How it Works
ZyXEL Communications
Loading...
128L
User Manual
114 pgs333.24 Kb0

ZyXEL Communications 128L User Manual

Download
Prestige 128L
User’s Manual
Version 1.0
ZyXEL
ACCESSING INTERNET & INTRANET
ZyXEL Limited Warranty
Note: Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind or character to the purchaser.
ii
To obtain the services of this warranty, contact ZyXEL’s Service Center, refer to the separate Warranty Card for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit be insured when shipped. Any returned products without proof of purchase or those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid (USA and territories only). If the customer desires some other return destination beyond the U.S. borders, the customer shall bear the cost of the return shipment. This warranty gives
you specific legal rights, and you may also have other rights which vary from state to state.
Copyright © 1997 by ZyXEL
The contents of this book may not be reproduced (in any part or as a whole) or transmitted in any form or by any means without the written permission of the publisher.
Published by ZyXEL Communications Corporation. All rights reserved. Note: ZyXEL does not assume any liability arising out of the
application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patents rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice. This document is subject to change without notice.
Acknowledgments
Trademarks mentioned in this manual are used for informational purposes only.
Trademarks are properties of their respective owners.
FCC Part 15 Information
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
1. This device may not cause harmful interference.
2. This device must accept any interference received, including interf erence that may cause undesired operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to Part 15 of the FCC Rules. These
iii
limits are designed to provide reasonable protection against harmful interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy, and if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that
to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Shielded RS-232 cables are required to be used to ensure compliance with FCC Part 15, and it is the responsibility of the user to provide and use shielded RS-232 cables.
iv
Information for Canadian Users
The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user’s satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications
company. The equipment must also be installed using an acceptable method of connection. In some cases, the company’s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly. The customer should be aware that the compliance with the above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.
For their own protection, users should ensure that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.
Caution: Users should not attempt to make such connections themselves, but should contact the appropriate electrical inspection authority, or electrician, as appropriate.
This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada. The declarations of CE marking:
Contacting ZyXEL
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL Communications Corporation in one of the following ways:
Phone: In North America call between 8:00 AM and 5:00 PM PST at (714) 693-0808
v
Outside North America, you can dial +886-3-5783942 EXT 252
between 8:00AM and 5:00PM Taiwan time (GMT +8:00).
Fax: ZyXEL in North America: (714) 693-8811 or Taiwan: +886- 3-5782439
E-mail:
Sales inquiries: sales@zyxel.com in North America.
sales@zyxel.com.tw outside North America.
Technical support: support@zyxel.com in North America.
support@zyxel.com.tw outside North America.
Product information: Visit our site on the World Wide Web: http://www.zyxel.com.
FTP: Information , such as ZyXEL software and ROM updates for North America can be found at this FTP address: ftp.zyxel.com
For European and Asian versions and related files, use the address:
ftp.zyxel.co.at
vi
Postal Service: You can send written communications at the following address:
ZyXEL Communications Corporation 6, Innovation Road II, Science-Based Industrial Park Hsinchu, Taiwan 300, R.O.C. or ZyXEL Communications Inc. 4920 E. La Palma Avenue Anaheim, CA92807, U.S.A.
Contents
ZyXEL Limited Warranty............................................................ii
Copyright © 1997 by ZyXEL......................................................iii
Acknowledgments.......................................................................iii
FCC Part 15 Information............................................................ iii
Information for Canadian Users ..................................................iv
Contacting ZyXEL ......................................................................v
1 Introduction.............................................................1
Features........................................................................................1
Ease of Installation.......................................................................1
ISDN Digital Subscriber Line (IDSL) ..........................................2
Multiple Networking Protocol Support ........................................2
Full Network Management ..........................................................2
PPP Security...............................................................................2
Dynamic Host Configuration Protocol (DHCP)............................2
Data Compression.......................................................................3
Applications For Your Prestige ...................................................3
Internet Access ...........................................................................3
Internet Single User Account (SUA)............................................3
Multiprotocol LAN-to-LAN Connection.....................................3
Other Resources..........................................................................3
Packing List..................................................................................4
Additional Installation Requirements.........................................4
2 Before You Begin....................................................7
Road Map and Flow.....................................................................7
Completing the Worksheet..........................................................8
Ordering Your IDSL Line............................................................8
vii
Collecting General Setup Information...........................................9
Collecting IDSL Information........................................................9
Collecting Ethernet Setup Information........................................10
3 Installation.............................................................15
A Warning On Connection Cables............................................15
Connecting Your Computer and Your Prestige ........................16
Connecting the RS-232 Cable to your Prestige ..........................16
Connecting an IDSL Line to your Prestige..................................16
Connecting an Ethernet Cable to your Prestige ...........................16
Connecting the Power Adapter to your Prestige .........................17
Prestige Front Panel..................................................................17
Powering On Your Prestige .......................................................18
Navigating Through the System Management Terminal
Interface.....................................................................................20
System Management Terminal Interface Summary................21
General Setup............................................................................22
WAN Port Setup........................................................................23
Ethernet Setup...........................................................................24
General Ethernet Setup..............................................................25
TCP/IP Ethernet Setup and DHCP............................................26
Novell IPX Ethernet Setup ........................................................29
Bridge Ethernet Setup................................................................29
viii
4 Configuring for Internet Access ...........................31
IP Addresses and the Internet..................................................32
Internet Access Configuration..................................................33
Single User Account...................................................................34
Configuration for Single User Account.....................................36
5 Remote Node Configuration .................................39
Editing PPP Options...................................................................43
6 TCP/IP Configuration...........................................45
IP Subnet Mask.........................................................................45
LAN-to-LAN Application..........................................................46
Remote Node Setup..................................................................47
Static Route Setup.....................................................................49
7 Novell IPX Configuration.....................................53
IPX Network Environment........................................................53
Frame Type ..............................................................................53
Network Numbers....................................................................53
Prestige on LAN with Server....................................................54
Prestige on LAN without Server...............................................54
IPX Ethernet Setup....................................................................55
LAN-to-LAN Application..........................................................56
Remote Node Setup..................................................................57
Static Route Setup.....................................................................58
8 Bridging Configuration .........................................63
Bridge Ethernet Setup...............................................................63
LAN-to-LAN Application..........................................................63
Remote Node Setup..................................................................63
Bridge Static Route Setup..........................................................64
9 Filter Configuration..............................................67
About Filtering ...........................................................................67
Prestige’s Filter Structure .........................................................68
Configuring a Filter Set.............................................................68
Configuring a Filter Rule...........................................................71
TCP/IP Filter Rule.....................................................................71
Generic Filter Rule.....................................................................75
Novell IPX Filter Rule ...............................................................77
10 SNMP..................................................................79
ix
About SNMP..............................................................................79
Configuring Your Prestige For SNMP Support........................79
11 System Security...................................................83
Configuring the SMT Password................................................83
12 Telnet Configuration and Capabilities ...............85
About Telnet Configuration.......................................................85
Telnet Capabilities.....................................................................86
Single Administrator ..................................................................86
System Timeout.........................................................................86
13 System Maintenance...........................................87
System Status.............................................................................87
Terminal Baud Rate ..................................................................89
Log and Trace............................................................................90
View Error Log.........................................................................91
Syslog.......................................................................................91
Diagnostic...................................................................................92
Backup Configuration................................................................93
Restore Configuration...............................................................94
Software Update.........................................................................94
Command Interpreter Mode .....................................................95
x
14 Troubleshooting ..................................................97
Problems Starting Up the Prestige............................................97
None of the LEDs are on when you power up the Prestige .........97
Connecting the RS-232 cable, cannot access the SMT...............97
Problems With the IDSL Line...................................................98
The IDSL LEDs Not On...........................................................98
Problems with the LAN Interface .............................................98
Can not PING any station on the LAN ......................................98
Problems Connecting to a Remote Node or ISP......................99
15 Index ..................................................................101
xi
1 Introduction
Congratulations on your purchase of the ZyXEL Prestige 128L IDSL Router. The Prestige integrates a Router and Bridge, offering inexpensive yet complete telecommunications and internetworking solutions for your home or branch office. The Prestige is ideal for everything from Internet access, to receiving calls from Remote Dial-in Users, to making LAN-to-LAN connections to Remote Nodes.
Distinguishing features of the Prestige 128L include support for a full range of networking protocols such as TCP/IP (Transmission Control Protocol/Internet Protocol), Novell IPX (Internet Packet Exchange), and Transparent Bridging. The complete solution also includes extensive Network Management, and solid security features.
Features
The Prestige is packed with a number of features that give it the flexibility to provide a complete networking solution for Internet access and business users.
Ease of Installation
The Prestige is a self-contained unit that is quick and easy to install. Physically, it resembles an external modem except for the fact that it is a router and uses an Ethernet cable to connect to the host network.
