ZyXEL 642 User Manual

Page 1
Prestige 642
ADSL Router
User's Guide
Version 2.50
(May 2000)
ZyXEL
T
OTAL INTERNET ACCESS SOLUTION
Page 2
Getting Started
Part I:
Getting Started
Chapters 1-3 are structured as a step-by-step guide to help you connect, install and setup your
Prestige to operate on your network and access the Internet.
I
Page 3
Advanced Applications
Part II:
Advanced Applications
Advanced Applications (Chapters 4-7) describe the advanced applications of your Prestige, such
as Remote Node Setup IP Static routes and NAT.
II
Page 4
Advanced Management
Part III:
Advanced Management
Chapters 8 - 12 provide information on Prestige Filtering, SNMP, System Maintenance, IP Policy
Routing, Troubleshooting as well as some Appendices and a Glossary.
III
Page 5
Page 6
Prestige 642 ADSL Internet Access Router
Chapter 8
Filter Configuration
This chapter shows you how to create and apply filter(s).
8.1 About Filtering
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be applied on either the WAN side or the Ethernet side. Call filtering is used to determine if a packet should be allowed to trigger a call. Remote node call filtering is only applicable when using encapsulation. Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following figure.
Call Filtering
PPPoE
Outgoing
Packet
Data Filtering
Match MatchMatch
Drop
packet
No
match
Call Filters
Drop packet if line not up
Built-in default
No
match
Or Or
Send packet
but do not reset
Idle Timer
User-defined
Call Filters
(if applicable)
Drop packet if line not up
Send packet
but do not reset
Idle Timer
No
match
Active Data
Initiate call
if line not up
Send packet
and reset
Idle Timer
Figure 8-1 Outgoing Packet Filtering Process
For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets.
Filter Configuration 8-1
Page 7
Prestige 642 ADSL Internet Access Router
8.1.1
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Three sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnetting. A summary of their filter rules is shown in the figures that follow. The following diagram illustrates the logic flow when executing a filter rule.
The Filter Structure of the Prestige
8-2 Filter Configuration
Page 8
Filter Set
Prestige 642 ADSL Internet Access Router
Start
Packet into
filter
Fetch First
Filter Set
Fetch Next
Filter Set
Yes
Next Filter Set
Available?
No
Fetch Next
Filter Rule
Yes
Next filter
Rule
Available?
No
Fetch First
Filter Rule
Active?
Yes
Execute
No
Check
Next Rule
Figure 8-2 Filter Rule Process
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
Filter Rule
Forward
Drop
Accept PacketDrop Packet
Filter Configuration 8-3
Page 9
Prestige 642 ADSL Internet Access Router
8.2 Configuring a Filter Set
To configure a filter set, follow the procedure below.
Step 1.
Step 2. Step 3.
Step 4.
Enter 21 from the Main Menu to open Menu 21.
Menu 21 - Filter Set Configuration
Filter Filter Set # Comments Set # Comments
------ ----------------- ------ ----------------­ 1 NetBIOS_WAN 7 _______________ 2 NetBIOS_LAN 8 _______________ 3 TELNET_WAN 9 _______________ 4 PPPoE 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________
Enter Filter Set Number to Configure= 0
Edit Comments= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 8-3 Menu 21 – Filter Setup
Enter the index number of the filter set (no. 1-12) you wish to configure and press
Enter a descriptive name or comment in the Press
[ENTER]
Summary
at the message: [Press ENTER to confirm] to open
.
Edit Comments
field and press [
ENTER
Menu 21.1.1 - Filter Rules
[ENTER]
].
.
8-4 Filter Configuration
Page 10
Prestige 642 ADSL Internet Access Router
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - ­ 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N 4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N 5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N 6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure:
Press ENTER to Confirm or ESC to Cancel:
Figure 8-4 NetBIOS_WAN Filter Rules Summary
Menu 21.2 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - ­ 1 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D F 2 Y 3 Y 4 Y 5 Y 6 Y
Enter Filter Rule Number (1-6) to Configure:
Figure 8-5 NetBIOS _LAN Filter Rules Summary
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - ­ 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 8-6 Telnet_WAN Filter Rules Summary
Filter Configuration 8-5
Page 11
Prestige 642 ADSL Internet Access Router
Menu 21.4 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - ­ 1 Y Gen Off=12, Len=2, Mask=ffff, Value=8863 N F N 2 Y Gen Off=12, Len=2, Mask=ffff, Value=8864 N F D 3 N 4 N 5 N 6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 8-7 PPPoE Filter Rules Summary
8.2.1 Filter Rules Summary Menu
This screen shows the summary of the existing rules in the filter set. The following tables contain a brief description of the abbreviations used in the previous menus.
Table 8-1 Abbreviations Used in the Filter Rules Summary Menu
Abbreviations Description Display
# Refers to the filter rule number (1-6).
A Shows whether the rule is active or not. [Y] means the filter rule is active.
[N] means the filter rule is inactive.
Type Refers to the type of filter rule.
This shows GEN for generic, IP for TCP/IP
Filter Rules
The filter rule parameters will be displayed here (see below).
M
Refers to
More
More in a set behaves
.
like a logical AND i.e., the set is only matched if ALL rules in it are matched.
[Y] means an action can not yet be taken as there are more rules to check, which are concatenated with the present rule to form a rule chain. When the rule chain is complete an action can be taken.
[GEN] for Generic
[IP] for TCP/IP
[Y] means there are more rules to check.
[N] means there are no more rules to check.
8-6 Filter Configuration
Page 12
Prestige 642 ADSL Internet Access Router
[N] means you can now specify an action to be taken i.e., forward the packet, drop the packet or check the next rule. For the latter, the next rule is independent of the rule just checked.
If More is
Action Not Matched
m
n
Refers to
[F] means to forward the packet immediately and skip checking the remaining rules.
Refers to
[F] means to forward the packet immediately and skip checking the remaining rules.
Yes
Action Matched
Action Not Matched.
Action Matched
, then
will be
and
N/A
.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
The protocol dependent filter rules abbreviation are listed as follows:
If the filter type is IP, the following abbreviations listed in the following table will be used.
z
Table 8-2 Abbreviations Used If Filter Type Is IP
Abbreviation Description
Pr Protocol
SA Source Address
SP Source Port number
DA Destination Address
DP Destination Port number
Abbreviations Used If Filter Type Is IPX
Table 8-3 Abbreviations Used If Filter Type Is IPX
Abbreviation Description
PT IPX Packet Type
SS Source Socket
DS Destination Socket
If the filter type is GEN (generic), the following abbreviations listed in the following table will be
z
used.
Filter Configuration 8-7
Page 13
Prestige 642 ADSL Internet Access Router
Table 8-4 Abbreviations Used If Filter Type Is GEN
Abbreviation Description
Off Offset
Len Length
Refer to the next section for information on configuring the filter rules.
8.2.2 Configuring a Filter Rule
To configure a filter rule, type its number in open
Menu 21.1.1
There are three types of filter rules: parameters below the type will be different. Use the space bar to select the type of rule that you wish to create in the To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters. The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters field or vice versa, the Prestige will warn you and will not allow you to save.
for the rule.
Filter Type
TCP/IP, IPX
field and press ENTER to open the respective menu.
Menu 21.1 - Filter Rules Summary
and
Generic
. Depending on the type of rule, the
and press [
ENTER]
to
8.2.3 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers. To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press ENTER to open
Menu 21.1.1 - TCP/IP Filter Rule
, as shown below.
8-8 Filter Configuration
Page 14
Prestige 642 ADSL Internet Access Router
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0
Source: IP Addr= 0.0.0.0
TCP Estab= No More= No Log= None Action Matched= Drop
Action Not Matched= Check Next Rule
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal
IP Mask= 0.0.0.0 Port #= Port # Comp= None
Figure 8-8 Menu 21.1.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
Table 8-5 TCP/IP Filter Rule Menu Fields
Field Description Option
Active This field activates/deactivates the filter rule.
IP Protocol Protocol refers to the upper layer protocol, e.g., TCP is 6,
UDP is 17 and ICMP is 1. This value must be between 0 and 255
IP Source Route If Yes, the rule applies to packet with IP source route
option; else the packet must not have source route option. The majority of IP packets do not have source route.
Destination: IP Address
Destination: IP Mask
Destination: Port # Enter the destination port of the packets that you wish to
Enter the destination IP Address of the packet you wish to filter. This field is a don’t-care if it is 0.0.0.0.
Enter the IP mask to apply to the Destination: IP Addr. IP mask
filter. The range of this field is 0 to 65535. This field is a don’t-care if it is 0.
Yes/No
0-255
Yes/No
IP address
0-65535
Filter Configuration 8-9
Page 15
Prestige 642 ADSL Internet Access Router
Field Description Option
Destination: Port # Comp
Source: IP Address Enter the source IP Address of the packet you wish to
Source: IP Mask Enter the IP mask to apply to the Source: IP Addr. IP Mask
Source: Port # Enter the source port of the packets that you wish to filter.
Source: Port # Comp
TCP Estab This field is applicable only when IP Protocol field is 6,
More If yes, a matching packet is passed to the next filter rule
Log Select the logging option from the following:
Action Matched Select the action for a matching packet.
Action Not Matched Select the action for a packet not matching the rule.
Select the comparison to apply to the destination port in the packet against the value given in Destination: Port #.
filter. This field is a don’t-care if it is 0.0.0.0.
The range of this field is 0 to 65535. This field is a don’t­care if it is 0.
Select the comparison to apply to the source port in the packet against the value given in Source: Port #.
TCP. If yes, the rule matches only established TCP connections; else the rule matches all TCP packets.
before an action is taken; else the packet is disposed of according to the action fields.
If More is Matched will be
z
z
z
z
Yes
, then Action Matched and Action Not
N/A
.
None
– No packets will be logged.
Action Matched
parameters will be logged.
Action Not Matched
match the rule parameters will be logged.
Both
– All packets will be logged.
- Only packets that match the rule
- Only packets that do not
None/Less/Greater/
Equal/Not Equal]
IP Address
0-65535
None/Less/Greater/
Equal/Not Equal
Yes/No
Yes / No
None
Action Matched
Action Not Matched
Both
Check Next Rule
Forward
Drop
Check Next Rule
Forward
Drop
8-10 Filter Configuration
Page 16
Prestige 642 ADSL Internet Access Router
Field Description Option
Once you have completed filling in [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on
Menu 21.1 - Filter Rules Summary
Menu 21.1.1 - TCP/IP Filter Rule
.
, press [ENTER] at the message
The following diagram illustrates the logic flow of an IP filter.
Filter Configuration 8-11
Page 17
Prestige 642 ADSL Internet Access Router
Packet
into IP Filter
Filter Active?
Yes
Apply SrcAddrMask
to Src Addr
Check Src
IP Addr
Matched
Apply DestAddrMask
to Dest Addr
Check Dest
IP Addr
Matched
Check
IP Protocol
Matched
Check Src &
Dest Port
Matched
More?
No
Not Matched
Not Matched
Not Matched
Not Matched
Yes
No
Action Matched
Drop
Drop Packet Accept Packet
Check Next Rule
Forward
Check Next Rule
Check Next Rule
Action Not Matched
Drop Forward
Figure 8-9 Executing an IP Filter
8-12 Filter Configuration
Page 18
Prestige 642 ADSL Internet Access Router
8.2.4 Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly. For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, e.g.,
FFFFFFFF
To configure a generic rule, select Generic Filter Rule in the Filter Type field in the [
ENTER]
.
to open Generic Filter Rule, as shown below.
Menu 21.6.1 - Generic Filter Rule
Filter #: 6,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule
Menu 21.6.1
and press
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
Figure 8-10 Generic Filter Rule
The following table describes the fields in the Generic Filter Rule Menu.
Table 8-6 Generic Filter Rule Menu Fields
Field Description Option
Filter # This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second
filter set and the third rule of that set.
Filter Type Use the [SPACE BAR] to toggle between both types of rules. Parameters
displayed below each type will be different.
Generic Filter Rule/
TCP/IP
Filter Rule
Active
Select
Yes
to turn on the filter rule.
Yes/No
Filter Configuration 8-13
Page 19
Prestige 642 ADSL Internet Access Router
Field Description Option
Offset Enter the starting byte of the data portion in the packet that you wish to
compare. The range for this field is from 0 to 255.
Length Enter the byte count of the data portion in the packet that you wish to
compare. The range for this field is 0 to 8.
Mask Enter the mask (in Hexadecimal) to apply to the data portion before
comparison.
Value Enter the value (in Hexadecimal) to compare with the data portion.
More If yes, a matching packet is passed to the next filter rule before an action is
taken; else the packet is disposed of according to the action fields.
If More is
Log Select the logging option from the following:
z
z
z
z
Action Matched
Action Not Matched
Once you have completed filling in [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on
Select the action for a matching packet.
Select the action for a packet not matching the rule.
Menu 21.1.1 - Filter Rules Summary
Yes
, then Action Matched and Action Not Matched will be No.
None
– No packets will be logged.
Action Matched
be logged.
Action Not Matched
parameters will be logged.
Both
– All packets will be logged.
- Only packets that match the rule parameters will
- Only packets that do not match the rule
Menu 21.4.1.1 - Generic Filter Rule
, press [ENTER] at the message
.
Default = 0
Default = 0
Yes / No
None
Action
Matched
Action Not
Matched
Both
Check Next
Rule
Forward
Drop
Check Next
Rule
Forward
Drop
8.2.5 Novell IPX Filter Rule
This section shows you how to configure an IPX filter rule. IPX filters allow you to base the rules on the fields in the IPX headers.
8-14 Filter Configuration
Page 20
Prestige 642 ADSL Internet Access Router
To configure an IPX rules, select
Menu 21.1.5 IPX Filter Rule
Press Space Bar to Toggle.
, as shown in the figure below.
IPX Filter Rule
Menu 21.1.5 - IPX Filter Rule
Filter #: 5,1 Filter Type= IPX Filter Rule Active= No IPX Packet Type= Destination: Network #=
Source: Network #=
Operation= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
from the
Node #= Socket #= Socket # Comp= None
Node #= Socket #= Socket # Comp= None
Filter Type
field and press [ENTER} to open
Figure 8-11 IPX Filter Rule
Filter Configuration 8-15
Page 21
Prestige 642 ADSL Internet Access Router
The table below describes the IPX Filter Rule.
Table 8-7 IPX Filter Rule Menu Fields
Field Description
IPX Packet Type Enter the IPX packet type (1-byte in hexadecimal) you wish to
filter.
The popular types are (in hexadecimal):
01 - RIP
04 - SAP
05 - SPX (Sequenced Packet eXchange)
11 - NCP (NetWare Core Protocol)
14 - Novell NetBIOS
Destination/Source Network #
Destination/Source Node#Enter in the destination/source node number (6-byte in
Destination/Source Socket #
Destination/Source Socket # Comp
Operation This field is applicable only if one of the Socket # fields is 0452
Once you have completed filling in message [Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be displayed on
Enter the destination/source network numbers (4-byte in hexadecimal) of the packet that you wish to filter.
hexadecimal) of the packet you wish to filter.
