GENERAL APPLICATION NOTES .......................................................................................................................................................... 8
INTERNET CONNECTION ................................................................................................................................................................... 8
Setup the Prestige as a DHCP Relay .................................................................................................................................... 12
Configure an Internal Server Behind SUA ........................................................................................................................... 14
Configure a PPTP server Behind SUA .................................................................................................................................. 16
Using NAT / Multi-NAT ........................................................................................................................................................ 20
About Filter & Filter Examples ............................................................................................................................................ 41
Using the Dynamic DNS (DDNS) ......................................................................................................................................... 64
Network Management Using SNMP................................................................................................................................... 66
Using syslog ........................................................................................................................................................................ 72
Using IP Alias ...................................................................................................................................................................... 76
Using Call Scheduling .......................................................................................................................................................... 78
Using IP Multicast ............................................................................................................................................................... 83
Using Prestige traffic redirect ............................................................................................................................................. 85
Using Universal Plug n Play (UPnP) .................................................................................................................................... 87
Site Survey ........................................................................................................................................................................ 121
Relay to PSTN ................................................................................................................................................................... 126
How to connect Lifeline and DSL connection .................................................................................................................... 126
Relay to ISDN .................................................................................................................................................................... 129
How to connect Lifeline and DSL connection .................................................................................................................... 129
Peer to Peer call ................................................................................................................................................................ 135
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
3
Phone port settings .......................................................................................................................................................... 138
Call Hold setup .................................................................................................................................................................. 151
Three Way Conference setup ............................................................................................................................................ 154
Call Transfer setup ............................................................................................................................................................ 155
Do Not Disturb (DND) ....................................................................................................................................................... 163
Hot Line (Auto Dial) .......................................................................................................................................................... 164
Music on hold ................................................................................................................................................................... 165
Caller ID enable/disable.................................................................................................................................................... 167
Country Code .................................................................................................................................................................... 167
What is ZyNOS? ................................................................................................................................................................ 179
How do I access the embedded web configurator? .......................................................................................................... 180
What is the default LAN IP address and Password? Moreover, how do I change it? ....................................................... 180
How do I upload the ZyNOS firmware code via embeded web configurator? .................................................................. 180
How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN? .................................................. 180
How do I upload or backup ROMFILE via web configurator? ........................................................................................... 181
How do I backup/restore configurations by using FTP client program via LAN? .............................................................. 181
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
4
Why can't I make Telnet to Prestige from WAN? ............................................................................................................. 181
What should I do if I forget the system password? .......................................................................................................... 182
What is SUA? When should I use SUA? ............................................................................................................................ 182
What is the difference between NAT and SUA? ............................................................................................................... 182
How many network users can the SUA/NAT support? ..................................................................................................... 183
What are Device filters and Protocol filters? .................................................................................................................... 183
Why can't I configure device filters or protocol filters? .................................................................................................... 183
What is the Prestige Integrated Access Device? ............................................................................................................... 183
Will the Prestige work with my Internet connection? ...................................................................................................... 184
What do I need to use the Prestige? ................................................................................................................................. 184
What is PPPoE? ................................................................................................................................................................. 184
Does the Prestige support PPPoE? .................................................................................................................................... 184
How do I know I am using PPPoE? .................................................................................................................................... 184
Why does my provider use PPPoE? ................................................................................................................................... 185
Which Internet Applications can I use with the Prestige? ................................................................................................. 185
How can I configure the Prestige? .................................................................................................................................... 185
What network interface does the Prestige support? ........................................................................................................ 185
What can we do with Prestige? ........................................................................................................................................ 185
Does Prestige support dynamic IP addressing? ................................................................................................................ 185
What is the difference between the internal IP and the real IP from my ISP? .................................................................. 185
How does e-mail work through the Prestige? .................................................................................................................. 186
Is it possible to access a server running behind SUA from the outside Internet? If possible, how? .................................. 186
What DHCP capability does the Prestige support? ........................................................................................................... 186
How do I used the reset button, more over what field of parameter will be reset by reset button? ................................ 186
What network interface does the new Prestige series support? ...................................................................................... 187
How does the Prestige support TFTP? .............................................................................................................................. 187
Can the Prestige support TFTP over WAN? ....................................................................................................................... 187
How fast can the data go? ................................................................................................................................................ 187
What is Multi-NAT? .......................................................................................................................................................... 188
When do I need Multi-NAT? .............................................................................................................................................. 188
What IP/Port mapping does Multi-NAT support? ............................................................................................................. 189
What is the difference between SUA and Multi-NAT? ...................................................................................................... 190
What is BOOTP/DHCP? ..................................................................................................................................................... 190
What is DDNS? ................................................................................................................................................................. 190
When do I need DDNS service? ......................................................................................................................................... 191
What DDNS servers does the Prestige support? ............................................................................................................... 191
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
5
What is DDNS wildcard? ................................................................................................................................................... 191
Does the Prestige support DDNS wildcard? ...................................................................................................................... 191
Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige? .................................................. 191
How do I setup my Prestige for routing IPsec packets over SUA? ..................................................................................... 192
What is P2602 and what is the difference between P2602HW and P2602HWNLI? ......................................................... 192
What does Lifeline mean? ................................................................................................................................................ 192
Do I need Lifeline? ............................................................................................................................................................ 192
Can I connect more than one phone on the phone port? ................................................................................................. 192
Can I receive incoming PSTN call through P2602HWNLI- D7A? ....................................................................................... 192
Can I make an outgoing PSTN call through P2602HWNLI – D7A? .................................................................................... 193
What is Voice over IP? ...................................................................................................................................................... 193
How does Voice over IP work? .......................................................................................................................................... 193
Why use VoIP? .................................................................................................................................................................. 193
What is the relationship between codec and VoIP? ......................................................................................................... 193
What advantage does Voice over IP can provide? ........................................................................................................... 194
What is the difference between H.323 and SIP? .............................................................................................................. 194
Can H.323 and SIP interoperate with one another? ......................................................................................................... 194
What is voice quality? ...................................................................................................................................................... 194
How are voice quality normally rated?............................................................................................................................. 194
What is codec? ................................................................................................................................................................. 194
What is the relation of codec and VoIP? .......................................................................................................................... 195
What codec does Prestige support? ................................................................................................................................. 195
Which codec should I choose? .......................................................................................................................................... 195
What do I need in order to use SIP? ................................................................................................................................. 195
Unable to register with the SIP server? ............................................................................................................................ 196
I can register but can not establish a call? ....................................................................................................................... 196
I can make a call but the voice only goes one way not bothway? .................................................................................... 196
I can receive a call but the voice only goes one way not bothway? ................................................................................. 196
If all the about have been tried, but register still fail what should I do? .......................................................................... 196
I suspect there is a hardware problem with my Prestige what should I do? .................................................................... 197
What is a network firewall? ............................................................................................................................................. 197
What makes Prestige firewall secure? ............................................................................................................................. 197
What are the basic types of firewalls? ............................................................................................................................. 197
What kind of firewall is the Prestige? ............................................................................................................................... 198
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
6
Why do you need a firewall when your router has packet filtering and NAT built-in? ..................................................... 198
What is Denials of Service (DoS)attack? ........................................................................................................................... 199
What is Ping of Death attack? .......................................................................................................................................... 199
What is Teardrop attack? ................................................................................................................................................. 199
What is SYN Flood attack? ................................................................................................................................................ 199
What is LAND attack? ....................................................................................................................................................... 200
What is Brute-force attack? ............................................................................................................................................. 200
What is IP Spoofing attack?.............................................................................................................................................. 200
What are the default ACL firewall rules in Prestige? ........................................................................................................ 200
How can I protect against IP spoofing attacks? ............................................................................................................... 201
What is VPN? .................................................................................................................................................................... 202
Why do I need VPN? ......................................................................................................................................................... 202
What are most common VPN protocols? ......................................................................................................................... 203
What is PPTP? ................................................................................................................................................................... 203
What is L2TP? ................................................................................................................................................................... 203
What is IPSec? .................................................................................................................................................................. 203
What secure protocols does IPSec support? ..................................................................................................................... 204
What are the differences between 'Transport mode' and 'Tunnel mode? ........................................................................ 204
What is SA? ....................................................................................................................................................................... 204
What is IKE? ...................................................................................................................................................................... 204
What is Pre-Shared Key? ................................................................................................................................................... 205
What are the differences between IKE and manual key VPN? ......................................................................................... 205
What is Phase 1 ID for? .................................................................................................................................................... 205
What are Local ID and Peer ID? ........................................................................................................................................ 205
When should I use FQDN? ................................................................................................................................................ 206
Is my Prestige ready for IPSec VPN? ................................................................................................................................. 206
How do I configure Prestige VPN? .................................................................................................................................... 206
How many VPN connections does Prestige support? ....................................................................................................... 206
What VPN protocols are supported by Prestige? .............................................................................................................. 207
What types of encryption does Prestige VPN support? .................................................................................................... 207
What types of authentication does Prestige VPN support? .............................................................................................. 207
I am planning my Prestige-to-Prestige VPN configuration. What do I need to know? ..................................................... 207
Does Prestige support dynamic secure gateway IP? ........................................................................................................ 208
What VPN gateway that has been tested with Prestige successfully? .............................................................................. 208
What VPN software that has been tested with Prestige successfully? ............................................................................. 208
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
7
Will ZyXEL support Secure Remote Management? .......................................................................................................... 209
Does Prestige VPN support NetBIOS broadcast? .............................................................................................................. 209
Is the host behind NAT allowed to use IPSec? ................................................................................................................... 209
Why does VPN throughput decrease when staying in SMT menu 24.1? .......................................................................... 209
Where can I configure Phase 1 ID in Prestige? ................................................................................................................. 209
If I have NAT router between two VPN gateways, and I would like to use IP type as Phase 1 ID, what should I know? .. 210
How can I keep a tunnel alive? ......................................................................................................................................... 211
Single, Range, Subnet, which types of IP address do Prestige 10/10II/10W/50/100 support in VPN/IPSec? .................... 211
Can Prestige support IPSec passthrough? ........................................................................................................................ 211
Can Prestige behave as a NAT router supporting IPSec passthrough and an IPSec gateway simultaneously? ................ 212
What is a Wireless LAN ? .................................................................................................................................................. 212
What are the advantages of Wireless LANs ? .................................................................................................................. 212
What are the disadvantages of Wireless LANs ? .............................................................................................................. 213
Where can you find wireless 802.11 networks ? .............................................................................................................. 213
What is an Access Point ? ................................................................................................................................................. 213
What is IEEE 802.11 ? ....................................................................................................................................................... 213
What is 802.11b ? ............................................................................................................................................................. 214
How fast is 802.11b ? ....................................................................................................................................................... 214
What is 802.11a ? ............................................................................................................................................................. 214
What is 802.11g ? ............................................................................................................................................................. 214
Is it possible to use products from a variety of vendors ? ................................................................................................. 214
What is Wi-Fi ? ................................................................................................................................................................. 215
What types of devices use the 2.4GHz Band ? .................................................................................................................. 215
Does the 802.11 interfere with Bluetooth devices ? ......................................................................................................... 215
Can radio signals pass through walls ? ............................................................................................................................. 215
What are potential factors that may causes interference among WLAN products ? ....................................................... 215
What's the difference between a WLAN and a WWAN ? ................................................................................................. 216
What is Ad Hoc mode ? .................................................................................................................................................... 216
What is Infrastructure mode ? .......................................................................................................................................... 216
How many Access Points are required in a given area ? .................................................................................................. 216
What is Direct-Sequence Spread Spectrum Technology – (DSSS) ? .................................................................................. 216
What is Frequency-hopping Spread Spectrum Technology – (FHSS) ? ............................................................................. 217
Do I need the same kind of antenna on both sides of a link ? .......................................................................................... 217
Why the 2.4 Ghz Frequency range ? ................................................................................................................................. 217
What is Server Set ID (SSID) ? ........................................................................................................................................... 217
What is an ESSID ? ............................................................................................................................................................ 217
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
8
How do I secure the data across an Access Point's radio link ? ........................................................................................ 218
What is WEP ? .................................................................................................................................................................. 218
What is the difference between 40-bit and 64-bit WEP ? ............................................................................................. 218
What is a WEP key ? ......................................................................................................................................................... 218
A WEP key is a user defined string of characters used to encrypt and decrypt data ? ..................................................... 218
Can the SSID be encrypted ? ............................................................................................................................................. 218
By turning off the broadcast of SSID, can someone still sniff the SSID ? .......................................................................... 219
What are Insertion Attacks? ............................................................................................................................................. 219
What is Wireless Sniffer? .................................................................................................................................................. 219
What is the difference between Open System and Shared Key of Authentication Type ? ................................................ 219
What is 802.1x ? ............................................................................................................................................................... 219
What is the difference between No authentication required, No access allowed and Authentication required ? ........... 220
What is AAA ? ................................................................................................................................................................... 220
What is RADIUS ? .............................................................................................................................................................. 220
What is WPA ? .................................................................................................................................................................. 220
What is WPA-PSK? ............................................................................................................................................................ 221
CLI COMMAND LIST ............................................................................................................................................................246
Application Notes
General Application Notes
Internet Connection
A typical Internet access application of the Prestige is shown below. For a small office, there are some
components needs to be checked before accessing the Internet.
Before you begin
Setting up the Windows
Setting up the Prestige router
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
9
Troubleshooting
Before you begin
The Prestige is shipped with the following factory default:
2. DHCP server enabled with IP pool starting from 192.168.1.33
3. Default SMT menu password = 1234
Setting up the PC (Windows OS)
1. Ethernet connection
All PCs must have an Ethernet adapter card installed.
If you only have one PC, connect the PC's Ethernet adapter to the Prestige's LAN port with a
crossover (red one) Ethernet cable.
If you have more than one PC, both the PC's Ethernet adapters and the Prestige's LAN port must
be connected to an external hub with straight Ethernet cable.
2. TCP/IP Installation
You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already
installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:
In the Control Panel/Network window, click Add button.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
10
In the Select Network Component Type windows, select Protocol and click Add.
In the Select Network Protocol windows, select Microsoft from the manufacturers, then select
TCP/IP from the Network Protocols and click OK.
3. TCP/IP Configuration
Follow these steps to configure Windows TCP/IP:
In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties
button.
In the TCP/IP Properties window, select obtain an IP address automatically.
Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access
the Internet.
Click the WINS configuration tab and select Disable WINS Resolution.
Click the Gateway tab. Highlight any installed gateways and click the Remove button until there
are none listed.
Click the DNS Configuration tab and select Disable DNS.
Click OK to save and close the TCP/IP properties window
Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.
When the drivers are updated, you will be asked if you want to restart the PC. Make sure your
Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each
Windows PC on your network.
Setting up the Prestige router
The following procedure is for the most typical usage of the Prestige where you have a single-user account
(SUA). The Prestige supports embedded web server that allows you to use Web browser to configure it. Before
configuring the router using Browser please be sure there is no Telnet or Console login.
1. Retrieve Prestige Web
Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the
Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either
use http://192.168.1.1
2. Login first
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
11
The default User Name and password are the default SMT password, 'admin'.
3. Configure Prestige for Internet access by using WIZARD SETUP
The Web screen shown below takes PPPoE as the example.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
12
Setup the Prestige as a DHCP Relay
What is DHCP Relay?
DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602
supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the
LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses
negotiating between the DHCP clients and the server. See figure 1.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
13
Menu 3.2 - TCP/IP and DHCP Setup
DHCP Setup
DHCP= Relay
Client IP Pool Starting Address= N/A
Size of Client IP Pool= N/A
Primary DNS Server= N/A
Secondary DNS Server= N/A
Remote DHCP Server= 192.168.1.2
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= None
Version= N/A
Multicast= None
IP Policies=
Edit IP Alias= No
Setup the Prestige as a DHCP Client
1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server
Address' field.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
14
Press ENTER to Confirm or ESC to Cancel:
Configure an Internal Server Behind SUA
Introduction
If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even
though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the
port number. Also, since you need to specify the IP address of a server in the Prestige, a server must have a
fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on.
In addition to the servers for specific services, SUA supports a default server. A service request that does not
have a server explicitly designated for it is forwarded to the default server. If the default server is not defined,
the service request is simply discarded.
Configuration
To make a server visible to the outside world, specify the port number of the service and the inside address of
the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using
the Prestige's
WAN IP
address which can be obtained from menu 24.1.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
For example (Configuring an internal Web server for outside access) :
Port numbers for some services
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
16
Configure a PPTP server Behind SUA
Introduction
PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within
Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.
In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server
such as the Windows NT Server 4.0 Remote Access Server.
Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized
multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be
encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run
correctly. Windows NT Domain Login level security is preserved even across the Internet.
Window98 PPTP Client / Internet / NT RAS Server Protocol Stack
PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a
connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system.
Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This
second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first
dial-up adapter that provides PPP support for the analog or ISDN modem.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
17
The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by
the Dial-Up Networking 1.2 upgrade.
Configuration
This application note explains how to establish a PPTP connection with a remote private network in the Prestige
SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind
SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the
appropriate private IP address of Windows NT server.
Example
The following example shows how to dial to an ISP via the Prestige and then establish a tunnel to a private
network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT),
PPTP client (Win9x) and the Prestige.
o PPTP server setup (WinNT)
Add the VPN service from Control Panel>Network
Add an user account for PPTP logged on user
Enable RAS port
Select the network protocols from RAS such as IPX, TCP/IP NetBEUI
Set the Internet gateway to Prestige
o PPTP client setup (Win9x)
Add one VPN connection from Dial-Up Networking by entering the correct
username & password and the IP address of the Prestige's Internet IP address for
logging to NT RAS server.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
SUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server.
The Prestige now has Full Feature NAT support to map global IP addresses to local IP addresses of clients or
servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP servers) are allowed on
the LAN for outside access. In previous ZyNOS versions (that supported SUA 'visible' servers had to be of
different types. The Prestige supports NAT sets on a remote node basis. They are reusable, but only one set is
allowed for each remote node. The Prestige 2602HWNLI supports 8 sets since there are 8 remote node. The
default SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping
set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions.
SMT Menus
1. Applying NAT in the SMT Menus
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
23
Menu 4 - Internet Access Setup
ISP's Name= MyISP
Encapsulation= PPPoE
Multiplexing= LLC-based
VPI #= 0
VCI #= 33
ATM QoS Type= UBR
Peak Cell Rate (PCR)= 0
Sustain Cell Rate (SCR)= 0
Maximum Burst Size (MBS)= 0
My Login= cso@zyxel
My Password= ********
Idle Timeout (sec)= 0
IP Address Assignment= Dynamic
IP Address= N/A
Network Address Translation= Full Feature
Address Mapping Set= 1
Press ENTER to Confirm or ESC to Cancel:
Field
Options
Description
Network Address Translation
Full Feature
When you select this option the SMT will use Address
Mapping Set 1 (Menu 15.1-see later for further
discussion).
None
NAT is disabled when you select this option.
SUA Only
When you select this option the SMT will use Address
Mapping Set 255 (Menu 15.1-see later for further
discussion). This option use basically Many-to-One
You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet
access in menu 4. Enter 4 from the Main Menu to go to Menu 4-Internet Access Setup.
The following table describes the options for Network Address Translation.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
24
Overload mapping. Select Full Feature when you
require other mapping types. It is a convenient,
pre-configured, read only, Many-to-One mapping set,
sufficient for most purposes and helpful to people
already familiar with SUA in previous ZyNOS
versions. Note that there is also a Server type whose
IGA is 0.0.0.0 in this set.
Menu 15 - NAT Setup
1. Address Mapping Sets
2. NAT Server Sets
Table: Applying NAT in Menu 4 and Menu 11.3
2. Configuring NAT
To configure NAT, enter 15 from the Main Menu to bring up the following screen.
3. Address Mapping Sets and NAT Server Sets
Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresses
to LAN clients. Each remote node must specify which NAT Address Mapping Set to use. The P2602HWNLI
has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Set. You can see nine NAT
Address Mapping sets in Menu 15.1. You can only configure from Set 1 to Set 8. Set 255 is used for SUA.
When you select Full Feature in menu 4 or 11.3. When you select SUA Only, the SMT will use Set 15.2.
The NAT Server Set is a list of LAN side servers mapped to external ports. To use this set (one set for the
Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets for
further information on these menus.
Enter 1 to bring up Menu 15.1-Address Mapping Sets
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
25
Menu 15.1 - Address Mapping Sets
1.
2.
3.
4.
5.
6.
7.
8.
255. SUA (read only)
Enter Set Number to Edit:
Menu 15.1.1 - Address Mapping Rules
Set Name= SUA
Idx Local Start IP Local End IP Global Start IP Global End IP Type
The following table explains the fields in this screen. Please note that the fields in this menu are read-only.
Please note that the fields in this menu are read-only. However, the settings of the server set 1 can be modified
in menu 15.1.1.
Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
27
9.
10.
Action= Edit , Select Rule= 0
Press ENTER to Confirm or ESC to Cancel:
Field
Description
Option
Set Name
Enter a name for this set of rules. This is a required field. Please note
that if this field is left blank, the entire set will be deleted.
Rule1
Action
They are 4 actions. The default is Edit. Edit means you want to edit a
selected rule (see following field). Insert Before means to insert a new
rule before the rule selected. The rule after the selected rule will then be
moved down by one rule. Delete means to delete the selected rule and
then all the rules after the selected one will be advanced one rule. Save Set means to save the whole set (note when you choose this action the
Select Rule item will be disabled).
Edit
Insert Before
Delete
Save Set
Select Rule
When you choose Edit, Insert Before or Save Set in the previous field
the cursor jumps to this field to allow you to select the rule to apply the
action in question.
1
Menu 15.1.1.1 - - Rule 1
Type: One-to-One
We will just look at the differences from the previous menu. Note that, this screen is not read only, so we have
extra Action and Select Rule fields. Not also that the [?] in the Set Name field means that this is a required field
and you must enter a name for the set. The description of the other fields is as described above. The Type,
Local and Global Start/End IPs are configured in Menu 15.1.1 (described later) and the values are displayed
here.
