Move the cursor to the press [

. For the IPX-specific parameters in

Route

ENTER]

Chapter 5

= IPX or

to open

to configure the protocol-independent parameters in

IPX

is among the protocols in the

= IP + IPX.)

Route

Edit IP/IPX/Bridge

Menu 11.3 - Network Layer Options

Menu 11.3 - Remote Node Network Layer Options

Menu 11.1 -

Menu 11.3 - Remote Node Network Layer

field. (The

Route

field, then press the space bar to select

field should

Yes

and

Enter here to CONFIRM or ESC to CANCEL:

IPX Options :

Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1

Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A

Dial-On-Query= N/A

Bridge Options: Dial-On-Broadcast= N/A

Ethernet Addr Timeout(min)= 0

Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options

6-6 IPX Configuration

Page 92

Prestige 642 ADSL Internet Access Router

The table below describes the IPX-specific parameters of the remote node setup.

Table 6-2 Remote Node Novell IPX Options

Field

Description Option

Rem LAN Net #

My WAN Net #

Hop Count This field indicates the number of intermediate networks that must

Tick Count This field indicates the time-ticks required to reach the remote

Please note that the following 3 fields are only valid for PPPoE encapsulation.

W/D Spoofing (min)

SAP/RIP Timeout (min)

Dial-OnQuery

Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11.1. Then press [ENTER] at the message [Press ENTER to Confirm] to save your configuration, press [Esc] to cancel.

In this field, enter the internal network number of the NetWare server on the remote LAN.

In this field, enter the network number of the WAN link. If you leave this field as automatically the network number through negotiation with the PPP peer.

be passed through to reach the remote node.

node.

This field is for the Prestige on the server side. Your Prestige can spoof a response to a server’s WatchDog request after the connection is dropped. In this field, type in the time (number of minutes) that you want your Prestige to spoof the WatchDog response.

This field indicates the amount of time that you want your Prestige to maintain the SAP and RIP entries learned from this remote node in its internal tables after the connection has been dropped. If this information is retained, then your Prestige will not have to get the SAP information when the line is brought back up. Enter the time (number of minutes) in this field.

This field is necessary for your Prestige on the client side. When set to [Yes], any Get Service SAP or RIP broadcasts will trigger your Prestige to make a call to that remote node.

00000000

, your Prestige will determine

00000000

(default)

Yes/No

6.4.2 IPX Static Route Setup

Similar to IP, IPX static routes tell the Prestige 642 how to reach servers beyond a remote node before a connection to that remote node is established.

Step 1.

IPX Configuration 6-7

Enter 12 from the main menu to bring up the following screen.

Page 93

Prestige 642 ADSL Internet Access Router

Menu 12 - Static Route Setup

1. IP Static Route

2. IPX Static Route

3. Bridge Static Route

Please enter selection:

Figure 6-6 Menu 12 – Static Route Setup

Step 2.

From Menu 12, select two, to bring up this screen.

Menu 12.2 - IPX Static Route Setup

1. ________

2. ________

3. ________

4. ________

Enter selection number:

Figure 6-7 Menu 12.2 – IPX Static Route Setup

Step 3.

Select one of the IPX Static Routes to open next.

Menu 12.2.1 - Edit IPX Static Route

, as shown

Menu 12.2.1 - Edit IPX Static Route

Route #= 11 Server Name= ? Active= Yes Network #= ? Node #= 000000000001 Socket #= 0451 Type #= 0004 Hop Count= 2 Tick Count= 3 Gateway Node= 1

Press ENTER to CONFIRM or ESC to CANCEL:

Figure 6-8 Menu 12.2 - Edit IPX Static Route

6-8 IPX Configuration

Page 94

Prestige 642 ADSL Internet Access Router

The following table contains the instructions on how to configure the Edit IP Static Route Menu.

Table 6-3 Edit IPX Static Route Menu Fields

Field Description

Server Name

Network # This field contains the internal network number of the remote server that

Node # This field contains the address of the node on which the server resides. If

Socket # This field contains the socket number on which the server will receive

Type # This field identifies the type of service the server provides. The default for

Gateway Node In this field, enter the number of the remote node that is the gateway for

Hop Count and Tick Count

Once you have completed filling in the menu, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel to cancel.

In this field, enter the name of the server. This must be the exact name configured in the NetWare server

you wish to access. [00000000] or [FFFFFFFF] are reserved.

you are using a Novell IPX implementation, this value is [000000000001].

service requests. The default for this field is hex [0451].

this field is hex [0004].

this static route.

These two fields have the same meaning as those in the Ethernet setup.

IPX Configuration 6-9

Page 95

Page 96

Prestige 642 ADSL Internet Access Router

Chapter 7

Bridging Setup

This chapter shows you how to configure the bridging parameters of your Prestige.

7.1 Bridging in General

Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP or IPX) address. Bridging allows the Prestige 642 to transport packets of network layer protocols that the Prestige 642 does not route, e.g., SNA, from one network to another. The caveat is that, compared to routing, bridging generates more traffic for the same network layer protocol and it also demands more CPU cycles and memory. For efficiency reasons, do your network. For IP and IPX, enable the respective routing if you need it; do not bridge what the Prestige 642 can route.

7.2 Bridge Ethernet Setup

Basically, all non-local packets are bridged to the WAN; however, your Prestige 642 applies special handling for certain IPX packets to reduce the number of calls, depending on the setting of the

turn on bridging unless you need to support protocols other than IP and IPX on

not

Handle IPX

field.