Enter the destination/source socket number (2-byte in hexadecimal) of the packets that you wish to filter.
Select the comparison you wish to apply to the destination/source socket in the packet against that specified above.
or 0453 indicating SAP and RIP packets. There are seven options for this field that specify the type of the packet.
z None.
z RIP Request.
z RIP Response.
z SAP Request.
z SAP Response.
z SAP Get Nearest Server Request.
z SAP Get Nearest Server Response
Menu 21.1.3 - IPX Filter Rule
Menu 21.1 - Filter Rules Summary
, press [Enter] at the
.
8-16 Filter Configuration
Page 22
Prestige 642 ADSL Internet Access Router
8.3 Example Filter
Let’s look at the third default ZyXEL filter, TELNET_WAN ( PNC Disk for more example filters. This filter is designed to block outside users telnetting into the Prestige.
see Figure
8-6) as an example. Please see our
Figure 8-12 Telnet Filter Example
Step 1. Step 2.
Step 3.
Step 4.
Step 5.
Filter Configuration 8-17
Enter Enter the index of the filter set you wish to configure (in this case, 3) and press
Enter a descriptive name or comment in the and press Press
Summary
Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure.
from the Main Menu to open
21
[ENTER].
[ENTER]
at the message: [Press ENTER to confirm] to open
.
Menu 21 - Filter Set Configuration
Edit Comments
field (in this case TELNET_WAN)
Menu 21.3 - Filter Rules
.
[ENTER]
.
Page 23
Prestige 642 ADSL Internet Access Router
p
Press S
ace Bar to Toggle.
There are no more rules to check.
Select
Drop
here so that the packet will be dropped if its destination is the telnet port.
Menu 21.3.1 - TCP/IP Filter Rule
Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0
Source: IP Addr= 0.0.0.0
TCP Estab= No More= No Log= None Action Matched= Drop Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal
IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None
Select here as we are looking for packets going to port 23 only.
Select the packet will be forwarded if its destination is not the telnet port.
Equal
Forward
Press the [SPACEBAR] to choose this filter rule type. The first filter rule type determines all subsequent filter types within a set.
Select
to make the rule
Yes
active.
is the TCP protocol.
6
The port number for the telnet service (TCP protocol) is 23. See RFC 1060 for port numbers of well-known services.
here so that
Figure 8-13 Example Filter – Menu 21.3.1
When you press
[ENTER]
to confirm, you will see the following screen. Note that there is only one filter
rule in this set.
8-18 Filter Configuration
Page 24
Prestige 642 ADSL Internet Access Router
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - ­ 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N
Enter Filter Rule Number (1-6) to Configure: 1
This shows you that you have configured and activated (
) a TCP/IP filter rule (
Y IP, Pr = 6
telnet ports (
) for destination
DP = 23
A =
Type =
).
means an action can be taken
M = N
immediately. The action is to drop the packet ( to forward the packet immediately (
) if the action is matched and
m = D
n = F
) if the action is not matched no matter whether there are more rules to be checked (there aren’t in this example).
Figure 8-14 Example Filter Rules Summary – Menu 21.3
After you’ve created the filter set, you must apply it.
Step 1. Step 2.
Step 3.
Step 4.
Enter 11 from the main menu to go to Menu 11. Go to the
[ENTER]
Edit Filter Sets
.
field, press the
[SPACEBAR]
to toggle
Yes
to No and press
This brings you to Menu 11.5. Apply the TELNET_WAN filter set (filter set 3) as shown in
Figure 8-17
Press
.
[ENTER
] to confirm after you enter the set numbers and to leave Menu 11.5.
8.4 Filter Types and SUA
There are two types of filter rules, rules.
Device Filter
rules act on the raw data from/to LAN and WAN.
Device Filter
and IPX packets. When NAT/SUA (Network Address Translation/Single User Account) is enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the
to the “native” IP address and port number before NAT/SUA for outgoing packets and after
filters
(Generic) rules and
Protocol Filter
Protocol Filter
(TCP/IP and IPX)
rules act on the IP
protocol
Filter Configuration 8-19
Page 25
Prestige 642 ADSL Internet Access Router
NAT/SUA for incoming packets. On the other hand, the generic, or
device filters
are applied to the raw packets that appear on the wire. They are applied at the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet, or any other hardware port. The following diagram illustrates this.
Figure 8-15 Protocol and Device Filter Sets
8.5 Applying a Filter and Factory Defaults
This section shows you where to apply the filter(s) after you design it (them). Sets of factory default filter rules have been configured in Menu 21 (but have not been applied) to prevent NetBIOS traffic from triggering calls, incoming telnet and sessions. The PPPoE filter filters out all packets going out from the Prestige to the ISP or remote node.
8.5.1 LAN traffic
LAN traffic filter sets may be useful to block certain packets, reduce traffic and prevent security breaches. Go to
Menu 3.1
appropriate. You can choose up to four filter sets (from twelve) by entering their numbers separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the Prestige and Output filter sets filter outgoing traffic from the Prestige. The factory default set, NetBIOS_LAN, can be inserted in
filters –
field under
(shown next) and enter the number(s) of the filter set(s) that you want to apply as
Input Filter Sets
in
Menu 3.1
to block NetBIOS traffic to the Prestige from the LAN.
PPPoE packets
except
protocol
Menu 3.1 – LAN Port Filter Setup
Input Filter Sets: protocol filters= 2 device filters= Output Filter Sets: Protocol filters= device filters=
Press ENTER to Confirm or ESC to Cancel:
Apply Default Filter 2 here.
Figure 8-16 Filtering LAN Traffic
8-20 Filter Configuration
Page 26
Prestige 642 ADSL Internet Access Router
8.5.2 Remote Node Filters
Go to Menu 11.5 (shown below – note that call filter sets are only present for PPPoE encapsulation) and enter the number(s) of the filter set(s) as appropriate. You can cascade up to four filter sets by entering their numbers separated by commas. The factory default filter set, NetBIOS_WAN, can be applied in Menu 11.5 to block local NetBIOS traffic from triggering calls to the ISP (when you are using only). Enter “1” in the
protocol filters
under
protocol filters Output Filter Sets – protocol filters
field under
Call Filter Sets
when using Ethernet encapsulation. Filter set
when using PPPoE encapsulation and in
“3”, Telnet_WAN, blocks telnet connections from the WAN Port to help prevent security breaches. Filter set “4”, PPPoE, blocks PPP connections from the WAN Port. Apply them as shown in the following figure.
PPPoE
encapsulation
Menu 11.5 - Remote Node Filter
Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 4 device filters= Call Filter Sets: protocol filters= 1 device filters
Enter here to CONFIRM or ESC to CANCEL:
=
Figure 8-17 Filtering Remote Node Traffic (PPPoE Encapsulation)
Apply Default Filters 1, 3 and 4 here. Enter 1 in
protocol filters
Output
under
Filter Sets
when using Ethernet encapsulation
.
Filter Configuration 8-21
Page 27
Page 28
Prestige 642 ADSL Internet Access Router
Chapter 9
SNMP Configuration
This chapter discusses SNMP (Simple Network Management Protocol) for network management
and monitoring.
9.1 About SNMP
Your Prestige 642 supports SNMP agent functionality, which allows a manager station to manage and monitor the Prestige through the network. Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige.
9.2 Configuring SNMP
To configure SNMP, select
SNMP Configuration
simply SNMP’s terminology for password.
SNMP Configuration
, as shown in the figure below. The “community” for Get, Set and Trap fields is
Menu 22 - SNMP Configuration
SNMP:
Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public
Destination= 0.0.0.0
(enter 22) from the Main Menu to open
Menu 22 -
Press ENTER to Confirm or ESC to Cancel:
Figure 9-1 Menu 22 - SNMP Configuration
SNMP Configuration 9-1
Page 29
Prestige 642 ADSL Internet Access Router
The following table describes the SNMP configuration parameters.
Table 9-1 SNMP Configuration Menu Fields
Field Description Default
Get Community
Set Community
Trusted Host If you enter a trusted host, your Prestige will only respond to
Trap: Community
Trap: Destination
Once you have completed filling in message [Press ENTER to Confirm] to save your configuration, or press [Esc] to cancel.
Enter the get community, which is the password for the incoming Get- and GetNext- requests from the management station.
Enter the set community, which is the password for incoming Set­requests from the management station.
SNMP messages from this address. If you leave the field blank (default), your Prestige will respond to all SNMP messages it receives, regardless of source.
Enter the trap community, which is the password sent with each trap to the SNMP manager.
Enter the IP address of the station to send your SNMP traps to. blank
Menu 22 - SNMP Configuration
, press [ENTER] at the
public
public
blank
public
9-2 SNMP Configuration
Page 30
Prestige 642 ADSL Internet Access Router
Chapter 10
System Maintenance
This chapter covers the diagnostic tools that help you to maintain your Prestige.
The diagnostic tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Select menu 24 in the main menu to open
Figure 10-1 Menu 24 - System Maintenance
Menu 24 - System Maintenance
Menu 24 - System Maintenance
1. System Status
2. System Information and Console Port Speed
3. Log and Trace
4. Diagnostic
5. Backup Configuration
6. Restore Configuration
7. Upload Firmware
8. Command Interpreter Mode
Enter Menu Selection Number:
, as shown below.
System Maintenance 10-1
Page 31
Prestige 642 ADSL Internet Access Router
10.1 System Status
The first selection, System Status, gives you information on the status and statistics of the ports, as shown below. System Status is a tool that can be used to monitor your Prestige. Specifically, it gives you information on your ADSL line status, number of packets sent and received. To get to the System Status, enter number 24 to go to select number 1,
. Entering 1 resets the counters and
Status
System Status
There are two commands in
.
ESC
The table below describes the fields present in
Menu 24 - System Maintenance.
Menu 24.1 - System Maintenance -
takes you back to the previous screen.
Menu 24.1 - System Maintenance - Status
noted that these fields are READ-ONLY and are meant to be used for diagnostic purposes. Please note that displaying this screen degrades system performance.
Menu 24.1 -- System Maintenance – Status
Node-Lnk 1-1483 2 3 4 5 6 7 8
Status Up N/A N/A N/A N/A N/A N/A N/A
TxPkts
1462
RxPkts
0 0 0 0 0 0 0
1567
Errors
0 0 0 0 0 0 0
Tx B/s 0 0 0 0 0 0 0 0
222
Rx B/s
211 0 0 0 0 0 0 0
0 0 0 0 0 0 0
From this menu,
. It should be
Up Time 2:15:16 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00 0:00:00
Ethernet:
Status: 100M/Full Duplex
Collisions: 0
CPU Load = 4.25%
Tx Pkts: 1583 Rx Pkts: 1521
CMDS: 1-Reset Counters ESC-Exit
Press Command:
WAN: Line Status: Up Upstream Speed: 608 kbps Downstream Speed: 4000 kbps
Figure 10-2 Menu 24.1 - System Maintenance – Status
The following table describes the fields present in
Menu 24.1 - System Maintenance - Status
.
10-2 System Maintenance
Page 32
Prestige 642 ADSL Internet Access Router
Table 10-1 System Maintenance - Status Menu Fields
Field Description
This is the remote node index number and link type. Link types are :Node-Lnk
PPP, ENET, 1483, PPPoE
Status Shows the status of the remote node.
TxPkts The number of packets transmitted to this remote node.
RxPkts The number of packets received from this remote node.
Errors The number of error packets on this connection.
Tx B/s Shows the transmission rate in bytes per second.
Rx B/s Shows the receiving rate in bytes per second.
Up Time Time this channel has been connected to the remote node.
Ethernet
Status Shows the current status of the LAN.
Tx Pkts The number of transmitted packets to the LAN.
Rx Pkts The number of received packets from the LAN.
Collision Number of collisions.
WAN
Line Status
Upstream Speed Shows the ADSL line upstream speed.
Downstream Speed Shows the ADSL line downstream speed
CPU Load Specifies the percentage of CPU utilization.
Press Command
1 - Reset Counters Press 1 to reset all the above statistics to 0.
ESC - Exit Press ESC to go back to Menu 24.
Shows the current status of the ADSL line which can be
Wait for Init
Initializing
or
.
Up, Down,
Menu 24.2 System Information and Console Port Speed
is as follows.
System Maintenance 10-3
Page 33
Prestige 642 ADSL Internet Access Router
Menu 24.2 - System Information and Console Port Speed
1. System Information
2. Console Port Speed
Figure 10-3 System Information and Console Port Speed
Press 1 to display the next screen,
LAN
Press ESC or RETURN to Exit:
Menu 24.2.1 - System Maintenance - Information.
Menu 24.2.1 – System Maintenance - Information
Name: Johnny Routing: IP ZyNOS S/W Version: V2.50(AJ.0)b4 | 5/11/2000 ADSL Chipset Vendor: Alcatel, Version 1.6.25 Operational Command: Multi-Mode
Ethernet Address:00:a0:c5:02:34:56 IP Address: 192.168.1.1 IP Mask: 255.255.255.0 DHCP: Server
Figure 10-4 System Maintenance - Information
Table 10-2 Fields in System Maintenance - Information
Field Description
Name Displays the system name of your Prestige. This information can be modified in
Menu 1 - General Setup
.
Routing Refers to the routing protocol used.
ZyNOS S/W Version
ADSL Chipset
Refers to the ZyNOS (ZyXEL Network Operating System) software version. ZyNOS is a registered trademark of ZyXEL Communications Corporation.
Displays the vendor of the ADSL chipset and ADSL modem software version.
Vendor
Operational Command
This refers to the operational protocol the Prestige and the DSLAM (Digital Subscriber Line Access Multiplexer) is using. Please see the section on “Standards” in Part 0 of this manual.
Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your Prestige.
IP Address This is the IP address of the Prestige in dotted decimal notation.
IP Mask This shows the subnet mask of the Prestige.
10-4 System Maintenance
Page 34
Prestige 642 ADSL Internet Access Router
Field Description
DHCP
This field shows the DHCP setting (
None, Relay
or
Server
) of the Prestige.
10.1.1 Console Port Speed
You can change the speed of the console port through
Menu 24.2.2 – Console Port Speed
supports 9600 (default), 19200, 38400, 57600, and 115200 bps for the console port. Use the space bar to select the desired speed in Menu 24.2.2, as shown in the following figure.
Menu 24.2.2 – System Maintenance – Console Port Speed
Console Port Speed: 115200
Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
Figure 10-5 Menu 24.2.2 – System Maintenance – Console Port Speed
. Your Prestige
10.2 Log and Trace
There are two logging facilities in the Prestige. The first is the error logs and trace records that are stored locally. The second is the UNIX syslog facility for message logging.
10.2.1 Viewing Error Log
The first place you should look for clues when something goes wrong is the error log. Follow the procedure below to view the local error/trace log:
Step 1. Step 2.
Enter 24 from the Main Menu to open From Menu 24, enter 3 to open
Menu 24.3 - System Maintenance - Log and Trace
1. View Error Log
2. UNIX Syslog
Menu 24.3 - System Maintenance - Log and Trace
Menu 24 - System Maintenance
.
.
Figure 10-6 Log and Trace
Step 3.
Enter 1 in
Menu 24.3 - System Maintenance - Log and Trace
to display the error log in the
system.
After the Prestige finishes displaying the error log, you will have the option to clear it.
System Maintenance 10-5
Page 35
Prestige 642 ADSL Internet Access Router
Examples of typical error and information messages are presented in the following figure.
45 7203 PINI INFO Channel 11 ok 46 7204 PINI INFO Channel 10 ok 47 7205 PINI INFO Channel 9 ok 48 7206 PINI INFO Channel 8 ok 49 7207 PINI INFO Channel 7 ok 50 7208 PINI INFO Channel 6 ok 51 7209 PINI INFO Channel 5 ok 52 7210 PINI INFO Channel 4 ok 53 7211 PINI INFO Channel 3 ok 54 7212 PINI INFO Channel 2 ok 55 7213 PINI INFO Channel 1 ok Clear Error Log (y/n):
Figure 10-7 Examples of Error and Information Messages
10.2.2 Syslog And Accounting
The Prestige uses the UNIX syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in
and Accounting
, as shown next.
Menu 24.3.2 -- System Maintenance - UNIX Syslog and Accounting
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
UNIX Syslog: Active= No Syslog IP Address= ? Log Facility= Local 1
Types: CDR= No Packet triggered= No Filter log= No PPP log= No
Menu 24.3.2 - System Maintenance - Syslog
Figure 10-8 Menu 24.3.2 - System Maintenance - Syslog and Accounting
You need to configure the UNIX syslog parameters described in the following table to activate syslog then choose what you want to log.
10-6 System Maintenance
Page 36
Prestige 642 ADSL Internet Access Router
Table 10-3 System Maintenance Menu Syslog Parameters
Parameter Description
UNIX Syslog:
Active Use the space bar to turn on or off syslog.
Syslog IP Address Enter the IP Address of the server that will log the CDR (Call Detail Record) and
system messages i.e., the syslog server.
Log Facility Use the space bar to toggle between the 7 different Local options. The log facility
allows you to log the message in different files in the server. Please refer to your UNIX manual for more detail.
Types:
CDR
Call Detail Record (CDR) logs all data phone line activity if set to
Yes.
Packet triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the
Yes.
No.
Filters with the individual filter
Yes.
Yes.
Filter log
PPP log
UNIX syslog server when this field is set to
No filters are logged when this field is set to
Filter
field set to
Yes
are logged when this field is set to
PPP events are logged when this field is set to
Your Prestige sends four types of syslog messages. Some examples of these syslog messages with their message formats are shown next:
1.
CDR
CDR Message Format
SdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String ); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference number which starts from 1 and increments by 1 for each new call str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.)
L02 Tunnel Connected(L2TP) C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call Number)
L02 Call Terminated C02 Call Terminated
Log
Jul 19 11:19:27 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C01 Outgoing Call dev=2 ch=0 40002 Jul 19 11:19:32 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C02 OutCall Connected 64000 40002
System Maintenance 10-7
Page 37
Prestige 642 ADSL Internet Access Router
Jul 19 11:20:06 192.168.102.2 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 1, C02 Call Terminated
2.
Packet triggered
Packet triggered Message Format
sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );
Jul 19 11:28:39 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6 f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd4000002040 5b4 Jul 19 11:29:06 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d1430135004000077600000
3.
Filter log
Filter log Message Format
String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD
IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).
spo: Source port dpo: Destination port
Jul 19 14:43:55 192.168.102.2 ZyXEL Communications Corp.: IP[Src=202.132.154.123 Dst=255.255.255.255 UDP spo=0208 dpo=0208]}S03>R01mF Jul 19 14:44:00 192.168.102.2 ZyXEL Communications Corp.: IP[Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]}S03>R01mF Jul 19 14:44:04 192.168.102.2 ZyXEL Communications Corp.: IP[Src=192.168.102.20 Dst=202.132.154.1 UDP spo=05d4 dpo=0035]}S03>R01mF
String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will send forty-eight Hex characters to the server
SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );
Src: Source Address Dst: Destination Address prot: Protocol (“TCP”,”UDP”,”ICMP”)
4.
PPP log
PPP Log Message Format
sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String ); String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP / IPXCP
Jul 19 11:42:44 192.168.102.2 ZyXEL Communications Corp.: ppp:LCP Closing Jul 19 11:42:49 192.168.102.2 ZyXEL Communications Corp.: ppp:IPCP Closing
Jul 19 11:42:54 192.168.102.2 ZyXEL Communications Corp.: ppp:CCP Closing
10-8 System Maintenance
Page 38
Prestige 642 ADSL Internet Access Router
10.3 Diagnostic
The diagnostic facility allows you to test the different aspects of your Prestige to determine if it is working properly. Menu 24.4 allows you to choose among various types of diagnostic tests to evaluate your system, as shown.
Menu 24.4 - System Maintenance - Diagnostic
WAN
1. Reset ADSL
TCP/IP
12. Ping Host
Enter Menu Selection Number:
Host IP Address= N/A
Figure 10-9 Menu 24.4 - System Maintenance - Diagnostic
Follow the procedure below to get to Diagnostic
Step 1. Step 2.
From the Main Menu, enter 24 to open From this menu, enter 4 to open
Menu 24.4 - System Maintenance - Diagnostic
The following table describes the diagnostic tests available in Menu 24.4 for your Prestige and the connections.
System
21. Reboot System
22. Command Mode
Menu 24 - System Maintenance
.
.
Table 10-4 System Maintenance Menu Diagnostic
Field Description
Reset ADSL This command re-initializes the ADSL link to the telephone company.
Ping Host This diagnostic test pings the host, which determines the functionality of the
TCP/IP protocol on both systems and the links in between.
Reboot System This option reboots the Prestige.
Command Mode This option allows you to enter the command mode. This mode allows you to
diagnose and test your Prestige using a specified set of commands.
10.4 Transferring Files - Filename conventions
The configuration file (often called the romfile or romfile-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup etc. It arrives from ZyXEL with a name of
System Maintenance 10-9
Page 39
Prestige 642 ADSL Internet Access Router
P642.ROM or similar. Once you have customized the Prestige's setting, they can be saved back to PC/workstation under a filename of your choosing. Choose something meaningful, e.g. “MyP642.cfg”. The ZyNOS firmware file (sometimes referred to as the ras file) is the file that contains the ZyXEL Network Operating System firmware and usually is the router model name with a *.bin extension, e.g., P642.bin. With serial (xmodem) transfer, the filenames on the PC are your choice. With many ftp and tftp clients, they are as well as seen next.
ftp>
put P642.bin ras
This is a sample ftp session showing the transfer of the PC file "P642.bin" to the Prestige.
ftp>
get rom-0 MyP642.cfg
This is a sample ftp session saving the current configuration to the PC file MyP642.cfg.
If your [t]ftp client does not allow you to have a destination filename different from the source, you will need to rename them as the Prestige only recognizes "rom-0" and "ras". Be sure you keep unaltered copies of both files for later use. The following table is a summary. Please note that the internal filename refers to the filename on the Prestige and the external filename refers to the filename not on the Prestige, i.e., on your workstation, local network or ftp site and so the name (but not the extension) will vary. The AT command is the command you enter after you press “Y” when prompted in the SMT menu to go into debug mode.
Table 10-5 Filename Conventions
File Type Internal
Configuration File
Firmware
Rom-0 *.rom This is the router configuration filename
Ras *.bin This is the generic name for the ZyNOS
Name
External
Name
Description AT
Command
ATLC on the Prestige. Uploading the rom-0 file replaces the entire ROM file system, including your Prestige configurations, system-related data (including the baud rate and default password), the error log and the trace log.
ATUR firmware on the Prestige.
10.4.1 Firmware Development
It is important to upgrade your firmware regularly, especially if there are problems. If you discover an unexpected behavior, or bug, see if your problem is mentioned in the release notes. Load it according to instructions (e.g., see if the default configuration file is needed also). If the problem still exists, e-mail or call tech support.
10-10 System Maintenance
Page 40
Prestige 642 ADSL Internet Access Router
10.5 Backup Configuration
Option 5 in
Menu 24 - System Maintenance
your workstation. Backup is highly recommended once your Prestige is functioning properly. You must perform the backup and restore through the console port. Any serial communications program should work fine; however, you must use XMODEM protocol to perform the download/upload.
Step 1.
Go to Menu 24.5 (shown next).
Ready to backup Configuration via Xmodem. Do you want to continue (y/n):
Figure 10-10 Backup Configuration
allows you to backup the current Prestige configuration to
Step 2.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
Step 3.
Click “Transfer”, then “Receive File” to display the following screen.
Enter where you want to place the rom configuration file on your computer.
Choose the X-Modem Protocol.
Figure 10-11 HyperTerminal Screen
Step 4.
Enter where you want to place the rom configuration file on your computer, give it a suitable name, e.g., p642.rom and make sure you choose the X-Modem Protocol. Then press “Receive”.
Step 5.
After a successful backup you will see the following screen. Press any key to return to the SMT menu.
** Backup Configuration completed. OK. ### Hit any key to continue.###
Figure 10-12 Successful Backup
Please note that terms “download” and “upload” are relative to the workstation. Download means to transfer from the Prestige to the workstation, while upload means from your workstation to the Prestige.
System Maintenance 10-11
Page 41
Prestige 642 ADSL Internet Access Router
10.6 Restore Configuration
Selecting option 6 from
Menu 24 - System Maintenance
workstation to the Prestige. Again, you must use the console port and XMODEM protocol to restore the configuration.
Step 1.
Go to Menu 24.6 (shown next).
Ready to restore Configuration via Xmodem. Do you want to continue (y/n):
Figure 10-13 Restore Configuration
to restore the configuration from your
Step 2.
Step 3.
Step 4.
Step 5.
Press “Y” to indicate that you want to continue. The following procedure is for the HyperTerminal program. The procedure for other serial communications programs should be similar.
Click “Transfer”, then “Send File” to display the following screen.
Enter where the rom configuration file is on your computer.
Choose the X-Modem Protocol.
Figure 10-14 HyperTerminal Screen
Enter where the rom configuration file is on your computer, and make sure you choose the X­Modem Protocol. Then press “Send”.
After a successful restoration you will see the following screen. Press any key to return to reboot the system.
Save to ROM Hit any key to start system reboot.
Figure 10-15 Successful Backup
Keep in mind that the configuration is stored in the flash ROM in the Prestige, so even if power failure should occur, your configuration is safe.
10-12 System Maintenance
Page 42
Prestige 642 ADSL Internet Access Router
10.7 Upload Firmware
Menu 24.7 -- System Maintenance - Upload Firmware
configuration file via the console port. Note that this function erases the old data before installing the new one; please do not attempt to update unless you have the new firmware at hand. There are 2 components in the system: the router firmware and the configuration file, as shown next.
Menu 24.7 -- System Maintenance - Upload Firmware
1. Upload Router Firmware
2. Upload Router Configuration File
Enter Menu Selection Number:
Figure 10-16 Menu 24.7 - System Maintenance - Upload Firmware
10.7.1 Upload Router Firmware
The firmware is the program that controls the functions of the Prestige. Menu 24.7.1 shows you the instructions for uploading the firmware. If you answer yes to the prompt, the Prestige will go into debug mode. Follow the procedure below to upload the firmware:
Step 1. Step 2.
Step 3.
Enter “ Wait for the “
” after the “
atur
Enter Debug Mode
Starting XMODEM upload
your terminal. After successful firmware upload, enter “
allows you to upgrade the firmware and the
” message.
” message before activating Xmodem upload on
” to restart the Prestige.
atgo
Menu 24.7.1 -- System Maintenance - Upload Router Firmware
To upload router firmware:
1. Enter "y" at the prompt below to go into debug mode.
2. Enter "atur" after "Enter Debug Mode" message.
3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.
4. After successful firmware upload, enter "atgo" to restart the router.
Warning: Proceeding with the upload will erase the current router firmware.
Do You Wish To Proceed:(Y/N)
Figure 10-17 Menu 24.7.1 - Uploading Router Firmware
System Maintenance 10-13
Page 43
Prestige 642 ADSL Internet Access Router
10.7.2 Uploading Router Configuration File
The configuration data, system-related data, the error log and the trace log are all stored in the configuration file. Please be aware that uploading the configuration file replaces everything contained within. Menu 24.7.2 shows you the instructions for uploading the configuration file. If you answer yes to the prompt, the Prestige will go into debug mode. Follow the procedure below to upload the configuration file:
Menu 24.6 replaces the current configuration with your customized configuration you
backed up previously. Menu 24.7.2 shows you the instructions for uploading the Router
Configuration file that replaces the current configuration file with the default
configuration file, i.e., P312.rom. You will lose all configurations that you had before
and the speed of the console port will be reset to the default of 9600 bps with 8 data
communications software to the default before you can connect to the Prestige again.
Step 1. Step 2.
Step 3.
If you replace the current configuration file with the default configuration file, i.e., P642.rom, you will lose all configurations that you had before and the speed of the console port will be reset to the default of 9600 bps with 8 data bit, no parity and 1 stop bit (8n1) . You will need to change your serial communications software to the default before you can connect to the Prestige again. The password will be reset to the default of 1234, also.
To upload router configuration file:
1. Enter "y" at the prompt below to go into debug mode.
2. Enter "atlc" after "Enter Debug Mode" message.
3. Wait for "Starting XMODEM upload" message before activating Xmodem upload on your terminal.
4. After successful firmware upload, enter "atgo" to restart the router.
Warning:
1. Proceeding with the upload will erase the current router configuration file.
2. The router's console port speed (Menu 24.2.2) may change when it is restarted; Please adjust your terminal's speed accordingly. The
bit, no parity and 1 stop bit (8n1). You will need to change your serial
The password will be reset to the default of 1234, also.
Enter “ Wait for the “
” after the “
atlc
Enter Debug Mode
Starting XMODEM upload
” message.
” message before activating Xmodem upload on your terminal. After successful firmware upload, enter “
Menu 24.7.2 - System Maintenance - Upload Router Configuration File
3. When uploading the DEFAULT configuration file, the console port speed
password (menu 23) may change also.
will be reset to 9600 bps and the password to "1234".
Do You Which To Proceed:(Y/N)
” to restart the Prestige.
atgo
Figure 10-18 Menu 24.7.2 - System Maintenance - Upload Router Configuration File
10-14 System Maintenance
Page 44
Prestige 642 ADSL Internet Access Router
10.8 TFTP Transfer
In addition to the direct console port connection, the Prestige supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your workstation must have both telnet and TFTP clients. To transfer the firmware and the configuration file, follow the procedure below:
Use telnet from your workstation to connect to the Prestige and log in. Because TFTP does not have any security checks, the Prestige records the IP address of the telnet client and accepts TFTP requests only from this address.
Step 1.
Step 2.
Step 3.
Step 4.
Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “ other way around, and “
Put the SMT in command interpreter (CI) mode by entering 8 in
Maintenance
Enter command “ interrupted. Enter command “
.
sys stdio 0
” to disable the SMT timeout, so the TFTP transfer will not be
sys stdio 5
” to restore the five-minute SMT timeout
Menu 24 – System
(default) when the file transfer is complete.
Launch the TFTP client on your workstation and connect to the Prestige. Set the transfer mode to binary before starting data transfer.
Use the TFTP client (see the example below) to transfer files between the Prestige and the workstation. The file name for the firmware is “
” and for the configuration file, is “
ras
rom-0
(rom-zero, not capital o).
Note: If you upload the firmware to the Prestige, it will reboot automatically when the
file transfer is completed (the SYS LED will flash).
” to transfer from the Prestige to the workstation, “
get
binary
” to set binary transfer mode.
put
” the
10.8.1 Example TFTP Command
The following is an example tftp command:
TFTP [-i] host put p312.bin ras
where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the Prestige IP address, “put” transfers the file source on the workstation (p312.bin – name of the firmware on the workstation) to the file destination on the remote host (ras - name of the firmware on the Prestige). The following table describes some of the fields that you may see in third party TFTP clients.
Table 10-6 Third Party TFTP Clients –General fields
Host
System Maintenance 10-15
Enter the IP address of the Prestige. 192.168.1.1 is the Prestige default IP address when shipped.
Page 45
Prestige 642 ADSL Internet Access Router
Send/Fetch
Local File
Remote File
Binary
Abort
Press “Send” to upload the file to the Prestige and “Fetch” to back up the file on your computer.
Enter the path and name of the firmware file (*.bin extension) or configuration file (*.rom extension) on your computer.
This is the filename on the Prestige. The filename for the firmware is “
Transfer the file in binary mode.
Stop transfer of the file.
” and for the configuration file, is “
ras
rom-0
”.
TFTP over WAN will not work if:
1. You have applied a filter in Menu 3.1 (LAN) or in Menu 11.5 (WAN) to block Telnet service.
2. You have an SMT console session running.
10.9 FTP File Transfer
In addition to uploading the firmware and configuration via the console port and TFTP client, you can also upload the Prestige firmware and configuration files using FTP. To use this feature, your workstation must have an FTP client. When you telnet into the Prestige, you will see the following screens for uploading firmware and the configuration file using FTP.
10-16 System Maintenance
Page 46
Prestige 642 ADSL Internet Access Router
Menu 24.7.1 - System Maintenance - Upload Router Firmware
To upload the router firmware, follow the procedure below:
1. Launch the FTP client on your workstation.
2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
3. Type "put firmwarefilename ras" where "firmwarefilename" is the name of your firmware upgrade file on your workstation and "ras" is the remote file name on the router.
4. The system reboots automatically after a successful firmware upload.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain on this menu to upload router firmware using TFTP), please see your router manual.
Press ENTER to Exit:
Figure 10-19 Telnet into Menu 24.7.1
You see the following screen when you telnet into Menu 24.7.2.
Menu 24.7.2 - System Maintenance - Upload Router Configuration File
To upload the router configuration file, follow the procedure below:
1. Launch the FTP client on your workstation.
2. Type "open" and the IP address of your router. Then type "root" and SMT password as requested.
3. Type "put configurationfilename rom-0" where "configurationfilename" is the name of your router configuration file on your workstation, which will be transferred to the "rom-0" file on the router.
4. The system reboots automatically after the upload router configuration file process is complete.
For details on FTP commands, please consult the documentation of your FTP client program. For details on uploading router firmware using TFTP (note that you must remain on this menu to upload router firmware using TFTP), please see your router manual.
Press ENTER to Exit:
Figure 10-20 Telnet into Menu 24.7.2 - System Maintenance
To transfer the firmware and the configuration file, follow these examples:
10.9.1 Using the FTP command from the DOS Prompt
Step 1.
System Maintenance 10-17
Launch the FTP client on your workstation.
Page 47
Prestige 642 ADSL Internet Access Router
Step 2. Step 3. Step 4. Step 5.
Step 6.
Type
and the IP address of your Prestige.
open
You may press the [ENTER] when prompted for a username. Type Type
and your SMT password as requested. The default is 1234.
root
to set transfer mode to binary.
bin
Use “put” to transfer files from the workstation to the Prestige, e.g.,
put p642.bin ras
transfers the firmware on your computer (p642.bin) to the Prestige and renames it “ras”. Similarly
put p642.rom rom-0
(p642.rom) to the Prestige and renames it “rom-0”. See
transfers the configuration file on your computer
section 10.4
for more information on
filename conventions.
Step 7.
Type
Connected to 312.x.x.x 220 P312 FTP version 1.0 ready at Thu Jan 20 18:00:02 2000 User (312.x.x.x:(none)): <Enter> 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put p312e.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 327680 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit
to exit the ftp prompt.
quit
Figure 10-21 FTP Session Example
The system reboots after a successful upload.
The following table describes some of the fields that you may see in third party FTP clients.
Table 10-7 Third Party FTP Clients –General fields
Host Address
Login Type
Transfer Type
Enter the address of the host server.
Anonymous.
This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option.
Normal.
The server requires a unique User ID and Password to login.
Transfer files in either ASCII (plain text format) or in binary
10-18 System Maintenance
Page 48
Prestige 642 ADSL Internet Access Router
mode.
Initial Remote Directory.
Initial Local Directory.
Specify the default remote directory (path).
Specify the default local directory (path).
10.10 Command Interpreter Mode
This option allows you to enter the command interpreter mode. A list of valid commands can be found by typing [help] at the command prompt. For more detailed information, check the ZyXEL Web site or send e­mail to the ZyXEL Support Group.
Enter Menu Selection Number: 8
Copyright (c) 1994 - 1999 ZyXEL Communications Corp. ras> ? Valid commands are: sys exit device ether wan ip ppp bridge ipx hdap
Figure 10-22 Command mode
10.11 Boot module commands
Prestige boot module commands with accompanying explanations are shown in the following table. For ATBAx, x denotes the number preceding the colon to give the console port speed following the colon in the list of numbers that follows; e.g. ATBA3 will give a console port speed of 9.6 Kbps. ATSE displays the seed that is used to generate a password to turn on the debug flag in the firmware. The ATSH command shows product related information such as boot module version, vendor name, product model, RAS code revision, etc.
System Maintenance 10-19
Page 49
Prestige 642 ADSL Internet Access Router
======= Debug Command Listing ======= AT just answer OK ATHE print help ATBAx change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debug Flag (y=password) ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA(w,y,m,d) change system date to week year/month/day or show current date ATDS dump RAS stack ATDT dump Boot Module Common Area ATDUx,y dump memory contents from address x for length y ATRBx display the 8-bit value of address x ATRWx display the 16-bit value of address x ATRLx display the 32-bit value of address x ATGO(x) run program at addr x or boot ZyNOS ATGR boot ZyNOS ATGT run Hardware Test Program ATRTw,x,y(,z) RAM test level w, from address x to y (z iterations) ATSH dump manufacturer related data in ROM ATDOx,y download from address x for length y to PC via XMODEM ATUR upload RAS code to flash ROM ATLC upload RAS configuration file
Figure 10-23 Boot module commands
10-20 System Maintenance
Page 50
Prestige 642 ADSL Internet Access Router
Chapter 11
IP Policy Routing
11.1 Introduction
Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.
11.1.1 Benefits
Source-Based Routing – Network administrators can use policy-based routing to direct traffic from
different users through different connections. Quality of Service (QoS) – Organizations can differentiate traffic by setting the precedence or TOS
(Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic. Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost
paths while using low-cost paths for batch traffic. Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
11.1.2 Routing Policy
A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP, etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets. The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header.
IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set.
11.1.3 IP Policy Routing Setup
Menu 25 shows all the policies defined
IP Policy Routing 11-1
Page 51
Prestige 642 ADSL Internet Access Router
Menu 25 - IP Routing Policy Setup
Policy Policy Set # Name Set # Name
------ ----------------- ------ ----------------­ 1 test 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 _______________ 5 _______________ 11 _______________ 6 _______________ 12 _______________
Enter Policy Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 11-1 IP Routing Policy Setup
To setup a routing policy, follow the procedures below:
Step 1. Step 2.
Enter 25 in the Main Menu to open
Menu 25 – IP Policy Routing Setup.
Enter the index of the policy set you wish to configure to open
Summary
.
Menu 25.1 - IP Policy Routing
Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet, and the latter is the action. Between these two parts, separator ‘|’ means the action is taken on criteria matched and separator ‘=’ means the action is taken on criteria not matched.
11-2 IP Policy Routing
Page 52
Prestige 642 ADSL Internet Access Router
Menu 25.1 - IP Routing Policy Summary
# A Criteria/Action
- - -------------------------------------------------------------------------­ 1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5 SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0 2 N __________________________________________________________________________ __________________________________________________________________________ 3 N __________________________________________________________________________ __________________________________________________________________________ 4 N __________________________________________________________________________ __________________________________________________________________________ 5 N __________________________________________________________________________ __________________________________________________________________________ 6 N __________________________________________________________________________ __________________________________________________________________________
Enter Policy Rule Number (1-6) to Configure:
Figure 11-2 Menu 25 - IP Routing Policy Summary
Table 11-1 IP Routing Policy Summary
Abbreviation Meaning
Criteria
SA Source IP address
SP Source port
DA Destination IP address
DP Destination port
P IP layer 4 protocol number(TCP=6,UDP=17…)
T Type Of Service of Incoming packet
PR Precedence of incoming packet
Action
GW Gateway IP address
T Outgoing Type of Service
P Outgoing Precedence
Type Of Service
NM Normal
mD Minimum Delay
IP Policy Routing 11-3
Page 53
Prestige 642 ADSL Internet Access Router
MT Maximum Throughput
MR Maximum Reliability
MC Minimum Cost
Enter a number from 1 to 6 to display
Menu 25.1.1 – IP Routing Policy
allows you to configure a policy rule.
Menu 25.1.1 - IP Routing Policy
Policy Set Name= test Active= Yes Criteria: IP Protocol = 6 Type of Service= Normal Packet length= 40 Precedence = 0 Len Comp= Source: addr start= 1.1.1.1 end= 1.1.1.1 port start= 20 end= 20 Destination: addr start= 2.2.2.2 end= 2.2.2.2 port start= 20 end= 20 Action= Matched Gateway addr = 192.168.1.1 Log= No Type of Service= Max Thruput Precedence = 0
Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle.
Figure 11-3 IP Routing Policy
(see the next figure). This menu
Table 11-2 IP Routing Policy
Field Description
Policy Set Name This is the name of the policy set assigned in Menu 25 - IP Routing Policy
Setup.
Active Press the [SPACEBAR] to select [Yes] to activate the policy.
Criteria
IP Protocol IP layer 4 protocol, e.g., UDP, TCP, ICMP, etc.
Type of Service Prioritize incoming network traffic by choosing from [Don’t Care] / [Normal] /
[Min Delay] / [Max Thruput] / [Max Reliability].
Packet Length Enter the length of incoming packets (in bytes). The operators in the [Len
Comp] (next) apply to packets of this length.
Len Comp Press the [SPACEBAR] to choose from [Equal] / [Not Equal] / [Less] / [Greater]
/ [Less or Equal] / Greater or Equal].
Precedence Precedence value of the incoming packet. Values range from [0] to [7] or [Don’t
11-4 IP Policy Routing
Page 54
Prestige 642 ADSL Internet Access Router
Care].
Source:
addr start= / end=
port start= / end=
Destination:
addr start= / end=
port start= / end=
Action= Specifies whether action should be taken on criteria [Matched] or [Not
Gateway addr Defines the outgoing gateway address. The gateway must be on the same
Log Press the [SPACEBAR] to select [Yes] to make an entry in the system log when
Type of Service Set the new TOS value of the outgoing packet. Choose from Prioritize incoming
Precedence Set the new precedence value of the outgoing packet. Values range from [0] to
Source IP address range from start to end.
Source port number range from start to end; applicable only for TCP/UDP.
Destination IP address range from start to end.
Destination port number range from start to end; applicable only for TCP/UDP.
Matched].
subnet as the Prestige if it’s on the LAN, otherwise, the gateway must be the IP address of a remote node. The default gateway is specified as 0.0.0.0.
a policy is executed.
network traffic by choosing from [No Change] / [Normal] / [Min Delay] / [Max Thruput] / [Max Reliability].
[7] or [No Change].
11.2 Applying an IP Policy
This section shows you where to apply the IP Policies after you design them.
11.2.1 Ethernet IP Policies
From Menu 3 - Ethernet Setup, enter 2 to go to Menu 3.2 -General Ethernet Setup. You can choose up to four IP Policy sets (from twelve) by entering their numbers separated by commas, e.g., 2, 4, 7, 9.
IP Policy Routing 11-5
Page 55
Prestige 642 ADSL Internet Access Router
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= None Client IP Pool Starting Address= N/A Size of Client IP Pool= N/A Primary DNS Server= N/A Secondary DNS Server= N/A
TCP/IP Setup:
IP Address= 192.68.1.1 IP Subnet Mask= 255.255.255.0 RIP Direction= Both Version= RIP-2B Multicast = IGMP-v2 IP Policies= 2,4,7,9 Edit IP Alias= No
Press Space Bar to Toggle.
Enter here to CONFIRM or ESC to CANCEL:
Enter your IP Policy sets here.
Figure 11-4 Menu 3.2 - General Ethernet Setup
11.2.2 Remote Node IP Routing Policies
Go to Menu 11.3 (shown next) and enter the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by entering their numbers separated by commas.
Menu 11.3 - Remote Node Network Layer Options
VPI/VCI LLC-mux or PPP/PPPoE Encap : VPI #= 1 VCI #= 1 IP Options : Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 Single User Account= No Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= None IP Policies= 1,3,5,10
IPX Options :
Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1
Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A
Dial-On-Query= N/A
Bridge Options: Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)=
Enter your IP Policy sets here.
Enter here to CONFIRM or ESC to CANCEL:
Figure 11-5 Menu 11.3 - Remote Node Network Layer Options
11-6 IP Policy Routing
Page 56
Prestige 642 ADSL Internet Access Router
Chapter 12
Troubleshooting
This chapter covers the potential problems you may run into and the possible remedies. After
each problem description, some instructions are provided to help you to diagnose and to solve the
problem.
12.1 Problems Starting Up the Prestige
Table 12-1 Troubleshooting the Start-Up of your Prestige
Problem Corrective Action
None of the LEDs are on when you power on the Prestige
Cannot access the Prestige via the console port.
Check the connection between the AC adapter and the Prestige.
If the error persists, you may have a hardware problem. In this case you should contact technical support.
1.Check to see if the Prestige is connected to your computer’s serial port.
2. Check to see if the communications program is configured correctly. The communications software should be configured as follows:
VT100 terminal emulation
9600 bps
No parity, 8 Data bits, 1 Stop bit.
Troubleshooting 12-1
Page 57
Prestige 642 ADSL Internet Access Router
12.2 Problems With the WAN Interface
Table 12-2 Troubleshooting the ADSL connection
Problem Corrective Action
Initialization of the PVC connection failed.
Ensure that the cable is connected properly from the ADSL port to the wall jack. The ADSL LED on the front panel of the Prestige should be on. Check that your VPI, VCI, type of encapsulation and type of multiplexing settings are the sama as what you collected from your telephone company and ISP. Reboot the Prestige. If you still have problems, you may need to verify these variables with the telephone company and/or ISP.
12.3 Problems with the LAN Interface
Table 12-3 Troubleshooting the LAN Interface
Problem Corrective Action
Can’t ping any station on the LAN
Check the Ethernet LEDs on the front panel. The LED should be on for a port that has a station connected. If it is off, check the cables between your Prestige and the station.
Verify that the IP address and the subnet mask are consistent between the Prestige and the workstations.
12.4 Problems Connecting to a Remote Node or ISP
Table 12-4 Troubleshooting a Connection to a Remote Node or ISP
Problem Corrective Action
Can’t connect to a remote node or ISP
Check Menu 24.1 to verify the line status. If it indicates [down], then refer to the section on the line problems.
In Menu 11.1, verify your login name and password for the remote node.
12-2 Troubleshooting
Page 58
10BaseT
ADSL
ARP
Backbone Bandwidth Bit
Byte CDR CHAP
Client
crossover Ethernet cable CSU/DSU
DCE
DHCP
DNS
Prestige 642 ADSL Internet Access Router
Glossary
The 10-Mbps baseband Ethernet specification that uses two pairs of twisted-pair cabling (Category 3 or 5): one pair for transmitting data and the other for receiving data. Asymmetrical Digital Subscriber Line is an asymmetrical technology, meaning that the downstream data rate is much higher than the upstream data rate. ADSL operates in a frequency range that is above the frequency range of voice services, so the two systems can operate over the same cable. Address Resolution Protocol is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. A high-speed line or series of connections that forms a major pathway within a network. This is the capacity on a link usually measured in bits-per-second (bps) (Binary Digit) -- A single digit number in base-2, in other words, either a 1 or a zero. The smallest unit of computerized data. A set of bits that represent a single character. There are 8 bits in a Byte. Call Detail Record. This is a name used by telephone companies for call related information. Challenge Handshake Authentication Protocol is an alternative protocol that avoids sending passwords over the wire by using a challenge/response technique A software program that is used to contact and obtain data from a Server software program on another computer. Each Client program is designed to work with one or more specific kinds of Server programs, and each Server requires a specific kind of Client. A Web Browser is a specific kind of Client A cable that wires a pin to its opposite pin, for example, RX+ is wired to TX+. This cable connects two similar devices, for example, two data terminal equipment (DTE) or data communications equipment (DCE) devices. Channel Service Unit/Data Service Unit. CSUs (channel service units) and DSUs (data service units) are actually two separate devices, but they are used in conjunction and often combined into the same box. The devices are part of the hardware you need to connect computer equipment to digital transmission lines). The Channel Service Unit device connects with the digital communication line and provides a termination for the digital signal. The Data Service Unit device, sometimes called a digital service unit, is the hardware component you need to transmit digital data over the hardware channel. The device converts signals from bridges, routers, and multiplexors into the bipolar digital signals used by the digital lines. Multiplexors mix voice signals and data on the same line. Data Communications Equipment is typically a modem or other type of communication device. The DCE sits between the DTE (data terminal equipment) and a transmission circuit such as a phone line. Dynamic Host Configuration Protocol automatically assigns IP addresses to clients when they log on. DHCP centralizes IP address management on central computers that run the DHCP server program. DHCP leases addresses for a period of time which means that addresses are made available to assign to other systems. Domain Name System links names to IP addresses. When you access Web sites on the Internet, you can type the IP address of the site or the DNS name. When you type a domain name in a Web browser, a query is sent to the primary DNS server defined in your Web browser’s configuration dialog box. The DNS server converts the name you specified to an IP address and returns this address to your system. From then on, the IP address is used in all
Glossary
A
Page 59
Prestige 642 ADSL Internet Access Router
subsequent communications.
Domain Name
DRAM DSL
DSLAM
DTE
EMI
Ethernet
FAQ
FCC
Flash memory Gateway
Host
IANA
ICMP
internet
The unique name that identifies an Internet site. Domain Names always have 2 or more parts, separated by dots. The part on the left is the most specific, and the part on the right is the most general. Dynamic RAM that stores information in capacitors that must be refreshed periodically. Digital Subscriber Line technologies enhances the data capacity of the existing twisted-pair wire that runs between the local telephone company switching offices and most homes and offices. There are actually seven types of DSL service, ranging in speeds from 16 Kbits/sec to 52 Mbits/sec. The services are either symmetrical (traffic flows at the same speed in both directions), or asymmetrical (the downstream capacity is higher than the upstream capacity). DSL connections are point-to-point dedicated circuits, meaning that they are always connected. There is no dial-up. There is also no switching, which means that the line is a direct connection into the carrier’s frame relay, ATM (Asynchronous Transfer Mode), or Internet-connect system. A Digital Subscriber Line Access Multiplexer (DSLAM) is a network device, usually at a telephone company central office, that receives signals from multiple customer Digital Subscriber Line connections and puts the signals on a high-speed backbone line using multiplexing techniques. Depending on the product, DSLAM multiplexers connect DSL lines with some combination of asynchronous transfer mode ATM, frame relay, or IP networks. Originally, the DTE (data terminal equipment) was a dumb terminal or printer, but today it is a computer, or a bridge or router that interconnects local area networks. ElectroMagnetic Interference. The interference by electromagnetic signals that can cause reduced data integrity and increased error rates on transmission channels. A very common method of networking computers in a LAN. There are a number of adaptations to the IEEE 802.3 Ethernet standard, including adaptations with data rates of 10 Mbits/sec and 100 Mbits/sec over coaxial cable, twisted-pair cable, and fiber-optic cable. The latest version of Ethernet, Gigabit Ethernet, has a data rate of 1 Gbit/sec. (Frequently Asked Questions) -- FAQs are documents that list and answer the most common questions on a particular subject. The FCC (Federal Communications Commission) is in charge of allocating the electromagnetic spectrum and thus the bandwidth of various communication systems. The nonvolatile storage that can be electrically erased and reprogrammed so that data can be stored, booted, and rewritten as necessary. A gateway is a computer system or other device that acts as a translator between two systems that do not use the same communication protocols, data formatting structures, languages, and/or architecture. Any computer on a network that is a repository for services available to other computers on the network. It is quite common to have one host machine provide several services, such as WWW and USENET. Internet Assigned Number Authority acts as the clearinghouse to assign and coordinate the use of numerous Internet protocol parameters such as Internet addresses, domain names, protocol numbers, and more. The IANA Web site is at http://www.isi.edu/iana. Internet Control Message Protocol is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the TCP/IP software and are not directly apparent to the application user. (Lower case i) Any time you connect 2 or more networks together, you have an internet.
B Glossary
Page 60
Prestige 642 ADSL Internet Access Router
Internet
Intranet
IP
IPCP (PPP) IPX
ISP
LAN
MAC
NAT
Network
NIC
Node PAP
PNC Port
POTS
PPP
(Upper case I) The vast collection of inter-connected networks that all use the TCP/IP protocols and that evolved from the ARPANET of the late 60’s and early 70’s. The Internet now (July 1995) connects roughly 60,000 independent networks into a vast global internet A private network inside a company or organization that uses the same kinds of software that you would find on the public Internet, but that is only for internal use. Internet Protocol he IP (currently IP version 4, or IPv4), is the underlying protocol for routing packets on the Internet and other TCP/IP-based networks. IP Control Protocol allows changes to IP parameters such as the IP address. Internetwork Packet eXchange The native NetWare internetworking protocol is IPX (Internetwork Packet Exchange). Like IP (Internet Protocol), IPX is an internetworking protocol that provides datagram services. Internet Service Providers provide connections into the Internet for home users and businesses. There are local, regional, national, and global ISPs. You can think of local ISPs as the gatekeepers into the Internet. Local Area Network is a shared communication system to which many computers are attached. A LAN, as its name implies, is limited to a local area. This has to do more with the electrical characteristics of the medium than the fact that many early LANs were designed for departments, although the latter accurately describes a LAN as well. LANs have different topologies, the most common being the linear bus and the star configuration. On a local area network (LAN) or other network, the MAC (Media Access Control) address is your computer's unique hardware number. (On an Ethernet LAN, it's the same as your Ethernet address.) The MAC layer frames data for transmission over the network, then passes the frame to the physical layer interface where it is transmitted as a stream of bits. Network Address Translation is the translation of an Internet Protocol address used within one network to a different IP address known within another network. Any time you connect 2 or more computers together so that they can share resources, you have a computer network. Connect 2 or more networks together and you have an internet. Network Interface Card. A board that provides network communication capabilities to and from a computer system. Also called an adapter. Any single computer connected to a network Password Authentication Protocol PAP is a security protocol that requires users to enter a password before accessing a secure system. The user’s name and password are sent over the wire to a server, where they are compared with a database of user account names and passwords. This technique is vulnerable to wiretapping (eavesdropping) because the password can be captured and used by someone to log onto the system. Prestige Network Commander, a Windows-based setup wizard for Prestige routers (not all). An Internet port refers to a number that is part of a URL, appearing after a colon (:) right after the domain name. Every service on an Internet server listens on a particular port number on that server. Most services have standard port numbers, e.g. Web servers normally listen on port 80. Plain Old Telephone Service is the analog telephone service that runs over copper twisted­pair wires and is based on the original Bell telephone system. Twisted-pair wires connect homes and businesses to a neighborhood central office. This is called the local loop. The central office is connected to other central offices and long-distance facilities. Point to Point Protocol. PPP encapsulates and transmits IP (Internet Protocol) datagrams over serial point-to-point links. PPP works with other protocols such as IPX (Internetwork Packet Exchange). The protocol is defined in IETF (Internet Engineering Task Force) RFC
Glossary
C
Page 61
Prestige 642 ADSL Internet Access Router
1661 through 1663. PPP provides router-to-router, host-to-router, and host-to-host connections.
PSTN
PVC
RFC
RIP
SAP
Server
SNMP
STP
Straight through Ethernet cable SUA
TCP
Telnet
Terminal
Terminal Software
Public Switched Telephone Network was put into place many years ago as a voice telephone call-switching system. The system transmits voice calls as analog signals across copper twisted cables from homes and businesses to neighborhood COs (central offices); this is often called the local loop. The PSTN is a circuit-switched system, meaning that an end-to­end private circuit is established between caller and callee. Permanent Virtual Circuit. A PVC is a logical point-to-point circuit between customer sites. PVCs are low-delay circuits because routing decisions do not need to be made along the way. Permanent means that the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or torn down for each session. An RFC (Request for Comments) is an Internet formal document or standard that is the result of committee drafting and subsequent review by interested parties. Some RFCs are informational in nature. Of those that are intended to become Internet standards, the final version of the RFC becomes the standard and no further comments or changes are permitted. Change can occur, however, through subsequent RFCs. Routing Information Protocol is an interior or intra-domain routing protocol that uses the distance-vector routing algorithms. RIP is used on the Internet and is common in the NetWare environment as a method for exchanging routing information between routers. In NetWare, the SAP (Service Advertising Protocol) broadcasts information about available services on the network that other network devices can listen to. A server sends out SAP messages every 60 seconds. A server also sends out SAP messages to inform other devices that it is closing down. Workstations use SAP to find services they need on the network. A computer, or a software package, that provides a specific kind of service to client software running on other computers. System Network Management Protocol is a popular management protocol defined by the Internet community for TCP/IP networks. It is a communication protocol for collecting information from devices on the network. Twisted-pair cable consists of copper-core wires surrounded by an insulator. Two wires are twisted together to form a pair, and the pair form a balanced circuit. The twisting prevents interference problems. STP (shielded twisted-pair) provides protection against external crosstalk. A cable that wires a pin to its equivalent pin. This cable connects two dissimilar devices, for example, a data terminal equipment (DTE) and a data communications equipment (DCE) device. A straight through Ethernet cable is the most common cable used.
Single User Account – The Prestige's SUA (Single User Account) feature allows multiple user Internet access for the cost of a single ISP account - see also NAT. Transmission Control Protocol handles flow control and packet recovery and IP providing basic addressing and packet-forwarding services. Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. A device that allows you to send commands to a computer somewhere else. At a minimum, this usually means a keyboard and a display screen and some simple circuitry. Software that pretends to be (emulates) a physical terminal and allows you to type commands to a computer somewhere else.
D Glossary
Page 62
Prestige 642 ADSL Internet Access Router
TFTP
UDP
URL
VCI
VPI WAN
WWW
Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP (File Transfer Protocol), but it is scaled back in functionality so that it requires fewer resources to run. TFTP uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). UDP is a connectionless transport service that dispenses with the reliability services provided by TCP. UDP gives applications a direct interface with IP and the ability to address a particular application process running on a host via a port number without setting up a connection session. (Uniform Resource Locator) URL is an object on the Internet or an intranet that resides on a host system. Objects include directories and an assortment of file types, including text files, graphics, video, and audio. A URL is the address of an object that is normally typed in the Address field of a Web browser. The URL is basically a pointer to the location of an object. Virtual Channel Identifier Identifies virtual channels between users or between users and networks. Virtual Path Identifier Identifies virtual paths between users or between users and networks. Wide Area Network s link geographically dispersed offices in other cities or around the globe. Just about any long-distance communication medium can serve as a WAN link, including switched and permanent telephone circuits, terrestrial radio systems, and satellite systems. (World Wide Web) -- Frequently used (incorrectly) when referring to "The Internet", WWW has two major meanings - First, loosely used: the whole constellation of resources that can be accessed using Gopher, FTP, HTTP, telnet, USENET, WAIS and some other tools. Second, the universe of hypertext servers (HTTP servers).
Glossary
E
Page 63
Page 64
Prestige 642 ADSL Internet Access Router
Appendix A
PPPoE in Action
An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) which connects to a xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
Benefits of PPPoE
PPPoE offers the following benefits:
1. It provides you with a familiar dial-up networking (DUN) user interface.
2. It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users. For GSTN (PSTN & ISDN), the switching fabric is already in place.
3. It allows the ISP to use the existing dial-up model to authenticate and (optionally) to provide differentiated services.
Traditional Dial-up Scenario
The following diagram depicts a typical hardware configuration where the PCs use traditional dial-up networking.