Note: Save Set in the Action field means to save the whole set. You must do this if you make any changes to
the set-including deleting a rule. No changes to the set take place until this action is taken. Be careful when
ordering your rules as each rule is executed in turn beginning from the first rule.
Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu
15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and
Global Start/End IPs displayed in Menu 15.1.1.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
28
Local IP:
Start= 0.0.0.0
End = N/A
Global IP:
Start= 0.0.0.0
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Field
Description
Option/Example
Type
Press [SPACEBAR] to toggle through a total of 5 types. These
are the mapping types discussed above plus a server type. Some
examples follow to clarify these a little more.
One-to-One
Many-to-One
Many-to-Many Overload
Many-to-Many No
Overload
Server
Local
IP
Start
This is the starting local IP address (ILA)
0.0.0.0
End
This is the ending local IP address (ILA). If the rule is for all
local IPs, then put the Start IP as 0.0.0.0 and the End IP as
255.255.255.255. This field is N/A for One-to-One type.
255.255.255.255
Global
IP
Start
This is the starting global IP address (IGA). If you have a
dynamic IP, enter 0.0.0.0 as the Global Start IP.
0.0.0.0
End
This is the ending global IP address (IGA). This field is N/A for
One-to-One, Many-to-One and Server types.
200.1.1.64
The following table describes the fields in this screen.
Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot
have an End IP address beginning before the Start IP address.
NAT Server Sets
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige supports multiple type of NAT mapping rules
SUA
One to One
Many to One
Many to Many overload
Many One to One
Server
The following table summarizes these types.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
41
...
Server
(SUA)
Server 1 IP<--->IGA1
Server 2 IP<--->IGA1
About Filter & Filter Examples
How does ZyXEL filter work?
Filter Structure
The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter
rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.
With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The
following diagram illustrates the logic flow when executing a filter rule.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
42
Filter Types and SUA
Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the
device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the
protocol category; they act on the IP and IPX packets.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
43
In order to allow users to specify the local network IP address and port number in the filter rules with SUA
connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the
SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point
when the Prestige is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has
to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet
from LAN to WAN is:
LAN device and protocol input filter sets.
WAN protocol call and output filter sets.
If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and
port number from 1023 to 4034.
WAN device output and call filter sets.
The sequence of the logic flow for the packet from WAN to LAN is:
WAN device input filter sets.
If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port
number from 4034 to 1023.
WAN protocol input filter sets.
LAN device and protocol output filter sets.
Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the
mixing of different category rules within any filter set in Menu 21. In the following example, you will receive
an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or
IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
44
Menu 21.1.1 - Generic Filter Rule
Filter #: 1,1
Filter Type= Generic Filter Rule
Active= Yes
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 0 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
same error if you try to activate a Generic filter rule in a filter set that has already had one or more active
TCP/IP (or IPX) filter rules.
Menu 21.1.1:
Menu 21.1.2:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
45
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Saving to ROM. Please wait...
Protocol and device rule cannot be active together
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Menu 11.1 - Remote Node Profile
Rem Node Name= LAN Route= IP
Active= Yes Bridge= No
Encapsulation= PPP Edit PPP Options= No
Incoming: Rem IP Addr= ?
Rem Login= test Edit IP/IPX/Bridge= No
Rem Password= ********
To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been
added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown
below.
Menu 3.1:
Menu 11.1:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
46
Outgoing: Session Options:
My Login= testt Edit Filter Sets= Yes
My Password= *****
Authen= CHAP/PAP
Press ENTER to Confirm or ESC to Cancel:
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Menu 11.5:
Prestige 2602HWNLI-D7A Support Notes
SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in
Menu 3.1, 11.5, or entering a device filter set to the protocol filters field. Even though SMT will prevent the
inconsistency from being entered in ZyNOS, it is unable to resolve the intermixing problems existing in the
filter sets that were configured before. Instead, when ZyNOS translates the old configuration into the new
format, it will verify the filter rules and log the inconsistencies. Please check the system log (Menu 24.3.1)
before putting your device into use.
In order to avoid operational problems later, the Prestige will disable its routing/bridging functions if there is an
inconsistency among its filter rules.
filter for blocking the web service
Configuration
Before configuring a filter, you need to know the following information:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
47
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
------ ----------------- ------ -----------------
1 Web Request 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Filter Set Number to Configure= 1
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
1. The outbound packet type (protocol & port number)
2. The source IP address
Generally, the outbound packets for Web service could be as following:
a. HTTP packet, TCP (06) protocol with port number 80
b. DNS packet, TCP (06) protocol with port number 53 or
c. DNS packet, UDP (17) protocol with port number 53
For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP
Address for the workstation you want to block. See the procedure for configuring this filter below.
o Create a filter set in Menu 21, e.g., set 1
o Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3
Rule 1- block the HTTP packet, TCP (06) protocol with port number 80
Rule 2- block the DNS packet, TCP (06) protocol with port number 53
Rule 3- block the DNS packet, UDP (17) protocol with port number 53
o Apply the filter set in menu 4
1. Create a filter set in Menu 21
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
48
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 80
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
2. Rule one for (a). http packet, TCP(06)/Port number 80
3.Rule 2 for (b).DNS request, TCP(06)/Port number 53
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
49
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
4. Rule 3 for (c). DNS packet UDP(17)/Port number 53
5. After the three rules are completed, you will see the rule summary in Menu 21.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
From the above first trace, we know a client is trying to ping request the Prestige router. And from the second
trace, we know the Prestige router will send a reply to the client accordingly. The following sample filter will
utilize the 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63].
1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet
2. We are now ready to configure the 'Generic Filter Rule' as below.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
54
Menu 21.1.1 - Generic Filter Rule
Filter #: 1,1
Filter Type= Generic Filter Rule
Active= Yes
Offset= 6
Length= 6
Mask= ffffffffffff
Value= 0080c84cea63
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Key Settings:
Generic Filter Ruls
Set the 'Filter Type' to 'Generic Filter Rule'
Active
Turn 'Active' to 'Yes'
Offset (in bytes)
Set to '6' since the source MAC address starts at 7th octets we need to skip the first octets of the
destination MAC address.
Length (in bytes)
Set to '6' since MAC address has 6 octets.
Mask (in hexadecimal)
Specify the value that the Prestige will logically qualify (logical AND) the data in the packet.
Since the Length is set to 6 octets the Mask for it should be 12 hexadecimal numbers. In this case,
we intent to set to 'ffffffffffff' to mask the incoming source MAC address, [00 80 c8 4c ea 63].
Value (in hexadecimal)
Specify the MAC address [00 80 c8 4c ea 63] that the Prestige should use to compare with the
masked packet. If the result from the masked packet matches the 'Value', then the packet is
considered matched.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
55
Menu 21.1.2 - Generic Filter Rule
Filter #: 1,2
Filter Type= Generic Filter Rule
Active= Yes
Offset= 6
Length= 6
Mask= ffffffffffff
Value= 0080c810234a
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=
device filters= 1
Output Filter Sets:
protocol filters=
device filters=
Action Matched=
Enter the action you want if the masked packet matches the 'Value'. In this case, we will drop it.
Action Not Matched=
Enter the action you want if the masked packet does not match the 'Value'. In this case, we will
forward it. If you want to configure more rules please select 'Check Next Rule' to start configuring
the next new rule. However, please note that the 'Filter Type' must be also 'Generic Filter Rule' but
not others. Because the Generic and TCPIP (IPX) filter rules must be in different filter sets.
You can now apply it to the 'General Ethernet Setup' in Menu 3.1. Please note that the 'Generic Filter' can only
be applied to the 'Device Filter' but not the 'Protocol Filter' that is used for configuring the TCPIP and IPX
filters.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
56
Menu 21 - Filter Set Configuration
Filter Filter
A filter for blocking the NetBIOS packets
Introduction
The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the
NetBIOS connection to a outside host is blocked by Prestige router as factory defaults. Users can remove the
filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS services. The details of the filter
settings are described as follows.
Configuration
The packets need to be blocked are as follows. Please configure two filter sets with 4 and 2 rules respectively
based on the following packets in SMT menu 21.
Filter Set 1:
o Rule 1-Destination port number 137 with protocol number 6 (TCP)
o Rule 2-Destination port number 137 with protocol number 17 (UDP)
o Rule 3-Destination port number 138 with protocol number 6 (TCP)
o Rule 4-Destination port number 138 with protocol number 17 (UDP)
o Rule 5-Destination port number 139 with protocol number 6 (TCP)
o Rule 6-Destination port number 139 with protocol number 17 (UDP)
Filter Set 2:
o Rule 1-Source port number 137, Destination port number 53 with protocol number 6
(TCP)
o Rule 2-Source port number 137, Destination port number 53 with protocol number 17
(UDP)
Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
57
Set # Comments Set # Comments
------ ----------------- ------ -----------------
1 NetBIOS_WAN 7 _______________
2 NetBIOS_LAN 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Filter Set Number to Configure= 1
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Configure the first filter set 'NetBIOS_WAN' by selecting the Filter Set number 1.
Rule 1-Destination port number 137 with protocol number 6 (TCP)
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
58
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.3 - TCP/IP Filter Rule
Filter #: 1,3
Filter Type= TCP/IP Filter Rule
Active= Yes
Rule 2-Destination port number 137 with protocol number 17 (UDP)
Rule 3-Destination port number 138 with protocol number 6 (TCP)
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
59
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 138
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.4 - TCP/IP Filter Rule
Filter #: 1,4
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 138
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Rule 4-Destination port number 138 with protocol number 17 (UDP)
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
60
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.5 - TCP/IP Filter Rule
Filter #: 1,5
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 139
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
Menu 21.1.6 - TCP/IP Filter Rule
Filter #: 1,6
Rule 5-Destination port number 139 with protocol number 6 (TCP)
Rule 6-Destination port number 139 with protocol number 17 (UDP)
All contents copyright (c) 2007 ZyXEL Communications Corporation.
1 Y IP Pr=6, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D N
2 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
1. After the first filter set is finished, you will get the complete rules summary as below.
1. Apply the filter set 'NetBIOS_LAN' in the 'Input protocol filters=' in the Menu 3 for blocking
the packets from LAN
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
64
protocol filters= 2
device filters=
Output Filter Sets:
protocol filters=
device filters=
Using the Dynamic DNS (DDNS)
1. What is DDNS?
The DDNS service, an IP Registry provides a public central database where information such as email
addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an
IP associated with dynamic IPs.
Without DDNS, we always tell the users to use the WAN IP of the Prestige to access the internal server. It is
inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name
(e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always
access the web server using the www.zyxel.com.tw regardless of the WAN IP of the Prestige.
When the ISP assigns the Prestige a new IP, the Prestige must inform the DDNS server the change of this IP so
that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the
DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.
The DDNS server stores password-protected email addresses with IPs and hostnames and accepts queries based
on email addresses. So, there must be an email entry in the Prestige menu 1.
The DDNS servers the Prestige supports currently is WWW.DYNDNS.ORG where you apply the DNS from
and update the WAN IP to.
Setup the DDNS
Before configuring the DDNS settings in the Prestige, you must register an account from the
DDNS server such as WWW.DYNDNS.ORG first. After the registration, you have a hostname for
your internal server and a password using to update the IP to the DDNS server.
Toggle 'Configure Dynamic DNS' option to 'Yes' and press ENTER for configuring the settings
of the DDNS in menu 1.1.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
65
Menu 1 - General Setup
System Name= Prestige
Location=
Contact Person's Name=
Domain Name=
Edit Dynamic DNS= Yes
Route IP= Yes
Bridge= No
Menu 1.1 - Configure Dynamic DNS
Service Provider= WWW.DynDNS.ORG
Active= Yes
Host=[the local server's host name]
EMAIL=
USER=
Password= ********
Enable Wildcard= No
Option
Description
Service Provider
Enter the DDNS server in this field. Currently, we support
WWW.DYNDNS.ORG.
Active
Toggle to 'Yes'.
Host
Enter the hostname you subscribe from the above DDNS server. For example,
zyxel.com.tw.
EMAIL
Enter the email address you give to the DDNS server.
User
Enter the user name that
Key Settings for using DDNS function:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
66
Password
Enter the password that the DDNS server gives to you.
Enable Wildcard
Enter the hostname for the wildcard function that the WWW.DYNDNS.ORG
supports. Note that Wildcard option is available only when the provider is
WWW.DYNDNS.ORG.
Network Management Using SNMP
1. SNMP Overview
The
Simple Network Management Protocol
(SNMP) is an applications-layer protocol used to exchange the
management information between network devices (e.g., routers). By using SNMP, network administrators can
more easily manage network performance, find and solve network problems. The SNMP is a member of the
TCP/IP protocol suite, it uses the UDP to exchange messages between a management Client and an Agent,
residing in a network node.
There are two versions of SNMP: Version 1 and Version 2. ZyXEL supports SNMPv1. Most of the changes
introduced in Version 2 increase SNMP's security capabilities. SNMP encompasses three main areas:
1. A small set of management operations.
2. Definitions of management variables.
3. Data representation.
The operations allowed are: Get, GetNext, Set, and Trap. These functions operates on variables that exist in
network nodes. Examples of variables include statistic counters, node port status, and so on. All of the SNMP
management functions are carried out through these simple operations. No action operations are available, but
these can be simulated by the setting of flag variables. For example, to reset a node, a counter variable named
'time to reset' could be set to a value, causing the node to reset after the time had elapsed.
SNMP variables are defined using the OSI Abstract Syntax Notation One (ASN.1). ASN.1 specifies how a
variable is encoded in a transmitted data frame; it is very powerful because the encoded data is self-defining.
For example, the encoding of a text string includes an indication that the data unit is a string, along with its
length and value. ASN.1 is a flexible way of defining protocols, especially for network management protocols
where nodes may support different sets of manageable variables.
The net of variables that each node supports is called the
Management Information Base
made up of several parts, including the Standard MIB, specified as part of SNMP, and Enterprise Specific MIB,
which are defined by different manufacturer for hardware specific management.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
(MIB). The MIB is
Prestige 2602HWNLI-D7A Support Notes
67
The current Internet-standard MIB, MIB-II, is defined in RFC 1213 and contains 171 objects. These objects are
grouped by protocol (including TCP, IP, UDP, SNMP, and other categories, including 'system' and 'interface.'
The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices
can be any of four different types of commands:
6. Reads
Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices.
7. Writes
Write is used to control the managed devices, NMSs write variables that are stored in the managed
devices.
8. Traversal operations
NMSs use these operations to determine which variables a managed device supports and to sequentially
gather information from variable tables (such as IP routing table) in managed devices.
9. Traps
The managed devices to asynchronously report certain events to NMSs use trap.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
68
2. SNMPv1 Operations
SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below.
Get
Allows the NMS to retrieve an object variable from the agent.
GetNext
Allows the NMS to retrieve the next object variable from a table or list within an agent. In
SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get
operation, followed by a series of GetNext operations.
Set
Allows the NMS to set values for object variables within an agent.
Trap
Used by the agent to inform the NMS of some events.
The SNMPv1 messages contains two part. The first part contains a version and a community name. The second
part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
69
so on) and the object values involved in the operation. The following figure shows the SNMPv1 message
format.
The SNMP PDU contains the following fields:
PDU type Specifies the type of PDU.
Request ID Associates requests with responses.
Error status Indicates an error and an error type.
Error index Associates the error with a particular object variable.
Variable-bindings Associates particular object with their value.
3. ZyXEL SNMP Implementation
ZyXEL currently includes SNMP support in some Prestige routers. It is implemented based on the SNMPv1, so
it will be able to communicate with SNMPv1 NMSs. For SNMPv1 operation, ZyXEL permits one community
string so that the router can belong to only one community and allows trap messages to be sent to only one
NMS manager.
Some traps are sent to the SNMP manager when anyone of the following events happens:
coldStart (defined in RFC-1215) :
If the machine coldstarts, the trap will be sent after booting.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
70
warmStart (defined in RFC-1215) :
If the machine warmstarts, the trap will be sent after booting.
linkDown (defined in RFC-1215) :
If any link of IDSL or WAN is down, the trap will be sent with the port number . The port number is its
interface index under the interface group.
linkUp (defined in RFC-1215) :
If any link of IDSL or WAN is up, the trap will be sent with the port number . The port number is its
interface index under the interface group.
authenticationFailure (defined in RFC-1215) :
When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager.
1. whyReboot (defined in ZYXEL-MIB) :
When the system is going to restart (warmstart), the trap will be sent with the reason of restart before rebooting.
(i) For intentional reboot :
In some cases (download new files, CI command "sys reboot", ...), reboot is done intentionally. And traps with
the message "System reboot by user !" will be sent.
(ii) For fatal error :
System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
71
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Host= 192.168.1.33
4. Configure the Prestige for SNMP
The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps
describe a simple setup procedure for configuring all SNMP settings.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
72
Trap:
Community= public
Destination= 192.168.1.33
Press ENTER to Confirm or ESC to Cancel:
Option
Descriptions
Get Community
Enter the correct Get Community. This Get Community must match the 'Get-' and
'GetNext' community requested from the NMS. The default is 'public'.
Set Community
Enter the correct Set Community. This Set Community must match the
'Set-community requested from the NMS. The default is 'public'.
Trusted Host
Enter the IP address of the NMS. The Prestige will only respond to SNMP messages
coming from this IP address. If 0.0.0.0 is entered, the Prestige will respond to all
NMS managers.
Trap
Community
Enter the community name in each sent trap to the NMS. This Trap Community must
match what the NMS is expecting. The default is 'public'.
Trap Destination
Enter the IP address of the NMS that you wish to send the traps to. If 0.0.0.0 is entered, the Prestige will not send trap any NMS manager.
Menu 24.3.2 - System Maintenance - UNIX Syslog and Accounting
UNIX Syslog:
Active= Yes
Syslog IP Address= 192.168.1.33
Log Facility= Local 1
Key Settings:
Using syslog
4. Prestige Setup
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
73
Configuration:
1. Active, use the space bar to turn on the syslog option.
2. Syslog IP Address, enter the IP address of the UNIX server that you wish to send the syslog.
3. Log Facility, use the space bar to toggle between the 7 different local options.
UNIX Setup
1. Make sure that your syslogd starts with -r argument.
-r
, this option will enable the facility to receive message from the network using an Internet domain socket with
the syslog services. The default setting is not enabled.
2. Edit the file /etc/syslog.conf by adding the following line at the end of the /etc/syslog.conf file.
local1.* /var/log/zyxel.log
Where /var/log/zyxel.log is the full path of the log file.
Dest FF Len Interface Gateway Metric stat Timer Use
192.168.3.0 00 24 enif0:1 192.168.3.1 1 041b 0 0
192.168.2.0 00 24 enif0:0 192.168.2.1 1 041b 0 0
192.168.1.0 00 24 enif0 192.168.1.1 1 041b 0 0
ras>
Using IP Alias
What is IP Alias ?
In a typical environment, a LAN router is required to connect two local networks. The Prestige can connect
three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal
router is not required. For example, the network manager can divide the local network into three networks and
connect them to the Internet using Prestige's single user account. See the figure below.
The Prestige supports three virtual LAN interfaces via its single physical Ethernet interface. The first network
can be configured in menu 3.2 as usual. The second and third networks that we call 'IP Alias 1' and 'IP Alias 2'
can be configured in menu 3.2.1-IP Alias Setup.
There are three internal virtual LAN interfaces for the Prestige to route the packets from/to the three networks
correctly. They are enif0 for the major network, enif0:0 for the IP alias 1 and enif0:1 for the IP alias 2.
Therefore, three routes are created in the Prestige as shown below when the three networks are configured. If
the Prestige's DHCP is also enabled, the IP pool for the clients can be any of the three networks.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
77
Menu 3.2 - TCP/IP and DHCP Setup
DHCP Setup
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 32
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= None
Version= N/A
Multicast= None
IP Policies=
Edit IP Alias= Yes
Press ENTER to Confirm or ESC to Cancel:
DHCP Setup
If the Prestige's DHCP server is enabled, the IP pool for the clients can be any of the
three networks.
TCP/IP Setup
Enter the first LAN IP address for the Prestige. This will create the first route in the
enif0 interface.
Two new protocol filter interfaces in menu 3.2.1 allow you to accept or deny LAN packets from/to the IP alias
1 and IP alias 2 go through the Prestige. The filter set in menu 3.1 is used for main network configured in menu
3.2.
IP Alias Setup
1. Edit the first network in menu 3.2 by configuring the Prestige's first LAN IP address.
Key Settings:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
78
Edit IP Alias
Toggle to 'Yes' to enter menu 3.2.1 for setting up the second and third networks.
Menu 3.2.1 - IP Alias Setup
IP Alias 1= Yes
IP Address= 192.168.2.1
IP Subnet Mask= 255.255.255.0
RIP Direction= None
Version= RIP-1
Incoming protocol filters=
Outgoing protocol filters=
IP Alias 2= Yes
IP Address= 192.168.3.1
IP Subnet Mask= 255.255.255.0
RIP Direction= None
Version= RIP-1
Incoming protocol filters=
Outgoing protocol filters=
Enter here to CONFIRM or ESC to CANCEL:
IP Alias 1
Toggle to 'Yes' and enter the second LAN IP address for the Prestige. This will create the
second route in the enif0:0 interface.
IP Alias 2
Toggle to 'Yes' and enter the third LAN IP address for the Prestige. This will create the
third route in the enif0:1 interface.
2. Edit the second and third networks in menu 3.2.1 by configuring the Prestige's second and third LAN IP
addresses.