Bridging Setup 7-1

Page 97

Prestige 642 ADSL Internet Access Router

From

Menu 3 - Ethernet Setup

Press Space Bar to Toggle.

, enter 4 to bring up

Menu 3.4 - Bridge Ethernet Setup

Handle IPX= None

Press ENTER to CONFIRM or ESC to CANCEL:

Menu 3.4 - Bridge Ethernet Setup

as shown next.

Figure 7-1 Menu 3.5 - Bridge Ethernet Setup

The following table describes how to configure the

Handle IPX

field in Menu 3.5.

Table 7-1 Bridge Ethernet Setup Menu - Handle IPX Field Configuration

Field Description

Handle IPX Field

Press the [SPACE BAR] to toggle between the options for this field

None

Client

Server

When there is no IPX traffic on the LAN or when you do not want to apply any special handling for IPX.

When there are only client workstations on the LAN. RIP and SAP (Service Advertising Protocol) response packets will not trigger calls. When there are only IPX servers on the LAN. No RIP or SAP packets will trigger calls. In addition, during the time when the line is down, your Prestige 681 will reply to watchdog messages from the servers on behalf of remote clients. The period of time that your Prestige 681 will do this is linked to the Ethernet Address Timeout parameter in each remote node (see Remote Node Configuration). When a remote Ethernet address is aged out, there is no need to maintain its connection to the IPX server.

If there are both clients and servers on the LAN, and the local clients will access the remote servers, set this field to

Server

but turn on the

Dial-On-Broadcast

(if using PPPoE encapsulation) parameter in Menu

11.3 to allow the client queries to trigger calls.

7-2 Bridging Setup

Page 98

7.2.1 Remote Node Bridging Setup

Follow the procedure in

Remote Node Profile

. For bridging-specific parameters, you need to configure

Network Layer Options

To set up

Step 1. Step 2.

Menu 11.3 - Remote Node Network Layer Options

In Menu 11.1, make sure the Move the cursor to the [

ENTER]

to open Menu 11.3 - Network Layer Options.

Chapter 5

Menu 11.3 - Remote Node Network Layer Options

to configure the protocol-independent parameters in

field is set to

Bridge

Edit IP/IPX/Bridge

Prestige 642 ADSL Internet Access Router

Menu 11.1 -

Menu 11.3 - Remote Node

follow these steps:

Yes

field, then press the space bar to select

Yes

and press

Enter here to CONFIRM or ESC to CANCEL:

IPX Options :

Rem LAN Net #= 00000000

My WAN Net #= 00000000

Hop Count= 1

Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A

Dial-On-Query= N/A

Bridge Options: Dial-On-Broadcast= N/A

Ethernet Addr Timeout(min)= 0

Figure 7-2 Menu 11.3 - Remote Node Bridging Options

The following table describes the bridging-specific parameters in the Remote Node Profile and Network Layers menus.

Table 7-2 P642 Remote Node Network Layers Menu Bridge Options

Field Description

Bridge

Edit IP/IPX/Bridge

Make sure this field is set to

Press the space bar to change it to Network Layer Options Menu.

Please note that the following fields are only valid for PPPoE encapsulation.

Dial-On-Broadcast This field is necessary for your Prestige on the caller side LAN. When

Yes

set to

, any broadcasts coming from the LAN will trigger your Prestige to make a call to this remote node. If it is set to No, your Prestige will not make the outgoing call.

Ethernet Addr In this field, enter the time (number of minutes) that you wish your

Yes

and press ENTER] to go to the

Bridging Setup 7-3

Page 99

Prestige 642 ADSL Internet Access Router

Timeout (min) Prestige 642 to retain the Ethernet Addr information in its internal tables

while the line is down. If this information is retained, your Prestige 642 will not have to recompile the tables when the line is brought back up.

Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11.1. Then press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel.

7.3 Bridge Static Route Setup

Similar to network layer static routes, a bridging static route tells the Prestige 642 about the route to a node before a connection is established. You configure bridge static routes in Menu 12.3.1, by pressing 3 in menu 12 as shown next.

Menu 12.3 - Bridge Static Route Setup

1. ________

2. ________

3. ________

4. ________

Enter selection number:

Figure 7-3 Menu 12.3 - Bridge Static Route Setup

Then select one of the bridge static routes.

Menu 12.3.1 - Edit Bridge Static Route

Route #: 21 Route Name= Active= No Ether Address= ? IP Address= Gateway Node= 1

Press ENTER to CONFIRM or ESC to CANCEL:

Figure 7-4 Menu 12.3.1 - Edit Bridge Static Route

7-4 Bridging Setup

Page 100

Prestige 642 ADSL Internet Access Router

The following table describes the Bridge Static Route Menu.

Table 7-3 Bridge Static Route Menu Fields

Field Description

Route Name Enter a name for the bridge static route for identification purposes.

Active Activate/deactivate the static route.

Ether Address Enter the MAC address of the destination machine that you wish to

bridge the packets to.

IP Address If available, enter the IP address of the destination machine that you

wish to bridge the packets to.

Gateway Node Enter the number of the remote node that is the gateway of this static

route.

Once you have completed filling in this menu, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel.

Bridging Setup 7-5

ZyXEL 642 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual