ZyXEL Communications 2602RL-D3A User Manual

Prestige 2602RL-D3A

Support Notes

Version 3.40

Sep. 2007

Prestige 2602RL-D3A Support Notes

2

INDEX

APPLICATION NOTES .............................................................................................................................................................. 6

GENERAL APPLICATION NOTES .......................................................................................................................................................... 6

INTERNET CONNECTION ................................................................................................................................................................... 6

Setup the Prestige as a DHCP Relay .................................................................................................................................... 10

Configure an Internal Server Behind SUA ........................................................................................................................... 12

Configure a PPTP server Behind SUA .................................................................................................................................. 14

Using NAT / Multi-NAT ........................................................................................................................................................ 18

About Filter & Filter Examples ............................................................................................................................................ 39

Using the Dynamic DNS (DDNS) ......................................................................................................................................... 62

Network Management Using SNMP................................................................................................................................... 64

Using syslog ........................................................................................................................................................................ 70

Using IP Alias ...................................................................................................................................................................... 74

Using Call Scheduling .......................................................................................................................................................... 76

Using IP Multicast ............................................................................................................................................................... 81

Using Prestige traffic redirect ............................................................................................................................................. 83

Using Universal Plug n Play (UPnP) .................................................................................................................................... 85

PSTN LIFELINE APPLICATION NOTES ................................................................................................................................................ 91

Usage of PSTN Lifeline ........................................................................................................................................................ 91

Lifeline configuration .......................................................................................................................................................... 92

Relay to PSTN ..................................................................................................................................................................... 92

How to connect Lifeline and DSL connection ...................................................................................................................... 93

VOIP APPLICATION NOTES ............................................................................................................................................................. 94

Setup SIP Account ............................................................................................................................................................... 94

Phone port settings ............................................................................................................................................................ 97

Advanced voice settings configuration ............................................................................................................................... 99

Phone book Speed dial ..................................................................................................................................................... 102

Voice – Common Settings ................................................................................................................................................. 105

Voice - QoS setup .............................................................................................................................................................. 106

Call Forwarding setup ....................................................................................................................................................... 107

Call Hold setup .................................................................................................................................................................. 110

Call Waiting setup............................................................................................................................................................. 110

Three Way Conference setup ............................................................................................................................................ 112

Call Transfer setup ............................................................................................................................................................ 114

Internal Call ...................................................................................................................................................................... 117

Call Park / Call Pickup ....................................................................................................................................................... 117

Prestige 2602RL-D3A Support Notes

3

Call Return ........................................................................................................................................................................ 120

Distinctive Ringing ............................................................................................................................................................ 121

Do Not Disturb (DND) ....................................................................................................................................................... 122

Hot Line (Auto Dial) .......................................................................................................................................................... 123

Music on hold ................................................................................................................................................................... 124

MWI .................................................................................................................................................................................. 125

Early Media ....................................................................................................................................................................... 126

Country Code .................................................................................................................................................................... 127

FAQ.....................................................................................................................................................................................128

ZYNOS FAQ ............................................................................................................................................................................. 128

What is ZyNOS? ................................................................................................................................................................ 128

How do I access the embedded web configurator? .......................................................................................................... 128

What is the default LAN IP address and Password? Moreover, how do I change it? ....................................................... 128

How do I upload the ZyNOS firmware code via embeded web configurator? .................................................................. 128

How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN? .................................................. 129

How do I upload or backup ROMFILE via web configurator? ........................................................................................... 129

How do I backup/restore configurations by using FTP client program via LAN? .............................................................. 130

Why can't I make Telnet to Prestige from WAN? ............................................................................................................. 130

What should I do if I forget the system password? .......................................................................................................... 130

What is SUA? When should I use SUA? ............................................................................................................................ 130

What is the difference between NAT and SUA? ............................................................................................................... 131

How many network users can the SUA/NAT support? ..................................................................................................... 131

What are Device filters and Protocol filters? .................................................................................................................... 131

Why can't I configure device filters or protocol filters? .................................................................................................... 131

PRODUCT FAQ .......................................................................................................................................................................... 132

What is the Prestige Integrated Access Device? ............................................................................................................... 132

Will the Prestige work with my Internet connection? ...................................................................................................... 132

What do I need to use the Prestige? ................................................................................................................................. 132

What is PPPoE? ................................................................................................................................................................. 132

Does the Prestige support PPPoE? .................................................................................................................................... 133

How do I know I am using PPPoE? .................................................................................................................................... 133

Why does my provider use PPPoE? ................................................................................................................................... 133

Which Internet Applications can I use with the Prestige? ................................................................................................. 133

How can I configure the Prestige? .................................................................................................................................... 133

What network interface does the Prestige support? ........................................................................................................ 133

What can we do with Prestige? ........................................................................................................................................ 133

Prestige 2602RL-D3A Support Notes

4

Does Prestige support dynamic IP addressing? ................................................................................................................ 134

What is the difference between the internal IP and the real IP from my ISP? .................................................................. 134

How does e-mail work through the Prestige? .................................................................................................................. 134

Is it possible to access a server running behind SUA from the outside Internet? If possible, how? .................................. 134

What DHCP capability does the Prestige support? ........................................................................................................... 134

How do I used the reset button, more over what field of parameter will be reset by reset button? ................................ 135

What network interface does the new Prestige series support? ...................................................................................... 135

How does the Prestige support TFTP? .............................................................................................................................. 135

Can the Prestige support TFTP over WAN? ....................................................................................................................... 135

How fast can the data go? ................................................................................................................................................ 135

What is Multi-NAT? .......................................................................................................................................................... 136

When do I need Multi-NAT? .............................................................................................................................................. 136

What IP/Port mapping does Multi-NAT support? ............................................................................................................. 137

What is the difference between SUA and Multi-NAT? ...................................................................................................... 138

What is BOOTP/DHCP? ..................................................................................................................................................... 138

What is DDNS? ................................................................................................................................................................. 139

When do I need DDNS service? ......................................................................................................................................... 139

What DDNS servers does the Prestige support? ............................................................................................................... 139

What is DDNS wildcard? ................................................................................................................................................... 139

Does the Prestige support DDNS wildcard? ...................................................................................................................... 139

Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige? .................................................. 140

How do I setup my Prestige for routing IPsec packets over SUA? ..................................................................................... 140

PSTN LIFELINE FAQ ................................................................................................................................................................... 140

What is P2602 and what is the difference between P2602R and P2602RL? .................................................................... 140

What does Lifeline mean? ................................................................................................................................................ 140

Do I need Lifeline? ............................................................................................................................................................ 140

Can I connect more than one phone on the phone port? ................................................................................................. 141

Can I receive incoming PSTN call through P2602RL-

Can I make an outgoing PSTN call through P2602RL –

VOIP FAQ ................................................................................................................................................................................ 141

What is Voice over IP? ...................................................................................................................................................... 141

D3A

? ................................................................................................ 141

D3A

? ............................................................................................ 141

How does Voice over IP work? .......................................................................................................................................... 141

Why use VoIP? .................................................................................................................................................................. 141

What is the relationship between codec and VoIP? ......................................................................................................... 142

What advantage does Voice over IP can provide? ........................................................................................................... 142

What is the difference between H.323 and SIP? .............................................................................................................. 142

Can H.323 and SIP interoperate with one another? ......................................................................................................... 142

Prestige 2602RL-D3A Support Notes

5

What is voice quality? ...................................................................................................................................................... 142

How are voice quality normally rated?............................................................................................................................. 142

What is codec? ................................................................................................................................................................. 143

What is the relation of codec and VoIP? .......................................................................................................................... 143

What codec does Prestige support? ................................................................................................................................. 143

Which codec should I choose? .......................................................................................................................................... 143

What do I need in order to use SIP? ................................................................................................................................. 143

Unable to register with the SIP server? ............................................................................................................................ 144

I can register but can not establish a call? ....................................................................................................................... 144

I can make a call but the voice only goes one way not bothway? .................................................................................... 144

I can receive a call but the voice only goes one way not bothway? ................................................................................. 144

If all the about have been tried, but register still fail what should I do? .......................................................................... 145

I suspect there is a hardware problem with my Prestige what should I do? .................................................................... 145

FIREWALL FAQ .......................................................................................................................................................................... 145

What is a network firewall? ............................................................................................................................................. 145

What makes Prestige firewall secure? ............................................................................................................................. 145

What are the basic types of firewalls? ............................................................................................................................. 146

What kind of firewall is the Prestige? ............................................................................................................................... 146

Why do you need a firewall when your router has packet filtering and NAT built-in? ..................................................... 147

What is Denials of Service (DoS)attack? ........................................................................................................................... 147

What is Ping of Death attack? .......................................................................................................................................... 147

What is Teardrop attack? ................................................................................................................................................. 147

What is SYN Flood attack? ................................................................................................................................................ 147

What is LAND attack? ....................................................................................................................................................... 148

What is Brute-force attack? ............................................................................................................................................. 148

What is IP Spoofing attack?.............................................................................................................................................. 148

What are the default ACL firewall rules in Prestige? ........................................................................................................ 148

How can I protect against IP spoofing attacks? ............................................................................................................... 149

CONTENT FILTER FAQ ................................................................................................................................................................. 150

TROUBLE SHOOTING...........................................................................................................................................................150

USING EMBEDDED PACKET TRACE ................................................................................................................................................. 150

DEBUG PPPOE CONNECTION ....................................................................................................................................................... 165

CLI COMMAND LIST ............................................................................................................................................................ 176

Prestige 2602RL-D3A Support Notes

6

Application Notes

General Application Notes

Internet Connection

A typical Internet access application of the Prestige is shown below. For a small office, there are some

components needs to be checked before accessing the Internet.

 Before you begin  Setting up the Windows  Setting up the Prestige router  Troubleshooting

 Before you begin

The Prestige is shipped with the following factory default:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)

2. DHCP server enabled with IP pool starting from 192.168.1.33

3. Default SMT menu password = 1234

 Setting up the PC (Windows OS)

1. Ethernet connection

Prestige 2602RL-D3A Support Notes

7

All PCs must have an Ethernet adapter card installed.

 If you only have one PC, connect the PC's Ethernet adapter to the Prestige's LAN port with a

crossover (red one) Ethernet cable.

 If you have more than one PC, both the PC's Ethernet adapters and the Prestige's LAN port must

be connected to an external hub with straight Ethernet cable.

2. TCP/IP Installation

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already

installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

 In the Control Panel/Network window, click Add button.  In the Select Network Component Type windows, select Protocol and click Add.  In the Select Network Protocol windows, select Microsoft from the manufacturers, then select

TCP/IP from the Network Protocols and click OK.

3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

 In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties

button.

 In the TCP/IP Properties window, select obtain an IP address automatically.

Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access

the Internet.

 Click the WINS configuration tab and select Disable WINS Resolution.  Click the Gateway tab. Highlight any installed gateways and click the Remove button until there

are none listed.

 Click the DNS Configuration tab and select Disable DNS.  Click OK to save and close the TCP/IP properties window  Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.

When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network.

 Setting up the Prestige router

Prestige 2602RL-D3A Support Notes

8

The following procedure is for the most typical usage of the Prestige where you have a single-user account

(SUA). The Prestige supports embedded web server that allows you to use Web browser to configure it. Before

configuring the router using Browser please be sure there is no Telnet or Console login.