Introduction 1
ISDN Digital Subscriber Line (IDSL)
IDSL uses the 2B1Q line coding standard for ISDN BRI circuits. Used for data-only applications, IDSL can use unshielded twisted pair wire for transmitting data at 64/128Kbps for up to 18,000 feet.
The differences between IDSL and ISDN are:
1. ISDN passes through the phone company's central office voice network; IDSL bypasses it by plugging into a special router at the phone company end. Or a pair of Prestige 128L’s can be connected by a single twisted pair cable.
2. ISDN requires call setup; IDSL is a dedicated service.
Multiple Networking Protocol Support
The Prestige 128L is a multi-protocol router. It supports TCP/IP, Novell IPX and Transparent Bridging.
Full Network Management
The Prestige 128L incorporates SNMP (Simple Network Management Protocol ) support and menu-driven network management via an RS­232 or Telnet connection.
2 Introduction
PPP Security
The Prestige 128L supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol ).
Dynamic Host Configuration Protocol (DHCP)
DHCP allows you to dynamically and automatically assign IP address settings to hosts on your network.
Data Compression
The Prestige incorporates Stac data compression and Compression Control Protocol.
Applications For Your Prestige
Some applications for your Prestige include:
Internet Access
The Prestige supports TCP/IP protocol. It is also compatible with other IDSL access servers manufactured by vendors such as Ascend.
Internet Single User Account (SUA)
For a small office environment, the Prestige SUA support. This allows multiple users to access the LAN simultaneously using a single IP address.
SUA address mapping can also be used for LAN to LAN connections.
Multiprotocol LAN-to-LAN Connection
The Prestige 128L can connect to another Prestige 128L-like router to link two different LANs. The Prestige 128L supports TCP/IP and Novell IPX routing, and has the capability to bridge any Ethernet protocol.
Other Resources
For more information about your Prestige check the following sources:
Quick Start Guide.
Prestige Support disk.
Introduction 3
Release notes for firmware upgrades and other information can be
For ZyXEL contact information see page v.
Packing List
Before you proceed further, check all items you received with your Prestige 128L against this list to make sure nothing is missing. The complete package should include:
One Prestige 128L.
One power adapter.
One 25 pin female - 9 pin male adapter.
One RS-232 cable.
One LAN crossover cable (red tag).
One LAN straight cable (white tag).
accessed through a ZyXEL FTP server site.
One Prestige 128L Support Disk.
One Prestige 128L Quick Start Guide.
This Prestige 128L User’s Manual.
Additional Installation Requirements
In addition to the contents of your package, there are other hardware and software requirements you need before you can install and use your Prestige. These requirements include:
4 Introduction
IDSL service provided by local phone company (optional).
An Ethernet connection to your computer.
A computer equipped with communications software configured to
the following parameters:
VT100 terminal emulation.
9600 Baud rate.
No parity, 8 Data bits, 1 Stop bit.
After the Prestige has been successfully connected to your network, you can make future changes to the configuration by using a Telnet application.
Introduction 5
6 Introduction
2 Before You Begin
To ensure successful installation of your Prestige, we strongly recommend that you carefully follow the steps outlined in Chapters 2 and 3. These chapters are designed as a guide for you to collect all necessary information about your LAN. Once this information has been collected, it will be used to configure your Prestige.
After you have successfully configured your Prestige, see the appropriate chapters to setup your application.
Road Map and Flow
The chart below is provided as a step by step guide to successful installation your Prestige.
Before You Begin 7
Figure 2-1 Installation Guide
Completing the Worksheet
Before you continue, locate the worksheet at the end of this chapter. This information worksheet has been provided to help you get through setup and installation of your Prestige as easily as possible.
Ordering Your IDSL Line
There is no need to order an IDSL line if you are using a pair of Prestige 128Ls directly connected by a twisted pair cable. If you choose to use IDSL, you will need to contact your local telephone company and order IDSL leased service to connect two IDSL routers.
8 Before You Begin
Collecting General Setup Information
Your Prestige requires the following system information. You can obtain all the pertinent information from your network administrator. Record this information into the worksheet as it becomes available. This worksheet will later be referred to as you configure your Prestige.
System Name - This is the name given to your Prestige for identification purposes. This name should be no more than 8 alphanumeric characters. Spaces are not allowed, but “-” and “_” are accepted. This name can be obtained remotely via the SNMP management protocol and will be displayed as the prompt when the user enters the Command Mode.
Route IP Field - For Internet access, you will need to enable the Route IP Field. See Chapter 4 for more details on configuring your Prestige for Internet access. To support Novell IPX, or Bridging, enable the appropriate protocol and reference the related chapters for detailed information.
You have now collected all of the general setup information you need. Make sure that you have entered all the values onto the worksheet before proceeding to the next section.
Collecting IDSL Information
Service Type - There are two options: Client or Server. One IDSL router should be set as the client, and the other as server.
Transfer Type - There are two options: Leased 128 or Leased
64. The data will be transmitted in 128Kbps if Leased128 is selected; otherwise, it will be transmitted in 64Kbps. The transfer type must be set the same for both the client and server router.
Before You Begin 9
Collecting Ethernet Setup Information
This section assumes that you are setting up your Prestige for a TCP/IP connection. If you want to configure the Prestige for other protocols (e.g., IPX), refer to the appropriate chapters.
Ethernet Interface - The first step is to determine the type of Ethernet interface you will be using. There are two options: AUI or UTP. Record the interface type onto the worksheet. If you have a 10Base2 (BNC), you should choose AUI.
IP Address - An IP Address is required for TCP/IP protocol. The IP Address is the unique 32-bit number assigned to your Prestige. This address is written in dotted decimal notation (four 8-bit numbers, between 0 and 255, separated by periods), e.g.,
192.68.203.5.
Record the IP Address into the worksheet as assigned by your
network administrator. Note that every machine on an internet must have a unique IP address - do not assign an arbitrary address to any machine.
IP Sub-net Mask - This field is required for TCP/IP protocol. An IP address consists of two parts, the network ID and the host ID. The IP Subnet Mask is used to specify the network ID portion of the address, expressed in dotted decimal notation. The Prestige will automatically calculate this mask based on the IP address that you assign. Unless you have special need for subnetting, use the default mask.
The table below lists some examples of IP subnet masks and the number of hosts that are allowed. Consult your network administrator if you are unsure of this value.
10 Before You Begin
Before You Begin 11
Prestige Setup and Installation Worksheet
General Setup Information
System Name (for identification purposes): _______________________________________
Protocol Routing:
___TCP/IP ___IPX ___Bridging
IDSL Setup Information
Service Type (check one):
___Client ___Server
Transfer Type (check one):
___Leased 128 ___Leased 64
Ethernet Setup Information
Ethernet Interface (check one):
___AUI
12 Before You Begin
Notes:
___UTP
IP Address:
_______._______._______._______
IP Subnet Mask:
_______._______._______._______
Before You Begin 13
14 Before You Begin
3 Installation
This chapter outlines how to connect your Prestige to the LAN and IDSL line. Refer to the diagram below to identify all of the ports on your device when you attempt to make the various connections.
Figure 3-1 Rear Panel Diagram
A Warning On Connection Cables
The IDSL line and Ethernet cable, are very similar to each other. It is important that you use the correct cable for each connection; otherwise, your Prestige could be damaged.
Installation 15
Connecting Your Computer and Your Prestige
For the initial setup of your Prestige, use the provided RS-232 cable and communications software to configure your Prestige.
After your Prestige has been successfully installed, you can modify the configuration through a remote Telnet connection. See Chapter 12 for detailed instructions on using Telnet to configure your Prestige.
Connecting the RS-232 Cable to your Prestige
One 9-25 pin adapter is included with your Prestige. To connect a RS­232 cable, connect the 9-pin end of the cable to the DTE port on the back panel of the Prestige. Connect the other end to the RS-232 cable connected to the serial port (COM1, COM2, or any other COM port) of your computer.
Connecting an IDSL Line to your Prestige
Plug one end of the IDSL line included in your package into the socket on the rear panel of your Prestige labeled Line, and the other end into the IDSL wall jack or another Prestige.
O NOTE: THE IDSL JACK IS FOR IDSL LINE CONNECTION ONLY. CONNECTION OF A
PHONE LINE MAY RESULT IN DAMAGE TO YOUR PRESTIGE.
ATTENTION: LA FICHE IDSL EST DESTINÉE UNIQUEMENT POUR LA CONNEXION SUR UNE
LIGNE RNIS. LA CONNEXION SUR UNE LIGNE TÉLÉPHONIQUE PEUT ENDOMMAGER VOTRE ADAPTATEUR DE TERMINAL.
Connecting an Ethernet Cable to your Prestige
Your Prestige supports two types of Ethernet connections. The connection procedure differs for each one; follow the one that is appropriate for your installation.
UTP
16 Installation
The UTP port is used to connect to a 10Base-T network. 10Base-T networks use Unshielded Twisted Pair (UTP) cable and RJ-45 connectors that look like a bigger telephone plug with 8 pins. Two types of gray Ethernet cables come with the package:
Straight through cable (white tag): Connect your Prestige 128L
to a 10Base-T hub.
Crossover cable (red tag): Connect your Prestige to your
computer directly without a hub.
O NOTE: IF THIS CABLE IS USED TO CONNECT IDSL, IT MAY DAMAGE YOUR PRESTIGE.
AUI The AUI port (the connector with 15 pins) is used to connect your
Prestige to a 10Base5 (thicknet) network. If you have a 10Base2 network using BNC connectors and thin coaxial
cables, you will need a transceiver between the AUI port and the 10Base2 cabling.
Connecting the Power Adapter to your Prestige
Plug the 16VAC 1000mA power adapter into the outlet on the rear panel of the Prestige labeled POWER.
At this point, you should have connected the RS-232 cable, the ISDN phone line, the Ethernet cable, and the power supply. You can now power on your Prestige.
Prestige Front Panel
Names and descriptions of the Prestige front panel LEDs are listed below:
Installation 17
Figure 3-2 Front Panel
PWR - Comes on as soon as you connect your Prestige to the power
supply and switch it to the I (on) position.
TST - Should be blinking if your Prestige is functioning properly. Line: LNK - Indicates that your Prestige has an ISDN line connected
to the WAN interface and it has been successfully initialized. 64K and 128K - The 64K LED will light to indicate a line speed of
64K. The 64K and 128K LED will light to indicate a line speed of 128K.
Ethernet: LNK - Indicates that the Prestige has been successfully connected to the LAN via the Ethernet interface.
TX and RX - Transmit and Receive LEDs will blink to indicate when there is traffic on the LAN.
COL - Indicates that there is transmission collision over the LAN. SMT - Indicates your Prestige is connected to a terminal emulator via
the RS-232 port. SERVER - Indicates your Prestige is configured as a server.
Powering On Your Prestige
When you power on your Prestige, it will perform several internal tests and will also do an IDSL line initialization. After this initialization, your Prestige will ask you to press ENTER to continue as shown below:
18 Installation
Figure 3-3 Power on Messages
If you press ENTER, your Prestige will display a login screen and ask you to enter the password as shown below:
Figure 3-4 Login Screen
Enter the default password, 1234 to get into the Main Menu of System Management Terminal (SMT). Note that once you are in the SMT and if there is no activity for longer than 5 minutes, your Prestige will automatically log you out and will display a blank screen. If you see a blank screen, press ENTER to bring up the password screen.
Installation 19
Navigating Through the System Management Terminal Interface
Use the SMT to configure your Prestige. Several operations that you should be familiar with before you attempt to modify the configuration are listed below:
Moving Forward to Another Menu. To move forward to a sub- menu below the current one, type in the number of the sub-menu and press ENTER.
Moving Backward to a Previous Menu. Press the Escape key to move back to the previous menu. The only exception is the Main Menu, where typing 99 is the only method to exit the SMT.
Moving the Cursor. Within a menu, press ENTER (carriage return) to move to the next field. You can also use the Up and Down keys to move to the previous and the next field, respectively.
Entering Information. There are two types of fields that you will need to fill in. The first requires you to type in the appropriate information. The second gives you choices to choose from. In the second case, press the space bar to cycle through the available choices.
20 Installation
Required Fields. Some of the fields in the SMT are essential in order to configure your Prestige. These fields will initially show a ? indicating that the information must be filled in before that menu can be saved.
N/A Fields. Some of the fields in the SMT will show a N/A. This symbol refers to an option that is not available.
Saving Your Configuration. You can save your configuration by
connection. Your Prestige has four
pressing ENTER at the message: Press ENTER to confirm or ESC to cancel: Saving the data on the screen will take you in most cases to the previous menu.
The SMT main menu is shown below:
Figure 3-5 SMT Main Menu
System Management Terminal Interface Summary
This section summarizes all major SMT Menus: # Menu Title Description
1 General Setup Setup general information and enable
2 WAN Port Setup Setup IDSL configuration. 3 Ethernet Setup Setup Ethernet configuration. 4 Internet Access
Setup
11 Remote Node Setup Setup Remote Node for LAN-to-LAN
routing or bridging of specific protocols.
A quick and easy way to setup Internet connection.
connection including Internet
Installation 21
# Menu Title Description
12 Static Routing Setup Setup static route for different
21 Filter Set
Configuration
22 SNMP Configuration Setup SNMP related parameters. 23 System Security Setup security related parameters. 24 System Maintenance Provide system status, diagnostics,
99 Exit To exit from SMT and return to the
General Setup
This menu contains administrative and system-related information. Enter 1 in the main menu to go to Menu 1 - General Setup.
Remote Nodes.
protocols. There are four static routes for each protocol. Setup filters to be used in Menu 3 and Menu 11 to provide security, call control, etc.
firmware upload, etc.
blank screen.
22 Installation
Figure 3-6 Menu 1 - General Setup
1. System Name - Choose a descriptive name for identification purposes, e.g., p128l. This name should be no more than 8 alphanumeric characters. Spaces are not allowed, but “-” and “_” are accepted. This name can be retrieved remotely via SNMP, used for CHAP authentication, and will be displayed as the prompt in the Command Mode. See Chapter 11 for more information on CHAP; see Chapter 13 for more information on Command Mode.
2. Location - Enter the geographic location (up to 31 characters) of your Prestige, e.g., San Jose.
3. Contact Person’s Name - Enter the name (up to 8 characters) of the person in charge of your Prestige, e.g., Brent Harper. The Location and the Contact Person fields are optional.
4. Protocols - Turn on or off the individual protocols for your particular application. Unsupported protocols will have a N/A in their fields.
WAN Port Setup
Menu 2 is for entering information about your IDSL line.
Installation 23
1. Service Type - There are two options: Client or Server. Server provides clock to synchronize signals transmitted on the line.
2. Transfer Type - There are two options: Leased 128K or Leased 64K, which decide the IDSL line’s baud rate.
Ethernet Setup
Menu 3 is used to enter Ethernet related information. Depending on the protocols (TCP/IP or IPX) on your LAN, you will need to configure each protocol separately.
24 Installation
General Ethernet Setup
This menu determines the type of Ethernet interface you are using as well as the filter sets you wish to implement to monitor your Ethernet traffic. From Menu 3 - Ethernet Setup, enter 1 to go to menu 3.1 ­General Ethernet Setup.
Figure 3-7 Menu 3.1 - General Ethernet Setup
1. Ethernet Interface - Your Prestige supports two types of Ethernet connections, AUI (15-pin) or the connection for the 10Base-T
Installation 25
network (looks like a bigger telephone plug). Determine which type you are using and select the appropriate option.
2. Input and Output Filter Sets - Filter sets are used to block certain packets to reduce traffic and to prevent a security breach. Filtering is a very involved subject, so leave these fields blank for the time being. After you have studied filtering in Chapter 9, come back and define the filter sets.
TCP/IP Ethernet Setup and DHCP
If you are setting up your network for the first time, read Chapter 4, Configuring for Internet Access, before proceeding. The chapter contains important information on how to assign IP addresses for your network.
From Menu 3 - Ethernet Setup, enter 2 to go to Menu 3.2 - TCP/IP Ethernet Setup.
26 Installation
Figure 3-8 Menu 3.2 - TCP/IP Ethernet Setup
1. DHCP - This field determines what mode of DHCP (Dynamic Host Configuration Protocol) support your Prestige should use. If set to None, DHCP will not be used. If set to Server, your Prestige
will act as a DHCP server, capable of automatically assigning IP addresses to Windows 95, Windows NT, and other systems that support the DHCP client. When DHCP is used, the following four items need to be set.
Do not set this field to Server if there is already a DHCP server on
your network.
2. Client IP Pool Starting Address - DHCP can assign IP addresses to hosts dynamically instead of requiring that each system have a fixed IP address. IP addresses are allocated from a block of addresses, usually assigned by your Internet provider. The Client IP Pool Starting Address gives the first address in the reserved block, which is also used as the LAN network address of your Prestige. This address will also serve as the default gateway for DHCP clients.
3. Size of Client IP Pool - Gives the size of the block of addresses reserved for DHCP address assignment. Your Prestige uses the first address in the block, and the remaining addresses in the pool are assigned to clients.