Diagram 1 Single-PC per Modem Hardware Configuration
How PPPoE Works
The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP, the AC is
Appendix A G
Page 65
Prestige 642 ADSL Internet Access Router
acting as a L2TP (Layer 2 Tunneling Protocol) LAC (L2TP Access Concentrator) and tunnels the PPP frames to the ISP. The L2TP tunnel is capable of carrying multiple PPP sessions. With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP.
Prestige as a PPPoE Client
When using the Prestige as a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
Diagram 2 Prestige as a PPPoE Client
H Appendix A
Page 66
Prestige 642 ADSL Internet Access Router
Appendix B
VPI & VCI
ATM is a connection-oriented technology, meaning that it sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows:
z VC (virtual channel) z VP (virtual path)
Think of a VP as a cable that contains a bundle of wires. The cable connects two points, and wires within the cable provide individual circuits between the two points. In an ATM cell header, a Identifier) identifies a link formed by a virtual path and a channel within a virtual path. The switches as shown. Your telephone company should supply you with these numbers.
Logical connections between end stations
A bundle of VCs
(Virtual Channel Identifier) identifies a
VCI
VPI
and
are identified and correspond to termination points at ATM
VCI
(Virtual Path
VPI
Diagram 3 VPI's & VCI's.
Appendix B I
Page 67
Page 68
A
always on...........................................................xix
AT command ................................................10-10
ATBAx........................................................... 10-19
...........................................................
atgo
Authentication ............................................4-3, 4-4
10-14
B
Bridge ................................................See Bridging
Bridging..................................... 2-10, 4-4, 7-1, 7-3
Ethernet Setup ...................................................... 7-1
Handle IPX
Remote Node........................................................ 7-3
Static Route .......................................................... 7-4
..........................................................
7-2
C
CDR ................................................................ 10-7
CHAP................................................................ 4-4
collaborative computing ..................................... xix
Connecting the Prestige....................................2-2
Connections
Additional Requirements...................................... 2-2
ADSL Line........................................................... 2-2
Console Port ......................................................... 2-2
LAN Port.............................................................. 2-2
Power Adapter...................................................... 2-2
Rear Panel ............................................................2-1
Copyright ............................................................. ii
Customer Support................................................ v
D
Diagnostic Tools ....................................10-1, 10-9
Backup..............................................................10-11
Boot Module Commands..................................10-19
Command Interpreter Mode ............................. 10-19
Firmware Update.............................................. 10-13
Upload Router Configuration....................... 10-14
P312 Broadband Access Security Gateway
Index
Upload Router Firmware ............................. 10-13
Reset ADSL ....................................................... 10-9
Restore .............................................................10-12
Digital Subscriber Line Access Multiplexer....... 1-3
distance learning ...............................................xix
DNS.................................................................. 3-6
Domain Name System...................................... 3-3
DSL (Digital Subscriber Line) .......................... xviii
DSLAMSee Digital Subscriber Line Access
Multiplexer
Dynamic Host Configuration Protocol........ 1-2, 3-3
E
Encapsulation........... 1-2, 3-8, 3-10, 3-11, 4-3, 4-5
ENET ENCAP .....................................................3-8
PPP....................................................................... 3-9
PPP over Ethernet ........................................... 3-8, G
RFC 1483............................................................. 3-9
End User............................................................ xix
Ethernet............................................................ 2-9
F
FAQ ................................................................... xvi
FCC Rules ........................................................... iii
Filename Conventions.................................... 10-9
Filter ................................................................. 2-9
About.................................................................... 8-1
Applying............................................................. 8-20
Configuring.......................................................... 8-4
Example ............................................................. 8-17
Filter log
Generic Filter Rule............................................. 8-13
IPX
IPX Rule............................................................. 8-14
Remote Node........................................................ 4-6
Structure............................................................... 8-2
SUA.................................................................... 8-19
Filter log.......................................................... 10-8
Filters
Executing a Filter Rule......................................... 8-2
............................................................
Packet Types.................................................. 8-16
10-7
Index K
Page 69
P312 Broadband Access Security Gateway
Logic Flow of an IP Filter...................................8-11
Frame Relay..................................................... 1-3
Frame Types .............................................6-1, 6-4
FTP File Transfer.......................................... 10-16
Full Rate .....................................................xxi, 2-3
G
G.Lite................................................................. xxi
Gateway .............................................5-7, 6-9, 7-5
General Setup .................................................. 2-8
H
Hop Count .................................................6-7, 6-9
I
IANA ................................................................. 3-2
Initialization....................................................... 2-4
Interactive Applications................................... 11-1
3-1
3-1
,
11-5
Internet access ...............................................
Internet Accessxvi, 1-1, 1-3, 1-4, 2-7, 2-10,
3-9, 3-10, 3-11, 3-12, 3-13, 5-5
Internet Assigned Numbers Authority .....See IANA
IP Address............................3-7, 4-4, 5-4, 5-7, 7-5
IP Address Assignment .................................... 3-9
ENET ENCAP......................................................3-9
PPP or PPPoE .......................................................3-9
RFC 1483..............................................................3-9
IP Multicast
Internet Group Management Protocol(IGMP) ......1-2
IP network number ........................................... 3-2
IP Policies....................................................... 11-5
IP Policy Routing (IPPR)...................1-2, 3-4, 11-1
Applying an IP Policy.........................................11-5
Benefits...............................................................11-1
Cost Savings .......................................................11-1
Criteria................................................................11-1
Ethernet IP Policies.............................................11-5
Gateway
Load Sharing.......................................................11-1
Remote Node IP Policies....................................11-6
Setup...................................................................11-1
IP Pool.............................................................. 3-3
...........................................................
IP Routing Policy............................................ 11-4
IP Routing Policy Setup.................................. 11-3
IP static route ................................................... 5-6
IPX ................................................................... 6-1
Ethernet Setup ......................................................6-4
LAN-to-LAN........................................................ 6-5
Network Number..................................................6-1
Node Number ....................................................... 6-1
Novell...................................................................6-5
Prestige.................................................................6-2
Remote Node Setup.............................................. 6-6
Static Route ..........................................................6-7
IPX
Network Number..................................................6-1
L
LAN ................................................................ 10-3
LAN-to-LAN...................................................... 5-1
LED Indicators.................................................. 2-1
Log and Trace ................................................ 10-5
View Error Log...................................................10-5
Log Facility ..................................................... 10-7
M
MAC ................................................................. 7-1
Main Menu........................................................ 2-7
Media Access Control ............................ See MAC
Metric ........................................................ 5-5, 5-8
Multiplexing
LLC-based............................................................3-8
VC-based..............................................................3-8
Multiplexing ...............1-2, 3-8, 3-10, 3-11, 4-3, 5-1
LLC-based............................................................5-2
VC-based..............................................................5-1
Multiprotocol Encapsulation ............................. 3-9
N
NetWare Clients ............................................... 6-3
Network Service Provider (NSP) ......................xviii
NIC ................................................................... 2-2
Novell ............................................................... 6-1
L Index
Page 70
P312 Broadband Access Security Gateway
P
Packet triggered.....................................10-7, 10-8
Packing List Card.............................................. xvii
PAP................................................................... 4-4
Password ................................................... 2-5, 2-8
Ping................................................................. 10-9
Point-to-Point ................................................... xviii
PPP............................................................4-4, 4-5
PPP log..................................................10-7, 10-8
PPPoE Encapsulation....................................... 4-6
Precedence............................................11-1, 11-4
Prestige Network Commander............ xvi, xvii, 1-3
Private........................................................5-5, 5-8
private, secure channel......................................xix
Protocols...........................................................2-9
Q
Quality of Service............................................ 11-1
R
RAS code...................................................... 10-13
Read Me First ....................................................xvi
real-time, interactive......................................... xviii
Related Documentation .....................................xvi
Remote DHCP Server....................................... 3-7
Remote Node...........................................4-1, 10-3
Profile................................................................... 4-1
Setup..................................................................... 4-1
RIP.............................................................3-7, 5-5
Route ................................................................ 4-4
Routing Information Protocol ............................ 3-2
Routing Policy.................................................11-1
S
Trusted Host ....................................................9-2
Socket............................................................... 6-9
Splitters............................................................. 2-3
Static Route Setup............................................ 5-5
STP................................................................... 2-2
Structure of this Manual.................................... xvii
SUA ..................................................1-4, 3-12, 5-5
Advantages......................................................... 3-12
Configuration ..................................................... 3-12
Multiple Servers................................................. 3-13
Submenus ........................................................ 2-6
Subnet Mask................................3-2, 3-7, 5-4, 5-7
Support Notes.................................................... xvi
Syntax Conventions.......................................... xvii
Syslog IP Address .......................................... 10-7
System
Syslog And Accounting .....................................10-6
System Maintenance.................................... 10-17
System Management Terminal......................... 2-6
System Status ................................................ 10-2
T
TCP/IP............. 5-1, 8-6, 8-8, 8-9, 8-11, 8-13, 10-9
TCP/IP filter rule ............................................... 8-8
TCP/IP Parameters .......................................... 3-2
Telephone Microfilters ...................................... 2-3
Terminal Speed .............................................. 10-5
TFTP Transfer .............................................. 10-15
Tick Count .................................................6-7, 6-9
TOS (Type of Service).................................... 11-1
Transmission Rates.................................... xvi, 1-1
Troubleshooting.............................................. 12-1
ADSL ................................................................. 12-2
LAN ...................................................................12-2
Remote Node...................................................... 12-2
Type of Service....................11-1, 11-3, 11-4, 11-5
Security............................................................. 1-3
Seed Router...............................................6-3, 6-4
Single User Account ...................... 3-11. See SUA
SNMP ...............................................................9-1
About.................................................................... 9-1
Configuring ..........................................................9-1
Community ......................................................9-1
Trap.................................................................. 9-2
Universal ADSL Working Group (UAWG).......... xxi
Universal DSL.................................................... xxi
UNIX Syslog .......................................... 10-6, 10-7
U
Index M
Page 71
P312 Broadband Access Security Gateway
V
video conferencing ............................................xix
video-on-demand............................................... xix
VPI & VCI ...................................................... 3-8, I
W
WAN Address ................................................... 5-4
watchdog.......................................................... 6-7
X
XMODEM protocol ....................................... 10-12
Z
ZyNOS................................................. 10-10, 11-1
N Index
Page 72
Prestige 642 ADSL Internet Access Router
Chapter 4
Remote Node Configuration
In this chapter, we discuss the parameters that are protocol independent.
The protocol-dependent configuration will be covered in subsequent chapters.
A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use Menu 4 to set up Internet access, you are actually configuring one of the remote nodes.
4.1 Remote Node Setup
This section describes the protocol-independent parameters for a remote node.
4.1.1 Remote Node Profile
To configure a remote node, follow these steps:
Step 1. Step 2.
From the Main Menu, select menu option When Menu 11 appears, as shown below, enter the number of the remote node that you wish to configure.
Menu 11 - Remote Node Setup
1. nodename
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
1. Remote Node Setup
Enter Node # to Edit:
Figure 4-1 Menu 11 – Remote Node Setup
When
Menu 11.1 - Remote Node Profile
define this remote profile. The Remote Node Profile Menu Fields table shows how to configure the Remote Node Menu.
appears fill in the fields as described in the table that follows to
4.1.2 Encapsulation & Multiplexing Scenarios
For Internet Access you should use the encapsulation and multiplexing methods used by your ISP. For a LAN-to-LAN application, e.g., branch office and corporate headquarters, prior mutual agreement on
Remote Node Configuration 4-1
Page 73
Prestige 642 ADSL Internet Access Router
methods used is necessary because there is no mechanism to automatically determine encapsulation/multiplexing. Selection of which encapsulation and multiplexing methods to use depends on how many VCs you have and how many different network protocols you need. The extra overhead that PPP over Ethernet (
PPPoE
) and
ENET ENCAP
encapsulation entail makes them a poor choice in a LAN-to-
LAN application. Here are some examples of more suitable combinations in such an application.
Scene 1. One VC, Multiple Protocols
(RFC 2364) encapsulation with
PPP
protocol identifying headers that
VC-based
LLC-based
multiplexing is the best combination because the extra
multiplexing uses is unneeded. The
protocol already
PPP
contains this information.
Scene 2. One VC, One Protocol (IP)
Select
RFC-1483
encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select
encapsulation instead of
PPP
RFC-1483
, so you don’t need to reconfigure either machine when the
time comes.
Scene 3. Multiple VCs
If you have an equal number (or more) of VCs than the number of protocols, then select encapsulation and
VC-based
multiplexing.
RFC-1483
Menu 11.1 - Remote Node Profile
Rem Node Name= nodename Active= Yes
Encapsulation= PPP Multiplexing= VC-based Incoming: Rem Login= Rem Password=******** Outgoing: My Login= oscar My Password= ******** Authen= CHAP/PAP
Enter here to CONFIRM or ESC to CANCEL:
Route= IP Bridge= No
Edit PPP Options= No Rem IP Addr= 0.0.0.0 Edit IP/IPX/Bridge= No
Session Options: Edit Filter Sets= No
PPPoE Idle Timeout(sec)= 100 PPPoE Service Name= N/A
Enter a unique name of less than 8 characters for the remote name.
Enter the IP address of the remote gateway here.
Figure 4-2 Menu 11.1 Remote Node Profile
4-2 Remote Node Configuration
Page 74
Prestige 642 ADSL Internet Access Router
Table 4-1 Remote Node Profile Menu Fields
Field Description Options
Rem Node Name This is a required field [?]. Enter a descriptive name for the
remote node, for example, Corp. This field can be up to eight characters. This name must be unique from any other remote node name.
Active Press the spacebar to toggle between Yes and No. Inactive
nodes are displayed with a minus sign (-) at the beginning of the name in Menu 11.
Encapsulation= PPPoE refers to RFC 2516 and PPP refers to RFC 2364,
"PPP Encapsulation over ATM Adaptation Layer 5". If RFC 1483 ("Multiprotocol Encapsulation over ATM Adaptation Layer 5") or ENET ENCAP are selected, then the Rem Login, Rem Password, My Login, My Password, Edit PPP Options and Authen fields will not be applicable (N/A). Moreover, ENET ENCAP encapsulation does not apply for IPX routing.
Multiplexing= Press the spacebar to the select the multiplexing method.
Yes/No
PPPoE,
PPP,
RFC 1483
or ENET
ENCAP
VC-based
LLC-based
Incoming: Rem
Login
Name
Incoming: Rem
Password
Outgoing: My Login Enter the login name for your Prestige when it calls this
Outgoing: My
Password
Outgoing: Authen This field sets the authentication protocol used for outgoing
Enter the login name that this remote node will use when it calls your Prestige.
The login name in this field combined with the Rem Node Password will be used to authenticate this node.
Enter the password used when this remote node calls your Prestige.
remote node. If you are using PPPoE encapsulation, then this field must be of the form identifies your ISP. Some ISPs append this field to the Service Name field below (e.g., PPPoE server.
Enter the password for your Prestige when it calls this remote node.
calls.
Options for this field are:
user@domain
jim@poellc
where domain
) to access the
Remote Node Configuration 4-3
Page 75
Prestige 642 ADSL Internet Access Router
Field Description Options
CHAP/PAP - Your Prestige will accept either CHAP or
z
PAP when requested by this remote node.
CHAP - accept CHAP only.
z
PAP - accept PAP only.
z
Route This field determines the protocols that your Prestige will
route.
Bridge Bridging is used for protocols that the Prestige does not
support, e.g., SNA, or not turned on in the previous Route field. When bridging is enabled, your Prestige will forward any packet that it does not route to this remote node; otherwise, the packets are discarded. Press space bar to toggle the options.
Edit PPP Options To edit the PPP options for this remote node, move the
cursor to this field, use the space bar to select Yes and press [ENTER]. This will bring you to Menu 11.2 - Remote Node PPP Options. For more information on configuring PPP options, see the section Editing PPP Options. Press space bar to toggle
Rem IP Addr Enter the IP address of the remote gateway.
Edit IP/IPX/Bridge Press the space bar to select Yes and press ENTER to go
to Menu 11.3 - Remote Node Network Layer Options menu.
Session Option:
Edit Filter Sets
PPPoE Idle Timeout(sec)=
PPPoE Service Name
Use the space bar to toggle this field to Yes and press [ENTER] to open Menu 11.5 to edit the filter sets. See the Remote Node Filter section for more details.
This value specifies the number of idle seconds that elapse before the Prestige automatically disconnects the PPPoE session.
This is valid only when you have chosen encapsulation. If you are using PPPoE encapsulation, then type the name of your PPPoE service here.
Yes
then press [ENTER].
PPPoE
CHAP/PAP
CHAP
PAP
Yes or No
Yes or No
Default=
No
100
(default)
poellc
Once you have completed filling in Menu 11.1 – Remote Node Profile, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.
4.1.3 Outgoing Authentication Protocol
Generally speaking, you should employ the strongest authentication protocol possible, for obvious reasons. However, some vendor’s implementation includes specific authentication protocol in the user profile. It
4-4 Remote Node Configuration
Page 76
Prestige 642 ADSL Internet Access Router
will disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated protocol is stronger than specified. If you encounter the case where the peer disconnects right after a successful authentication, please make sure that you specify the correct authentication protocol when connecting to such an implementation.
4.1.4 Editing PPP Options
To edit the remote node PPP Options, move the cursor to the
Remote Node Profile
, and use the space bar to select
Yes
. Press
Edit PPP Options
ENTER
field in
Menu 11.1 -
to open Menu 11.2, as shown
next.
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP Compression= No
Press Space Bar to Toggle.
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 4-3 Menu 11.2 - Remote Node PPP Options
The following table describes the Remote Node PPP Options Menu, and contains instructions on how to configure the PPP options fields.
Table 4-2 Remote Node PPP Options Menu Fields
Field Description Option
Encapsulation Select the CISCO PPP only when this remote node is
a Cisco machine; otherwise, select the Standard PPP.
Compression Turn on/off Stac Compression. The default for this
Off
field is
.
Standard
PPP
CISCO
PPP
On/Off
(Default =
Off
)
Once you have completed filling in Menu 11.2 – Remote Node PPP Options, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] at any time to cancel.
Remote Node Configuration 4-5
Page 77
Prestige 642 ADSL Internet Access Router
4.1.5 Remote Node Filter
Menu 11.5 – Remote Node Filter
Use
traffic between this remote node and the Prestige. You can specify up to 4 filter sets separated by comma, e.g., 1, 5, 9, 12, in each filter field. The default is no filters. Note that spaces are accepted in this field. For more information on defining the filters, see the
Configuration
chapter. Note that there are two versions of this menu depending on whether you use PPPoE
encapsulation or not. When using PPPoE encapsulation, you can also specify remote node call filter sets.
Menu 11.5 - Remote Node Filter
Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 1 device filters=
Figure 4-4 Menu 11.5 – Remote Node Filter
to specify the filter set(s) to apply to the incoming and outgoing
Enter here to CONFIRM or ESC to CANCEL:
Menu 11.5 - Remote Node Filter
Input Filter Sets: protocol filters= 3 device filters= Output Filter Sets: protocol filters= 1 device filters= Call Filter Sets: protocol filters= device filters=
Filter
Enter here to CONFIRM or ESC to CANCEL:
Figure 4-5 Remote Node Filter (PPPoE Encapsulation)
4-6 Remote Node Configuration
Page 78
Prestige 642 ADSL Internet Access Router
Chapter 5
Remote Node TCP/IP Configuration
This chapter shows you how to configure the TCP/IP parameters of a remote node.
A typical LAN-to-LAN application is to use your Prestige to connect a branch office to the headquarters, as depicted in the following diagram.
5.1 LAN-to-LAN Application
Figure 5-1 TCP/IP LAN-to-LAN Application
For the branch office, you need to configure a remote node in order to dial out to the headquarters. Additionally, you may also need to define static routes if some services reside beyond the immediate remote LAN.
5.1.1 Editing TCP/IP Options
Follow the steps below to edit In Menu 11.1, move the cursor to the value to There are two versions of menu 11.3 for the P642, depending on whether you chose
based VC-Based Multiplexing
Remember that for virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX etc.
Remote Node TCP/IP Configuration 5-1
Yes
. Press
Multiplexing
[ENTER]
in menu 11.1.
VC-based
Menu 11.3 - Remote Node Network Layer Options
Edit IP/IPX/Bridge
to open
multiplexing, by prior mutual agreement, a protocol is assigned a specific
Menu 11.3 - Network Layer Options
, then press the space bar to toggle and set the
.
shown next.
VC-based
or
LLC-
Page 79
Prestige 642 ADSL Internet Access Router
Menu 11.3 - Remote Node Network Layer Options
IPX Options: Rem LAN Net #= N/A My WAN Net #= N/A IP Options: Hop Count= N/A Rem IP Addr: 0.0.0.0 Tick Count= N/A Rem Subnet Mask= 0.0.0.0 W/D Spoofing(min)= N/A My WAN Addr= 0.0.0.0 SAP/RIP Timeout(min)= N/A Single User Account= Yes Dial-On-Query= N/A Metric= 2 VPI #= N/A Private= No VCI #= N/A RIP Direction= None Version= RIP-1 Bridge Options: Multicast= None Dial-On-Broadcast= N/A IP Policies= Ethernet Addr Timeout(min)= N/A VPI #= 0 VPI #= N/A VCI #= 35 VCI #= N/A Enter here to CONFIRM or ESC to CANCEL:
Figure 5-2 Menu 11.3 for VC-based multiplexing.
In this case, separate VPI and VCI numbers must be specified for each protocol.
LLC-based multiplexing
LLC-based
For
multiplexing, one VC may carry different protocols with protocol identifying information
being contained in each packet header.
Menu 11.3 - Remote Node Network Layer Options
VPI/VCI LLC-mux or PPP/PPPoE Encap : VPI #= 1 VCI #= 1 IP Options : Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 Single User Account= No Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= None IP Policies=
IPX Options :
Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1
Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A
Dial-On-Query= N/A
Bridge Options: Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Separate VPI and VCI numbers must be specified for each protocol when using VC-based multiplexing as there must be a distinct PVC for each protocol.
Only one set of VPI and VCI numbers need be specified
LLC-based
as for multiplexing, one VC may carry different protocols.
Enter here to CONFIRM or ESC to CANCEL:
Figure 5-3 Menu 11.3 for LLC-based multiplexing
5-2 Remote Node TCP/IP Configuration
Page 80
Prestige 642 ADSL Internet Access Router
In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 1 to 255 and for the VCI is 32 to 65535 (1 to 32 is reserved for local management of ATM traffic).
The following diagram explains the Sample IP Addresses to help you to understand the field of
in Menu 11.3. Refer to the following figure for a brief review of what a WAN IP is.
Addr
indicates the local Prestige WAN IP while
Rem IP Address
indicates the peer WAN IP.
My Wan
My WAN Addr
Figure 5-4 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection
To configure the TCP/IP parameters of a remote node, first configure the two fields in
Node Profile
Remote Node TCP/IP Configuration 5-3
, as shown in the table below.
Menu 11 – Remote
Page 81
Prestige 642 ADSL Internet Access Router
Table 5-1 TCP/IP related fields in Remote Node Profile
Field Description Option
Route
Rem IP Address
Edit IP
The following table shows the TCP/IP related fields in
Options
.
Make sure IP is among the protocols in the [Route] field in
Menu 11.1 - Remote Node Profile
Enter the IP address of the remote gateway in
Remote Node Profile
Prestige WAN IP address or the remote Prestige LAN IP address. This depends on the remote router’s WAN IP i.e., for the (remote) Prestige, the
11.3 – Remote Node Network Layer Options
if the remote WAN IP is set to 172.16.0.2 (the remote router’s WAN IP), then you should enter 172.16.0.2 in the
Address
192.168.1.1(the remote router’s LAN IP) in the
Address
Press the [SPACE BAR] to toggle this field to press [ENTER] to go to
Layer Options
field. If the remote WAN IP is 0.0.0.0, then enter
field).
. You must fill in either the remote
My WAN Addr
Menu 11.3 - Remote Node Network
menu.
.
Menu 11.1 -
settings in
). For example
Rem IP
Rem IP
Yes
and then
Menu
Menu 11.3 - Remote Node Network Layer
Table 5-2 TCP/IP Remote Node Configuration
Field Description Option
IP
Yes
Yes/No
(
)
VPI Enter the Virtual Path Identifier (VPI) number that your
telephone company supplies.
VCI Enter the Virtual Channel Identifier (VCI) number that your
telephone company supplies.
Rem IP Address This will show the IP address you entered for this remote node in
the previous menu.
Rem IP Subnet Mask
My WAN Addr Some implementations, especially the UNIX derivatives, require
Enter the subnet mask for the remote network.
the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige.
Note that this is the address assigned to your local Prestige WAN, not the remote router. If the remote router is a Prestige, then this entry determines the local Prestige
Rem IP Address
in
5-4 Remote Node TCP/IP Configuration
Page 82
Prestige 642 ADSL Internet Access Router
Field Description Option
menu 11.1.
Single User Account
Metric The metric represents the “cost” of transmission for routing
Private This parameter determines if the Prestige will include the route to
RIP Direction
Version=
Multicast IGMP (Internet Group Multicast Protocol) is a session-layer
IP Policies
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11. Press [ENTER] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at any time to cancel.
Set this field to your Prestige. Use the space bar to toggle between See Chapter 3 - Internet Access Application for more information on the Single User Account feature.
purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
this remote node in its RIP broadcasts. If set to kept private and not included in RIP broadcast. If No, the route to this remote node will be propagated to other hosts through RIP broadcasts.
Press the space bar to select the
Only/Out Only
Press the space bar to select the RIP version from
2B/RIP-2M.
protocol used to establish membership in a Multicast group. The Prestige supports both IGMP version 1 ( Press the space bar to enable IP Multicasting or select disable it. Please see Part 1 for more information on these two fields.
Create policies using SMT Menu 25 (see the IP Policy Routing chapter in Part 3) and apply them on the Prestige LAN interface here. You can apply up to four IP Policy sets (from twelve) by entering their numbers here separated by commas, e.g., 2, 4, 7,
9.
Yes
to enable the Single User Account feature for
Yes
Yes
, this route is
or
None
RIP direction
.
IGMP-v1
from
RIP-1/RIP-
) and
Both/In
and No.
IGMP-v2 None
to
.
Yes/No
1
15
to
Yes/No
Both/In Only/Out
Only
None
or
RIP-1/RIP-
2B/RIP-2M
IGMP-v1 IGMP-v2
None
5.1.2 Static Route Setup
Static routes tell the Prestige routing information that it cannot learn automatically through other means. This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node.
Remote Node TCP/IP Configuration 5-5
Page 83
Prestige 642 ADSL Internet Access Router
Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following diagram through remote node Router 1. However, the Prestige is unable to route a packet to network N3 because it doesn’t know that there is a route through remote node Router 1 (via Router 2). The static routes are for you to tell the Prestige about the networks beyond the remote nodes.
Figure 5-5 Example of Static Routing Topology
To configure an IP static route, use
Step 1.
Enter 12 from the main menu to bring up the following screen.
Menu 12.1 – IP Static Route Setup
. Follow this procedure.
Menu 12 - Static Route Setup
1. IP Static Route
2. IPX Static Route
3. Bridge Static Route
Please enter selection:
Figure 5-6 Menu 12 – Static Route Setup
Step 2.
From Menu 12, enter 1 to bring up the next screen.
5-6 Remote Node TCP/IP Configuration
Page 84
Prestige 642 ADSL Internet Access Router
Menu 12.1 - IP Static Route Setup
1. Tokyo
2. Seoul
3. Taipei
4. ________
5. ________
6. ________
7. ________
8. ________
Enter selection number:
Figure 5-7 Menu 12.1 - IP Static Route Setup
From Menu 12.1, enter the index of the static route you wish to edit to open
Route.
Menu 12.1.1 - Edit IP Static Route
Route #: 1 Route Name= ? Active= No Destination IP Address= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No
Press ENTER to Confirm or ESC to Cancel:
Menu 12.1.1 -Edit IP Static
Figure 5-8 Edit IP Static Route
The following table describes the fields for
Menu 12.1.1 – Edit IP Static Route Setup
.
Table 5-3 Edit IP Static Route Menu Fields
Field Description
Route Name Enter a descriptive name for this route. This is for identification purpose only.
Active This field allows you to activate/deactivate this static route.
Destination IP Address
This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
IP Subnet Mask Enter the subnet mask for this destination. Follow the discussion on IP subnet
mask in this chapter.
Gateway IP Enter the IP address of the gateway. The gateway is an immediate neighbor of
Remote Node TCP/IP Configuration 5-7
Page 85
Prestige 642 ADSL Internet Access Router
Address your Prestige that will forward the packet to the destination. On the LAN, the
gateway must be a router on the same segment as your Prestige; over WAN, the gateway must be the IP address of one of the remote nodes.
Metric The metric represents the “cost” of transmission for routing purposes. IP
routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
Private This parameter determines if the Prestige will include the route to this remote
node in its RIP broadcasts. If set to included in RIP broadcast. If No, the route to this remote node will be propagated to other hosts through RIP broadcasts.
Yes
, this route is kept private and not
5-8 Remote Node TCP/IP Configuration
Page 86
Prestige 642 ADSL Internet Access Router
Chapter 6
IPX Configuration
This chapter shows you how to configure the IPX parameters of the Prestige 642.
6.1 IPX Network Environment
Novell bundles the protocol stack, the server software and routing functionality in their NetWare server products, so a NetWare server is not only a file or print server, it is also a router.