1. Retrieve Prestige Web

Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the

Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either

use http://192.168.1.1

2. Login first

The default password is the default SMT password, '1234'.

3. Configure Prestige for Internet access by using WIZARD SETUP

Prestige 2602RL-D3A Support Notes

9

The Web screen shown below takes PPPoE as the example.

Prestige 2602RL-D3A Support Notes

10

Setup the Prestige as a DHCP Relay

 What is DHCP Relay?

DHCP stands for Dynamic Host Configuration Protocol. In addition to the DHCP server feature, the P2602

supports the DHCP relay function. When it is configured as DHCP server, it assigns the IP addresses to the

Prestige 2602RL-D3A Support Notes

11

Menu 3.2 - TCP/IP and DHCP Setup

DHCP Setup

DHCP= Relay

Client IP Pool Starting Address= N/A

Size of Client IP Pool= N/A

Primary DNS Server= N/A

Secondary DNS Server= N/A

Remote DHCP Server= 192.168.1.2

TCP/IP Setup:

IP Address= 192.168.1.1

IP Subnet Mask= 255.255.255.0

RIP Direction= None

Version= N/A

Multicast= None

IP Policies=

LAN clients. When it is configured as DHCP relay, it is reponsable for forwarding the requests and responses

negotiating between the DHCP clients and the server. See figure 1.

 Setup the Prestige as a DHCP Client

1. Toggle the DHCP to Relay in menu 3.2 and enter the IP address of the DHCP server in the 'Relay Server

Address' field.

Prestige 2602RL-D3A Support Notes

12

Edit IP Alias= No

Press ENTER to Confirm or ESC to Cancel:

Configure an Internal Server Behind SUA

 Introduction

If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even

though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the

port number. Also, since you need to specify the IP address of a server in the Prestige, a server must have a

fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on.

In addition to the servers for specific services, SUA supports a default server. A service request that does not

have a server explicitly designated for it is forwarded to the default server. If the default server is not defined,

the service request is simply discarded.

 Configuration

Prestige 2602RL-D3A Support Notes

13

Menu 15.2 - NAT Server Setup

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 80 80 192.168.1.10

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

Service

Port Number

FTP

21

Telnet

23

SMTP

25

To make a server visible to the outside world, specify the port number of the service and the inside address of

the server in 'Menu 15.2.1', Multiple Server Configuration. The outside users can access the local server using

the Prestige's

 For example (Configuring an internal Web server for outside access) :

WAN IP

address which can be obtained from menu 24.1.

 Port numbers for some services

Prestige 2602RL-D3A Support Notes

14

DNS (Domain Name Server)

53

www-http (Web)

80

Configure a PPTP server Behind SUA

 Introduction

PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within

Internet Protocol (IP) packets and forwarded over any IP network, including the Internet itself.

In order to run the Windows 9x PPTP client, you must be able to establish an IP connection with a tunnel server

such as the Windows NT Server 4.0 Remote Access Server.

Windows Dial-Up Networking uses the Internet standard Point-to-Point (PPP) to provide a secure,optimized

multiple-protocol network connection over dial-up telephone lines. All data sent over this connection can be

encrypted and compressed, and multiple network level protocols (TCP/IP, NetBEUI and IPX) can be run

correctly. Windows NT Domain Login level security is preserved even across the Internet.

PPTP appears as new modem type (Virtual Private Networking Adapter) that can be selected when setting up a

connection in the Dial-Up Networking folder. The VPN Adapter type does not appear elsewhere in the system.

Window98 PPTP Client / Internet / NT RAS Server Protocol Stack

Prestige 2602RL-D3A Support Notes

15

Since PPTP encapsulates its data stream in the PPP protocol, the VPN requires a second dial-up adapter. This

second dial-up adapter for VPN is added during the installation phase of the Upgrade in addition to the first

dial-up adapter that provides PPP support for the analog or ISDN modem.

The PPTP is supported in Windows NT and Windows 98 already. For Windows 95, it needs to be upgraded by

the Dial-Up Networking 1.2 upgrade.

 Configuration

This application note explains how to establish a PPTP connection with a remote private network in the Prestige

SUA case. In ZyNOS, all PPTP packets can be forwarded to the internal PPTP Server (WinNT server) behind

SUA. The port number of the PPTP has to be entered in the SMT Menu 15 for Prestige to forward to the

appropriate private IP address of Windows NT server.

 Example

The following example shows how to dial to an ISP via the Prestige and then establish a tunnel to a private

network. There will be three items that you need to set up for PPTP application, these are PPTP server (WinNT),

PPTP client (Win9x) and the Prestige.

o PPTP server setup (WinNT)

 Add the VPN service from Control Panel>Network  Add an user account for PPTP logged on user  Enable RAS port  Select the network protocols from RAS such as IPX, TCP/IP NetBEUI  Set the Internet gateway to Prestige

Prestige 2602RL-D3A Support Notes

16

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 1723 1723 192.168.1.10

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

o PPTP client setup (Win9x)

 Add one VPN connection from Dial-Up Networking by entering the correct

username & password and the IP address of the Prestige's Internet IP address for logging to NT RAS server.

 Set the Internet gateway to the router that is connecting to ISP

o Prestige router setup

 Before making a VPN connection from Win9x to WinNT server, you need to connect Prestige

router to your ISP first.

 Enter the IP address of the PPTP server (WinNT server) and the port number for PPTP as shown

below.

When you have finished the above settings, you can ping to the remote Win9x client from

WinNT. This ping command is used to demonstrate that remote the Win9x can be reached across the

Prestige 2602RL-D3A Support Notes

17

Internet. If the Internet connection between two LANs is achieve, you can place a VPN call from the

remote Win9x client.

For example:

C:\ping 203.66.113.2

When a dial-up connection to ISP is established, a default gateway is assigned to the router traffic

through that connection. Therefore, the output below shows the default gateway of the Win9x client

after the dial-up connection has been established.

Before making a VPN connection from the Win9x client to the NT server, you need to know the exact

Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the

VPN dial-up dialog box. You can check this Internet IP address from PNC Monitor or SMT Menu

24.1. If the Internet IP address is a fixed IP address provided by ISP in SUA mode, then you can

always use this IP address for reaching the VPN server.

In the following example, the IP address '140.113.1.225' is dynamically assigned by ISP. You must

enter this IP address in the 'VPN Server' dialog box for reaching the PPTP server. After the VPN link is

established, you can start the network protocol application such as IP, IPX and NetBEUI.

Prestige 2602RL-D3A Support Notes

18

Using NAT / Multi-NAT

 What is Multi-NAT?

NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used

within one network to a different IP address known within another network. One network is designated the

inside

network and the other is the

or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local

IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In addition,

outside

. Typically, a company maps its local inside network addresses to one

you can designate servers, e.g., a web server and a telnet server, on your local network and make them

accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall

protection. In such case, all incoming connections to your network will be filtered out by the Prestige, thus

preventing intruders from probing your network.

The SUA feature that the Prestige supports previously operates by mapping the private IP addresses to a global

IP address. It is only one subset of the NAT. The Prestige with ZyNOS V3.40 supports the most of the features

of the NAT based on RFC 1631, and we call this feature as 'Multi-NAT'. For more information on IP address

translation, please refer to RFC 1631,

 How NAT works

The IP Network Address Translator (NAT)

.

If we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the

Inside Global Address (IGA), see the following figure. The term 'inside' refers to the set of networks that are

subject to translation. NAT operates by mapping the ILA to the IGA required for communication with hosts on

other networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then

forwards each packet to the Internet ISP, thus making them appear as if they had come from the NAT system

itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming

reply packets can have their original values restored.

Prestige 2602RL-D3A Support Notes

19

1. NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

2. One to One

In One-to-One mode, the Prestige maps one ILA to one IGA.

3. Many to One

In Many-to-One mode, the Prestige maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port

address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA

only option in today's routers).

4. Many to Many Overload

In Many-to-Many Overload mode, the Prestige maps the multiple ILA to shared IGA.

5. Many to Many No Overload

In Many-to-Many No Overload mode, the Prestige maps each ILA to unique IGA.

 Server

In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify

multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to

one unique IGA please use the One-to-One mode.

Prestige 2602RL-D3A Support Notes

20

NAT Type

IP Mapping

Mapping Direction

One-to-One

ILA1<--->IGA1

Both

Many-to-One (SUA/PAT)

ILA1---->IGA1 ILA2---->IGA1 ...

Outgoing

Many-to-Many Overload

ILA1---->IGA1 ILA2---->IGA2 ILA3---->IGA1 ILA4---->IGA2 ...

Outgoing

Many-to-Many No Overload

(Allocate by Connections)

ILA1---->IGA1 ILA2---->IGA3 ILA3---->IGA2 ILA4---->IGA4 ...

Outgoing

Server

Server 1 IP<----IGA1 Server 2 IP<----IGA1

Incoming

The following table summarizes these types.

 SUA Versus NAT

SUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server.

The Prestige now has Full Feature NAT support to map global IP addresses to local IP addresses of clients or

servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP servers) are allowed on

the LAN for outside access. In previous ZyNOS versions (that supported SUA 'visible' servers had to be of

different types. The Prestige supports NAT sets on a remote node basis. They are reusable, but only one set is

allowed for each remote node. The Prestige 2602RL supports 8 sets since there are 8 remote node. The default

SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set,

sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions.

 SMT Menus

1. Applying NAT in the SMT Menus

Prestige 2602RL-D3A Support Notes

21

Menu 4 - Internet Access Setup

ISP's Name= MyISP

Encapsulation= PPPoE

Multiplexing= LLC-based

VPI #= 0

VCI #= 33

ATM QoS Type= UBR

Peak Cell Rate (PCR)= 0

Sustain Cell Rate (SCR)= 0

Maximum Burst Size (MBS)= 0

My Login= cso@zyxel

My Password= ********

Idle Timeout (sec)= 0

IP Address Assignment= Dynamic

IP Address= N/A

Network Address Translation= Full Feature

Address Mapping Set= 1

Press ENTER to Confirm or ESC to Cancel:

Field

Options

Description

Network Address Translation

Full Feature

When you select this option the SMT will use Address Mapping Set 1 (Menu 15.1-see later for further discussion).

None

NAT is disabled when you select this option.

SUA Only

When you select this option the SMT will use Address Mapping Set 255 (Menu 15.1-see later for further discussion). This option use basically Many-to-One

You apply NAT via menus 4 and 11.3 as displayed next. The next figure how you apply NAT for Internet

access in menu 4. Enter 4 from the Main Menu to go to Menu 4-Internet Access Setup.

The following table describes the options for Network Address Translation.

Prestige 2602RL-D3A Support Notes

22

Overload mapping. Select Full Feature when you require other mapping types. It is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions. Note that there is also a Server type whose IGA is 0.0.0.0 in this set.

Menu 15 - NAT Setup

1. Address Mapping Sets

2. NAT Server Sets

Table: Applying NAT in Menu 4 and Menu 11.3

2. Configuring NAT

To configure NAT, enter 15 from the Main Menu to bring up the following screen.