4. Primary DNS Server/Secondary DNS Server - These two fields are used by DHCP clients (such as Windows 95 and Windows NT systems) for Domain Name Servers. Usually your Internet provider will provide one or more name service hosts.
5. IP Address - Enter the IP address of your Prestige in dotted decimal notation (four 8-bit numbers, between 0 and 255, separated by periods), e.g., 192.68.135.5. Note that every machine on the TCP/IP network must have a unique IP address.
6. IP Subnet Mask - An IP address consists of two parts, the network ID and the host ID. The IP Subnet Mask is used to specify the network ID portion of the address, expressed in dotted decimal notation. Your Prestige will automatically calculate this mask based
Installation 27
on the IP address that you assign. Unless you have special need for subnetting, use the default subnet mask calculated by your Prestige.
7. RIP Direction - This parameter determines how your Prestige handles RIP (Routing Information Protocol). If set to Both (default), your Prestige will broadcast its routing table on the LAN, and incorporate RIP broadcasts by other routers into its routing table. If set to In Only, your Prestige will not broadcast its routing table on the LAN, if set to Out Only, your Prestige will broadcast its routing table but ignores any RIP broadcast packets that it receives. If set to None, your Prestige will not participate in any RIP exchange with other routers.
Usually, you should leave this parameter at its default of Both and
let RIP propagate the routing information automatically.
8. RIP: Version - This parameter determines the format of the RIP packets used to exchange routing information. The choices are RIP­1, RIP-2B, and RIP-2M. The table below gives a brief description of your choices:
RIP-1: Accept and send RIP-1 messages only.
28 Installation
RIP-2B: accept RIP-1 and RIP-2 messages (both
broadcast and multicast), and send RIP-2 messages in broadcast format.
RIP-2M: accept RIP-1 and RIP-2 messages (both
broadcast and multicast), and send RIP-2 messages in multicast format.
The suggested choice for this field is RIP-2B. Select RIP-1 if your
Prestige is in an environment with other routers or workstations which have problems with RIP-2 broadcast packets. Select RIP­2M only if it is in a pure RIP-2 environment.
When you are finished, press ENTER at the message: Press ENTER to Confirm... to save your selections, or press ESC at any time to cancel them.
Novell IPX Ethernet Setup
Refer to the chapter on Novell IPX configuration.
Bridge Ethernet Setup
Refer to the chapter on Bridging configuration.
Installation 29
30 Installation
4 Configuring for Internet
Access
Menu 4 of the SMT allows you to configure Internet access on one screen. Before you configure your Prestige for Internet access, you need to collect the following information from your ISP (Internet Service Provider).
IP address of the ISP’s gateway (optional).
Login name (optional).
Password (optional).
For your Workstation:
Domain Name Server (DNS)
Figure 4-1 Internet Access
Configuring for Internet Access 31
IP Addresses and the Internet
Conventionally, the Internet (with a capital I) refers the large-scale interconnected networks across the world that was originally developed by the US Department of Defense. The Internet uses exclusively the TCP/IP suite of protocols. The term “internet” (lower case i), however, refers to any interconnected networks using any protocol. An internet can be as simple as two hosts on a LAN, or it can be as complex as the Internet itself.
Every machine on the Internet must have a unique address within that internet. If your networks are isolated from the Internet, e.g., only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
For this reason, it is recommended that you choose your network number from the above list.
You can obtain your IP address from the IANA, from an ISP, or assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
O NOTE: REGARDLESS OF YOUR PARTICULAR SITUATION, DO NOT CREATE AN
ARBITRARY IP ADDRESS; ALWAYS FOLLOW THE GUIDELINES ABOVE. FOR MORE INFORMATION ON ADDRESS ASSIGNMENT, REFER TO RFC 1597, ADDRESS
32 Configuring for Internet Access
ALLOCATION FOR PRIVATE INTERNETS AND RFC 1466, GUIDELINES FOR MANAGEMENT OF IP ADDRESS SPACE.
Once you have determined the IP address range for your local network, you may want to use DHCP (Dynamic Host Configuration Protocol) to assign addresses to individual hosts on the network, as an alternative to manually configuring each host’s IP settings. See the TCP/IP Ethernet Setup and DHCP section on page 26 for more information about DHCP.
Internet Access Configuration
The following steps describe the set-up procedure to configure your Prestige for Internet access. The information you will need to provide will be indicated in bold type.
Figure 4-2 Menu 4 - Internet Access Setup
1. From the Main Menu, enter 4 to go to Menu 4 - Internet Access Setup as seen above.
2. ISP’s Name - Enter the name of your Internet Service Provider, e.g., myisp. This information is for identification purposes only.
Configuring for Internet Access 33
3. ISP IP Addr - Enter the IP Address of the remote gateway at the ISP’s site. If you do not have this data, just leave it blank.
4. My Login Name - Enter the login name provided by your ISP.
5. My Password - Enter the password associated with the login name above. Note that this login name/password pair is only for your Prestige to connect to the ISP’s gateway. When you use TCP/IP applications, e.g., FTP, to access the Internet from your workstation, you will need a separate login name and password for each server.
6. Single User Account - See the following section for a more detailed discussion on the Single User Account feature. The default is No.
7. Press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections.
8. At this point, the SMT will ask if you wish to test the Internet connection. If you select Yes, your Prestige will call the ISP to test the Internet connection. If the test fails, note the error message that you receive and take the appropriate troubleshooting steps.
Single User Account
Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, they will have to subscribe to multiple IP addresses or a Class C subnetwork from the ISP. In either case, these two approaches will cost more than a single user account.
The Single User Account (SUA) feature allows customers to have the same benefits as having a Class C address, but still only pay for one IP address, thus saving significantly on subscription fees. (Check with your ISP before you enable this feature).
34 Configuring for Internet Access
This feature may also be used to connect to TCP/IP remote nodes other than Internet Service Providers. For example this feature can be used to simplify the allocation of IP addresses when connecting branch offices to the corporate network.
The IP address for the Single User Account can be either fixed or dynamically assigned by the ISP (or other remote node). In addition, you can also configure a server, e.g., a Web server, on your local network and make it accessible by outside users.
If you do not set a server IP address, SUA offers the additional benefit of firewall protection. This is because if no server is defined, all incoming inquiries will be filtered out by your Prestige even if you do have a server on your network. This can prevent intruders from probing your system.
Your Prestige accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
In summary:
SUA is an ideal, cost-effective solution for small offices with less than 20 hosts using a LAN to concurrently access the Internet or other remote TCP/IP network.
SUA can provide one server address to be accessed by Remote Dial -in Users, thus controlling the incoming packets.
SUA can provide firewall protection if you do not configure a server IP address. All incoming inquiries will be filtered out by your Prestige. Therefore, servers on your network are protected.
Configuring for Internet Access 35
UDP and TCP datagrams can be routed. In addition, ICMP echo can also be routed.
The figure below shows an example of a small office connected to the Internet via a Single User Account using your Prestige. Note that if you enable the Single User Account feature, your local IP address MUST be selected from the list of IP addresses for private networks as defined by the IANA.
Figure 4-3 A Single User Account Using the Prestige
Configuration for Single User Account
The steps for configuring your Prestige for Single User Internet Access are identical to conventional Internet access with the exception that you need to fill in three extra fields.
Follow steps 1-8 from the previous section, Internet Access Configuration .
1. Single User Account - Enter Yes to enable the Single User Account feature. Use the space bar to toggle between Yes and No.
2. Single User Account: IP Addr - If your ISP assigns you a dynamic IP address, enter 0.0.0.0 here. If your ISP assigns you a
36 Configuring for Internet Access
static IP address enter that IP address here. You have to use a static IP address if you are using a pair of Prestiges.
3. Single User Account: Server IP Addr - If you want to make a single server, e.g., a Web server, accessible to outside users, enter that server’s IP address here.
Press ENTER at the message: Press ENTER to Confirm ... to
confirm your selections or press ESC at any time to cancel your selections.
At this point, your Prestige will ask if you wish to test the Internet
connection. If you select Yes, the Prestige will call the ISP to test the Internet connection. If the test fails, note the error message that you receive and take the appropriate troubleshooting steps.
Configuring for Internet Access 37
38 Configuring for Internet Access
5 Remote Node Configuration
A Remote Node represents both a remote gateway and the internet behind it, across an IDSL connection. A Remote Node is required for connecting to the remote network directly. Note that when you use Menu 4 to configure the Internet, your Prestige will automatically add a Remote Node for you.
Even though you can configure up to four remote nodes, the first active remote node will be used to connect to the remote LAN. It is a good practice to keep only one active remote node for your Prestige.
In this chapter, we will discuss the parameters that are protocol independent. The protocol dependent configuration will be covered in subsequent chapters. For TCP/IP, see Chapter 6. For IPX, see Chapter 7. For bridging, see Chapter 8.
From the Main Menu, enter 11 to go to Menu 11 - Remote Node Setup. When in menu 11, enter the number of the Remote Nodes (1 to
4) that you wish to configure as shown below:
Remote Node Configuration 39
Figure 5-1 Menu 11 - Remote Node Setup
Enter the Remote Node number to edit and you will go to the next submenu: 11.1 - Remote Node Profile as shown below:
Figure 5-2 Menu 11.1 - Remote Node Profile
1. Rem Node Name - This is a required field. Enter a descriptive name for the Remote Node, e.g., SJHQ. This field can support up to eight characters. This name must be unique from any other Remote Node name or Remote Dial-in User name.
40 Remote Node Configuration
2. Active - Press the space bar to toggle between Yes and No. When a Remote Node is deactivated, it has no effect on the operation of your Prestige, even though it is still kept in the database and can be activated in the future. Deactivated nodes are displayed with a ­(minus sign) at the beginning of the name in Menu 11.
3. Incoming: Rem Node Login Name - Enter the login name that this Remote Node will use when it calls into your Prestige. The login name in this field combined with the Rem Node Password will be used to authenticate the incoming calls from this node.
4. Incoming: Rem Node Password - Enter the password used when this Remote Node calls into your Prestige.
5. Outgoing: My Login Name - This is a required field if Call Direction is either Both or Out. Enter the login name for your Prestige when it calls this Remote Node.
6. Outgoing: My Password - This is a required field if Call Direction is either Both or Out. Enter the password for your Prestige when it calls this Remote Node.
7. Outgoing: Authen - This field sets the authentication protocol used for outgoing calls.
Your Prestige supports two authentication protocols: PAP
(Password Authentication Protocol ) and CHAP (Challenge Handshake Authentication Protocol).
PAP sends the user name and password in plain text.
CHAP scrambles the password before it is sent over the wire.
Generally speaking, CHAP is more secure than PAP; however,
PAP is readily available on more platforms. The recommendation is to use CHAP whenever possible. Turning off the authentication is STRONGLY discouraged.
Options for this field are:
Remote Node Configuration 41
CHAP/PAP - Your Prestige will try CHAP when CHAP is
requested by the Remote Node or PAP when PAP is requested by the Remote Node.
CHAP - Use CHAP only.
PAP - Use PAP only.
8. Route - This field determines the protocols that your Prestige will route. The choices for this field are determined by the features that are enabled.
9. Bridge - Bridging is used for protocols that are not supported or not turned on in the previous Route field, e.g., SNA. When bridging is enabled, your Prestige will forward any packet that it does not recognize to this Remote Node; otherwise, the unrecognized packets are discarded. The disadvantage of bridging is that it usually generates large amounts of traffic. Press the space bar to select either Yes or No.
10. Edit PPP Options - To edit the PPP options for this Remote Node, move the cursor to this field, use the space bar to select Yes and press ENTER. This will bring you to Menu 11.2 - Remote Node PPP Options For more information on configuring PPP options, see the section Editing PPP Options.
11. IP Addr - This is a required field if Route is set to IP. Enter the IP address of this Remote Node.
12. Edit IP/IPX/Bridge Options - To edit the parameters of the protocols, go to this field, select Yes and press ENTER. This will bring you to Menu 11.3 - Remote Node Network Layer Options. For more information on filling out this screen, refer to the chapter pertaining to your specific protocol.
13. Session Option: Input Filter Sets and Output Filter Sets - In these fields, select which filter set(s) you would like to implement to filter the incoming and outgoing traffic between this Remote Node
42 Remote Node Configuration
and your Prestige. You can choose from 12 different filter sets. In addition, you can link up to 4 filter sets together for further customization (e.g., 1, 5, 9, 12). Note that spaces and , are accepted in this field.
For more information on customizing your filter sets, see Chapter 9.
The default is blank, i.e., no filters defined.
14. Session Option: Idle Timeout (sec) - This value specifies the number of idle seconds that elapses before sending a ppp-echo packet to verify whether the line is up.
Once you have completed filling in Menu 11.1 - Remote Node Profile, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections.
Editing PPP Options
Figure 5-3 Remote Node PPP Options
1. Encapsulation - Select CCP (Compression Control Protocol) for the PPP or MP link. There are two options in this field.
Standard PPP - Standard PPP options will be used.
CISCO PPP - Cisco PPP options will be used.
Remote Node Configuration 43
2. Compression - Turns on Stac Compression. The default for this field is Off.
Once you have completed Menu 11.2 - Remote Node PPP Options, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC to cancel your selections.
44 Remote Node Configuration
6 TCP/IP Configuration
This chapter shows you how to configure your Prestige for TCP/IP.
Depending on your particular applications, you will need to configure different menus. For instance, Internet access is the most common application of TCP/IP. For this application, you should configure Menu 4. We will illustrate the configuration for other applications in the following sections.
IP Subnet Mask
A subnet mask is a 32-bit quantity that, when logically ANDed with an IP address, yields the network number. For instance, the subnet masks for class A, B and C without subnetting are 255.0.0.0, 255.255.0.0 and 255.255.255.0, respectively.
To create more network numbers, you shift some bits from the host ID to the network ID. For instance, to partition a class C network number
192.68.135.0 into two, you shift 1 bit from the host ID to the network
ID. Thus the new subnet mask will be 255.255.255.128; the first subnet will have network number 192.68.135.0 with hosts
192.68.135.1 to 192.68.135.126 and the second subnet will have
network number 192.68.135.128 with hosts 192.68.135.129 to
192.68.135.254.
It is recommended that you use the same subnet mask for all physical networks that share an IP network number. The table below lists the additional subnet mask bits in dot decimal notations. To use to following table, write down the original subnet mask and substitute the higher order 0s with the dot decimal of the additional subnet bits. For instance,
TCP/IP Configuration 45
to partition your class C network 204.247.203.0 with subnet mask
255.255.255.0 into 16 subnets (4 bits), the new subnet mask becomes
255.255.255.240.
Number of Bits Dot Decimal
1 128 2 192 3 224 4 240 5 248 6 252 7 254 8 255
LAN-to-LAN Application
A typical LAN-to-LAN application is to use your Prestige to call from a branch office to the headquarters, as depicted in the following diagram.
For the branch office, you need to configure a Remote Node in order to dial out to the headquarters. Additionally, you may also need to
46 TCP/IP Configuration
Figure 6-1 LAN-to-LAN Application
configure Static Routes if some services reside beyond the immediate remote LAN.
Remote Node Setup
Follow the procedure in Chapter 5 to fill the protocol-independent
parameters in Menu 11, Remote Node Profile. For the protocol­dependent parameters, follow the instructions below.
1. Route - Make sure IP is among the protocols in the Route field.
2. IP Address - Enter the IP address of the gateway at the remote site (in this case, headquarters). If the remote router is using a different IP address than the one entered here, your Prestige will drop the call.
Edit IP/IPX/Bridge - Press the space bar to change it to Yes and press Enter to go to the Menu 11.3 - Remote Node Network Layer Options menu shown below:
Figure 6-2 Menu 11.3 - Remote Node Network Layer Options
1. Rem IP Address - This will show the IP address you entered for this Remote Node in the previous menu.
TCP/IP Configuration 47
2. Rem IP Subnet Mask - Enter the subnet mask for the remote network.
3. My WAN Addr - Some implementations, especially the UNIX derivatives, require hosts on both ends of the ISDN link to have separate addresses from the LAN, and that the addresses must have the same network number. If this is the case, enter the IP address assigned to the WAN port of your Prestige. Note that this is the address assigned to the local Prestige, not the remote router.
Figure 6-3 Sample IP Addresses
4. Single User Account - This field should be set to yes to enable the Single User Account (Network Address Translation) feature for this site. Use the space bar to toggle between yes and no.
5. Server IP address - If you are using the Single User Account feature and you want to make a server accessible on your LAN, e.g., a web server, accessible to outside users, enter that servers IP address here.
6. Metric - The metric represents the “cost” of transmission for routing purpose. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need
48 TCP/IP Configuration
not be precise, but it must be between 1 and 16. In practice, 2 or 3 is usually a good number.
7. Private - This parameter determines if your Prestige will include the route to this Remote Node in its RIP broadcasts. If set to yes, this route is kept private and not included in RIP broadcast. If no, the route to this Remote Node will be propagated to other hosts through RIP broadcasts.
8. RIP - This parameter determines how your Prestige handles RIP (Routing Information Protocol), and the default is Both. If set to Both, your Prestige will broadcast its routing table on the WAN, and incorporate RIP broadcasts by the other router into its routing table. If set to In Only, your Prestige will not broadcast its routing table on the WAN; if set to Out Only, your Prestige will broadcast its routing table but ignores any RIP broadcast packets that it receives. If set to None, your Prestige will not participate in any RIP exchange with other routers. Usually, you should leave this parameter at its default of Both and let RIP propagate the routing information automatically.
Once you have completed filling in the Network Layer Options Menu, press ENTER to return to Menu 11. Press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
Static Route Setup
On a directly connected internet, RIP usually handles the routing automatically. However, RIP cannot propagate across isolated networks, as in the case before a connection is made between the two subnetworks using one Class C IP address. Without a route, no packets can be forwarded to their destinations. A static route is used to resolve this problem by providing your Prestige with some static routing information. As a matter of fact, when you configure the Internet Access
TCP/IP Configuration 49
or a Remote Node, a static route is implicitly created by your Prestige. An example is given below. In the example, stations on the
204.5.1.0/24 subnetwork can access the remote stations using the static
route. The route will have a destination of 204.5.1.64/26 with the gateway address being that of the Remote Node (204.5.1.150).
Figure 6-4 Static Routing Example
Note that in normal circumstances, your Prestige will have adequate routing information after you configure the Internet access and Remote Nodes; you do not need to configure additional static routes. You will need to configure static routes only for unusual cases, e.g., subnetting. To create additional static routes for IP, use Menu 12, Static Route Setup as shown below:
50 TCP/IP Configuration
Figure 6-5 Menu 12 - Static Route Setup - Main Menu
Figure 6-6 IP Static Route Setup
1. Route Name - Enter a descriptive name for this route. This is for identification purpose only.
2. Active - This fields allows you to activate/deactivate this static route.
3. Destination IP Address - This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host,
TCP/IP Configuration 51
use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID.
4. IP Subnet Mask - Enter the subnet mask for this destination. Follow the discussion on IP subnet mask in this chapter.
5. Gateway IP Address - Enter the IP address of the gateway. The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your Prestige; over ISDN, the gateway must be the IP address of one of the Remote Nodes.
6. The Metric and the Private parameters have the same meaning as those in the Remote Node Setup.
Once you have completed filling in the menu, press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
52 TCP/IP Configuration
7 Novell IPX Configuration
This chapter shows you how to configure your Prestige for IPX.
Depending on your particular applications, you will need to configure different menus. We will illustrate the configuration for some applications in the following sections.
IPX Network Environment
Frame Type
The stations on an IPX network (both clients and servers) can run on four different frame types existing on one physical Ethernet cable. These frame types include 802.2, 802.3, Ethernet II (DIX), and SNAP.
Network Numbers
Whenever you are setting up an IPX routing environment, it is important to correctly configure the network numbers on the LAN. On any IPX network, there is an external network number that is, the number associated with the frame type on the Ethernet cable to which the stations on the network are joined. In addition to this external network number, each NetWare server has its own internal network number. It is important to remember that every network number has to be unique for that entire internetwork. So if a server station had an internal network number of 00000011, there is no other network number (internal or external) of 00000011 anywhere on the network.
There are two different scenarios in which you would connect your Prestige to a LAN: one with a server (server side), and one without a server (client side).
Novell IPX Configuration 53
Figure 7-1 Prestige Operating in IPX Environment
Prestige on LAN with Server
When your Prestige is being connected to a LAN with an existing
NetWare server station, you will not need to configure it as a seed router, and hence the network number parameter in the Ethernet Setup Menu. Rather, your Prestige will learn the network number of the network it is attached to through the regular RIP broadcasts sent by the server and add this route to its routing table.
Prestige on LAN without Server
If your Prestige is connected to a LAN without an existing
NetWare server station, then it needs to create a unique external network number to apply to that frame on the LAN. Your Prestige must then be configured as a Seed Router, and the network number can be configured in the Ethernet Setup Menu. The network number must be unique and not used anywhere else on the entire network.
54 Novell IPX Configuration
IPX Ethernet Setup
The first step is to set up your Prestige on the LAN. From menu 3,
select option 3 to go to Menu 3.3 - Novell IPX Ethernet Setup as seen below:
Figure 7-2 Menu 3.3 - Novell IPX Ethernet Setup
1. Seed Router - Determine if your Prestige is to act as a seed router. This value depends on the existing network. If there is a NetWare server providing the network number, select No. If there is no NetWare server providing the network number, select Yes.
2. Frame Type - For every frame type that your Prestige needs to support, you need to set the corresponding field to Yes. The frame type(s) selected here must be the same frame type(s) as the server or client stations on that network. Otherwise, the devices will not be able to communicate. You can select one or more of these four frame types:
802.2
802.3
Ethernet II
Novell IPX Configuration 55
SNAP
3. IPX Network # - If you selected your Prestige to act as a seed router, you need to provide a unique network number to be associated with the network that it has joined. Keep in mind that this number must not be used anywhere else on the network.
Once you have completed filling in the Menu 3.3, press ENTER the save message to save your selections, or press ESC at any time to cancel your selections.
LAN-to-LAN Application
A typical LAN-to-LAN application is to use your Prestige to call from a branch office to headquarters such that all of the stations on the branch office network have access to the server at the headquarters, as depicted in the following diagram:
For the branch office, you need to configure a Remote Node in order to dial out to headquarters.
56 Novell IPX Configuration
Figure 7-3 LAN-to-LAN application
Remote Node Setup
Follow the procedure in Chapter 5 to fill the protocol-independent parameters in Menu 11, Remote Node Profile. For the protocol­dependent parameters, follow the ensuing instructions.
1. Route - Make sure IPX is among the protocols in the Route field.
2. Edit IP/IPX/Bridge - Press the space bar to change it to Yes and press Enter to go to the network layer options menu.
Figure 7-4 Menu 14.1 - Edit Dial-in User
3. Rem LAN Net # - In this field, enter the internal network number of the NetWare server on the remote side LAN. Your Prestige will create a route to access this server.
4. My WAN Net # - In this field, you can enter the WAN network number of the device that you are connecting to. This number will be used for negotiation between your Prestige and the remote device. If you leave this field as 00000000, your Prestige will select the greater WAN network number between the two devices.
5. Hop Count - This field indicates the number of intermediate networks that must be passed through to reach the Remote Node. The default is one (1).
Novell IPX Configuration 57
6. Tick Count - This field indicates the time-ticks required to reach the Remote Node. The default is two (2).
7. W/D Spoofing (min) - This field is used for your Prestige on the server side LAN. Your Prestige can spoof a response to a server’s Watch Dog request after an expected drop of connection. In this field, enter in the time (number of minutes) that you want your Prestige to spoof the Watch Dog response.
8. SAP/RIP Timeout (min) - This field indicates the amount of time that you want your Prestige to maintain the SAP and RIP entries learned from this Remote Node in its internal tables after the connection has been dropped. If this information is retained, then your Prestige will not have to get the SAP information when the line is brought back up. Enter the desired time (in minutes) in this field.
Once you have completed filling in the Network Layer Options Menu, press ENTER to return to Menu 11.1. Press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
Static Route Setup
If your LAN-to-LAN application has NetWare servers on both sides of the link, then all NetWare client stations will have access to a server on their LAN as shown below:
58 Novell IPX Configuration
Figure 7-5 NetWare Servers on Both Sides of the Link
This may present a problem if you desire your client station to access a server at a remote site. For example, in the above diagram, suppose that a client station on the network on the left wishes to access the NetWare server on the right (internal network number = 111). However, the SAP broadcasts will receive a response from the server on the left (internal network number = 444). A static route is used to resolve this problem by providing your Prestige with some static routing information to access the remote server.
From Menu 12, select one of the four possible IPX Static Routes as shown below:
Novell IPX Configuration 59
Figure 7-6 Menu 12.2 - Edit IPX Static Route
1. Server Name - In this field, enter in the name that has been configured for the server. This name must be the exact name configured in the NetWare server.
2. Network # - This field contains the internal network number of the remote server which you wish to access. Do not use 00000000 or FFFFFFFF for this field.
3. Node # - This field contains the address of the node on which the server resides. If you are using a Novell IPX implementation, this value is 000000000001.
4. Socket # - This field contains the socket number on which the server will receive service requests. The default for this field is hex
0451.
5. Type # - This field identifies the type of service the server provides. The default for this field is hex 0004.
6. Gateway Node - In this field, enter the number (1-4) of the Remote Node that is linked to this static route. That is, the Remote Node that you wish to route the packet to.
60 Novell IPX Configuration
The Hop Count and Tick Count fields have the same meaning as those in the Remote Node Setup.
Once you have completed filling in the menu, press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
Novell IPX Configuration 61
62 Novell IPX Configuration
8 Bridging Configuration
This chapter shows you how to configure the Bridging options for your Prestige. Depending on your particular applications, you will need to configure different menus. We will illustrate the configuration for some applications in the following sections.