6.1.1 Network and Node Number
Every IPX machine has a network number and a node number, together they form the complete address of the machine. The IPX network number is a 32-bit quantity and is usually expressed in 8 hexadecimal digits, e.g., 0893A8CF. The host number is a 48-bit quantity and usually is taken from the MAC (Media Access Control) address of the Ethernet hardware, so you don’t have to explicitly configure the node number. An IPX client obtains its network number from a server that has the network numbers statically configured. If there are multiple servers on a network, only one server need to have the network numbers configured and all other stations (clients and servers) can obtain the network numbers from it. The server with configured network numbers is called a seed router. If you have a NetWare server on the same LAN as the Prestige 642, we recommend that you set up a NetWare server as a seed router. Even though the Prestige 642 is capable as a seed router, a NetWare server offers a much more extensive facility for network management.
6.1.2 Frame Types
IPX can run on top of four different frame types on the Ethernet. These frame types are 802.2, 802.3, Ethernet II (DIX), and SNAP (Sub-Network Access Protocol). Each frame type is a separate logical network, even though they exist on one physical cable (see the following diagram). Although there are four frame types available on the Ethernet, you should configure as few frame types as possible on your NetWare server and use automatic frame detection on the clients to simplify management and to reduce network overhead.
6.1.3 External Network Number
Each of the four logical networks (based on frame type) has its own external network number.
IPX Configuration 6-1
Page 87
Prestige 642 ADSL Internet Access Router
6.1.4 Internal Network Number
In addition to the external network numbers, each NetWare server has its own internal network number that is a virtual network to which the server is attached. It is important to remember that every network number must be unique for that entire internetwork, either internal or external.
Figure 6-1 NetWare Server
6.2 Prestige 642 in an IPX Environment
There are two scenarios in which your Prestige 642 is deployed, depending on whether there is a NetWare server on the LAN, as depicted in the following diagram.
6-2 IPX Configuration
Page 88
Prestige 642 ADSL Internet Access Router
Figure 6-2 Prestige 642 in an IPX Environment
6.2.1 Prestige 642 on LAN with Server
If your Prestige 642 is on a LAN with a seed router, you do not need to configure the LAN network numbers. Your Prestige 642 will learn the network number from the seed router and add the routes to its routing table.
6.2.2 Prestige 642 on LAN without Server
Each IPX network must have a seed router. If you only have NetWare clients on your network, then you must configure the Prestige 642 as a seed router and set up unique network numbers for each frame type enabled using the Ethernet Setup Menu.
IPX Configuration 6-3
Page 89
Prestige 642 ADSL Internet Access Router
6.3 IPX Ethernet Setup
From
Menu 3 - Ethernet Setup
figure below.
, enter 3 to go to
Menu 3.3 - Novell IPX Ethernet Setup
Seed Router= No
Frame Type 802.2= Yes
IPX Network #= N/A
Frame Type 802.3= No
IPX Network #= N/A
Frame Type Ethernet II= No
IPX Network #= N/A
Frame Type SNAP= No
IPX Network #= N/A
Menu 3.3 - Novell IPX Ethernet Setup
as shown in the
Press Space Bar to Toggle.
Enter here to CONFIRM or ESC to CANCEL:
Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup
The following table describes the Novell IPX Ethernet Setup Menu.
Table 6-1 Novell IPX Ethernet Setup Fields
Field Description Options
Seed Router Determine if your Prestige 642 is to act as a seed
router.
Frame Type Enable/Disable the individual frame type.
Remember to enable only the ones that are actually used on your network.
IPX Network#If your Prestige 642 is a seed router, enter a unique
network number for each frame type enabled.
Press [ENTER] at the message [Press ENTER to Confirm ...] to save your configuration, or press [Esc] at any time to cancel.
Yes/No
802.2
802.3
Ethernet
SNAP
II
6-4 IPX Configuration
Page 90
Prestige 642 ADSL Internet Access Router
6.4 LAN-to-LAN Application with Novell IPX
A typical LAN-to-LAN application is to use your Prestige 642 to call from a branch office to the corporate headquarters to enable the stations in the branch office to access the NetWare servers at the headquarters, as depicted in the figure below.
Figure 6-4 LAN-to-LAN Application with Novell IPX
IPX Configuration 6-5
Page 91
Prestige 642 ADSL Internet Access Router
6.4.1 IPX Remote Node Setup
Follow the procedure in
Remote Node Profile Options
Step 1.
follow the instructions below.
In Menu 11.1, make sure display
Step 2.
Move the cursor to the press [
. For the IPX-specific parameters in
Route
ENTER]
Chapter 5
= IPX or
to open
to configure the protocol-independent parameters in
IPX
is among the protocols in the
= IP + IPX.)
Route
Edit IP/IPX/Bridge
Menu 11.3 - Network Layer Options
Menu 11.3 - Remote Node Network Layer Options
Menu 11.1 -
Menu 11.3 - Remote Node Network Layer
field. (The
Route
Route
field, then press the space bar to select
.
field should
Yes
and
VPI/VCI LLC-mux or PPP/PPPoE Encap : VPI #= 1 VCI #= 1 IP Options : Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 Single User Account= No Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= None IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
IPX Options :
Rem LAN Net #= 00000000 My WAN Net #= 00000000 Hop Count= 1
Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A
Dial-On-Query= N/A
Bridge Options: Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options
6-6 IPX Configuration
Page 92
Prestige 642 ADSL Internet Access Router
The table below describes the IPX-specific parameters of the remote node setup.
Table 6-2 Remote Node Novell IPX Options
Field
Description Option
Rem LAN Net #
My WAN Net #
Hop Count This field indicates the number of intermediate networks that must
Tick Count This field indicates the time-ticks required to reach the remote
Please note that the following 3 fields are only valid for PPPoE encapsulation.
W/D Spoofing (min)
SAP/RIP Timeout (min)
Dial-On­Query
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11.1. Then press [ENTER] at the message [Press ENTER to Confirm] to save your configuration, press [Esc] to cancel.
In this field, enter the internal network number of the NetWare server on the remote LAN.
In this field, enter the network number of the WAN link. If you leave this field as automatically the network number through negotiation with the PPP peer.
be passed through to reach the remote node.
node.
This field is for the Prestige on the server side. Your Prestige can spoof a response to a server’s WatchDog request after the connection is dropped. In this field, type in the time (number of minutes) that you want your Prestige to spoof the WatchDog response.
This field indicates the amount of time that you want your Prestige to maintain the SAP and RIP entries learned from this remote node in its internal tables after the connection has been dropped. If this information is retained, then your Prestige will not have to get the SAP information when the line is brought back up. Enter the time (number of minutes) in this field.
This field is necessary for your Prestige on the client side. When set to [Yes], any Get Service SAP or RIP broadcasts will trigger your Prestige to make a call to that remote node.
00000000
, your Prestige will determine
00000000
(default)
1
(default)
2
(default)
Yes/No
6.4.2 IPX Static Route Setup
Similar to IP, IPX static routes tell the Prestige 642 how to reach servers beyond a remote node before a connection to that remote node is established.
Step 1.
IPX Configuration 6-7
Enter 12 from the main menu to bring up the following screen.
Page 93
Prestige 642 ADSL Internet Access Router
Menu 12 - Static Route Setup
1. IP Static Route
2. IPX Static Route
3. Bridge Static Route
Please enter selection:
Figure 6-6 Menu 12 – Static Route Setup
Step 2.
From Menu 12, select two, to bring up this screen.
Menu 12.2 - IPX Static Route Setup
1. ________
2. ________
3. ________
4. ________
Enter selection number:
Figure 6-7 Menu 12.2 – IPX Static Route Setup
Step 3.
Select one of the IPX Static Routes to open next.
Menu 12.2.1 - Edit IPX Static Route
, as shown
Menu 12.2.1 - Edit IPX Static Route
Route #= 11 Server Name= ? Active= Yes Network #= ? Node #= 000000000001 Socket #= 0451 Type #= 0004 Hop Count= 2 Tick Count= 3 Gateway Node= 1
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-8 Menu 12.2 - Edit IPX Static Route
6-8 IPX Configuration
Page 94
Prestige 642 ADSL Internet Access Router
The following table contains the instructions on how to configure the Edit IP Static Route Menu.
Table 6-3 Edit IPX Static Route Menu Fields
Field Description
Server Name
Network # This field contains the internal network number of the remote server that
Node # This field contains the address of the node on which the server resides. If
Socket # This field contains the socket number on which the server will receive
Type # This field identifies the type of service the server provides. The default for
Gateway Node In this field, enter the number of the remote node that is the gateway for
Hop Count and Tick Count
Once you have completed filling in the menu, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel to cancel.
In this field, enter the name of the server. This must be the exact name configured in the NetWare server
you wish to access. [00000000] or [FFFFFFFF] are reserved.
you are using a Novell IPX implementation, this value is [000000000001].
service requests. The default for this field is hex [0451].
this field is hex [0004].
this static route.
These two fields have the same meaning as those in the Ethernet setup.
.
IPX Configuration 6-9
Page 95
Page 96
Prestige 642 ADSL Internet Access Router
Chapter 7
Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige.
7.1 Bridging in General
Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while routing does it on the network layer (IP or IPX) address. Bridging allows the Prestige 642 to transport packets of network layer protocols that the Prestige 642 does not route, e.g., SNA, from one network to another. The caveat is that, compared to routing, bridging generates more traffic for the same network layer protocol and it also demands more CPU cycles and memory. For efficiency reasons, do your network. For IP and IPX, enable the respective routing if you need it; do not bridge what the Prestige 642 can route.
7.2 Bridge Ethernet Setup
Basically, all non-local packets are bridged to the WAN; however, your Prestige 642 applies special handling for certain IPX packets to reduce the number of calls, depending on the setting of the
turn on bridging unless you need to support protocols other than IP and IPX on
not
Handle IPX
field.
Bridging Setup 7-1
Page 97
Prestige 642 ADSL Internet Access Router
From
Menu 3 - Ethernet Setup
Press Space Bar to Toggle.
, enter 4 to bring up
Menu 3.4 - Bridge Ethernet Setup
Handle IPX= None
Press ENTER to CONFIRM or ESC to CANCEL:
Menu 3.4 - Bridge Ethernet Setup
as shown next.
Figure 7-1 Menu 3.5 - Bridge Ethernet Setup
The following table describes how to configure the
Handle IPX
field in Menu 3.5.
Table 7-1 Bridge Ethernet Setup Menu - Handle IPX Field Configuration
Field Description
Handle IPX Field
Press the [SPACE BAR] to toggle between the options for this field
None
Client
Server
When there is no IPX traffic on the LAN or when you do not want to apply any special handling for IPX.
When there are only client workstations on the LAN. RIP and SAP (Service Advertising Protocol) response packets will not trigger calls. When there are only IPX servers on the LAN. No RIP or SAP packets will trigger calls. In addition, during the time when the line is down, your Prestige 681 will reply to watchdog messages from the servers on behalf of remote clients. The period of time that your Prestige 681 will do this is linked to the Ethernet Address Timeout parameter in each remote node (see Remote Node Configuration). When a remote Ethernet address is aged out, there is no need to maintain its connection to the IPX server.
.
If there are both clients and servers on the LAN, and the local clients will access the remote servers, set this field to
Server
but turn on the
Dial-On-Broadcast
(if using PPPoE encapsulation) parameter in Menu
11.3 to allow the client queries to trigger calls.
7-2 Bridging Setup
Page 98
7.2.1 Remote Node Bridging Setup
Follow the procedure in
Remote Node Profile
. For bridging-specific parameters, you need to configure
Network Layer Options
To set up
Step 1. Step 2.
Menu 11.3 - Remote Node Network Layer Options
In Menu 11.1, make sure the Move the cursor to the [
ENTER]
to open Menu 11.3 - Network Layer Options.
Chapter 5
.
Menu 11.3 - Remote Node Network Layer Options
to configure the protocol-independent parameters in
field is set to
Bridge
Edit IP/IPX/Bridge
Prestige 642 ADSL Internet Access Router
Menu 11.1 -
Menu 11.3 - Remote Node
follow these steps:
Yes
.
field, then press the space bar to select
Yes
and press
VPI/VCI LLC-mux or PPP/PPPoE Encap : VPI #= 1 VCI #= 1 IP Options : Rem IP Addr: 0.0.0.0 Rem Subnet Mask= 0.0.0.0 My WAN Addr= 0.0.0.0 Single User Account= No Metric= 2 Private= No RIP Direction= Both Version= RIP-2B Multicast= None IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
IPX Options :
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2 W/D Spoofing(min)= N/A SAP/RIP Timeout(min)= N/A
Dial-On-Query= N/A
Bridge Options: Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Figure 7-2 Menu 11.3 - Remote Node Bridging Options
The following table describes the bridging-specific parameters in the Remote Node Profile and Network Layers menus.
Table 7-2 P642 Remote Node Network Layers Menu Bridge Options
Field Description
Bridge
Edit IP/IPX/Bridge
Make sure this field is set to
Press the space bar to change it to Network Layer Options Menu.
Please note that the following fields are only valid for PPPoE encapsulation.
Dial-On-Broadcast This field is necessary for your Prestige on the caller side LAN. When
Yes
set to
, any broadcasts coming from the LAN will trigger your Prestige to make a call to this remote node. If it is set to No, your Prestige will not make the outgoing call.
Ethernet Addr In this field, enter the time (number of minutes) that you wish your
Yes
.
Yes
and press ENTER] to go to the
Bridging Setup 7-3
Page 99
Prestige 642 ADSL Internet Access Router
Timeout (min) Prestige 642 to retain the Ethernet Addr information in its internal tables
while the line is down. If this information is retained, your Prestige 642 will not have to recompile the tables when the line is brought back up.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to Menu 11.1. Then press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel.
7.3 Bridge Static Route Setup
Similar to network layer static routes, a bridging static route tells the Prestige 642 about the route to a node before a connection is established. You configure bridge static routes in Menu 12.3.1, by pressing 3 in menu 12 as shown next.
Menu 12.3 - Bridge Static Route Setup
1. ________
2. ________
3. ________
4. ________
Enter selection number:
Figure 7-3 Menu 12.3 - Bridge Static Route Setup
Then select one of the bridge static routes.
Menu 12.3.1 - Edit Bridge Static Route
Route #: 21 Route Name= Active= No Ether Address= ? IP Address= Gateway Node= 1
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-4 Menu 12.3.1 - Edit Bridge Static Route
7-4 Bridging Setup
Page 100
Prestige 642 ADSL Internet Access Router
The following table describes the Bridge Static Route Menu.
Table 7-3 Bridge Static Route Menu Fields
Field Description
Route Name Enter a name for the bridge static route for identification purposes.
Active Activate/deactivate the static route.
Ether Address Enter the MAC address of the destination machine that you wish to
bridge the packets to.
IP Address If available, enter the IP address of the destination machine that you
wish to bridge the packets to.
Gateway Node Enter the number of the remote node that is the gateway of this static
route.
Once you have completed filling in this menu, press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or press [Esc] to cancel.
Bridging Setup 7-5
Loading...