3. Address Mapping Sets and NAT Server Sets

Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresses

to LAN clients. Each remote node must specify which NAT Address Mapping Set to use. The P2602RL has 8

remote nodes and so allows you to configure 8 NAT Address Mapping Set. You can see nine NAT Address

Mapping sets in Menu 15.1. You can only configure from Set 1 to Set 8. Set 255 is used for SUA. When you

select Full Feature in menu 4 or 11.3. When you select SUA Only, the SMT will use Set 15.2.

The NAT Server Set is a list of LAN side servers mapped to external ports. To use this set (one set for the

Prestige), a server rule must be set up inside the NAT Address Mapping set. Please see NAT Server Sets for

further information on these menus.

Enter 1 to bring up Menu 15.1-Address Mapping Sets

Prestige 2602RL-D3A Support Notes

23

Menu 15.1 - Address Mapping Sets

1.

2.

3.

4.

5.

6.

7.

8.

255. SUA (read only)

Enter Set Number to Edit:

Menu 15.1.1 - Address Mapping Rules

Set Name= SUA

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1

2. 0.0.0.0 Server

3.

4.

5.

6.

7.

8.

9.

10.

Press ENTER to Confirm or ESC to Cancel:

Let's first look at Option 255. Option 255 is equivalent to SUA in previous ZyXEL routers. The fields in this

menu cannot be changed. Entering 255 brings up this screen.

Prestige 2602RL-D3A Support Notes

24

Field

Description

Option/Example

Set Name

This is the name of the set you selected in Menu 15.1 or enter the name of a new set you want to create.

SUA Idx

This is the index or rule number.

1

Local Start IP

This is the starting local IP address (ILA).

0.0.0.0 for the Many-to-One type.

Local End IP

This is the starting local IP address (ILA). If the rule is for all local IPs, then the Start IP is 0.0.0.0 and the End IP is

255.255.255.255.

255.255.255.255

Global Start IP

This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP.

0.0.0.0 Global End IP

This is the ending global IP address (IGA).

N/A

Type

This is the NAT mapping types.

Many-to-One and Server

Menu 15.1.1 - Address Mapping Rules

Set Name= ?

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

1.

2.

3.

4.

5.

6.

7.

8.

The following table explains the fields in this screen. Please note that the fields in this menu are read-only.

Please note that the fields in this menu are read-only. However, the settings of the server set 1 can be modified

in menu 15.1.1.

Now let's look at Option 1 in Menu 15.1.1 Enter 1 to bring up this menu.

Prestige 2602RL-D3A Support Notes

25

9.

10.

Action= Edit , Select Rule= 0

Press ENTER to Confirm or ESC to Cancel:

Field

Description

Option

Set Name

Enter a name for this set of rules. This is a required field. Please note

that if this field is left blank, the entire set will be deleted.

Rule1

Action

They are 4 actions. The default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a new rule before the rule selected. The rule after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule. Save Set means to save the whole set (note when you choose this action the Select Rule item will be disabled).

Edit Insert Before Delete Save Set

Select Rule

When you choose Edit, Insert Before or Save Set in the previous field the cursor jumps to this field to allow you to select the rule to apply the action in question.

1

Menu 15.1.1.1 - - Rule 1

Type: One-to-One

We will just look at the differences from the previous menu. Note that, this screen is not read only, so we have

extra Action and Select Rule fields. Not also that the [?] in the Set Name field means that this is a required field

and you must enter a name for the set. The description of the other fields is as described above. The Type,

Local and Global Start/End IPs are configured in Menu 15.1.1 (described later) and the values are displayed

here.

Note: Save Set in the Action field means to save the whole set. You must do this if you make any changes to

the set-including deleting a rule. No changes to the set take place until this action is taken. Be careful when

ordering your rules as each rule is executed in turn beginning from the first rule.

Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu

15.1.1.1-Address Mapping Rule in which you can edit an individual rule and configure the Type, Local and

Global Start/End IPs displayed in Menu 15.1.1.

Prestige 2602RL-D3A Support Notes

26

Local IP:

Start= 0.0.0.0

End = N/A

Global IP:

Start= 0.0.0.0

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Field

Description

Option/Example

Type

Press [SPACEBAR] to toggle through a total of 5 types. These are the mapping types discussed above plus a server type. Some examples follow to clarify these a little more.

One-to-One Many-to-One Many-to-Many Overload Many-to-Many No Overload Server

Local IP

Start

This is the starting local IP address (ILA)

0.0.0.0

End

This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as

255.255.255.255. This field is N/A for One-to-One type.

255.255.255.255

Global IP

Start

This is the starting global IP address (IGA). If you have a dynamic IP, enter 0.0.0.0 as the Global Start IP.

0.0.0.0

End

This is the ending global IP address (IGA). This field is N/A for One-to-One, Many-to-One and Server types.

200.1.1.64

The following table describes the fields in this screen.

Note: For all Local and Global IPs, the End IP address must begin after the IP Start address, i.e., you cannot

have an End IP address beginning before the Start IP address.

 NAT Server Sets

Prestige 2602RL-D3A Support Notes

27

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

The NAT Server Set is a list of LAN side servers mapped to external ports (similar to the old SUA menu of

before). If you wish, you can make inside servers for different services, e.g., Web or FTP, visible to the outside

users, even though NAT makes your network appears as a single machine to the outside world. A server is

identified by the port number, e.g., Web service is on port 80 and FTP on port 21.

As an example (see the following figure), if you have a Web server at 192.168.1.36 and a FTP server at

192.168.1.33, then you need to specify for port 80 (Web) the server at IP address 192.168.1.36 and for port 21

(FTP) another at IP address 192.168.1.33.

Please note that a server can support more than one service, e.g., a server can provide both FTP and Mail

service, while another provides only Web service.

The following procedures show how to configure a server behind NAT.

Step 1. Enter 15 in the Main Menu to go to Menu 15-NAT Setup.

Step 2. Enter 2 to go to Menu 15.2.1-NAT Server Setup.

Step 3. Enter the service port number in the Port# field and the inside IP address of the server in the IP Address

field.

Step 4. Press [SPACEBAR] at the 'Press ENTER to confirm...' prompt to save your configuration after you

define all the servers or press ESC at any time to cancel.

Prestige 2602RL-D3A Support Notes

28

2. 21 21 192.168.1.33

3. 80 80 192.168.1.36

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

Service

Port Number

FTP

21

Telnet

23

SMTP

25

DNS (Domain Name Server)

53

www-http (Web)

80

PPTP (Point-to-Point Tunneling Protocol)

1723

The most often used port numbers are shown in the following table. Please refer RFC 1700 for further

information about port numbers.

1. Internet Access Only

In our Internet Access example, we only need one rule where all our ILAs map to one IGA assigned by the ISP.

See the following figure.

Prestige 2602RL-D3A Support Notes

29

Menu 4 - Internet Access Setup

ISP's Name= MyISP

Encapsulation= PPPoE

Multiplexing= LLC-based

VPI #= 0

VCI #= 33

ATM QoS Type= UBR

Peak Cell Rate (PCR)= 0

Sustain Cell Rate (SCR)= 0

Maximum Burst Size (MBS)= 0

My Login= cso@zyxel

My Password= ********

Idle Timeout (sec)= 0

IP Address Assignment= Dynamic

IP Address= N/A

Network Address Translation= SUA Only

Address Mapping Set= 1

Press ENTER to Confirm or ESC to Cancel:

Prestige 2602RL-D3A Support Notes

30

Menu 15.2 - NAT Server Setup (Used for SUA Only)

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 21 21 192.168.1.33

3. 0 0 0.0.0.0

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

From Menu 4 shown above simply choose the SUA Only option from the NAT field. This is the Many-to-One

mapping discussed earlier. The SUA read only option from the NAT field in menu 4 and 11.3 is specifically

pre-configured to handle this case.

2. Internet Access with an Internal Server

In this case, we do exactly as above (use the convenient pre-configured SUA Only set) and also go to Menu

15.2-NAT Server Setup (Used for SUA Only) to specify the Internet Server behind the NAT as shown in the

NAT as shown below.

Prestige 2602RL-D3A Support Notes

31

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

3. Using Multiple Global IP addresses for clients and servers (One-to-One, Many-to-One, Server Set mapping

types are used)

In this case we have 3 IGAs (IGA1, IGA2 and IGA3) from the ISP. We have two very busy internal FTP

servers and also an internal general server for the web and mail. In this case, we want to assign the 3 IGAs by

the following way using 4 NAT rules.

5. Rule 1 (One-to-One type) to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1.

6. Rule 2 (One-to-One type) to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2.

7. Rule 3 (Many-to-One type) to map the other clients to IGA3.

8. Rule 4 (Server type) to map a web server and mail server with ILA3 (192.168.1.20) to IGA3. Type

Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN.

Prestige 2602RL-D3A Support Notes

32

Menu 4 - Internet Access Setup

ISP's Name= MyISP

Encapsulation= PPPoE

Service Type= N/A

My Login= cso@zyxel

My Password= ********

Retype to Confirm= ********

Idle Timeout= 100

IP Address Assignment= Static

IP Address= IGA3

IP Subnet Mask= N/A

Gateway IP Address= N/A

Network Address Translation= Full Feature

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.1 - - Rule 1

Type: One-to-One

Local IP:

Step 1:

In this case, we need to configure Address Mapping Set 1 from Menu 15.1-Address Mapping Sets. Therefore

we must choose the Full Feature option from the NAT field in menu 4 or menu 11.3, and assign IGA3 to

Prestige WAN IP Address.

Step 2:

Go to menu 15.1 and choose 1 (not 255, SUA this time) to begin configuring this new set. Enter a Set Name,

choose the Edit Action and then select 1 from Select Rule field. Press [ENTER] to confirm. See the following

setup for the four rules in our case.

Rule 1 Setup: Select One-to-One type to map the FTP Server 1 with ILA1 (192.168.1.10) to IGA1.

Prestige 2602RL-D3A Support Notes

33

Start= 192.168.1.10

End = N/A

Global IP:

Start= [Enter IGA1]

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.2 - - Rule 2

Type: One-to-One

Local IP:

Start= 192.168.1.11

End = N/A

Global IP:

Start= [Enter IGA2]

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.3 - - Rule 3

Type: Many-to-One

Local IP:

Start= 0.0.0.0

End = 255.255.255.255

Global IP:

Start= [Enter IGA3]

End = N/A

Rule 2 Setup: Selecting One-to-One type to map the FTP Server 2 with ILA2 (192.168.1.11) to IGA2.

Rule 3 Setup: Select Many-to-One type to map the other clients to IGA3.

Prestige 2602RL-D3A Support Notes

34

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.4 - - Rule 4

Type: Server

Local IP:

Start= N/A

End = N/A

Global IP:

Start= [Enter IGA3]

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1 - Address Mapping Rules

Set Name= Example3

Idx Local Start IP Local End IP Global Start IP Global End IP Type

--- --------------- --------------- --------------- --------------- ------

1. 192.168.1.10 [IGA1] 1-1

2. 192.168.1.11 [IGA2] 1-1

3. 0.0.0.0 255.255.255.255 [IGA3] M-1

4. [IGA3] Server

5.

6.

7.

8.

Rule 4 Setup: Select Server type to map our web server and mail server with ILA3 (192.168.1.20) to IGA3.

When we have configured all four rules Menu 15.1.1 should look as follows.

Prestige 2602RL-D3A Support Notes

35

9.