Bridge Ethernet Setup
Bridging is used to forward packets of unsupported protocols whose destination is not on the local Ethernet to the WAN.
LAN-to-LAN Application
A typical LAN-to-LAN application is to use your Prestige to call from one office to another office such that stations on one network have access to stations on the remote side and vice versa. You will need to configure a Remote Node in order to dial out to another office.
Remote Node Setup
Follow the procedure in Chapter 5 to fill the protocol-independent parameters in Menu 11, Remote Node Profile. For the protocol­dependent parameters, follow the ensuing instructions:
1. Bridge - Make sure this field is set to Yes.
2. Edit IP/IPX/Bridge - Press the space bar to change it to Yes and press Enter to go to the network layer options menu as seen below:
Bridging Configuration 63
Figure 8-7 Remote Node Bridging Configuration
3. Ethernet Addr Timeout (min) - In this field, enter the time (number of minutes) that you wish your Prestige to retain the Ethernet Addr information in its internal tables while the line is down. If this information is retained, then your Prestige will not have to re-negotiate the protocol and recompile the tables when the line is brought back up.
Once you have completed filling in the Network Layer Options Menu, press ENTER to return to Menu 11. Press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
Bridge Static Route Setup
You can configure Bridge static routes for your Bridging applications.
64 Bridging Configuration
Figure 8-8 Menu 12.4 - Bridge Static Route
1. Route Name - For identification purposes enter a name for the bridge static route.
2. Active - Indicates whether the static route is active or not.
3. Ether Address -Enter the MAC address of the destination device that you wish to bridge your packets to.
4. IP Address - If available, enter the IP address of the destination device that you wish to bridge your packets to.
5. Gateway Node - Enter the number (1-4) of the Remote Node that is linked to this static route. When an incoming packet’s destination Ether (MAC) address matches the value entered above, then it will trigger a call to this Remote Node.
Once you have completed filling in the menu, press ENTER at the message: Press ENTER to Confirm ... to save your selections, or press ESC at any time to cancel your selections.
Bridging Configuration 65
66 Bridging Configuration
9 Filter Configuration
About Filtering
Your Prestige uses filters to decide whether or not to allow passage of a data packet and/or to make a call over the ISDN line. There are two types of filters involved: incoming data filters and outgoing data filters. Data filters screen the data to determine if the packet should be allowed to pass.
Figure 9-1 Outgoing packet filtering Process
For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether a match is made. Your Prestige allows you to customize the filter sets that you wish to use. The following sections describe how to configure your Prestige filter sets.
Filter Configuration 67
Prestige’s Filter Structure
You can configure up to twelve filter sets with six rules in each set. Therefore, your Prestige allows you to customize up to 72 filter rules (12 x 6).
When implementing these filter sets, you can link up to four of the filter sets together to screen the data packet. Therefore, with each filter set having up to six rules, you can have a maximum of 24 rules active for a single filtering application.
Configuring a Filter Set
In order to distinguish between the 12 filter sets, each filter set should have a name or some comments. You can edit these comments in the following way.
1. From the Main Menu, select option 21. Filter Set Configuration. This will bring you to Menu 21 - Filter Set Configuration.
2. From this menu, you can choose from among the twelve filter sets. Select the filter set you wish to configure (1-12).
This will bring you to the Edit Comments field. Whatever the comments are for that filter set will be displayed in this field. You can edit the comments you wish to use to identify that filter set.
Once you have completed filling in the Edit Comments field, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections. The new information will now be displayed in the read-only section of Menu 21 ­Filter Set Configuration as shown below:
68 Filter Configuration
Figure 9-2 Menu 21 - Filter Set Configuration
Once you press ENTER, you will be taken to Menu - 21.1 - Filter Rules Summary as seen below. The information displayed in this menu is read-only. From here, you can examine the parameters of each rule that you have configured for that set. The following is a brief description of the abbreviations used in this menu.
# - Refers to the filter rule number (1-6).
A - Refers to Active. Y means the filter rule is active and N means
the filter rule is inactive.
Type - Refers to the type of filter rule. This can display GEN for generic, IP for TCP/IP, or IPX for Novell IPX.
Filter Rules - The filter rule parameters will be displayed here (see below).
M - Refers to More. Y means there are more rules to check, N means there aren’t.
Filter Configuration 69
m - Refers to Action Matched. F means to forward the packet, D means to drop the packet, and N means check the next rule.
n - Refers to Action Not Matched. F means to forward the packet, D means to drop the packet, and N means check the next rule.
Figure 9-3 Menu 21.1 - Filter Rules Summary
If the filter type is IP (TCP/IP), the following abbreviations will be used:
Pr - Protocol.
SA - Source Address.
SP - Source Port number.
DA - Destination Address.
DP - Destination Port number.
If the filter type is GEN (generic), the following abbreviations will be used:
Off - Offset.
Len - Length.
If the filter type is IPX (Novell IPX), the following abbreviations will be used:
70 Filter Configuration
PT - IPX Packet Type.
SS - Source Socket.
DS - Destination Socket.
For more information on configuring the filter rule parameters, refer to the next section.
To configure a specific filter rule, simply select the number of the filter rule (1-6) you wish to configure and press ENTER. This will take you to Menu 21.1.1 - TCP/IP Filter Rule (next section).
Configuring a Filter Rule
There are four types of filter rules that you can configure. Some of the parameters will differ depending on the type of rule. When you first enter the filter rule menu, you will be presented with Menu 21.1.1 ­TCP/IP Filter Rule. If you wish to configure another type of filter rule, you need to select the appropriate type (by pressing the SPACE bar) under the Filter Type field and press ENTER. This will bring you to the corresponding menu.
TCP/IP Filter Rule
This section will show you how to configure a TCP/IP filter rule for your Prestige. The fields in the menu are indicated in bold type.
Filter Configuration 71
Figure 9-4 Menu 21.1.1 - TCP/IP Filter Rule
1. Active - In this field, you can make the filter rule active or inactive. There are two options:
Yes.
No.
2. IP Protocol - Protocol refers to the IP specific number of the protocol. The range for this value should be between 0 and 255. For example, 6 refers to the TCP protocol.
3. IP Source Route - Determine, Yes or No, to check the source route.
4. Destination: IP Addr - In this field, enter the destination IP Address of the packet you wish to filter. The address is usually written in dotted decimal notation such as a.b.c.d where a, b, c, and d are numbers between 0 and 255.
5. Destination: IP Mask - In this field, enter the IP mask that will be used to mask the bits of the IP Address given in Destination: IP Addr.
72 Filter Configuration
6. Destination: Port # - Enter the destination port of the packets that you wish to filter. The range of this field is 0 to 65535.
7. Destination: Port # Comp - In this field, you can select what comparison quantifier you wish to enable to compare to the value given in Destination: Port #. There are five options for this field:
None.
Less.
Greater.
Equal.
Not Equal.
8. Source: IP Addr - In this field, enter the source IP Address of the packet you wish to filter. The address is usually written in dotted decimal notation such as a.b.c.d where a, b, c, and d are numbers between 0 and 255.
9. Source: IP Mask - In this field, enter the IP mask that will be used to mask the bits of the IP Address given in Source: IP Addr.
10. Source: Port # - Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535.
11. Source: Port # Comp - In this field, you can select what comparison quantifier you wish to use to compare to the value given in Source: Port #. There are five options for this field:
None.
Less.
Greater.
Equal.
Not Equal.
12. TCP Estab - This field is dependent upon the IP Protocol field. This field will be inactive (N/A) unless the value in that field is 6
Filter Configuration 73
(TCP protocol). In this field you determine what type of TCP packets to filter. There are two options:
Yes - filter matches only established TCP connections.
No - filter matches both initial and established TCP
connections.
13. More - In this field, you can determine if you want to pass the packet through the next filter rule before any action is taken. There are two options for this field:
Yes.
No.
If More is Yes, then Action Matched and Action Not Matched will
be N/A.
14. Log - In this field, you can determine if you wish to log the results of packets attempting to pass the filter rule. These results will be displayed on the System Log (see Chapter 13). There are 4 options for this field:
None - No packets will be logged.
Action Matched - Only packets that match the rule parameters
will be logged.
Action Not Matched - Only packets that do not match the rule
parameters will be logged.
Both - All packets will be logged.
15. Action Matched - If the conditions for the filter rule are met, you can specify what to do with the packet. There are three options for this field:
Check Next Rule.
Forward.
Drop.
74 Filter Configuration
16. Action Not Matched - If the conditions for the filter rule are not met, you can specify what to do with the packet. There are three options for this field:
Check Next Rule.
Forward.
Drop.