Key Settings:
Using Call Scheduling
1. What is Call Scheduling ?
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
79
Prestige 2602HWNLI-61C Main Menu
Getting Started Advanced Management
1. General Setup 21. Filter and Firewall Setup
2. WAN Backup Setup 22. SNMP Configuration
3. LAN Setup 23. System Password
4. Internet Access Setup 24. System Maintenance
25. IP Routing Policy Setup
Advanced Applications 26. Schedule Setup
11. Remote Node Setup
12. Static Routing Setup
15. NAT Setup 99. Exit
Enter Menu Selection Number:
Menu 26 - Schedule Setup
Schedule Schedule
Set # Name Set # Name
------ ----------------- ------ -----------------
1 ZyXEL 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
Call scheduling enables the mechanisim for the Prestige to run the remote node connection according to the
pre-defined schedule.This feature is just like the scheduler ina video recorder which records the program
according to the specified time. Users can apply at most 4 schedule sets in Menu 11 ( Remote Node Setup), and
configure each schedule in Menu 26(Schedule Setup). The remote node configured with the schedule set could
be "Forced On", "Forced Down", "Enable Dial-On-Demand", or "Disable Dial-On-Demand" on specified date
and time.
SMT Menu for Call Scheduling
1. Edit the Schedule sets in menu 26:
2. Select a Schedule Set number and give it a name:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
80
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Schedule Set Number to Configure= 1
Edit Name= ZyXEL
Press ENTER to Confirm or ESC to Cancel:
Menu 26.1 Schedule Set Setup
Active= Yes
Start Date(yyyy-mm-dd)= 2004 - 01 - 01
How Often= Once
Once:
Date(yyyy-mm-dd)= 2004 - 01 - 01
Weekdays:
Sunday= N/A
Monday= N/A
Tuesday= N/A
Wednesday= N/A
Thursday= N/A
Friday= N/A
Saturday= N/A
Start Time(hh:mm)= 12 : 00
Duration(hh:mm)= 16 : 00
Action= Enable Dial-on-demand
Press ENTER to Confirm or ESC to Cancel:
3. The Menu 26.1 Schedule Set Setup is as follows:
Key Settings:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
81
Start Date
Start date of this schedule rule. It can be unmatched with weekday setting. For
example, if Start Date is 2004/10/02(Monday), but Monday setting in weekday can be
No.
How Often
If once is selected, all weekday settings will ne marked as N/A. After the rule is
completely, it will be deleted automatically.
Forced On
The node will always keep up during the setting period. It is equivalent to diable the
idel timeout.
Forced Down
The node will always keep doen during the setting period. The connected remote node
will be dropped.
Enable
Dial-On-Demand
The remote node accepts Dial-on-demand during this period.
Disable
Dial-On-Demand
The remote node denies any demand dial during the period. For the existing connected
nodes, it will be dropped after idle timeout and no triggered up.
Start Time/
Duration
Start Time and Duration of this schedule.
Menu 11.1 - Remote Node Profile
Rem Node Name= MyISP Route= IP
Active= Yes
Encapsulation= PPPoE Edit IP= No
Service Type= Standard Telco Option:
Service Name= Allocated Budget(min)= 0
Outgoing: Period(hr)= 0
My Login= cso@zyxel Schedules= 1,2,3,4
My Password= ******** Nailed-Up Connection= No
Retype to Confirm= ********
Authen= CHAP/PAP
Apply the schedule to the Remote node
Multiple scheduling rules can program in a Remote node, and they have priority. For example, if we program
the sets as 1,2,3,4 in remote node, then the set 1 will override set 2,3,4. set 2 will override 3,4, and so on.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
82
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
Edit Traffic Redirect= No
Press ENTER to Confirm or ESC to Cancel:
Menu 24.10 - System Maintenance - Time and Date Setting
Use Time Server when Bootup= Daytime (RFC-867)
Time Server IP Address= 202.132.154.1
Current Time: 00 : 11 : 38
New Time (hh:mm:ss): 00 : 11 : 36
Current Date: 2004 - 01 - 01
New Date (yyyy-mm-dd): 2004 - 01 - 01
Time Zone= GMT+0800
Daylight Saving= No
Start Date (mm-dd): 01 - 00
End Date (mm-dd): 01 - 00
Time Service in Prestige
There is no RTC (Real-Time Clock) chip so the Prestige should launch a mechanism to get current time and
date from external server in boot time. Time service is implemented by the Daytime protocol(RFC-867), Time
protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then,
the Prestige will get the date, time, and time-zone information from this server.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
83
Press ENTER to Confirm or ESC to Cancel:
Menu 3.2 - TCP/IP and DHCP Setup
DHCP Setup
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 32
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
Using IP Multicast
What is IP Multicast ?
Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to
deliver IP packets to a group of hosts. Host groups are identified by class D IP addresses, i.e., those with
"1110" as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to
239.255.255.255. Among them, 224.0.0.1 is assigned to the permanent IP hosts group, and 224.0.0.2 is
assigned to the multicast routers group.
IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest
version is version 2 (see RFC2236). IP hosts use IGMP to report their multicast group membership to any
immediate-neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be
forwarded. At start up, the Prestige queries all directly connected networks to gather group membership.
After that, the Prestige updates the information by periodic queries. The Prestige implementation of IGMP is
also compatible with version 1. The multicast setting can be turned on or off on Ethernet and remote nodes.
IP Multicast Setup
Enable IGMP in Prestige's LAN in menu 3.2:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
84
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast= IGMP-v2
IP Policies=
Edit IP Alias= No
Press ENTER to Confirm or ESC to Cancel:
Menu 11.3 - Remote Node Network Layer Options
IP Options: Bridge Options:
IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A
Rem IP Addr = 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= N/A
NAT= SUA Only
Address Mapping Set= N/A
Metric= 2
Private= No
RIP Direction= None
Version= RIP-2B
Multicast= IGMP-v2
IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
Multicast
IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2.
Enable IGMP in Prestige's remote node in menu 11.3:
Key Settings:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
85
Menu 2 - Wan Backup Setup
Menu 2 - Wan Backup Setup
Using Prestige traffic redirect
What is Traffic Redirect ?
Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet
through it's normal gateway. Thus make your backup gateway as an auxiliary backup of your WAN
connection. Once Prestige detects it's WAN connectivity is broken, Prestige will try to forward outgoing
traffic to backup gateway that users specify in traffic redirect configuration menu.
How to deploy backup gateway?
You can deploy the backup gateway on LAN of Prestige.
Traffic Redirect on LAN port
Traffic Redirect Setup
Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using
SMT Menu 2 WAN Backup Setup.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
86
Check Mechanism = DSL Link
Check WAN IP Address1 = 0.0.0.0
Check WAN IP Address2 = 0.0.0.0
Check WAN IP Address3 = 0.0.0.0
KeepAlive Fail Tolerance = 5
Recovery Interval(sec) = 60
ICMP Timeout(sec) = 0
Traffic Redirect = Yes
Label
Description
Backup
Type
Select the method that the Prestige uses to check the DSL connection.
Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the
Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.
Check
WAN IP
Address1-3
Configure this field to test your Prestige's WAN accessibility. Type the IP address of a reliable nearby
computer (for example, your ISP's DNS server address).
If you select ICMP in the Backup Type field, you must configure at least one IP address here.
When using a WAN backup connection, the Prestige periodically pings the addresses configured here and
uses the other WAN backup connection (if configured) if there is no response.
Fail
Tolerance
Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the
Check WAN IP Address fields without getting a response before switching to a WAN backup connection (or
a different WAN backup connection).
Recovery
Interval
When the Prestige is using a lower priority connection (usually a WAN backup connection), it periodically
checks to whether or not it can use a higher priority connection.
Type the number of seconds (30 recommended) for the Prestige to wait between checks. Allow more time if
your destination IP address handles lots of traffic.
Timeout
Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the
IP addresses in the Check WAN IP Address fields before timing out the request. The WAN connection is
considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use
a higher value in this field if your network is busy or congested.
Traffic
Key Settings:
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
87
Label
Description
Redirect
Active
Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down.
If you activate traffic redirect, you must configure at least one Check WAN IP Address.
Metric
This field sets this route's priority among the routes the Prestige uses.
The metric represents the "cost of transmission". A router determines the best route for transmission by
choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a
minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number
greater than "15" means the link is down. The smaller the number, the lower the "cost".
Backup
Gateway
Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards
traffic to this IP address if the Prestige's Internet connection terminates.
Back
Click Back to return to the previous screen.
Apply
Click Apply to save the changes.
Cancel
Click Cancel to begin configuring this screen afresh.
Using Universal Plug n Play (UPnP)
1. What is UPnP
UPnP (Universal Plug and Play) makes connecting PCs of all form factors, intelligent appliances, and wireless
devices in the home, office, and everywhere in between easier and even automatic by leveraging TCP/IP and
Web technologies. UPnP can be supported on essentially any operating system and works with essentially any
type of physical networking media – wired or wireless.
UPnP also supports NAT Traversal which can automatically solve many NAT unfriendly problems. By UPnP,
applications assign the dynamic port mappings to Internet gateway and delete the mappings when the
connections are complete.
The key components in UPnP are devices, services, and control points.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
88
Devices: Network devices, such as networking gateways, TV, refrigerators, printers...etc, which
provides services.
Services: Services are provided by devices, such as time services provided by alarm clocks. In
UPnP, services are described in XML format. Control points can set/get services information from
devices.
Control points: Control points can manipulate network devices When you add a new control
point (in this case, a laptop) to a network, the device may ask the network to find UPnP-enabled
devices. These devices respond with their URLs and device descriptions.
UPnP Operations
Addressing: UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4, each device should have DHCP
client, when the device gets connected to the network, it will discover DHCP server on network to get an IP
address. If not, then Auto-IP mechanism should be supported so that the device can give itself an IP
address.(169.254.0.0/16)
Discovery: Whenever a device is added on the network, it will advertise it's a service over the network.
Control point can also discover services provided by devices.
Description: Control points can get more detailed service information from devices' description in XML
format. The description may include product name, model name, serial number, vendor ID, and
embedded services...etc.
Control: Devices can be manipulated by control points through Control message.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
89
Eventing: Devices can send event message to notify control points if there is any update on services
provided.
Presentation: Each device can provide their own control interface by URL link. So that users can go to
the device's presentation web page by the URL to control this device.
2. Using UPnP in ZyXEL devices
In this example, we will introduce how to enable UPnP function in ZyXEL devices. Currently, Microsoft MSN
is the most popular application exploiting UPnP, so we take Microsoft MSN application as an example in this
support note. You can learn how MSN benefit from NAT traversal feature in UPnP in this application note.
In the diagram, suppose PC1 and PC2 both sign in MSN server, and they would like to establish a video
conference. PC1 is behind PPPoE dial-up router which supports UPnP. Since the router supports UPnP, we
don't need to setup NAT mapping for PC1. As long as we enable UPnP function on the router, PC1 will assign
the mapping to the router dynamically. Note that since PC1 must support UPnP, we presume that it's OS is
Microsoft WinME or WinXP.
Device: Prestige Router
Service: NAT function provided by Prestige Router
Control Point: PC1
1. Enable UPnP function in ZyXEL device
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
90
Go to Advanced->UPnP, check two boxes, Active UPnP feature and Allow users to make configuration
changes through UPnP.
The first check box enables UPnP function in this device.
The second check box allows users' application to change configuration in this device. For instance, if you
enable this item, then user's MSN application can assign dynamic port mapping to the router. So that network
administrator don't need to setup SUA port mapping in the router.
2. After getting IP address, you can go to open MSN application on PC and sign in MSN server.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
91
3. Start a Video conversation with one online user.
4. On the opposite side, your partner selects Accept to accept your conversation request.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
92
5. Finally, your video conversation is achieved.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
93
Wireless Application Notes
Infrastructure mode
What is Infrastructure mode?
Infrastructure mode, sometimes referred to as Access Point mode, is an operating mode of an 802.11b/Wi-Fi
client unit. In infrastructure mode, the client unit can associate with an 802.11b/Wi-Fi Access Point and
communicate with other clients in infrastructure mode through that access point.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
94
Menu 3.5- Wireless LAN Setup
ESSID= Wireless
Hide ESSID= No
Channel ID= CH07 2442MHz
RTS Threshold= 2432
Frag. Threshold= 2432
WEP= Disable
Default Key= N/A
Key1= N/A
Key2= N/A
Key3= N/A
Key4= N/A
Configuration Prestige Wireless using SMT.
To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps below.
1. From the SMT main menu, enter 3 to display Menu 3 – LAN Setup.
2. Enter 5 to display Menu 3.5 – Wireless LAN Setup.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
95
Edit MAC Address Filter= No
Press ENTER to Confirm or ESC to Cancel:
3. Configure ESSID, Channel ID, WEP, Default Key and Keys as yo desire.
Configuration Wireless Access Point to Infrastructure mode using Web configurator.
To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps below.
1. From the web configurator main menu, click Network->wireless LAN to display –Wireless LAN.
3. Configure the desired configuation on Prestige wireless VoIP IAD and check the Active wireless LAN check
box.
4. When finish click on apply button to take effect.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
96
Configuration Wireless Station to Infrastructure mode
To configure Infrastructure mode on your ZyAIR B-100/B-200/B-300 wireless NIC card please follow the
following steps.
1. Double click on the utility icon in your windows task bar the utility will pop up on your windows screen.
2. Select configuration tab.
3. Select Infrastructure from the operation mode pull down menu, fill in an SSID or leave it as any if you wish
to connect to any AP than press Apply Change to take effect.
4. Click on Site Survey tab, and press search all the available AP will be listed.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
97
5. Double click on the AP you want to associated with.
All contents copyright (c) 2007 ZyXEL Communications Corporation.
Prestige 2602HWNLI-D7A Support Notes
98
6. After the client have associated with the selected AP. The linked AP's channel, current linkup rate, SSID,
link quality, and signal strength will show on the Link Info page. You now successfully associate with the
selected AP with Infrastructure Mode.
Wireless MAC address filtering
MAC Filter Overview
Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs. ZyXEL's APs
provide the capability for checking MAC address of the station before allowing it to connect to the network.
This provides an additional layer of control layer in that only stations with registered MAC addresses can
connect. This approach requires that the list of MAC addresses be configured.
2. ZyXEL MAC Filter Implementation
ZyXEL's MAC Filter Implementation allows users to define a list to allow or block association from STAs. The
filter set allows users to input 12 entries in the list. If Allow Association is selected, all other STAs which are
not on the list will be denied. Otherwise, if Deny Association is selected, all other STAs which are not on the
list will be allowed for association. Users can choose either way to configure their filter rule.
3. Configure the WLAN MAC Filter
The MAC Filter related settings in ZyXEL APs are configured in menu 3.5.1, WLAN MAC Address Filter
Configuration. Before you configure the MAC filter, you need to know the MAC address of the client first. If
All contents copyright (c) 2007 ZyXEL Communications Corporation.