10.

Press ESC or RETURN to Exit:

Menu 15.2 - NAT Server Setup

Rule Start Port No. End Port No. IP Address

---------------------------------------------------

1. Default Default 0.0.0.0

2. 80 80 192.168.1.20

3. 25 25 192.168.1.20

4. 0 0 0.0.0.0

5. 0 0 0.0.0.0

6. 0 0 0.0.0.0

7. 0 0 0.0.0.0

8. 0 0 0.0.0.0

9. 0 0 0.0.0.0

10. 0 0 0.0.0.0

11. 0 0 0.0.0.0

12. 0 0 0.0.0.0

Press ENTER to Confirm or ESC to Cancel:

Step 3:

Now we configure all other incoming traffic to go to our web server aand mail server from Menu 15.2 - NAT

Server Setup (not Set 1, Set 1 is used for SUA Only case).

4. Support Non NAT Friendly Applications

Prestige 2602RL-D3A Support Notes

36

Menu 15.1.1.1 - - Rule 1

Type: Many-to-Many No Overload

Local IP:

Start= 192.168.1.10

End = 192.168.1.12

Global IP:

Start= [Enter IGA1]

End = [Enter IGA3]

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.1 - - Rule 1

Type: One-to-One

Some servers providing Internet applications such as some mIRC servers do not allow users to login using the

same IP address. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types,

thus each user login to the server using a unique global IP address. The following figure illustrates this.

One rule configured for using Many-to-Many No Overload mapping type is shown below.

The three rules configured for using One-to-One mapping type is shown below.

37

Local IP:

Start= 192.168.1.10

End = N/A

Global IP:

Start= [Enter IGA1]

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.2 - - Rule 2

Type: One-to-One

Local IP:

Start= 192.168.1.11

End = N/A

Global IP:

Start= [Enter IGA2]

End = N/A

Press ENTER to Confirm or ESC to Cancel:

Menu 15.1.1.3 - - Rule 3

Type: One-to-One

Local IP:

Start= 192.168.1.12

End = N/A

Global IP:

Start= [Enter IGA3]

End = N/A

Prestige 2602RL-D3A Support Notes

38

Press ENTER to Confirm or ESC to Cancel:

NAT Type

IP Mapping

One-to-One

ILA1<--->IGA1

Many-to-One (SUA/PAT)

ILA1<--->IGA1 ILA2<--->IGA1 ...

Many-to-Many Overload

ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA1 ILA4<--->IGA2

Many-to-Many No Overload

ILA1<--->IGA1 ILA2<--->IGA2 ILA3<--->IGA3 ILA4<--->IGA4

Prestige supports multiple type of NAT mapping rules

 SUA  One to One  Many to One  Many to Many overload  Many One to One  Server

The following table summarizes these types.

Prestige 2602RL-D3A Support Notes

39

...

Server (SUA)

Server 1 IP<--->IGA1 Server 2 IP<--->IGA1

About Filter & Filter Examples

How does ZyXEL filter work?

 Filter Structure

The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter

rules in the system. You can apply up to four filter sets to a particular port to block multiple types of packets.

With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. The

following diagram illustrates the logic flow when executing a filter rule.

Prestige 2602RL-D3A Support Notes

40

 Filter Types and SUA

Conceptually, there are two categories of filter rules: device and protocol. The Generic filter rules belong to the

device category; they act on the raw data from/to LAN and WAN. The IP and IPX filter rules belong to the

protocol category; they act on the IP and IPX packets.

Prestige 2602RL-D3A Support Notes

41

In order to allow users to specify the local network IP address and port number in the filter rules with SUA

connections, the TCP/IP filter function has to be executed before SUA for WAN outgoing packets and after the

SUA for WAN incoming IP packets. But at the same time, the Generic filter rules must be applied at the point

when the Prestige is receiving and sending the packets; i.e. the ISDN interface. So, the execution sequence has

to be changed. The logic flow of the filter is shown in Figure 1 and the sequence of the logic flow for the packet

from LAN to WAN is:

 LAN device and protocol input filter sets.  WAN protocol call and output filter sets.  If SUA is enabled, SUA converts the source IP address from 192.168.1.33 to 203.205.115.6 and

port number from 1023 to 4034.

 WAN device output and call filter sets.

The sequence of the logic flow for the packet from WAN to LAN is:

 WAN device input filter sets.  If SUA is enabled, SUA converts the destination IP address from 203.205.115.6 to 92.168.1.33 and port

number from 4034 to 1023.

 WAN protocol input filter sets.  LAN device and protocol output filter sets.

Generic and TCP/IP (and IPX) filter rules are in different filter sets. The SMT will detect and prevent the

mixing of different category rules within any filter set in Menu 21. In the following example, you will receive

an error message 'Protocol and device filter rules cannot be active together' if you try to activate a TCP/IP (or

IPX) filter rule in a filter set that has already had one or more active Generic filter rules. You will receive the

Prestige 2602RL-D3A Support Notes

42

Menu 21.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= Yes

Offset= 0

Length= 0

Mask= N/A

Value= N/A

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

same error if you try to activate a Generic filter rule in a filter set that has already had one or more active

TCP/IP (or IPX) filter rules.

Menu 21.1.1:

Menu 21.1.2:

Prestige 2602RL-D3A Support Notes

43

More= No Log= None

Action Matched= Check Next Rule

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Saving to ROM. Please wait...

Protocol and device rule cannot be active together

Menu 3.1 - General Ethernet Setup

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

Menu 11.1 - Remote Node Profile

Rem Node Name= LAN Route= IP

Active= Yes Bridge= No

Encapsulation= PPP Edit PPP Options= No

Incoming: Rem IP Addr= ?

Rem Login= test Edit IP/IPX/Bridge= No

Rem Password= ********

To separate the device and protocol filter categories; two new menus, Menu 11.5 and Menu 13.1, have been

added, as well as some changes made to the Menu 3.1, Menu 11.1, and Menu 13. The new fields are shown

below.

Menu 3.1:

Menu 11.1:

44

Outgoing: Session Options:

My Login= testt Edit Filter Sets= Yes

My Password= *****

Authen= CHAP/PAP

Press ENTER to Confirm or ESC to Cancel:

Menu 11.5 - Remote Node Filter

Input Filter Sets:

protocol filters=

device filters=

Output Filter Sets:

protocol filters=

device filters=

Menu 11.5:

Prestige 2602RL-D3A Support Notes

SMT will also prevent you from entering a protocol filter set configured in Menu 21 to the device filters field in

Menu 3.1, 11.5, or entering a device filter set to the protocol filters field. Even though SMT will prevent the

inconsistency from being entered in ZyNOS, it is unable to resolve the intermixing problems existing in the

filter sets that were configured before. Instead, when ZyNOS translates the old configuration into the new

format, it will verify the filter rules and log the inconsistencies. Please check the system log (Menu 24.3.1)

before putting your device into use.

In order to avoid operational problems later, the Prestige will disable its routing/bridging functions if there is an

inconsistency among its filter rules.

filter for blocking the web service

 Configuration

Before configuring a filter, you need to know the following information:

Prestige 2602RL-D3A Support Notes

45

Menu 21 - Filter Set Configuration

Filter Filter

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Web Request 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 1

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

1. The outbound packet type (protocol & port number)

2. The source IP address

Generally, the outbound packets for Web service could be as following:

a. HTTP packet, TCP (06) protocol with port number 80

b. DNS packet, TCP (06) protocol with port number 53 or

c. DNS packet, UDP (17) protocol with port number 53

For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP

Address for the workstation you want to block. See the procedure for configuring this filter below.

o Create a filter set in Menu 21, e.g., set 1 o Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3

 Rule 1- block the HTTP packet, TCP (06) protocol with port number 80  Rule 2- block the DNS packet, TCP (06) protocol with port number 53  Rule 3- block the DNS packet, UDP (17) protocol with port number 53

o Apply the filter set in menu 4

1. Create a filter set in Menu 21

Prestige 2602RL-D3A Support Notes

46

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 80

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

2. Rule one for (a). http packet, TCP(06)/Port number 80

3.Rule 2 for (b).DNS request, TCP(06)/Port number 53

Prestige 2602RL-D3A Support Notes

47

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

4. Rule 3 for (c). DNS packet UDP(17)/Port number 53

5. After the three rules are completed, you will see the rule summary in Menu 21.

Prestige 2602RL-D3A Support Notes

48

Menu 21.1 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- -------------------------------------- - - -

1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N

2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N

3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F

Menu 21 - Filter Set Configuration

Filter Filter

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 Block a client 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 0

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup .

A filter for blocking a specific client

Configuration

1. Create a filter set in Menu 21, e.g., set 1

Prestige 2602RL-D3A Support Notes

49

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 0 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #=

Port # Comp= None

Source: IP Addr= 192.168.1.5

IP Mask= 255.255.255.255

Port #=

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

2. One rule for blocking all packets from this client

Key Settings:

Source IP addr................Enter the client IP in this field

IP Mask..........................here the IP mask is used to mask the bits of the IP address given in the 'Source IP

Addr=' field, for one workstation it is 255.255.255.255.

Action Matched................Set to 'Drop' to drop all the packets from this client

Action Not Matched.........Set to 'Forward' to allow the packets from other clients

3. Apply the filter set number '1' to the 'Output Protocol Filter Set' field in the remote node setup.

A filter for blocking a specific MAC address

Prestige 2602RL-D3A Support Notes

50

ras> sys trcp channel enet0 bothway

ras> sys trcp sw on

Now a client on the LAN is trying to ping Prestige………

ras> sys trcp sw off

ras> sys trcp disp

TIME: 37c060 enet0-RECV len:74 call=0

0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00

0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84

0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

TIME: 37c060 enet0-XMIT len:74 call=0

0000: [00 80 c8 4c ea 63] [00 a0 c5 01 23 45] 08 00 45 00

0010: 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84

0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

+ Ethernet Version II

- Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45

(Destination MAC)

- Ethernet II Protocol Type: IP

This configuration example shows you how to use a Generic Filter to block a specific MAC address of the

LAN.

Before you Begin

Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be

provided by the NICs. If there is the LAN packet passing through the Prestige you can identify the uninteresting

MAC address from the Prestige's LAN packet trace. Please have a look at the following example to know the

trace of the LAN packets.

The detailed format of the Ethernet Version II:

Prestige 2602RL-D3A Support Notes

51

+ Internet Protocol

- Version (MSB 4 bits): 4

- Header length (LSB 4 bits): 5

- Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal

- Total length: 60 (Octets)

- Fragment ID: 60172

- Flags: May be fragmented, Last fragment, Offset=0 (0x00)

- Time to live: 32 seconds/hops

- IP protocol type: ICMP (0x01)

- Checksum: 0xE3EA

- IP address 202.132.155.93 (Source IP address) ---->

202.132.155.99(Destination IP address)

- No option

+ Internet Control Message Protocol

- Type: 8 - Echo Request

- Code: 0

- Checksum: 0x455C

- Identifier: 768

- Sequence Number: 1280

- Optional Data: (32 bytes)

TIME: 37c060 enet0-RECV len:74 call=0

0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00

0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84

0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66

0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76

0040: 77 61 62 63 64 65 66 67 68 69

Configurations

From the above first trace, we know a client is trying to ping request the Prestige router. And from the second

trace, we know the Prestige router will send a reply to the client accordingly. The following sample filter will

utilize the 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63].

1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet

2. We are now ready to configure the 'Generic Filter Rule' as below.

Prestige 2602RL-D3A Support Notes

52

Menu 21.1.1 - Generic Filter Rule

Filter #: 1,1

Filter Type= Generic Filter Rule

Active= Yes

Offset= 6

Length= 6

Mask= ffffffffffff

Value= 0080c84cea63

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Key Settings:

 Generic Filter Ruls

Set the 'Filter Type' to 'Generic Filter Rule'

 Active

Turn 'Active' to 'Yes'

 Offset (in bytes)

Set to '6' since the source MAC address starts at 7th octets we need to skip the first octets of the destination MAC address.

 Length (in bytes)

Set to '6' since MAC address has 6 octets.

 Mask (in hexadecimal)

Specify the value that the Prestige will logically qualify (logical AND) the data in the packet. Since the Length is set to 6 octets the Mask for it should be 12 hexadecimal numbers. In this case, we intent to set to 'ffffffffffff' to mask the incoming source MAC address, [00 80 c8 4c ea 63].

 Value (in hexadecimal)

Specify the MAC address [00 80 c8 4c ea 63] that the Prestige should use to compare with the masked packet. If the result from the masked packet matches the 'Value', then the packet is considered matched.

Prestige 2602RL-D3A Support Notes

53

Menu 21.1.2 - Generic Filter Rule

Filter #: 1,2

Filter Type= Generic Filter Rule

Active= Yes

Offset= 6

Length= 6

Mask= ffffffffffff

Value= 0080c810234a

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Menu 3.1 - General Ethernet Setup

Input Filter Sets:

protocol filters=

device filters= 1

Output Filter Sets:

protocol filters=

device filters=

 Action Matched=

Enter the action you want if the masked packet matches the 'Value'. In this case, we will drop it.

 Action Not Matched=

Enter the action you want if the masked packet does not match the 'Value'. In this case, we will forward it. If you want to configure more rules please select 'Check Next Rule' to start configuring the next new rule. However, please note that the 'Filter Type' must be also 'Generic Filter Rule' but not others. Because the Generic and TCPIP (IPX) filter rules must be in different filter sets.

You can now apply it to the 'General Ethernet Setup' in Menu 3.1. Please note that the 'Generic Filter' can only

be applied to the 'Device Filter' but not the 'Protocol Filter' that is used for configuring the TCPIP and IPX

filters.

Prestige 2602RL-D3A Support Notes

54

Menu 21 - Filter Set Configuration

Filter Filter

A filter for blocking the NetBIOS packets

 Introduction

The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the

NetBIOS connection to a outside host is blocked by Prestige router as factory defaults. Users can remove the

filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS services. The details of the filter

settings are described as follows.

 Configuration

The packets need to be blocked are as follows. Please configure two filter sets with 4 and 2 rules respectively

based on the following packets in SMT menu 21.

Filter Set 1:

o Rule 1-Destination port number 137 with protocol number 6 (TCP) o Rule 2-Destination port number 137 with protocol number 17 (UDP) o Rule 3-Destination port number 138 with protocol number 6 (TCP) o Rule 4-Destination port number 138 with protocol number 17 (UDP) o Rule 5-Destination port number 139 with protocol number 6 (TCP) o Rule 6-Destination port number 139 with protocol number 17 (UDP)

Filter Set 2:

o Rule 1-Source port number 137, Destination port number 53 with protocol number 6

(TCP)

o Rule 2-Source port number 137, Destination port number 53 with protocol number 17

(UDP)

Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.

Prestige 2602RL-D3A Support Notes

55

Set # Comments Set # Comments

------ ----------------- ------ -----------------

1 NetBIOS_WAN 7 _______________

2 NetBIOS_LAN 8 _______________

3 _______________ 9 _______________

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Filter Set Number to Configure= 1

Edit Comments=

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.1 - TCP/IP Filter Rule

Filter #: 1,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 137

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Configure the first filter set 'NetBIOS_WAN' by selecting the Filter Set number 1.

 Rule 1-Destination port number 137 with protocol number 6 (TCP)

Prestige 2602RL-D3A Support Notes

56

Menu 21.1.2 - TCP/IP Filter Rule

Filter #: 1,2

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 137

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.3 - TCP/IP Filter Rule

Filter #: 1,3

Filter Type= TCP/IP Filter Rule

Active= Yes

 Rule 2-Destination port number 137 with protocol number 17 (UDP)

 Rule 3-Destination port number 138 with protocol number 6 (TCP)

Prestige 2602RL-D3A Support Notes

57

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 138

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.4 - TCP/IP Filter Rule

Filter #: 1,4

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 138

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

More= No Log= None

 Rule 4-Destination port number 138 with protocol number 17 (UDP)

Prestige 2602RL-D3A Support Notes

58

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.5 - TCP/IP Filter Rule

Filter #: 1,5

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 139

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.1.6 - TCP/IP Filter Rule

Filter #: 1,6

 Rule 5-Destination port number 139 with protocol number 6 (TCP)

 Rule 6-Destination port number 139 with protocol number 17 (UDP)

Prestige 2602RL-D3A Support Notes

59

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 139

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 0

Port # Comp= None

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

Menu 21.2 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- --------------------------------------------- - - -

1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N

2 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N

3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N

4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N

5 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N

6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F

 After the first filter set is finished, you will get the complete rules summary as below.

Prestige 2602RL-D3A Support Notes

60

Menu 21.2.1 - TCP/IP Filter Rule

Filter #: 2,1

Filter Type= TCP/IP Filter Rule

Active= Yes

IP Protocol= 6 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 137

Port # Comp= Equal

TCP Estab= No

More= No Log= None

Action Matched= Drop

Action Not Matched= Check Next Rule

Press ENTER to Confirm or ESC to Cancel:

Menu 21.2.2 - TCP/IP Filter Rule

Filter #: 2,2

Filter Type= TCP/IP Filter Rule

Active= Yes

 Apply the first filter set 'NetBIOS_WAN' to the 'Output Protocol Filter' in the remote node

setup.

Configure the second filter set 'NetBIOS_LAN' by selecting the Filter Set number 2.

 Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)

 Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)

Prestige 2602RL-D3A Support Notes

61

IP Protocol= 17 IP Source Route= No

Destination: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 53

Port # Comp= Equal

Source: IP Addr= 0.0.0.0

IP Mask= 0.0.0.0

Port #= 137

Port # Comp= Equal

TCP Estab= N/A

More= No Log= None

Action Matched= Drop

Action Not Matched= Forward

Press ENTER to Confirm or ESC to Cancel:

Menu 21.2 - Filter Rules Summary

# A Type Filter Rules M m n

- - ---- ---------------------------------------------- - - -

1 Y IP Pr=6, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D N

2 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F

Menu 3.1 - General Ethernet Setup

Input Filter Sets:

1. After the first filter set is finished, you will get the complete rules summary as below.

1. Apply the filter set 'NetBIOS_LAN' in the 'Input protocol filters=' in the Menu 3 for blocking

the packets from LAN

Prestige 2602RL-D3A Support Notes

62

protocol filters= 2

device filters=

Output Filter Sets:

protocol filters=

device filters=

Using the Dynamic DNS (DDNS)

1. What is DDNS?

The DDNS service, an IP Registry provides a public central database where information such as email

addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an

IP associated with dynamic IPs.

Without DDNS, we always tell the users to use the WAN IP of the Prestige to access the internal server. It is

inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name

(e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always

access the web server using the www.zyxel.com.tw regardless of the WAN IP of the Prestige.

When the ISP assigns the Prestige a new IP, the Prestige must inform the DDNS server the change of this IP so

that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the

DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.

The DDNS server stores password-protected email addresses with IPs and hostnames and accepts queries based

on email addresses. So, there must be an email entry in the Prestige menu 1.

The DDNS servers the Prestige supports currently is WWW.DYNDNS.ORG where you apply the DNS from

and update the WAN IP to.

 Setup the DDNS

 Before configuring the DDNS settings in the Prestige, you must register an account from the

DDNS server such as WWW.DYNDNS.ORG first. After the registration, you have a hostname for your internal server and a password using to update the IP to the DDNS server.

 Toggle 'Configure Dynamic DNS' option to 'Yes' and press ENTER for configuring the settings

of the DDNS in menu 1.1.

Prestige 2602RL-D3A Support Notes

63

Menu 1 - General Setup

System Name= Prestige

Location=

Contact Person's Name=

Domain Name=

Edit Dynamic DNS= Yes

Route IP= Yes

Bridge= No

Menu 1.1 - Configure Dynamic DNS

Service Provider= WWW.DynDNS.ORG

Active= Yes

Host=[the local server's host name]

EMAIL=

USER=

Password= ********

Enable Wildcard= No

Option

Description

Service Provider

Enter the DDNS server in this field. Currently, we support

WWW.DYNDNS.ORG.

Active

Toggle to 'Yes'.

Host

Enter the hostname you subscribe from the above DDNS server. For example, zyxel.com.tw.

EMAIL

Enter the email address you give to the DDNS server.

User

Enter the user name that

Key Settings for using DDNS function:

Prestige 2602RL-D3A Support Notes

64

Password

Enter the password that the DDNS server gives to you.

Enable Wildcard

Enter the hostname for the wildcard function that the WWW.DYNDNS.ORG supports. Note that Wildcard option is available only when the provider is

WWW.DYNDNS.ORG.

Network Management Using SNMP

1. SNMP Overview

The

Simple Network Management Protocol

(SNMP) is an applications-layer protocol used to exchange the

management information between network devices (e.g., routers). By using SNMP, network administrators can

more easily manage network performance, find and solve network problems. The SNMP is a member of the

TCP/IP protocol suite, it uses the UDP to exchange messages between a management Client and an Agent,

residing in a network node.

There are two versions of SNMP: Version 1 and Version 2. ZyXEL supports SNMPv1. Most of the changes

introduced in Version 2 increase SNMP's security capabilities. SNMP encompasses three main areas:

1. A small set of management operations.

2. Definitions of management variables.

3. Data representation.

The operations allowed are: Get, GetNext, Set, and Trap. These functions operates on variables that exist in

network nodes. Examples of variables include statistic counters, node port status, and so on. All of the SNMP

management functions are carried out through these simple operations. No action operations are available, but

these can be simulated by the setting of flag variables. For example, to reset a node, a counter variable named

'time to reset' could be set to a value, causing the node to reset after the time had elapsed.

SNMP variables are defined using the OSI Abstract Syntax Notation One (ASN.1). ASN.1 specifies how a

variable is encoded in a transmitted data frame; it is very powerful because the encoded data is self-defining.

For example, the encoding of a text string includes an indication that the data unit is a string, along with its

length and value. ASN.1 is a flexible way of defining protocols, especially for network management protocols

where nodes may support different sets of manageable variables.

The net of variables that each node supports is called the

Management Information Base

made up of several parts, including the Standard MIB, specified as part of SNMP, and Enterprise Specific MIB,

which are defined by different manufacturer for hardware specific management.

(MIB). The MIB is

Prestige 2602RL-D3A Support Notes

65

The current Internet-standard MIB, MIB-II, is defined in RFC 1213 and contains 171 objects. These objects are

grouped by protocol (including TCP, IP, UDP, SNMP, and other categories, including 'system' and 'interface.'