Once you have completed filling in Menu 21.1.1 - TCP/IP Filter Rule, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
Generic Filter Rule
This section will show you how to configure the protocol -independent parameters for a Generic filter rule for your Prestige. For information on the protocol-dependent fields, refer to the previous section, TCP/IP Filter Rule and the following section, Novell IPX Filter Rule. The fields in the menu are indicated in bold type.
Figure 9-5 Menu 21.1.1 - Generic Filter Rule
Filter Configuration 75
1. Offset - Offset refers to the value of the byte that you want to use as your starting offset. That is, in the data packet, at what point do you want to begin the comparison. The range for this field is from 0 to 255. Default = 0
2. Length - This field refers to the length (in bytes) of the data in the packet that your Prestige should use for comparison and masking. The starting point of this data is determined by Offset. The range for this field is 0 to 8. Default = 0
3. Mask - In this field, specify (in Hexadecimal) the value that your Prestige should logically qualify [and] the data in the packet. Since Length is given in bytes, you need to enter in twice the length hexadecimal numbers for this field. For example, if Length were 4, then a valid Mask must have 8 hexadecimal numbers, like 1155ABF8.
4. Value - In this field, specify (in Hexadecimal) the value that your Prestige should use to compare with the masked packet. The value should align with Offset. Since Length is given in bytes, you need to enter in twice the length hexadecimal numbers for this field. For example, if Length were 4, then a valid Value must have 8 hexadecimal numbers, like 1155ABF8. If the result from the masked packet matches Value, then the packet is considered matched.
Once you have completed filling in Menu 21.1.1 - Generic Filter Rule, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
76 Filter Configuration
Novell IPX Filter Rule
This section will show you how to configure the protocol-dependent param eters for an IPX filter. The fields in the menu are displayed in
bold type.
Figure 9-6 Menu 21.1.3 - IPX Filter Rule
1. IPX Packet Type - Enter the IPX packet type value of the packet you wish to filter. This value should be two hex-bytes.
2. Destination/Source Network # - Enter the four hex-byte destination/source network numbers of the packet that you wish to filter.
3. Destination/Source Node # - Enter in the six hex-byte value for the destination/source node number of the packet you wish to filter.
4. Destination/Source Socket # - Enter the destination/source socket number of the packets that you wish to filter. This should be a 4-byte hex value.
5. Destination/Source Socket # Comp - You can select what comparison quantifier you wish to use to compare to the value given in Destination Socket # and Source Socket #.
Filter Configuration 77
6. Operation - This field is only active if one of the Socket # fields is 0452 or 0453 indicating SAP and RIP packets. There are seven options for this field which determines the operation for the IPX packet.
None.
RIP Request.
RIP Response.
SAP Request.
SAP Response.
SAP Get Nearest Server Request.
SAP Get Nearest Server Response.
Once you have completed filling in Menu 21.1.3 - IPX Filter Rule, press ENTER at the message: Press ENTER to Confirm ... to confirm your selections, or press ESC at any time to cancel your selections. This data will now be displayed on Menu 21.1 - Filter Rules Summary.
78 Filter Configuration
10 SNMP
About SNMP
The Simple Network Management Protocol (SNMP) is a protocol governing network management and the monitoring of network devices and their functions. The Prestige 128L supports the utilization of SNMP to regulate the communication that occurs between the manager station and the agent stations in a network. Basically, your Prestige, when connected to the LAN, acts as an agent station. In this way, the manager station on your LAN can monitor your Prestige as it would another station on the network. Keep in mind that SNMP is only available if TCP/IP is configured.
Configuring Your Prestige For SNMP Support
The following steps describe a simple setup procedure for configuring SNMP management.
SNMP 79
Figure 10-1 Menu 22 - SNMP Configuration
1. From the Main Menu, select option 22. SNMP Configuration. This will bring you to Menu 22 - SNMP Configuration.
2. You will then be prompted to enter the following information. Steps 3 -7 will describe the specific parameters involved in the configuration. The parameters you will have to fill in will be indicated in bold type.
3. Get Community - From this field, you can determine what the Get Community is for your Prestige. The value entered into this field will be used to authenticate the community field for the incoming Get­and GetNext- requests from the management station. The default is public.
4. Set Community - In this field, enter the Set Community for your Prestige. The value entered in this field will be used to authenticate the community field for the incoming Set- requests from the management station. The default is public.
5. Trusted Host - Enter the IP address of the trusted host SNMP management station. If this field is configured, then your Prestige will only respond to SNMP messages coming from this address. If you
80 SNMP
leave the field blank (default), then your Prestige will respond to all SNMP messages it receives, regardless of origin.
6. Trap: Community - In this field, enter the community name that is sent with each trap to the SNMP manager. This should be treated like a password and match what the SNMP manager is expecting. The default is public.
7. Trap: Destination - This field contains the IP address of the station that you wish to send your SNMP traps.
Once you have completed filling in Menu 22 - SNMP Configuration, press ENTER to confirm your selections or press ESC to cancel your selections.
If you are unsure how to configure the fields for the SNMP configuration, consult your network administrator.
SNMP 81
82 SNMP
11 System Security
The Prestige 128L incorporates a number of security measures to prevent unauthorized access to your network. For example, your Prestige supports both PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol) in authenticating a Remote Node.
In addition, your Prestige also implements a user password to get into the SMT screen. You will have three attempts to enter the correct system password. If all three attempts fail, the SMT will log out. In addition, your Prestige will only support one user in the SMT at one time.
Configuring the SMT Password
Figure 11-2 Menu 23.1 - System Security - Change Password
System Security 83
The following steps describe a simple setup procedure for configuring the SMT password.
1. From the Main Menu, select option 23. System Security. This will bring you to Menu 23 - System Security.
2. From this menu, you can select option 1. Change Password. This will bring you to Menu 23.1 - System Security - Change Password.
3. Type in your previous system password and press ENTER.
4. Type in your new system password and press ENTER.
5. Re-type your new system password for confirmation purposes and press ENTER.
You will now need to enter in this password when you try to get into the SMT. In addition, this password will also be used when a network administrator attempts to telnet to your Prestige.
84 System Security
12 Telnet Configuration and
Capabilities
About Telnet Configuration
When you first configure your Prestige, it must be done via a computer connected to the RS-232 port. However, once your Prestige has been initially configured, you can use telnet to configure the device remotely as shown below:
Figure 12-1 Telnet Configuration on a TCP/IP Network
In order to configure your Prestige in this way, you need to have assigned an IP Address to your device and have connected it to your network. See Chapter 3 for more information on assigning an IP Address. Once this is configured, any station on the LAN or remote network that has TCP/IP installed can use telnet remote
Telnet Configuration and Capabilities 85
management. If your Prestige is configured for IPX routing but not IP in menu 1, telnet will still be available provided you assign your Prestige an IP address.
Telnet Capabilities
Single Administrator
To prevent confusion and discrepancy on the configuration, your Prestige will only allow one terminal connection at any time. Your Prestige also gives priority to the RS-232 connection over telnet. If you have already connected to your Prestige via telnet, you will be logged out if another user is connecting to your Prestige via the RS-232 cable. Only after the other administrator has been disconnected will you be able to telnet to your Prestige again.
System Timeout
When you are connected to your Prestige via telnet, there is a system timeout of 5 minutes (300 seconds). If you are not configuring the device and leave it inactive for this timeout period, then your Prestige will be disconnected automatically.
86 Telnet Configuration and Capabilities
13 System Maintenance
The Prestige 128L provides a full range of diagnostic tools to help you monitor and maintain your system. Some of these tools provide updates on system status, ISDN B channel status, log and trace capabilities and upgrades to system software.
System Status
System Status can be used to monitor your Prestige. Specifically, it will give you information on the status of your system software version, ISDN telephone line, number of packets sent and number of packets received.
Figure 13-1 Menu 24 - System Maintenance
System Maintenance 87
Figure 13-2 Example of Menu 24.1 - System Maintenance -
Status
1. To get to the System Status, select option 24. System Maintenance. This will bring you to Menu 24 - System Maintenance.
2. From this menu, select option 1. System Status.
3. There are two (2) possible commands in Menu 24.1. 3 will reset the counters; and ESC will exit this screen.
4. Items 5 - 22 describes the fields present in Menu 24.1 - System Maintenance - Status. It should be noted that these fields are READ-ONLY and are meant to be used for diagnostic purposes.
5. CHAN - shows statistics for logical channel.
6. Link - shows the Remote Node the channel is currently connected to or the status of the channel (Idle, Calling, or Answering).
7. Type - the current connecting speed (56K or 64K).
8. TXPkt - the number of transmitted packets on this channel.
9. RXPkt - the number of received packets on this channel.
10. Error - the number of error packets on this channel.
88 System Maintenance
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use