The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices

can be any of four different types of commands:

6. Reads

Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices.

7. Writes

Write is used to control the managed devices, NMSs write variables that are stored in the managed

devices.

8. Traversal operations

NMSs use these operations to determine which variables a managed device supports and to sequentially

gather information from variable tables (such as IP routing table) in managed devices.

9. Traps

The managed devices to asynchronously report certain events to NMSs use trap.

Prestige 2602RL-D3A Support Notes

66

2. SNMPv1 Operations

SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below.

 Get

Allows the NMS to retrieve an object variable from the agent.

 GetNext

Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.

 Set

Allows the NMS to set values for object variables within an agent.

 Trap

Used by the agent to inform the NMS of some events.

The SNMPv1 messages contains two part. The first part contains a version and a community name. The second

part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and

Prestige 2602RL-D3A Support Notes

67

so on) and the object values involved in the operation. The following figure shows the SNMPv1 message

format.

The SNMP PDU contains the following fields:

 PDU type Specifies the type of PDU.  Request ID Associates requests with responses.  Error status Indicates an error and an error type.  Error index Associates the error with a particular object variable.  Variable-bindings Associates particular object with their value.

3. ZyXEL SNMP Implementation

ZyXEL currently includes SNMP support in some Prestige routers. It is implemented based on the SNMPv1, so

it will be able to communicate with SNMPv1 NMSs. For SNMPv1 operation, ZyXEL permits one community

string so that the router can belong to only one community and allows trap messages to be sent to only one

NMS manager.

Some traps are sent to the SNMP manager when anyone of the following events happens:

 coldStart (defined in RFC-1215) :

If the machine coldstarts, the trap will be sent after booting.

Prestige 2602RL-D3A Support Notes

68

 warmStart (defined in RFC-1215) :

If the machine warmstarts, the trap will be sent after booting.

 linkDown (defined in RFC-1215) :

If any link of IDSL or WAN is down, the trap will be sent with the port number . The port number is its

interface index under the interface group.

 linkUp (defined in RFC-1215) :

If any link of IDSL or WAN is up, the trap will be sent with the port number . The port number is its

interface index under the interface group.

 authenticationFailure (defined in RFC-1215) :

When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager.

1. whyReboot (defined in ZYXEL-MIB) :

When the system is going to restart (warmstart), the trap will be sent with the reason of restart before rebooting.

(i) For intentional reboot :

In some cases (download new files, CI command "sys reboot", ...), reboot is done intentionally. And traps with

the message "System reboot by user !" will be sent.

(ii) For fatal error :

System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent.

Prestige 2602RL-D3A Support Notes

69

Menu 22 - SNMP Configuration

SNMP:

Get Community= public

Set Community= public

Trusted Host= 192.168.1.33

4. Configure the Prestige for SNMP

The SNMP related settings in Prestige are configured in menu 22, SNMP Configuration. The following steps

describe a simple setup procedure for configuring all SNMP settings.

Prestige 2602RL-D3A Support Notes

70

Trap:

Community= public

Destination= 192.168.1.33

Press ENTER to Confirm or ESC to Cancel:

Option

Descriptions

Get Community

Enter the correct Get Community. This Get Community must match the 'Get-' and 'GetNext' community requested from the NMS. The default is 'public'.

Set Community

Enter the correct Set Community. This Set Community must match the 'Set-community requested from the NMS. The default is 'public'.

Trusted Host

Enter the IP address of the NMS. The Prestige will only respond to SNMP messages coming from this IP address. If 0.0.0.0 is entered, the Prestige will respond to all

NMS managers.

Trap Community

Enter the community name in each sent trap to the NMS. This Trap Community must match what the NMS is expecting. The default is 'public'.

Trap Destination

Enter the IP address of the NMS that you wish to send the traps to. If 0.0.0.0 is entered, the Prestige will not send trap any NMS manager.

Menu 24.3.2 - System Maintenance - UNIX Syslog and Accounting

UNIX Syslog:

Active= Yes

Syslog IP Address= 192.168.1.33

Log Facility= Local 1

Key Settings:

Using syslog

4. Prestige Setup

Prestige 2602RL-D3A Support Notes

71

Configuration:

1. Active, use the space bar to turn on the syslog option.

2. Syslog IP Address, enter the IP address of the UNIX server that you wish to send the syslog.

3. Log Facility, use the space bar to toggle between the 7 different local options.

 UNIX Setup

1. Make sure that your syslogd starts with -r argument.

-r

, this option will enable the facility to receive message from the network using an Internet domain socket with

the syslog services. The default setting is not enabled.

2. Edit the file /etc/syslog.conf by adding the following line at the end of the /etc/syslog.conf file.

local1.* /var/log/zyxel.log

Where /var/log/zyxel.log is the full path of the log file.

3. Restart syslogd.

 CDR log(call messages)

Format:

sdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String );

String = board xx line xx channel xx, call xx, str

board = the hardware board ID

line = the WAN ID in a board

channel = channel ID within the WAN

call = the call reference number which starts from 1 and increments by 1 for each new call

str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.)

C01 Incoming Call xxxxBps xxxxx (L2TP,xxxxx means Remote Call ID)

C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID)

L02 Tunnel Connected(L2TP)

C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call ID)

C02 CLID call refused

Prestige 2602RL-D3A Support Notes

72

Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C01 Incoming

Call OK

Feb 14 17:07:18 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated

Jul 19 11:28:39 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1,

Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6f7071727374

Jul 19 11:28:56 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1,

Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4

L02 Call Terminated

C02 Call Terminated

Example:

 Packet triggered log

Format:

sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );

String = Packet trigger: Protocol=xx Data=xxxxxxxxxx

Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG)

Data: We will send forty-eight Hex characters to the server

Example:

 Filter log

This message is available when the 'Log' is enabled in the filter rule setting. The message consists of the packet

header and the log of the filter rules.

Format:

sdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );

String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx]S04>R01mD

IP[...] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop (D).

Src: Source Address

Dst: Destination Address

Prestige 2602RL-D3A Support Notes

73

Jul 19 14:44:09 192.168.1.1 ZyXEL Communications Corp.: IP[Src=202.132.154.1 Dst=192.168.1.33 UDP

spo=0035 dpo=05d4]}S03>R01mF

Jul 19 14:44:13 192.168.1.1 ZyXEL Communications Corp.: IP[Src=192.168.1.33 Dst=202.132.154.1

ICMP]}S03>R01mF

Jul 19 11:43:25 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Starting

Jul 19 11:43:29 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Starting

Jul 19 11:43:34 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Starting

Jul 19 11:43:38 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Starting

Jul 19 11:43:43 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Opening

Jul 19 11:43:51 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Opening

Jul 19 11:43:55 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Opening

Jul 19 11:44:00 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Closing

Jul 19 11:44:05 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Closing

Jul 19 11:44:09 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Closing

Jul 19 11:44:14 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Closing

prot: Protocol (TCP,UDP,ICMP)

spo: Source port

dpo: Destination port

Example:

 PPP Log

Format:

sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );

String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown

Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP /IPXCP

Example:

Prestige 2602RL-D3A Support Notes

74

ras> ip ro st

Dest FF Len Interface Gateway Metric stat Timer Use

192.168.3.0 00 24 enif0:1 192.168.3.1 1 041b 0 0

192.168.2.0 00 24 enif0:0 192.168.2.1 1 041b 0 0

192.168.1.0 00 24 enif0 192.168.1.1 1 041b 0 0

ras>

Using IP Alias

 What is IP Alias ?

In a typical environment, a LAN router is required to connect two local networks. The Prestige can connect

three local networks to the ISP or a remote node, we call this function as 'IP Alias'. In this case, an internal

router is not required. For example, the network manager can divide the local network into three networks and

connect them to the Internet using Prestige's single user account. See the figure below.

The Prestige supports three virtual LAN interfaces via its single physical Ethernet interface. The first network

can be configured in menu 3.2 as usual. The second and third networks that we call 'IP Alias 1' and 'IP Alias 2'

can be configured in menu 3.2.1-IP Alias Setup.

There are three internal virtual LAN interfaces for the Prestige to route the packets from/to the three networks

correctly. They are enif0 for the major network, enif0:0 for the IP alias 1 and enif0:1 for the IP alias 2.

Therefore, three routes are created in the Prestige as shown below when the three networks are configured. If

the Prestige's DHCP is also enabled, the IP pool for the clients can be any of the three networks.

Prestige 2602RL-D3A Support Notes

75

Menu 3.2 - TCP/IP and DHCP Setup

DHCP Setup

DHCP= Server

Client IP Pool Starting Address= 192.168.1.33

Size of Client IP Pool= 32

Primary DNS Server= 0.0.0.0

Secondary DNS Server= 0.0.0.0

Remote DHCP Server= N/A

TCP/IP Setup:

IP Address= 192.168.1.1

IP Subnet Mask= 255.255.255.0

RIP Direction= None

Version= N/A

Multicast= None

IP Policies=

Edit IP Alias= Yes

Press ENTER to Confirm or ESC to Cancel:

DHCP Setup

If the Prestige's DHCP server is enabled, the IP pool for the clients can be any of the three networks.

TCP/IP Setup

Enter the first LAN IP address for the Prestige. This will create the first route in the enif0 interface.

Two new protocol filter interfaces in menu 3.2.1 allow you to accept or deny LAN packets from/to the IP alias

1 and IP alias 2 go through the Prestige. The filter set in menu 3.1 is used for main network configured in menu

3.2.

 IP Alias Setup

1. Edit the first network in menu 3.2 by configuring the Prestige's first LAN IP address.

Key Settings:

Prestige 2602RL-D3A Support Notes

76

Edit IP Alias

Toggle to 'Yes' to enter menu 3.2.1 for setting up the second and third networks.

Menu 3.2.1 - IP Alias Setup

IP Alias 1= Yes

IP Address= 192.168.2.1

IP Subnet Mask= 255.255.255.0

RIP Direction= None

Version= RIP-1

Incoming protocol filters=

Outgoing protocol filters=

IP Alias 2= Yes

IP Address= 192.168.3.1

IP Subnet Mask= 255.255.255.0

RIP Direction= None

Version= RIP-1

Incoming protocol filters=

Outgoing protocol filters=

Enter here to CONFIRM or ESC to CANCEL:

IP Alias 1

Toggle to 'Yes' and enter the second LAN IP address for the Prestige. This will create the second route in the enif0:0 interface.

IP Alias 2

Toggle to 'Yes' and enter the third LAN IP address for the Prestige. This will create the third route in the enif0:1 interface.

2. Edit the second and third networks in menu 3.2.1 by configuring the Prestige's second and third LAN IP

addresses.

Key Settings:

Using Call Scheduling

1. What is Call Scheduling ?

Prestige 2602RL-D3A Support Notes

77

Prestige 2602RL-D3 Main Menu

Getting Started Advanced Management

1. General Setup 21. Filter and Firewall Setup

2. WAN Backup Setup 22. SNMP Configuration

3. LAN Setup 23. System Password

4. Internet Access Setup 24. System Maintenance

25. IP Routing Policy Setup

Advanced Applications 26. Schedule Setup

11. Remote Node Setup

12. Static Routing Setup

15. NAT Setup 99. Exit

Enter Menu Selection Number:

Menu 26 - Schedule Setup

Schedule Schedule

Set # Name Set # Name

------ ----------------- ------ -----------------

1 ZyXEL 7 _______________

2 _______________ 8 _______________

3 _______________ 9 _______________

Call scheduling enables the mechanisim for the Prestige to run the remote node connection according to the

pre-defined schedule.This feature is just like the scheduler ina video recorder which records the program

according to the specified time. Users can apply at most 4 schedule sets in Menu 11 ( Remote Node Setup), and

configure each schedule in Menu 26(Schedule Setup). The remote node configured with the schedule set could

be "Forced On", "Forced Down", "Enable Dial-On-Demand", or "Disable Dial-On-Demand" on specified date

and time.

 SMT Menu for Call Scheduling

1. Edit the Schedule sets in menu 26:

2. Select a Schedule Set number and give it a name:

Prestige 2602RL-D3A Support Notes

78

4 _______________ 10 _______________

5 _______________ 11 _______________

6 _______________ 12 _______________

Enter Schedule Set Number to Configure= 1

Edit Name= ZyXEL

Press ENTER to Confirm or ESC to Cancel:

Menu 26.1 Schedule Set Setup

Active= Yes

Start Date(yyyy-mm-dd)= 2004 - 01 - 01

How Often= Once

Once:

Date(yyyy-mm-dd)= 2004 - 01 - 01

Weekdays:

Sunday= N/A

Monday= N/A

Tuesday= N/A

Wednesday= N/A

Thursday= N/A

Friday= N/A

Saturday= N/A

Start Time(hh:mm)= 12 : 00

Duration(hh:mm)= 16 : 00

Action= Enable Dial-on-demand

Press ENTER to Confirm or ESC to Cancel:

3. The Menu 26.1 Schedule Set Setup is as follows:

Key Settings:

Prestige 2602RL-D3A Support Notes

79

Start Date

Start date of this schedule rule. It can be unmatched with weekday setting. For example, if Start Date is 2004/10/02(Monday), but Monday setting in weekday can be No.

How Often

If once is selected, all weekday settings will ne marked as N/A. After the rule is completely, it will be deleted automatically.

Forced On

The node will always keep up during the setting period. It is equivalent to diable the idel timeout.

Forced Down

The node will always keep doen during the setting period. The connected remote node will be dropped.

Enable Dial-On-Demand

The remote node accepts Dial-on-demand during this period.

Disable Dial-On-Demand

The remote node denies any demand dial during the period. For the existing connected nodes, it will be dropped after idle timeout and no triggered up.

Start Time/ Duration

Start Time and Duration of this schedule.

Menu 11.1 - Remote Node Profile

Rem Node Name= MyISP Route= IP

Active= Yes

Encapsulation= PPPoE Edit IP= No

Service Type= Standard Telco Option:

Service Name= Allocated Budget(min)= 0

Outgoing: Period(hr)= 0

My Login= cso@zyxel Schedules= 1,2,3,4

My Password= ******** Nailed-Up Connection= No

Retype to Confirm= ********

Authen= CHAP/PAP

 Apply the schedule to the Remote node

Multiple scheduling rules can program in a Remote node, and they have priority. For example, if we program

the sets as 1,2,3,4 in remote node, then the set 1 will override set 2,3,4. set 2 will override 3,4, and so on.

Prestige 2602RL-D3A Support Notes

80

Session Options:

Edit Filter Sets= No

Idle Timeout(sec)= 100

Edit Traffic Redirect= No

Press ENTER to Confirm or ESC to Cancel:

Menu 24.10 - System Maintenance - Time and Date Setting

Use Time Server when Bootup= Daytime (RFC-867)

Time Server IP Address= 202.132.154.1

Current Time: 00 : 11 : 38

New Time (hh:mm:ss): 00 : 11 : 36

Current Date: 2004 - 01 - 01

New Date (yyyy-mm-dd): 2004 - 01 - 01

Time Zone= GMT+0800

Daylight Saving= No

Start Date (mm-dd): 01 - 00

End Date (mm-dd): 01 - 00

 Time Service in Prestige

There is no RTC (Real-Time Clock) chip so the Prestige should launch a mechanism to get current time and

date from external server in boot time. Time service is implemented by the Daytime protocol(RFC-867), Time

protocol(RFC-868), and NTP protocol(RFC-1305). You have to assign an IP address of a time server and then,

the Prestige will get the date, time, and time-zone information from this server.

Prestige 2602RL-D3A Support Notes

81

Press ENTER to Confirm or ESC to Cancel:

Menu 3.2 - TCP/IP and DHCP Setup

DHCP Setup

DHCP= Server

Client IP Pool Starting Address= 192.168.1.33

Size of Client IP Pool= 32

Primary DNS Server= 0.0.0.0

Secondary DNS Server= 0.0.0.0

Remote DHCP Server= N/A

TCP/IP Setup:

IP Address= 192.168.1.1

Using IP Multicast

 What is IP Multicast ?

Traditionally, IP packets are transmitted in two ways - unicast or broadcast. Multicast is a third way to deliver IP packets to a group of hosts. Host groups are identified by class D IP addresses, i.e., those with "1110" as their higher-order bits. In dotted decimal notation, host group addresses range from 224.0.0.0 to

239.255.255.255. Among them, 224.0.0.1 is assigned to the permanent IP hosts group, and 224.0.0.2 is assigned to the multicast routers group.

IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest

version is version 2 (see RFC2236). IP hosts use IGMP to report their multicast group membership to any

immediate-neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be

forwarded. At start up, the Prestige queries all directly connected networks to gather group membership.

After that, the Prestige updates the information by periodic queries. The Prestige implementation of IGMP is

also compatible with version 1. The multicast setting can be turned on or off on Ethernet and remote nodes.

 IP Multicast Setup

Enable IGMP in Prestige's LAN in menu 3.2:

Prestige 2602RL-D3A Support Notes

82

IP Subnet Mask= 255.255.255.0

RIP Direction= Both

Version= RIP-2B

Multicast= IGMP-v2

IP Policies=

Edit IP Alias= No

Press ENTER to Confirm or ESC to Cancel:

Menu 11.3 - Remote Node Network Layer Options

IP Options: Bridge Options:

IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A

Rem IP Addr = 0.0.0.0

Rem Subnet Mask= 0.0.0.0

My WAN Addr= N/A

NAT= SUA Only

Address Mapping Set= N/A

Metric= 2

Private= No

RIP Direction= None

Version= RIP-2B

Multicast= IGMP-v2

IP Policies=

Enter here to CONFIRM or ESC to CANCEL:

Multicast

IGMP-v1 for IGMP version 1, IGMP-v2 for IGMP version 2.

Enable IGMP in Prestige's remote node in menu 11.3:

Key Settings:

Prestige 2602RL-D3A Support Notes

83

Menu 2 - Wan Backup Setup

Using Prestige traffic redirect

 What is Traffic Redirect ?

Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet

through it's normal gateway. Thus make your backup gateway as an auxiliary backup of your WAN

connection. Once Prestige detects it's WAN connectivity is broken, Prestige will try to forward outgoing

traffic to backup gateway that users specify in traffic redirect configuration menu.

 How to deploy backup gateway?

You can deploy the backup gateway on LAN of Prestige.

Traffic Redirect on LAN port

 Traffic Redirect Setup

Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using

SMT Menu 2 WAN Backup Setup.

Prestige 2602RL-D3A Support Notes

84

Check Mechanism = DSL Link

Check WAN IP Address1 = 0.0.0.0

Check WAN IP Address2 = 0.0.0.0

Check WAN IP Address3 = 0.0.0.0

KeepAlive Fail Tolerance = 5

Recovery Interval(sec) = 60

ICMP Timeout(sec) = 0

Traffic Redirect = Yes

Label

Description

Backup Type

Select the method that the Prestige uses to check the DSL connection.

Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Select ICMP to have the Prestige periodically ping the IP addresses configured in the Check WAN IP Address fields.

Check WAN IP Address1-3

Configure this field to test your Prestige's WAN accessibility. Type the IP address of a reliable nearby computer (for example, your ISP's DNS server address).

If you select ICMP in the Backup Type field, you must configure at least one IP address here.

When using a WAN backup connection, the Prestige periodically pings the addresses configured here and uses the other WAN backup connection (if configured) if there is no response.

Fail Tolerance

Type the number of times (2 recommended) that your Prestige may ping the IP addresses configured in the Check WAN IP Address fields without getting a response before switching to a WAN backup connection (or a different WAN backup connection).

Recovery Interval

When the Prestige is using a lower priority connection (usually a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection.

Type the number of seconds (30 recommended) for the Prestige to wait between checks. Allow more time if your destination IP address handles lots of traffic.

Timeout

Type the number of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check WAN IP Address fields before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.

Traffic

Key Settings:

Prestige 2602RL-D3A Support Notes

85

Label

Description

Redirect

Active

Select this check box to have the Prestige use traffic redirect if the normal WAN connection goes down.

If you activate traffic redirect, you must configure at least one Check WAN IP Address.

Metric

This field sets this route's priority among the routes the Prestige uses.

The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost".

Backup

Gateway

Type the IP address of your backup gateway in dotted decimal notation. The Prestige automatically forwards traffic to this IP address if the Prestige's Internet connection terminates.

Back

Click Back to return to the previous screen.

Apply

Click Apply to save the changes.

Cancel

Click Cancel to begin configuring this screen afresh.

Using Universal Plug n Play (UPnP)

 1. What is UPnP

UPnP (Universal Plug and Play) makes connecting PCs of all form factors, intelligent appliances, and wireless

devices in the home, office, and everywhere in between easier and even automatic by leveraging TCP/IP and

Web technologies. UPnP can be supported on essentially any operating system and works with essentially any type of physical networking media – wired or wireless.

UPnP also supports NAT Traversal which can automatically solve many NAT unfriendly problems. By UPnP,

applications assign the dynamic port mappings to Internet gateway and delete the mappings when the

connections are complete.

The key components in UPnP are devices, services, and control points.

Prestige 2602RL-D3A Support Notes

86

 Devices: Network devices, such as networking gateways, TV, refrigerators, printers...etc, which

provides services.

 Services: Services are provided by devices, such as time services provided by alarm clocks. In

UPnP, services are described in XML format. Control points can set/get services information from devices.

 Control points: Control points can manipulate network devices When you add a new control

point (in this case, a laptop) to a network, the device may ask the network to find UPnP-enabled devices. These devices respond with their URLs and device descriptions.

UPnP Operations

 Addressing: UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4, each device should have DHCP

client, when the device gets connected to the network, it will discover DHCP server on network to get an IP address. If not, then Auto-IP mechanism should be supported so that the device can give itself an IP address.(169.254.0.0/16)

 Discovery: Whenever a device is added on the network, it will advertise it's a service over the network.

Control point can also discover services provided by devices.

 Description: Control points can get more detailed service information from devices' description in XML

format. The description may include product name, model name, serial number, vendor ID, and

embedded services...etc.

 Control: Devices can be manipulated by control points through Control message.

Prestige 2602RL-D3A Support Notes

87

 Eventing: Devices can send event message to notify control points if there is any update on services

provided.

 Presentation: Each device can provide their own control interface by URL link. So that users can go to

the device's presentation web page by the URL to control this device.

 2. Using UPnP in ZyXEL devices

In this example, we will introduce how to enable UPnP function in ZyXEL devices. Currently, Microsoft MSN

is the most popular application exploiting UPnP, so we take Microsoft MSN application as an example in this

support note. You can learn how MSN benefit from NAT traversal feature in UPnP in this application note.

In the diagram, suppose PC1 and PC2 both sign in MSN server, and they would like to establish a video

conference. PC1 is behind PPPoE dial-up router which supports UPnP. Since the router supports UPnP, we

don't need to setup NAT mapping for PC1. As long as we enable UPnP function on the router, PC1 will assign

the mapping to the router dynamically. Note that since PC1 must support UPnP, we presume that it's OS is

Microsoft WinME or WinXP.

Device: Prestige Router

Service: NAT function provided by Prestige Router

Control Point: PC1

1. Enable UPnP function in ZyXEL device

Prestige 2602RL-D3A Support Notes

88

Go to Advanced->UPnP, check two boxes, Active UPnP feature and Allow users to make configuration

changes through UPnP.

The first check box enables UPnP function in this device.

The second check box allows users' application to change configuration in this device. For instance, if you

enable this item, then user's MSN application can assign dynamic port mapping to the router. So that network

administrator don't need to setup SUA port mapping in the router.

2. After getting IP address, you can go to open MSN application on PC and sign in MSN server.

Prestige 2602RL-D3A Support Notes

89

3. Start a Video conversation with one online user.

4. On the opposite side, your partner selects Accept to accept your conversation request.

Prestige 2602RL-D3A Support Notes

90

5. Finally, your video conversation is achieved.

Prestige 2602RL-D3A Support Notes

91

PSTN Lifeline Application Notes

Usage of PSTN Lifeline

By using the PSTN lifeline function, you can make and receive regular PSTN phone calls in coexistence with

VoIP service on the same set of phone. This can be done by simply assigning a prefix number (by default the

prefix for PSTN dial out is 0000 and can be change to value you wish to) and dial this prefix to switch over to

PSTN line than dial the PSTN number as normal.

Furthermore, when the P2602RL – D3A experience power loss such as in case of earthquake and other natural

hazard that cause power loss, it will automatically switch to PSTN line and you can dial a regular phone number

without dialing a prefix number.

Prestige 2602RL-D3A Support Notes

92

This can be applied on the emergency situation such as for contacting police, fire or emergency medical

services when is powerless situation. On the following section, it tells you how to configure lifeline under P2602RL – D3A WEB GUI.

Lifeline configuration

To configure lifeline in P2602RL – D3A, click on VoIP -> PSTN Line to display the following screen.

You can specify a prefix number in prefix field. This number will be used to switch from VoIP to PSTN

system when you wish to make a call to PSTN destination. For example, when you want to dial out to a PSTN

destination, you first pick up the phone, and you will heard a dial tone, than you push in the prefix number as

defined in prefix field in this case it will be 0000, than the device will switch over to PSTN line. At this

moment you will hear dial tone from PSTN again. At this state you can dial out to PSTN as you would on a

regular PSTN system.

Relay to PSTN

The Relay to PSTN field can be found under PSTN configuration WEB GUI in Relay to PSTN section. This

field is used to specify phone numbers to which the Prestige will always send calls through the regular PSTN

phone service without pushing prefix. In other words, numbers which specify on this field do not need to dial

prefix number to be dialed out. However, these numbers must be for phones on the PSTN (not VOIP phones) and currently, P2602RL –D3A support up to nine entries under this field.

Prestige 2602RL-D3A Support Notes

93

After configuring the PSTN setup, click “Apply” to save changes back to P2602RL – D3A.

Note: It is recommended to configure your local emergency services such as Police Dept, Fire Dept, Emergency

Medical services phone number in this field. Thus in any cases, these unit can be reach in case of emergency by

dialing their number without prefix, regardless if there are power loss.

How to connect Lifeline and DSL connection

To use both VOIP and regular phone service with P2602RL-D3A’s lifeline feature. You will need to connect

ADSL line and phone line appropriately and make proper configuration.

Making the correct connection it allows you to still receive phone calls while someone else is making outgoing VoIP call though Prestige’s 2 pots port, the following figure shows you how to connect your phone and

DSL service.

If your ADSL line type is Splitter type you ISP will provide you with splitter otherwise it should be splitterless.

For correct info you may check with your service provider as for which type of line you have.

Firgure 1 Splitter type

1. The P2602RL-D3A includes a DSL cable and a RJ-11 cable. Connect the DSL cable to the DSL

port and connect RJ-11 to Lifeline port.

2. Connect the RJ11 to the splitter phone jack or a telephone wall jack

3. Connect the DSL cable to the splitter modem jack or ADSL line

4. Connect the splitter jack where it label Line to ADSL line from the ISP.

Prestige 2602RL-D3A Support Notes

94

Figure 2 Splitterless type

1. The P2602RL-D3A includes a DSL cable and a RJ-11 cable. Connect the DSL cable to the

DSL port and connect RJ-11 to Lifeline port.

2. You need to obtain a regular PSTN Y connector from regular phone shop.

3. Connect the RJ-11 to one of the output jack on the Y connector

4. Connect the DSL cable to the other output jacket on the Y connector

5. Connect the Y connector input port with a phone cable to the wall Jack or line from ISP.

VoIP Application Notes

Setup SIP Account

VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send

faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network.

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting

up, altering and tearing down of voice and multimedia sessions over the Internet. SIP signaling is separate from

the media for which it handles sessions. The media that is exchanged during the session can use a different path

Prestige 2602RL-D3A Support Notes

95

from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched

telephone networks.

The Prestige can hold up to two SIP account simultaneously please follow the below instruction to configure the

SIP account properly.

Note: You should have a voice account already set up and have VoIP information from your VoIP service

provider prior to configure SIP account on to the unit.

With the account information your ISP provider provided now you may start.

Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP

address of the Prestige (LAN IP address). The default management IP of Prestige is 192.168.1.1.

Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234'

Step 3. On the left column click on VoIP to bring you to VoIP configuration menu than click on SIP. While in

the SIP Settings page use the account selector on upper right of the page to select the SIP account you will like

to configure.

Prestige 2602RL-D3A Support Notes

96

Label

Description

SIP Account

You can configure the Prestige to use multiple SIP accounts. Select one to configure its settings on the Prestige.

SIP Number

A SIP account's Uniform Resource Identifier (URI) identifies the SIP account in a way similar to the way an e-mail address identifies an e-mail account. It is also known as a SIP identity or address. The format of a SIP identity is SIP-Number@SIP-Srevice-Domain.

A SIP number is the part of the SIP URI that comes before the "@" symbol. Enter your SIP number in this field. You can use up to 31 ASCII characters.

SIP Local Port

Use this field to configure the Prestige’s listening port for SIP. Leave this field

set to the default if you were not given a local port number for SIP.

SIP Server Address

Type the IP address of the SIP server in this field.

SIP Server Port

Enter the SIP server’s listening port for SIP in this field. Leave this field set to

the default if your VoIP service provider did not give you a local port number for SIP.

REGISTER Server Address

A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register.

Step 4. Check active sip box if you like to use this account and fill in the account information the ITSP

provided you in the SIP setting category. Which will normally include you SIP number, SIP local port, SIP

server address, SIP server port, Register server port, Register server address, SIP service domain.

Step 5. In the Authentication category fill in the User Name and authentication password your ITSP provided to

you.

Step 6. If you wish to send caller ID check the check box in the Caller ID category, if you do not wish to send

out caller ID leave the check box uncheck.

Step 7. Click on Apply to save the setting and take effect. If you would like to configure the 2nd SIP account,

please select SIP2 by using the SIP account selector than follow step 1 to 8 to complete the 2nd account setup.

Each field's detail description on this page is listed below.

Prestige 2602RL-D3A Support Notes

97

Enter the SIP register server’s address in this field.

If you were not given a register server address, then enter the address from the SIP Server Address field again here.

REGISTER Server Port

Enter the SIP register server’s listening port for SIP in this field.

If you were not given a register server port, then enter the port from the SIP Server Port field again here.

SIP Service Domain

A SIP service domain is the domain name that comes after the @ symbol in a full SIP URI.

Enter the SIP service domain name in this field.You can use up to 127 ASCII Extended set characters.

User Name

This is the user name for registering this SIP account with the SIP register server. Type the user name exactly as it was given to you. Use ASCII characters.

Password

Type the password associated with the user name above. Use ASCII Extended set characters.

Send Caller ID

Select this check box to show identification information when you make VoIP calls. Clear this check box to not show identification information when you make VoIP calls.

Advanced Setup

Click Advanced Setup to open a screen where you can configure the

Prestige’s advanced VoIP settings like SIP server settings, the RTP port

range and the coding type.

Apply

Click Apply to save your changes back to the Prestige.

Reset

Click Reset to begin configuring this screen afresh.

Phone port settings

Prestige allows you to configure the volume and echo cancellation setting for each individual phone port.

Prestige 2602RL-D3A Support Notes

98

Label

Description

Speaking Volume

Use this field to set the loudness that the Prestige uses for the speech signal that it sends to the peer device. -1 is the quietest and 1 is the loudest.

Listening Volume

Use this field to set the loudness that the Prestige uses for the speech signal that it receives from the peer device and sends to your phone. -1 is the

To configure the phone port setting, please follow the below step.

Step 1. Open the web browser from your workstation to connect to the Prestige by entering the Management IP

address of the Prestige. The default management IP of Prestige is 192.168.1.1.

Step 2. Enter the administrator password appear on the page of login and click on login. The default is '1234'

Step 3. On the left column click on VoIP -> Phone -> Analog Phone -> Advanced Setup to bring you to voice

function menu.

Step 4. Change the phone port parameter as you desired and click Apply when you are finish to save and let the

setting to take effect.

Each field's detail description is listed below.

Prestige 2602RL-D3A Support Notes

99

quietest and 1 is the loudest.

G.168 Active

Select this check box to cancel the echo caused by the sound of your voice reverberating in the telephone receiver while you talk.

VAD Support

Select this check box to use Voice Activity Detection (VAD) to reduce the bandwidth that a call uses. The Prestige will generate and send comfort noise when you are not talking.

Dialing Interval

When you are dialing a telephone number the Prestige waits this long after you stop pressing the buttons before initiating the call. Select how many

seconds you want the Prestige to wait after the last input on the telephone’s

keypad before dialing (making) a call.

Apply

Click Apply to save your changes back to the Prestige.

Reset

Click Reset to begin configuring this screen afresh.

Advanced voice settings configuration

Click VoIP in the navigation panel and then SIP to open the SIP Settings. Select a SIP account and then click Advanced Settings to display the following screen. Advanced voice settings configuration allows user to modify

SIP server related settings, RTP port range, preferred compression type (codec), DTMF type and Message Waiting Indication (MWI)

Prestige 2602RL-D3A Support Notes

100

Label

Description

SIP Account

This read-only field displays the number of the SIP account that you are configuring. The changes that you save in this page affect the Prestige’s settings with the SIP account displayed here..

Each field's detail description of the page is listed below.

ZyXEL Communications 2602RL-D3A User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual