Prestige 645R
ADSL Router
User's Guide
Version 2.50
July 2001
Prestige 645 ADSL Internet Access Router
Copyright
Copyright ©2001 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or so ftware
described herein. Neither does it convey any license under its patent rights nor the patents' rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice. This
publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of
their respective owners. ZyNOS is a registered trademark of ZyXEL Communications Corporation
.
ii Copyright
Prestige 645 ADSL Internet Access Router
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials
or workmanship for a period of up to two years from the date of purchase. During the warranty period, and
upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or
materials, ZyXEL will, at its discretion, repair or replace the defective products or components without
charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or
components to proper operating condition. Any replacement will consist of a new or re-manufactured
functionally equivalent product of equal value, and will be solely at the discretion of ZyXEL. This warranty
shall not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected
to abnormal working conditions.
NOTE
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of
merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect
or consequential damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center for your Return Material
Authorization number (RMA). Products must be returned Postage Prepaid. It is recommended that the unit
be insured when shipped. Any returned products without proof of purchase or those with an out-dated
warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer will be billed for parts
and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address,
Postage Pa id. This warranty gives you specific legal rights, and you may also have other r ights that vary
from country to country.
Online Registration
Don’t forge t to register your ZyXEL product (fast, easy online registration at www.zyxel.com) for free
future product updates and information.
ZyXEL Limited Warr ant y iii
Prestige 645 ADSL Internet Access Router
Federal Communications Commission
(FCC) Interference Statement
This device complies with Part 15 of FCC rules. Operation is subj ect to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired
operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.
Note
Certifications
For more information about certifications please refer to www.zyxel.com.
iv FCC
Prestige 645 ADSL Internet Access Router
Customer Support
When contacting your Customer Support Representative, please have the following information ready:
♦ Product model and serial number.
♦ Loopback Test information.
♦ Warranty Information.
♦ Date you received your Product.
♦ Brief description of the problem and the steps you took to solve it.
METHOD
LOCATION
WORLDWIDE
AMERICA
E-MAIL
SUPPORT/ SALES
support@zyxel.com.tw
support@europe.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.europe.zyxel.com
support@zyxel.com +1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.zyxel.com
support@zyxel.dk +45-3955-0700 www.zyxel.dkSCANDINAVIA
sales@zyxel.dk +45-3955-0707 ftp.zyxel.dk
support@zyxel.at +43-1-4948677-0 www.zyxel.atAUSTRIA
sales@zyxel.at +43-1-4948678 ftp.zyxel.at
support@zyxel.de +49-2405-6909-0 www.zyxel.deGERMANY
sales@zyxel.de +49-2405-6909-99
support@zyxel.com.my +603-795-44-688 www.zyxel.com.myMALAYSIA
sales@zyxel.com.my +603-795-34-407
TELEPHONE/FAX WEB SITE/ FTP SITE REGULAR MAIL
+886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
www.zyxel.comNORTH
800-255-4101
ZyXEL Communications Corp.,
6 Innovation Road II, Science Based Industrial Park,
HsinChu, Taiwan 300, R.O.C.
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
ZyXEL Communications A/S,
Columbusvej 5, 2860 Soebor g,
Denmark.
ZyXEL Communications
Services GmbH. Thaliastrasse
125a/2/2/4 A-1160 Vienna,
Austria
ZyXEL Deutschland GmbH.
Adenauerstr. 20/A4 D-52 14 6
Wuerselen, German y
Lot B2-06, PJ Industrial Park,
Section 13, Jalan Kemajuan,
46200 Petaling Jaya Selangor
Darul Ehasn, Malaysia
Customer Support v
P645 ADSL Internet Access Router
Table of Contents
Table of Contents..................................................................................................................................... vi
List of Figures.........................................................................................................................................xii
List of Tables .......................................................................................................................................... xvi
Copyright................................................................................................................................................... ii
ZyXEL Limited Warranty...................................................................................................................... iii
Federal Communications Commission (FCC) Interference Statement.............................................. iv
Customer Support .................................................................................................................................... v
Table of Contents..................................................................................................................................... vi
List of Figures........................................................................................................................................... x
List of Tables ..........................................................................................................................................xiii
Preface..................................................................................................................................................... xv
What Is ADSL?................................................................................................................ xvi
Chapter 1 Getting to Know Your Prestige
1.1 Prestige 645R ADSL Internet Access Router...........................................................................1-1
1.2 Features of the Prestige 645R....................................................................................................1-1
Ease of Installation.............................................................................................................................. 1-1
High Speed Internet Access.................................................................................................................1-1
10/100Mbps Fast Ethernet LAN Interface ..........................................................................................1-1
Protocols Supported............................................................................................................................1-1
IP Policy Routing ................................................................................................................................1-2
Call Scheduling...................................................................................................................................1-2
Networking Compatibility...................................................................................................................1-2
Multiplexing........................................................................................................................................ 1-2
Encapsulation......................................................................................................................................1-2
NAT/SUA for single-IP-address Internet Access................................................................................1-2
Full Network Management.................................................................................................................. 1-2
PAP and CHAP Security.....................................................................................................................1-3
Filters...................................................................................................................................................1-3
Reset Button........................................................................................................................................1-3
1.3 Applications for the Prestige 645R.......................................................................................... .1-3
vi Table of Contents
.........................................................................1-1
P645 ADSL Internet Access Router
1.3.1 Internet Access..................................................................................................................... 1-3
Internet Single User Account............................................................................................................... 1-4
1.3.2 LAN to LAN Application.....................................................................................................1-4
Chapter 2 Hardware Installation & Initial Setup...........................................................2-1
2.1 Front Panel LEDs of the P645R................................................................................................2-1
2.2 Prestige 645R Rear Panel and Connections.............................................................................2-2
2.2.1 Using the Reset Button.........................................................................................................2-2
2.2.2 Making the Connections.......................................................................................................2-2
2.3 Additional Installation Requirements.......................................................................................2-3
2.4 Connecting the POTS Splitter...................................................................................................2-3
2.5 Telephone Microfilters...............................................................................................................2-4
Turning On Your Prestige ....................................................................................................................2-5
2.7 Navigating the SMT Interface...................................................................................................2-6
2.7.1 SMT Menu Overview...........................................................................................................2-7
2.7.2 System Management Terminal Interface Summary .............................................................2-8
2.8 Changing the System Password.................................................................................................2-9
2.9 General Setup .............................................................................................................................2-9
2.10 Ethernet Setup..........................................................................................................................2-10
2.10.1 General Ethernet Setup.......................................................................................................2-11
2.11 Protocol Dependent Ethernet Setup........................................................................................2-11
Chapter 3 Internet Access................................................................................................3-1
3.1 Factory Ethernet Defaults..........................................................................................................3-1
3.2 TCP/IP Parameters....................................................................................................................3-1
3.2.1 IP Address and Subnet Mask................................................................................................3-1
3.2.2 Private IP Addresses.............................................................................................................3-2
3.2.3 RIP Setup..............................................................................................................................3-2
3.2.4 IP Multicast ..........................................................................................................................3-3
3.2.5 IP Alias.................................................................................................................................3-3
3.2.6 DHCP Configuration............................................................................................................3-4
3.3 Route IP Setup............................................................................................................................3-5
3.4 TCP/IP Ethernet Setup and DHCP...........................................................................................3-5
3.4.1 IP Alias Setup.......................................................................................................................3-7
Table of Contents vii
P645 ADSL Internet Access Router
3.5 LANs & WANs........................................................................................................................... 3-9
3.5.1 LANs, WANs and the Prestige.............................................................................................3-9
3.6 VPI & VCI..................................................................................................................................3-9
3.7 Multiplexing................................................................................................................................ 3-9
3.7.1 VC-based multiplexing ......................................................................................................3-10
3.7.2 LLC-based multiplexing ....................................................................................................3-10
3.8 Encapsulation...........................................................................................................................3-10
3.8.1 ENET ENCAP ................................................................................................................... 3-10
3.8.2 PPP..................................................................................................................................... 3-10
3.8.3 RFC 1483...........................................................................................................................3-10
3.9 IP Address Assignment............................................................................................................3-11
3.9.1 Using PPP Encapsulation................................................................................................... 3-11
3.9.2 Using RFC 1483 Encapsulation......................................................................................... 3-11
3.9.3 Using ENET ENCAP Encapsulation..................................................................................3-11
3.10 Internet Access Configuration ................................................................................................3-11
3.11 Single User Account.................................................................................................................3-14
3.11.1 Advantages of SUA............................................................................................................3-15
3.11.2 Single User Account Configuration ...................................................................................3-16
3.12 Multiple Servers behind SUA..................................................................................................3-17
3.12.1 Configuring a Server behind SUA.....................................................................................3-17
Chapter 4 Remote Node Configuration..........................................................................4-1
4.1 Remote Node Setup....................................................................................................................4-1
4.1.1 Remote Node Profile............................................................................................................ 4-1
4.1.2 Encapsulation & Multiplexing Scenarios.............................................................................4-2
4.1.3 Outgoing Authentication Protocol........................................................................................4-4
4.1.4 Editing PPP Options.............................................................................................................4-5
4.1.5 Remote Node Filter.............................................................................................................. 4-5
Chapter 5 Remote Node TCP/IP Configuration ............................................................5-1
5.1 LAN-to-LAN Application..........................................................................................................5-1
5.1.1 Editing TCP/IP Options .......................................................................................................5-1
5.1.2 Static Route Setup................................................................................................................ 5-7
Chapter 6 IPX Configuration..........................................................................................6-1
6.1 IPX Network Environment .......................................................................................................6-1
6.1.1 Network and Node Number .................................................................................................6-1
6.1.2 Frame Types......................................................................................................................... 6-1
viii Table of Contents
P645 ADSL Internet Access Router
6.1.3 External Network Number....................................................................................................6-1
6.1.4 Internal Network Number.....................................................................................................6-2
6.2 Prestige in an IPX Environment ...............................................................................................6-2
6.2.1 Prestige 645R on LAN with Server......................................................................................6-3
6.2.2 Prestige 645R on LAN without Server.................................................................................6-3
6.3 IPX Ethernet Setup ....................................................................................................................6-4
6.4 LAN-to-LAN Application with Novell IPX..............................................................................6-5
6.4.1 IPX Remote Node Setup.......................................................................................................6-5
6.4.2 IPX Static Route Setup.........................................................................................................6-7
Chapter 7 Bridging Setup................................................................................................7-1
7.1 Bridging in General....................................................................................................................7-1
7.2 Bridge Ethernet Setup................................................................................................................7-1
7.2.1 Remote Node Bridging Setup...............................................................................................7-2
7.3 Bridge Static Route Setup..........................................................................................................7-4
Chapter 8 Filter Configuration.......................................................................................8-1
8.1 About Filtering ............................................................................................................. ..............8-1
8.2 Configuring a Filter Set .............................................................................................................8-4
Filter Rules Summary Menu................................................................................................................8-7
8.3 Configuring a Filter Rule...........................................................................................................8-9
8.3.1 TCP/IP Filter Rule................................................................................................................8-9
8.3.2 Generic Filter Rule.............................................................................................................8-13
8.3.3 Novell IPX Filter Rule........................................................................................................8-15
8.4 Example Filter ..........................................................................................................................8-16
8.5 Filter Types and SUA...............................................................................................................8-18
8.6 Applying a Filter and Factory Defaults..................................................................................8-19
8.6.1 Ethernet traffic....................................................................................................................8-19
8.6.2 Remote Node Filters...........................................................................................................8-20
Chapter 9 SNMP Configuration.....................................................................................9-1
9.1 About SNMP...............................................................................................................................9-1
9.2 Supported MIBs .........................................................................................................................9-2
9.3 Configuring SNMP.....................................................................................................................9-2
Table of Contents ix
P645 ADSL Internet Access Router
9.4 SNMP Traps...............................................................................................................................9-4
Chapter 10 System Maintenance ..................................................................................10-1
10.1 System Status............................................................................................................................ 10-1
10.2 System Information and Console Port speed......................................................................... 10-3
10.3 Log and Trace...........................................................................................................................10-5
10.3.1 Viewing Error Log............................................................................................................. 10-5
10.3.2 Syslog................................................................................................................................. 10-5
10.4 Diagnostic..................................................................................................................................10-8
10.5 Command Interpreter Mode...................................................................................................10-9
Chapter 11 Configuration and Firmware File Maintenance......................................11-1
11.1 Filename Conventions.............................................................................................................. 11-1
11.2 Backup Configuration..............................................................................................................11-2
11.2.1 Backup Configuration Using FTP...................................................................................... 11-2
11.2.2 Using the FTP command from the DOS Prompt................................................................11-3
11.2.3 Backup Configuration Using TFTP ...................................................................................11-4
11.2.4 Example: TFTP Command.................................................................................................11-5
11.3 Restore Configuration .............................................................................................................11-5
11.4 Uploading Firmware and Configuration Files.......................................................................11-6
11.4.1 Firmware Upload ............................................................................................................... 11-7
11.4.2 Configuration File Upload ................................................................................................. 11-7
11.4.3 Using the FTP command from the DOS Prompt Example.................................................11-8
11.4.4 TFTP File Upload .............................................................................................................. 11-9
11.4.5 Example: TFTP Command...............................................................................................11-10
Chapter 12 IP Policy Routing.......................................................................................12-1
12.1 Introduction..............................................................................................................................12-1
12.2 Benefits......................................................................................................................................12-1
12.3 Routing Policy .......................................................................................................................... 12-1
12.4 IP Routing Policy Setup...........................................................................................................12-2
12.5 Applying an IP Policy ..............................................................................................................12-5
12.5.1 Ethernet IP Policies............................................................................................................ 12-5
12.6 IP Policy Routing Example......................................................................................................12-7
x Table of Contents
P645 ADSL Internet Access Router
Chapter 13 Call Scheduling ..........................................................................................13-1
13.1 Introduction..............................................................................................................................13-1
13.2 Schedule Setup..........................................................................................................................13-1
13.3 Schedule Set Setup....................................................................................................................13-2
13.4 Applying Schedule Sets to Remote Nodes...............................................................................13-3
Chapter 14 Troubleshooting..........................................................................................14-1
14.1 Problems Starting Up the Prestige..........................................................................................14-1
14.2 Problems Telnetting into the Prestige.....................................................................................14-1
14.3 Problems With the WAN Interface.........................................................................................14-2
14.4 Problems With the LAN Interface..........................................................................................14-2
14.5 Problems Connecting to a Remote Node or ISP....................................................................14-3
Appendix A VPI and VCI .......................................................................................................................A
Appendix B Power Adapter Specifications........................................................................................... B
Glossary.................................................................................................................................................... C
Index..........................................................................................................................................................K
Table of Contents xi
P645 ADSL Internet Access Router
List of Figures
Figure 1-1 Internet Access Application ___________________________________________________ 1-4
Figure 1-2 LAN-to-LAN Application ____________________________________________________ 1-5
Figure 2-1 Prestige 645R Front Panel ____________________________________________________ 2-1
Figure 2-2 Prestige 645R Rear Panel Connections __________________________________________ 2-2
Figure 2-3 Connecting a POTS Splitter___________________________________________________ 2-4
Figure 2-4 Connecting the Microfilter____________________________________________________ 2-5
Figure 2-5 Login Screen_______________________________________________________________ 2-5
Figure 2-6 SMT Menu Overview________________________________________________________ 2-7
Figure 2-7 SMT Main Menu ___________________________________________________________ 2-8
Figure 2-8 Menu 23.1 - System Password _________________________________________________ 2-9
Figure 2-9 Menu 1 – General Setup_____________________________________________________ 2-10
Figure 2-10 Menu 3 - Ethernet Setup____________________________________________________ 2-11
Figure 2-11 Menu 3.1 - General Ethernet Setup ___________________________________________ 2-11
Figure 3-1 Physical Network ___________________________________________________________ 3-3
Figure 3-2 Partitioned Logical Networks__________________________________________________ 3-3
Figure 3-3 Menu 1 – General Setup _____________________________________________________ 3-5
Figure 3-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup ____________________________________ 3-5
Figure 3-5 Menu 3.2.1 — IP Alias Setup__________________________________________________ 3-8
Figure 3-6 LAN & WAN IPs___________________________________________________________ 3-9
Figure 3-7 Internet Access Setup_______________________________________________________ 3-13
Figure 3-8 Single User Account Topology_______________________________________________ 3-15
Figure 3-9 Menu 4 – Internet Access Setup for Single User Account___________________________ 3-16
Figure 3-10 Multiple Server Configuration _______________________________________________ 3-18
Figure 4-1 Menu 11 – Remote Node Setup ________________________________________________ 4-1
Figure 4-2 Menu 11.1 Remote Node Profile _______________________________________________ 4-2
Figure 4-3 Menu 11.2 - Remote Node PPP Options _________________________________________ 4-5
xii List of Figures
P645 ADSL Internet Access Router
Figure 4-4 Menu 11.5 – Remote Node Filter _______________________________________________ 4-6
Figure 5-1 TCP/IP LAN-to-LAN Application ______________________________________________ 5-1
Figure 5-2 Menu 11.3 for VC-based multiplexing with RFC 1483 and ENET ENCAP ______________ 5-2
Figure 5-3 Menu 11.3 for LLC-based multiplexing__________________________________________ 5-3
Figure 5-4 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection ________________________ 5-4
Figure 5-5 Menu 11.1 Remote Node Profile _______________________________________________ 5-4
Figure 5-6 Menu 11.3 for VC-based multiplexing with RFC 1483 and ENET ENCAP ______________ 5-5
Figure 5-7 Example of Static Routing Topology____________________________________________ 5-8
Figure 5-8 Menu 12 Static Route Setup___________________________________________________ 5-8
Figure 5-9 Menu 12.1 - IP Static Route Setup______________________________________________ 5-9
Figure 5-10 Menu 12.1.1 - Edit IP Static Route_____________________________________________ 5-9
Figure 6-1 NetWare Server ____________________________________________________________ 6-2
Figure 6-2 Prestige 645R in an IPX Environment ___________________________________________ 6-3
Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup___________________________________________ 6-4
Figure 6-4 LAN-to-LAN Application with Novell IPX ______________________________________ 6-5
Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options____________________________________ 6-6
Figure 6-6 Menu 12.2.1 - Edit IPX Static Route ____________________________________________ 6-7
Figure 7-1 Menu 3.4 - Bridge Ethernet Setup ______________________________________________ 7-1
Figure 7-2 Menu 11.3 - Remote Node Bridging Options______________________________________ 7-3
Figure 7-3 Menu 12.3 - Bridge Static Route Setup __________________________________________ 7-4
Figure 7-4 Menu 12.3.1 - Edit Bridge Static Route __________________________________________ 7-4
Figure 8-1 Outgoing Packet Filtering Process ______________________________________________ 8-1
Figure 8-2 Filter Rule Process __________________________________________________________ 8-3
Figure 8-3 Menu 21 - Filter Set Configuration______________________________________________ 8-4
Figure 8-4 NetBIOS_WAN Filter Rules Summary __________________________________________ 8-4
Figure 8-5 NetBIOS _LAN Filter Rules Summary__________________________________________ 8-5
Figure 8-6 Telnet Filter Rules Summary __________________________________________________ 8-5
Figure 8-7 PPPoE Filter Rules Summary__________________________________________________ 8-6
List of Figures xiii
P645 ADSL Internet Access Router
Figure 8-8 FTP _WAN Filter Rules Summary _____________________________________________ 8-6
Figure 8-9 FTP_TELNET_WEB Filter Rules Summary______________________________________ 8-7
Figure 8-10 Menu 21.1.1 - TCP/IP Filter Rule ____________________________________________ 8-10
Figure 8-11 Executing an IP Filter______________________________________________________ 8-12
Figure 8-12 Menu 21.1.1 - Generic Filter Rule ____________________________________________ 8-13
Figure 8-13 Menu 21.1.1 - IPX Filter Rule _______________________________________________ 8-15
Figure 8-14 Example Filter – Menu 21.3.1 _______________________________________________ 8-17
Figure 8-15 Example Filter Rules Summary – Menu 21.3 ___________________________________ 8-18
Figure 8-16 Protocol and Device Filter Sets ______________________________________________ 8-19
Figure 8-17 Filtering Ethernet traffic____________________________________________________ 8-19
Figure 8-18 Filtering Remote Node Traffic (PPPoE Encapsulation)____________________________ 8-20
Figure 9-1 SNMP Management Model ___________________________________________________ 9-1
Figure 9-2 Menu 22 — SNMP Configuration ______________________________________________ 9-3
Figure 10-1 Menu 24 - System Maintenance______________________________________________ 10-1
Figure 10-2 Menu 24.1 - System Maintenance – Status _____________________________________ 10-2
Figure 10-3 System Information and Console Port Speed____________________________________ 10-3
Figure 10-4 System Maintenance - Information ___________________________________________ 10-4
Figure 10-5 Examples of Error and Information Messages ___________________________________ 10-5
Figure 10-6 Menu 24.3.2 - System Maintenance - Syslog and Accounting_______________________ 10-6
Figure 10-7 Menu 24.4 - System Maintenance - Diagnostic __________________________________ 10-9
Figure 10-8 Command mode _________________________________________________________ 10-10
Figure 11-1 Menu 24.5 — Backup Configuration__________________________________________ 11-3
Figure 11-2 FTP Session Example______________________________________________________ 11-3
Figure 11-3 Menu 24.6 — Restore Configuration__________________________________________ 11-6
Figure 11-5 Menu 24.7 — System Maintenance — Upload Firmware __________________________ 11-6
Figure 11-6 Menu 24.7.1 — Upload System Firmware______________________________________ 11-7
Figure 11-7 Menu 24.7.2 — System Maintenance _________________________________________ 11-8
Figure 11-8 FTP Session Example______________________________________________________ 11-9
xiv List of Figures
P645 ADSL Internet Access Router
Figure 12-1 IP Routing Policy Setup ____________________________________________________ 12-2
Figure 12-2 Menu 25.1 – Sample IP Routing Policy Setup ___________________________________ 12-3
Figure 12-3 IP Routing Policy _________________________________________________________ 12-4
Figure 12-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup __________________________________ 12-6
Figure 12-5 Menu 11.3 – Remote Node Network Layer Options ______________________________ 12-6
Figure 12-6 Example of IP Policy Routing _______________________________________________ 12-7
Figure 12-7 IP Routing Policy Example__________________________________________________ 12-8
Figure 12-8 IP Routing Policy _________________________________________________________ 12-9
Figure 12-9 Applying IP Policies_______________________________________________________ 12-9
Figure 13-1 Schedule Setup ___________________________________________________________ 13-1
Figure 13-2 Schedule Set Setup ________________________________________________________ 13-2
Figure 13-3 Applying Schedule Sets to a Remote Node Example (PPPoE Encapsulation)___________ 13-4
Diagram 1 VPI's & VCI's................................................................................................................................I
List of Figures xv
P645 ADSL Internet Access Router
List of Tables
Table 2-1 Front Panel LED Description ___________________________________________________ 2-1
Table 2-2 Main Menu Commands ________________________________________________________ 2-6
Table 2-3 Main Menu Summary _________________________________________________________ 2-8
Table 2-4 General Setup Menu Fields ____________________________________________________ 2-10
Table 3-1 DHCP Ethernet Setup Menu Fields_______________________________________________ 3-6
Table 3-2 TCP/IP Ethernet Setup Menu Fields ______________________________________________ 3-6
Table 3-3 IP Alias Setup Menu Fields_____________________________________________________ 3-8
Table 3-4 Internet Account Information __________________________________________________ 3-12
Table 3-5 Internet Access Setup Menu Fields ______________________________________________ 3-13
Table 3-6 Single User Account Menu Fields_______________________________________________ 3-16
Table 3-7 Services vs. Port number______________________________________________________ 3-18
Table 4-1 Remote Node Profile Menu Fields _______________________________________________ 4-3
Table 4-2 Remote Node PPP Options Menu Fields___________________________________________ 4-5
Table 5-1 TCP/IP related fields in Remote Node Profile_______________________________________ 5-5
Table 5-2 TCP/IP Remote Node Configu rat i on______________________________________________ 5-6
Table 5-3 Edit IP Static Route Menu Fields_________________________________________________ 5-9
Table 6-1 Novell IPX Ethernet Setup Fields ________________________________________________ 6-4
Table 6-2 Remote Node Novell IPX Options _______________________________________________ 6-6
Table 6-3 Edit IPX Static Route Menu Fields _______________________________________________ 6-8
Table 7-1 Bridge Ethernet Setup Menu - Handle IPX Field Configuration_________________________ 7-2
Table 7-2 P645R Remote Node Network Layers Menu Bridge Options___________________________ 7-3
Table 7-3 Bridge Static Route Menu Fields_________________________________________________ 7-5
Table 8-1 Abbreviations Used in the Filter Rules Summary Menu_______________________________ 8-7
Table 8-2 Abbreviations Used If Filter Type Is IP____________________________________________ 8-8
Table 8-3 Abbreviations Used If Filter Type Is IPX __________________________________________ 8-9
Table 8-4 Abbreviations Used If Filter Type Is GEN _________________________________________ 8-9
xvi List of Tables
P645 ADSL Internet Access Router
Table 8-5 TCP/IP Filter Rule Menu Fields ________________________________________________ 8-10
Table 8-6 Generic Filter Rule Menu Fields ________________________________________________ 8-14
Table 8-7 IPX Filter Rule Menu Fields ___________________________________________________ 8-15
Table 9-1 SNMP Configuration Menu Fields _______________________________________________ 9-3
Table 9-2 SNMP Traps_________________________________________________________________ 9-4
Table 10-1 System Maintenance - Status Menu Fields _______________________________________ 10-2
Table 10-2 Fields in System Maintenance - Information______________________________________ 10-4
Table 10-3 System Maintenance Menu Syslog Parameters ____________________________________ 10-6
Table 10-4 System Maintenance Menu Diagnostic __________________________________________ 10-9
Table 11-1 Filename Conventions _______________________________________________________ 11-2
Table 11-2 General Commands for Third Party FTP Clients___________________________________ 11-4
Table 11-3 General Commands for Third Party TFTP Clients _________________________________ 11-5
Table 12-1 IP Routing Policy Setup______________________________________________________ 12-3
Table 12-2 IP Routing Policy ___________________________________________________________ 12-4
Table 13-1 Schedule Set Setup Fields ____________________________________________________ 13-2
Table 14-1 Troubleshooting the Start-Up of your Prestige ____________________________________ 14-1
Table 14-2 Troubleshooti n g Telnet ______________________________________________________ 14-1
Table 14-3 Troubleshooting the ADSL connection __________________________________________ 14-2
Table 14-4 Troubleshooting the LAN Interface_____________________________________________ 14-2
Table 14-5 Troubleshooting a Connection to a Remote Node or ISP ____________________________ 14-3
List of Tables xvii
P645 ADSL Internet Access Router
Preface
About Your ADSL Internet Access Router
Congratulations on your purchase of the Prestige 645R ADSL Internet Access Router.
The Prestige 645R is an ADSL router used for Internet/LAN access via an ADSL line. We will refer to the
Prestige 645R router as the P645R or simply the Prestige from now on.
The P645R can run upstream maximum transmission rates of 800 Kbps and downstream maximum
transmission rates of 8Mbps. The actual rate depends on the type of ADSL service subscribed to, the copper
category of your telephone wire and the distance from the central office. See the following sections for
more background information on DSL and ADSL.
The P645R's 10/100M LAN interface enables fast data transfer of 10Mbps or 100Mbps in either halfduplex or full-duplex mode depending on your Ethernet network.
Your Prestige is easy to install and to configure. All functions of the Prestige are software configurable via
the SMT (System Management Terminal) interface.
About This User's Guide
This user's guide covers all aspects of the Prestige 645R’s operations and shows you how to get the best out
of the multiple advanced features of your ADSL Internet Access Router using the SMT. It is designed to
guide you through the correct configuration of your Prestige 645R for various applications.
Syntax Conventions
• “Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to select one from the predefined choices.
• Full SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold
Arial font. A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER]
means the Enter, or carriage return, key; [ESC] means the Escape key.
• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance”, and “i.e.” as a shorthand for
“that is” or “in other words” throughout this manual
xviii List of Tables
P645 ADSL Internet Access Router
What Is ADSL?
About AD S L
Asymmetric Digital Subscriber Line (ADSL) technology provides high-speed data access across regular
phone lines (copper wires) by making use of previously unused frequency bandwidth above the voice band.
By placing the ADSL signal above the frequency of voice signals, ADSL service is able to coexist on the
same line with your telephone service. ADSL is asymmetric in the sense that it provides a higher downstream
data rate transfer (up to 8Mbps), than in the upstream transfer (up to 832 Kbps). Asymmetric operation is
ideal for typical home and small office use where files and information are downloaded more frequently than
uploaded.
Advantages of ADSL
1. ADSL provides a private (unlike cable telephone and modem services where the line is shared),
dedicated and secure channel of communications between you and your service provider.
2. Because your line is dedicated (not shared), transmission speeds are not affected by other users. With
cable modems, transmission speeds drop significantly as more users go on-line because the line is
shared.
3. ADSL is "always on" (connected). This means that there is no time wasted dialing up the service several
times a day and waiting to be connected; ADSL is on standby, ready for use whenever you need it.
What Is ADSL? xix
Getting Started
PPaarrtt II:
:
Getting Started
This part covers Getting to Know Your Prestige, Hardware Indtallation and Setup and Internet
Access.
I
Prestige 645 ADSL Internet Access Router
Chapter 1
Getting to Know Your Prestige
This chapter describes the key features and applications of
your ADSL Internet Access Router
1.1 Prestige 645R ADSL Internet Access Router
Your Prestige integrates a high-speed 10/100Mbps auto-negotiating LAN interface and a high-speed ADSL
port into a single package. The Prestige is ideal for high-speed Internet browsing and making LAN-to-LAN
connections to remote networks.
1.2 Features of the Prestige 645R
Your Prestige is packed with a number of features that give it the flexibility to provide a complete
networkin g solution for almost any user.
Ease of Installation
Your Prestige is designed for quick, intuitive and easy installation. Physically, its compact size and
lightness make it easy to position anywhere in your busy office.
High Speed Internet Access
The P645R ADSL router can support downstream transmission rates of up to 8Mbps and upstream
transmission rates of 800 Kbps.
10/100Mbps Fast Ethernet LAN Interface
.
The P645R's 10/100M LAN interface enables fast data transfers of 10Mbps or 100Mbps in either halfduplex or full-duplex mode depending on your Ethernet network.
Protocols Supported
!
TCP/IP (Transmission Control Protocol/Internet Protocol) network layer protocol.
!
PPP (Point-to-Point Protocol) link layer protocol.
♦ Novel IPX (Internetwork Packet eXchange) network layer protocol.
Getting to Know Your Prestige 1-1
Prestige P645 ADSL Internet Access Router
♦ Transparent bridging for unsupported network layer protocols.
♦ DHCP Client, Server and Relay
♦ RIP I and RIP II
IP Policy Routing
IP Policy Routing (IPPR) provides a mechanis m t o override the default routing behavior and alter the
packet forwarding based on the policy defined by the network administrator.
Call Scheduling
Configure call time periods to allow and restrict access to remote nodes.
Networking Compatibility
Your Prestige is compatible with the major ADSL DSLAM (Digital Subscriber Line Access Multiplexer)
providers, making configuration as simple as po ssible for you.
Multiplexing
The Prestige 645R supports VC-based and LLC-based multiplexing.
Encapsulation
The Prestige 645R supports PPP (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483
encapsulation over ATM and MAC encapsulated routing (ENET ENCAP) as well as PPP over Ethernet
(RFC 2516).
NAT/SUA for single-IP-address Internet Access
The Prestige's SUA (Single User Account) feature allows multiple user Internet access for the cost of a
single IP account. SUA supports popular Internet applications, such as MS traceroute, CuSeeMe, IRC,
RealAudio, VDOLive, Quake, and PPTP. No configuration is needed to support these applications.
Full Network Management
♦ SNMP (Simple Network Management Protocol) support.
♦ SMT (System Management Terminal) through a telnet connection.
1-2 Getting to Know Your Prestige
Prestige 645 ADSL Internet Access Router
PAP and CHAP Security
The Prestige supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake
Authentication Protocol). CHAP is more secure since the password is scrambled prior to trans mission.
However, PAP is readily available on more platforms.
Filters
The Prestige's packet filtering functions allow added network security and management.
Reset Button
The Prestige comes with a reset button built into the rear panel. Use this button to restore the factory default
password to 1234, IP address to 192.168.1.1, subnet mask to 255.255.255.0 and DHCP server enabled with
a pool of 32 IP addressed starting at 192.168.1.33.
1.3 Applications for the Prestige 645R
1.3.1 Internet Access
The Prestige is the ideal high-speed Internet access solution. Your Prestige supports the TCP/IP protocol,
which the Internet uses exclusively. It is compatible with all major ADSL DSLAM providers. A DSLAM
is a rack of ADSL line cards with data multiplexed into a backbone network interface/connection (e.g., T1,
OC3, DS3, ATM or Frame Relay). Think of it as the equivalent of a modem rack for ADSL. A typical
Internet Access application is shown next.
Getting to Know Your Prestige 1-3
Prestige P645 ADSL Internet Access Router
Figure 1-1 Internet Access Application
Internet Single User Account
For a SOHO (Small Office/Home Office) environment, your Prestige offers the Single User Account (SUA)
feature that allows multiple users on the LAN (Local Area Network) to access the Internet concurrently for
the cost of a single user.
1.3.2 LAN to LAN Application
You can use the Prestige to connect two geogr
typical LAN-to-LAN application for your Prestige is shown as follows.
1-4 Getting to Know Your Prestige
ly dispersed networks through an ADSL line. A
aphical
Prestige 645 ADSL Internet Access Router
Figure 1-2 LAN-to-LAN Application
Getting to Know Your Prestige 1-5
Prestige 645 ADSL Internet Access Router
Chapter 2
Hardware Installation & Initial Setup
This chapter describes the physical features and cable connections of the Prestige and how to
access and use the SMT interface for configura tio n .
2.1 Front Panel LEDs of the P645R
The LED indicators on the front panel indicate the operational status of the Prestige 645R. The table below
the diagram describes the LED functions:
Figure 2-1 Prestige 645R Front Panel
Table 2-1 Front Panel LED Description
LED NAME DESCRIPTION
PWR
SYS
LAN 10M
LAN 100M
DSL
ACT
Hardware Installation & Setu p 2-1
The PWR (power) LED is on when power is applied to the Prestige.
A steady on SYS (system) LED indicates the Prestige is on and functioning properly
while an off SYS LED indicates the system is not ready or has a malfunction. The
SYS LED blinks when the system is rebooting.
A steady light indicates a 10Mb Ethernet connection. The LED blinks when data is
being sent/received.
A steady light indicates a 100Mb Ethernet connection. The LED blinks when data is
being sent/received.
The ADSL LED is on when the Prestige is connected successfully to a DSLAM. The
LED blinks during ADSL line initialization. The LED is off when the link is down.
The ACT LED blinks during data transfer via the ADSL line. The LED is off when no
data is being transferred on the ADSL line.
Prestige P645 ADSL Internet Access Router
2.2 Prestige 645R Rear Panel and Connections
The following figure shows the rear panel connectors of your Prestige.
Figure 2-2 Prestige 645R Rear Panel Connections
2.2.1 Using the Reset Button
The reset button restores the default IP address of 192.168.1.1 and subnet mask of 255.255.255.0, as well as
the default SMT password of 1234. The DHCP server will also be reset to server mode with a pool of 32 IP
addressed starting at 192.168.1.33.
In order to prevent accidental use of the reset button, it only works as follows. To use the reset button, turn
off the Prestige and insert a small pointed object (like a pen) into the reset hole to push the reset button.
Next, turn on your Prestige and keep the reset button pressed for one minute.
2.2.2 Making the Connections
Step 1. Connecting the ADSL line
Connect the RJ-11 DSL port on the Prestige to the POTS splitter using the incl uded ADSL cable (telep hone
wire). Connect the micro filter(s) (optional– see
2-2 Hardware Installation & Setu p
Prestige 645 ADSL Internet Access Router
Figure 2-4 Connecting the Microfilter) between the wall jack and your telephone(s). The micro filters act as
low pass filters (voice transmission takes place in the 0 to 4KHz band width).
Step 2. Connecting a computer to the Prestige 10/100M LAN port
Be careful not to plug a RJ-11 connector into the RJ-45 port.
Ethernet 10Base-T/100Base-T networks use Shielded Twisted Pair (STP) cable with RJ-45 connectors that
look like a bigger telephone plug with 8 pins. Use a crossover cable (red tag) to connect your Prestige 645R
to a computer directly. Use a straight through Ethernet cable (white tag) to connect to an external hub and
then connect one end of a straight through Ethernet cable (white tag) from the hub to the Network Interface
Card (NIC) on the computer.
Step 3. Connecting the power adapter to your Prestige
Make sure that you use a P/N DV-121AACS (rated 12VAC
1.0A) or equivalent power supply.
Connect the power adapter to the port labeled POWER on the rear panel of your Prestige.
2.3 Additional Installation Requirements
In addition to the contents of your package your computer must have a properly installed and enabled
Ethernet 10Base-T/100Base-T NIC.
2.4 Connecting the POTS Splitter
You may purchase an optional POTS splitter for use with the Full Rate (G.dmt and ANSI T1.413)
standards. One major difference between ADSL and dial-up modems is the need for a telephone splitter.
This device keeps the telephone and ADSL signals separated, giving the capability to provide simultaneous
Internet access and telephone service on the same line. Splitters also eliminate the destructive interference
conditions caused by telephone sets. The telephone splitter has to be installed on the line at the point of
entry to the residence.
Noise generated from a telephone in the same frequency range as the ADSL signal can be disruptive to the
ADSL signal. In addition the impedance of a telephone when off-hook may be so low that it essentially
shunts the strength of the ADSL signal. When a POTS splitter is insta lled at the entry point where the line
comes into the home, it will filter the telephone signals before combining the ADSL and telephone signals
transmitted and received. The issues of noise and impedance are eliminated with a single POTS splitter
installation.
A telephone splitter can be installed as shown in the following figure.
Hardware Installation & Setu p 2-3
Prestige P645 ADSL Internet Access Router
Prestige
Wall
Jack
Figure 2-3 Connecting a POTS Splitter
Step 1. Connect the side labeled “Phone” to your telephone.
Step 2. Connect the side labeled “Modem” to your Prestige.
Step 3. Connect the side labeled “Line” to the telephone wall jack.
POTS Splitter
2.5 Telephone Microfilters
You may also opt to purchase telephone microfilters. Telephone voice transmissions take place in the lower
frequency range, 0 - 4KHz, while ADSL transmissions take place in the higher bandwidth range, above
4KHz. ZyXEL provides a microfilter that acts as a low-pass filter for your telephone to ensure that ADSL
transmissions do not interfere with your telephone voice transmissions.
Step 1. Connect a phone cable from the wall jack to the single jack end of the Y- Connector.
Step 2. Connect a cable from the double jack end of the Y-Connector to the “wall side” of the
microfilter.
Step 3. Connect another cable from the double jack end of the Y-Connector to the Prestige.
Step 4. Connect the “phone side” of the microfilter to your telephone as shown in the following figure.
2-4 Hardware Installation & Setu p
Prestige 645 ADSL Internet Access Router
Prestige
Wall Jack
Y -CONNECTOR
Microfilter
Wall
Side
Phone
Figure 2-4 Connecting the Microfilter
2.6 Turning On Your Prestige
At this point, you should have connected the ADSL line, the Ethernet port and the power port to the
appropriate devices or lines. You can now turn on the Prestige by pushing the power button on. Refer to the
Read Me First for instructions on setting up your computer. The following procedure details how to telnet
into your Prestige.
Step 1. In Windows, click Start (usually in the bottom left corner), Run and then type “telnet
192.168.1.1” (the default IP address) and click OK. The Prestige should already be on when
you turn on your computer, see the Read Me First for details.
Step 2. Entering the password
The login screen appears prompting you to enter the password, as shown below.
For your first login, enter the default password 1234. As you type the password, the screen displays an (X)
for each character you type.
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will
automatically log you out and will display a blank screen. If you see a blank screen, press [ENTER] to
bring up the login scree n again.
Enter Password : XXXX
Figure 2-5 Login Screen
Hardware Installation & Setu p 2-5
Prestige P645 ADSL Internet Access Router
2.7 Navigating the SMT Interf ace
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration are
listed in the following table.
Table 2-2 Main Menu Commands
OPERATION PRESS/<READ> DESCRIPTION
Move down to
another menu
Move up to a
previous menu
Move to a “hidden”
menu
Move the cursor
Enter information Fill in, or Press the
Required fields
N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol
Save your
configuration
[ENTER] To move forward to a sub-menu, type in the number of the
desired sub-menu and press [ENTER].
[ESC] Press the [ESC] key to move back to the previous menu.
Press the [SPACE
BAR] to change
No to Yes then
press [ENTER].
[ENTER] or
[Up]/[Down] arrow
keys
[SPACE BAR] to
select
?
>
<
[ENTER] Save your configuration by pressing [ENTER] at the message
Fields beginning with “Edit” lead to hidden menus and have a
default setting of No. Press the [SPACE BAR] to change No to
Yes, then press [ENTER] to go to a “hidden” menu.
Within a menu, press [ENTER] to move to the next field. You can
also use the [Up]/[Down] arrow keys to move to the previous and
the next field, respectively.
You need to fill in two types of fields. The first requires you to
type in the appropriate information. The second allows you to
cycle through the available choices by pressing the [SPACE
BAR].
All fields with the symbol <?> must be filled in order be able to
save the new configuration.
refers to an option that is Not Applicable.
[Press ENTER to confirm or ESC to cancel]. Saving the data on
the screen will take you, in most cases to the previous menu.
Exit the SMT
Type 99, then
press [ENTER].
Type 99 at the main menu prompt and press [ENTER] to exit the
SMT interface.
2-6 Hardware Installation & Setu p
Prestige 645 ADSL Internet Access Router
2.7.1 SMT Menu Overview
The following figure shows the titles and layout of the various SMT menu screens of your Prestige.
Figure 2-6 SMT Menu Overview
Hardware Installation & Setu p 2-7
Prestige P645 ADSL Internet Access Router
After you enter the password, the SMT displays the Main Menu, as shown next.
Copyright (c) 1994 - 2001 ZyXEL Communications Corp.
Getting Started
1. General Setup
3. Ethernet Setup
4. Internet Access Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
15. SUA Server Setup
Prestige 645R Main Menu
Advanced Management
21. Filter Set Configuration
22. SNMP Configuration
23. System Password
24. System Maintenance
25. IP Routing Policy Setup
26. Schedule Setup
99. Exit
Enter Menu Selection Number:
Figure 2-7 SMT Main Menu
2.7.2 System Management Terminal Interface Summary
Table 2-3 Main Menu Summary
# MENU TITLE DESCRIPTION
1 General Setup Use this menu to set up general information.
3 Ethernet Setup Use this menu to set up your LAN connection.
4 Internet Access Setup This menu provides convenient set up for an Internet connection.
11 Remote Node Setup Use this menu to configure the Remote Node(s) for LAN-to-LAN
connection(s), including the Internet.
12 Static Routing Setup Use this menu to set up static routes.
15 SUA Server Setup
Use this menu to specify inside servers when SUA is enabled
.
21 Filter Set Configuration Use this menu to set up filters to provide security, etc.
22 SNMP Configuration Use this menu to set up SNMP related parameters.
23 System Password Use this menu to change your password.
24 System Maintenance This menu provides diagnostic, file transfer, time setting and other
tools for maintaining your Prestige.
25 IP Routing Policy Setup Use this menu to configure routing policies.
2-8 Hardware Installation & Setu p
Prestige 645 ADSL Internet Access Router
# MENU TITLE DESCRIPTION
26 Schedule Setup Use this menu to configure times for calls to remote nodes.
99 Exit Use this to exit the SMT and return to a blank screen.
2.8 Changing the System Password
The first thing you should do is to change the default system password by following the steps below.
Step 1. Enter 23 in the main menu to open Menu 23 - System Password as shown next.
When the Menu 23 System Password appears, type your system password (1234 is the default when
shipped) and press [ENTER].
Menu 23 – System Password
Old Password= ****
Retype to confirm= ****
New Password= ****
Enter here to CONFIRM or ESC to CANCEL:
Figure 2-8 Menu 23.1 - System Password
Step 2. Enter your new system password. You can use up to 30 alphanumeric characters. Do not use
spaces, but dashes “-“ and underscores “_“ are accepted. Then press [ENTER].
Step 3. Re-type yo ur new system password for confirmation and press [ENTER].
Note that as you type a password, the screen displays a (*) for each character you type.
If you forget your password, use the reset button to restore the default password
of 1234. This will allow you to enter the SMT. Then use the above instructions to
set a new password.
2.9 General Setup
Menu 1 - General Setup contains administrative and system-related information.
To enter menu 1 and fill in the required information, follow these steps:
Step 1. Enter 1 in the main menu to open Menu 1 – General Setup.
Step 2. The Menu 1 - General Setup screen appears, as shown below. Fill in the required fields marked
[?] and turn on the individual protocols for your applications, as explained in the following table.
Hardware Installation & Setu p 2-9
Prestige P645 ADSL Internet Access Router
Menu 1 - General Setup
System Name= HAL
Location= branch
Contact Person's Name= JohnDoe
Route IP= Yes
Route IPX= No
Bridge= No
Press ENTER to Confirm or ESC to Cancel:
Figure 2-9 Menu 1 – General Setup
Table 2-4 General Setup Menu Fields
FIELD DESCRIPTION EXAMPLE
System Name Choose a descriptive name for identification purposes. This name can be
up to 30 alphanumeric characters long. Spaces are not allowed, but
dashes “-” and underscores "_" are accepted.
Location (optional) Enter the geographic location (up to 31 characters) of your Prestige. branch
Contact Person's
Name (optional)
Protocols:
Enter the name (up to 30 characters) of the person in charge of this
Prestige.
Yes
Press the [SPACE-BAR] to select
No
or
to turn the individual routing
protocols on or off.
HAL
JohnDoe
Route IP
Set this field to Yes to enable IP routing. You must enable IP routing for
Yes
Internet access.
Route IPX
Set this field to
Yes
to enable IPX routing.
Bridge Turn on/off bridging for protocols not supported (e.g., SNA) or not turned
No
No
on in the previous Route fields.
2.10 Ethernet Setup
This section describes how to configure the Ethernet using Menu 3 – Ethernet Setup. From the main
menu, enter 3 to open menu 3.
2-10 Hardware Installation & Setu p
Prestige 645 ADSL Internet Access Router
Menu 3 - Ethernet Setup
1. General Setup
2. TCP/IP and DHCP Setup
3. Novell IPX Setup
4. Bridge Setup
Figure 2-10 Menu 3 - Ethernet Setup
2.10.1 General Ethernet Setup
This menu allows you to specify filter set(s) that you wish to apply to the Ethernet traffic. You seldom
need to filter Ethernet traffic; however, the filter sets may be useful to block certain packets, reduce traffic
and prevent security breaches.
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
Protocol filters=
device filters=
Output Filter Sets:
Protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 2-11 Menu 3.1 - General Ethernet Setup
If you need to define filters, please read the chapter on configuring filters first, then return to this menu to
define the filter sets.
The factory configured filters in SMT menu 21.3 are designed to block incoming telnet from the WAN
(DSL) port. Do not configure SMT menu 3.1 filter rules to block all telnet from the Ethernet. This would
block the telnet connection from your computer to the Prestige.
2.11 Protocol Dependent Ethernet Setup
Depending on the protocols for your applications, you need to configure the respective Ethernet Setup, as
outlined below.
" For TCP/IP Ethernet setup refer to the Internet Access chapter.
"
For Novell IPX Ethernet setup refer to the IPX Configuration chapter.
" For bridging Ethernet setup refer to the Bridging Setup Chapter.
Hardware Installation & Setu p 2-11
Prestige 645 ADSL Internet Access Router
Chapter 3
Internet Access
This chapter shows you how to configure the LAN as well as the WAN of your Prestige for Internet
access
3.1 Factory Ethernet Defaults
The Ethernet parameters of the Prestige are preset in the factory with the following values:
1. IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits).
2. DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If the parameters are satisfactory, you can
skip to3.4 TCP/IP Ethernet Setup and DHCP to enter the DNS server address(es) if your ISP gives you
explicit DNS server address(es). If you wish to change the factory defaults or to learn more about TCP/IP,
please read on.
3.2 TCP/IP Parameters
.
3.2.1 IP Address and Subnet Mask
Similar to the way houses on a street share a common street name, the machines on a LAN also share one
common network number.
Where you obtain your network number depends on your particular situation. If the ISP o r your network
administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP
addresses and the subnet mask.
If the ISP di d not explicit ly give you an IP network number, then most likely you have a si ngle user account
and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is
recommended that you select a network number from 192.168.0.0 to 192.168.255.0 (ignoring the trailing
zero) and you must enable the Single User Account feature of the Prestige. The Internet Assigned Number
Authority (IANA) has reserved this block of addresses specifically for private use; please do not use any
other number unless you are told otherwise. Let’s say you select 192.168.1.0 as the network number; which
covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other
words, the first 3 numbers specify the network number while the last number identifies an individual
computer on that network.
Internet Access 3-1
Prestige P645 ADSL Internet Access Router
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the
subnet mask automatically based on the IP address that you entered. You don’t need to change the subnet
mask computed by the Prestige unless you are instructed to.
3.2.2 Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the Internet,
e.g., only between your two branch offices, you can assign any IP addresses to the hosts without problems.
However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP
addresses specifically for private networks:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
You can obtain your IP address from the IANA, from an ISP, or have it assigned by a private network. If you
belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the
Internet addresses for your local networks. On the other hand, if you are part of a much larger organization,
you should consult your network administrator for the appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address;
always follow the guidelines above. For more information on address assignment,
please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466,
Guidelines for Management of IP Address Space.
3.2.3 RIP Setup
RIP (Routing Information Proto col) allows a router to exchange routing information with othe r routers. The
RIP Direction field controls the sending and receiving of RIP packets. When set to both, the Prestige will
broadcast its routing table periodically and incorporate the RIP information that it receives; when set to none,
it will not send any RIP packets and will ignore any RIP packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige sends
(it recognizes both formats when receiving. RIP-1 is universally supported; but RIP-2 carries more
information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M send the routing data in RIP-2 format; the difference being that RIP-2B uses
subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router
machines since they generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your network must use multicasting,
also.
3-2 Internet Access
Prestige 645 ADSL Internet Access Router
By default, RIP direction is set to Both and the Version set to RIP-1.
3.2.4 IP Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (one sender — one recipient) or
Broadcast (one sender — everybody on the network). Multicast is a third way to deliver IP packets to a
group of hosts on the network - not everybody.
IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed
information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of
RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to
239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.
The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address
224.0.0.2 is assigned to the multicast routers group.
The P645R supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the
P645R queries all directly connected networks to gather group membership. After that, the P645R
periodically updates this information. IP Multicasting can be enabled/disabled on the P645R LAN and/or
WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN). Select None to disable IP Multicasting on these
interfaces.
3.2.5 IP Alias
IP Alias allows you to partition a physical network into different logical networks over the same Ethernet
interface. The P645R supports three logical LAN interfaces via its single physical Ethernet interface with the
P645R itself as the gateway for each LAN network.
Figure 3-1 Physical Network Figure 3-2 Partitioned Logical Networks
Internet Access 3-3
Prestige P645 ADSL Internet Access Router
3.2.6 DHCP Configuration
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (computers) to obtain the
TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server
capability, enabled by default, which means it can assign IP addresses, an IP de fault gateway and DNS
servers to Windows 98, Windows 2000 and other systems that support the DHCP client. The Prestige can
also act as a surrogate DHCP server where it relays IP address assignment from the actual DHCP server to
the clients.
IP Pool Setup
The Prestige is pre-configured with a pool of 32 IP addresses ranging from 192.168.1.33 to 192.168.1.64 for
the client machines. This leaves 31 IP addresses, 192.168.1.2 to 192.168.1.32 (excluding the Prestige itself
which has a default IP of 192.168.1.1) for other server machines, e.g., server for mail, FTP, telnet, web, etc.,
that you may have.
DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa,
e.g., the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because
without it, you must know the IP address of a machine before you can access it. The DNS server addresses
that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and
subnet mask.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a
customer the DNS server addresses, usually in the form of an information sheet, when s/he signs up. If your
ISP gives you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup, otherwise,
leave them blank.
Some ISP’s choose to pass the DNS servers using the DNS server extensions of PPP IPCP (IP Control
Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS
servers are conveyed through IPCP negotiation. The Prestige supports the IPCP DNS server extensions
through the DNS proxy feature.
If the Primary and Secondary DNS Server fields in DHCP Setup are not specified, i.e., left as 0.0.0.0, the
Prestige tells the DHCP clients that it itself is the DNS server. When a computer sends a DNS query to the
Prestige, the Prestige forwards the query to the real DNS server learned through IPCP and relays the response
back to the computer.
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not
mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you
explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup menu. This way, the
Prestige can pass the DNS servers to the computers and the computers can query the DNS server directly
without the Prestige’s intervention.
3-4 Internet Access
Prestige 645 ADSL Internet Access Router
3.3 Route IP Setup
The first step is to enable IP routing in Menu 1 - General Setup.
To edit menu 1, enter 1 in the main menu to select General Setup and press [ENTER]. Set the Route IP
field to Yes by pr essing the [SPAC E BA R ].
Menu 1 - General Setup
System Name= P645
Location= location
Contact Person's Name= name
Route IP= Yes
Route IPX= No
Bridge= No
Press ENTER to Confirm or ESC to Cancel:
Figure 3-3 Menu 1 – General Setup
3.4 TCP/IP Ethernet Setup and DHCP
You will now use menu 3.2 to configure your Prestige for TCP/IP.
To edit menu 3.2, enter 3 in the main menu to open Menu 3 - Ethernet Setup. In menu 3, select 2 and press
[ENTER]
.
The screen now displays Menu 3.2 - TCP/IP and DHCP Ethernet Setu p, as shown next
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 32
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.68.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-1
Multicast= None
IP Policies=1,2,7,8
Edit IP Alias= No
Enter here to CONFIRM or ESC to CANCEL:
First address in
the IP Pool
Size of the IP
Pool
If set to 0.0.0.0
the Prestige acts
as a proxy DNS
Server
Figure 3-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup
Internet Access 3-5
Prestige P645 ADSL Internet Access Router
Follow the instructions in the following table on how to configure the DHCP fields.
Table 3-1 DHCP Ethernet Setup Menu Fields
FIELD DESCRIPTION EXAMPLE
DHCP Setup
DHCP=
Client IP Pool Starting
Address
Size of Client IP Pool This field specifies the size, or count, of the IP address pool. 32
Primary DNS Server
Secondary DNS
Server
Remote DHCP
Server
If it is set to Server, your Prestige can assign IP addresses, an
IP default gateway and DNS servers to Windows 98, Windows
2000 and other systems that support the DHCP client. If set to
None, the DHCP server will be disabled. If set to Relay, the
Prestige acts as a surrogate DHCP server and relays DHCP
requests and responses between the remote server and the
clients. Enter the IP address of the actual, remote DHCP server
in the Remote DHCP Server in this case.
When DHCP is used, the following items need to be set:
This field specifies the first of the contiguous addresses in the
IP address pool.
Enter the IP addresses of the DNS servers. The DNS servers
are passed to the DHCP clients along with the IP address and
the subnet mask.
If Relay is selected in the DHCP= field above, then enter the IP
address of the actual, remote DHCP server here.
Server
(default)
192.168.1.33
Follow the instructions in the following table to configure TCP/IP parameters for the Ethernet port.
Table 3-2 TCP/IP Ethernet Setup Menu Fields
FIELD DESCRIPTION EXAMPLE
TCP/IP Setup
IP
Enter the (LAN) IP address of your Prestige in dotted decimal
Address
IP Subnet Mask Your Prestige will automatically calculate the subnet mask based
Direction
Version
notation
on the IP address that you assign. Unless you are implementing
subnetting, use the subnet mask computed by the Prestig e
Press the [SPACE BAR] to select the RIP direction from Both, In
RIP
Only, Out Only or None.
Press the [SPACE BAR] to select the RIP version from RIP-1, RIP-
2B or RIP-2M.
192.168.1.1
(default)
255.255.255.0
Both
(default)
RIP-1
(default)
3-6 Internet Access
Prestige 645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
Multicast IGMP (Internet Group Multicast Protocol) is a session-layer
protocol used to establish membership in a Multicast group. The
P645R supports both IGMP version 1 (IGMP-v1) and version 2
(IGMP-v2). Press the [SPACE BAR] to enable IP Multicasting or
select None (default) to disable it.
IP Policies You can apply up to four IP Policy sets (from twelve) by entering
their numbers separated by commas. None are applied by default.
Edit IP
When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to
save your configuration, or press [ESC] at any time to cancel.
The P645R supports three logical LAN interfaces via its single
alias
physical Ethernet interface with the P645R itself as the gateway
for each LAN network. Press the [SPACE BAR] to select Yes, then
press [ENTER] to display menu 3.2.1
None
(default)
1,2,7,8
No
3.4.1 IP Alias Setup
Use menu 3.2 to configure the first network. Move the cursor to the Edit IP Alias field, press [SPACE
BAR] to choose Yes and press [ENTER] to configure the second and third networks.
Pressing [ENTER] opens Menu 3.2.1 - IP Alias Setup, as shown next.
Internet Access 3-7
Prestige P645 ADSL Internet Access Router
Menu 3.2.1 - IP Alias Setup
IP Alias 1= Yes
IP Address= 192.168.2.1
IP Subnet Mask= 255.255.255.0
RIP Direction= None
Version= RIP-1
Incoming protocol filters= N/A
Outgoing protocol filters= N/A
IP Alias 2= No
IP Address= N/A
IP Subnet Mask= N/A
RIP Direction= N/A
Version= N/A
Incoming protocol filters= N/A
Outgoing protocol filters= N/A
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 3-5 Menu 3.2.1 — IP Alias Setup
Use the instructions in the following table to configure IP Alias parameters.
Table 3-3 IP Alias Setup Menu Fields
FIELD DESCRIPTION EXAMPLE
IP Alias
IP Address Enter the IP address of your Prestige in dotted decimal notation. 192.168.2.1
IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on
RIP Direction Press the [SPACE BAR] to select the RIP direction. Options are:
Version
Incoming
Protocol Filters
Outgoing
Protocol Filters
When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save
your configuration, or press [ESC] at any time to cancel.
Choose Yes to configure the LAN network for the Prestige. Yes
255.255.255.0
the IP address that you assign. Unless you are implementing
subnetting, use the subnet mask computed by the Prestig e.
None
Both, In Only, Out Only or None.
Press the [SPACE BAR] to select the RIP version. Options are: RIP-
1, RIP-2B or RIP-2M.
Enter the filter set(s) you wish to apply to the incoming traffic
(default)
RIP-1
(default)
N/A
between this node and the Prestige.
Enter the filter set(s) you wish to apply to the outgoing traffic between
N/A
this node and the Prestige.
3-8 Internet Access
Prestige 645 ADSL Internet Access Router
3.5 LANs & WANs
A LAN (Local Area Network) is a computer network limited to the immediate area, usually the same
building or floor of a building. A WAN (Wide Area Network), on the other hand is an outside connection to
another network or the Internet.
3.5.1 LANs, WANs and the Prestige
The actual physical connection determines whether the Prestige ports are LAN or WAN ports. There are two
separate I P networks, one inside, the LAN networ k; the other o utside, the WAN network as shown next.
Figure 3-6 LAN & WAN IPs
3.6 VPI & VCI
Be sure to use the Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) numbers supplied by
your telephone company. The valid range for the VPI is 1 to 255 and for the VCI is 32 to 65535 (1 to 32 is
reserved for local management of ATM traffic). Please see Appendix VPI and VCI for more information.
3.7 Multiplexing
There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the
multiplexing method required by your ISP.
Internet Access 3-9
Prestige P645 ADSL Internet Access Router
3.7.1 VC-based multiplexing
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example,
VC1 carries IP, VC2 carries IPX, etc. VC-based multiplexing may be dominant in environments where
dynamic creation of large numbers of ATM VCs is fast and economical.
3.7.2 LLC-based multiplexing
In this case one VC carries multiple protocols with protocol identifying information being contained in each
packet header. Despite the extra bandwidth and processing overhead, this method may be advantageous if it
is not practical to have a separate VC for each carried protocol; for example, if charging heavily depends on
the number of simultaneous VCs.
3.8 Encapsulation
Be sure to use the encapsulation method required by your ISP. The Prestige supports the following methods.
3.8.1 ENET ENCAP
The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network
protocol. IP packets are routed between the Ethernet interface and the WAN interface and then formatted so
that they can be understood in a bridged environment i.e., it encapsulates routed Ethernet frames into bridged
ATM cells. ENET ENCAP requires that you specify a gateway IP address in the Ethernet Encapsulation
Gateway field in menu 4 and in the Rem IP Addr field in menu 11.1. You can get this information from
your ISP.
3.8.2 PPP
Please refer to RFC 2364 for more information on PPP over ATM Adaptation Layer 5 (AAL5). Refer to RFC
1661 for more information on PPP.
3.8.3 RFC 1483
RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5).
The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based
multiplexing) and the second method assumes that each protocol is carried over a separate ATM virtual
circuit (VC-based multiplexing). Please refer to the RFC for more detailed information.
3-10 Internet Access
Prestige 645 ADSL Internet Access Router
3.9 IP Address Assignment
A static IP i s a fixed IP that your ISP gives you. A dynamic IP is not fixed. The ISP assigns yo u a different
one each time. The Single User Account feature can be enabled or disabled no matter whether you have a
dynamic or static IP. However the encapsulation method assigned influences your choices for IP Address and
ENET ENCAP Gateway.
3.9.1 Using PPP Encapsulation
If you have a dynamic IP, then the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If
you have a sta tic IP, then you only need to fill in the IP Address field and not the ENET ENCAP Gateway
field.
3.9.2 Using RFC 1483 Encapsulation
In this case the IP Address Assignment must be static with the same requirements for the IP Address and
ENET ENCAP Gateway fields as stated above (in 3.9.1).
3.9.3 Using ENET ENCAP Encapsulation
In this case you can have either a static or dynamic IP. For a static IP you must fill in all the IP Address and
ENET ENCAP Gateway fields as supplied by your ISP. However for a dynamic IP, the Prestige acts as a
DHCP client on the WAN port and so the IP Address and ENET ENCAP Gateway fields are not applicable
(N/A) as they are assigned to the Prestige by the DHCP server.
3.10 Internet Access Configuration
Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified
setup for one of the remote nodes that you can access in menu 11. Before you configure your Prestige for
Internet access, you need to collect your Internet account information from your ISP and telephone company.
Use the following table to record your Internet Account Information. Note that if you are using PPP
encapsulati on, then the only ISP information you need is a login name and password. You only need to know
the Ethernet Encapsulation Gateway IP address if you are using ENET ENCAP encapsulation.
Internet Access 3-11
Prestige P645 ADSL Internet Access Router
Table 3-4 Internet Account Information
Internet Account Information Write your account information here
Telephone Company Information
VPI (Virtual Path Identifier)
VCI (Virtual Channel Identifier)
ISP Information
IP Address of the ISP's Gateway (Optional)
Login Name
Password for ISP authentication
Type of Multiplexing
Type of Encapsulation
Ethernet Encapsulation Gateway
From the main menu, enter 4 to go to Menu 4 - Internet Access Setup, as shown next. The following table
contains instructions on how to configure your Prestige for Internet access.
−
−
−
−
−
−
−
−
3-12 Internet Access
Prestige 645 ADSL Internet Access Router
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= PPPoE
Multiplexing= LLC-based
VPI #= 10
VCI #= 10
Service Name=
My Login= tarbuck
My Password= *********
Single User Account= Yes
IP Address Assignment= Static
IP Address= 0.0.0.0
ENET ENCAP Gateway= 0.0.0.0
Press ENTER to confirm or ESC to cancel:
Get the VPI and
VCI from yo ur
telephone
company and the
other
information from
your ISP.
Figure 3-7 Internet Access Setup
Table 3-5 Internet Access Setup Menu Fields
FIELD DESCRIPTION EXAMPLE
ISP’s Name Enter the name of your Internet Service Provider, e.g.,
MyISP. This information is for identification purposes only.
Encapsulation Press the [SPACE BAR] to select the method of
encapsulation used by your ISP. The choices are PPP,
RFC 1483, PPPoE or ENET ENCAP. Please see section
3.9 for related information.
Multiplexing Press the [SPACE BAR] to select the method of
multiplexing used by your ISP - either VC-based or LLCbased.
VPI # Enter the Virtual Path Identifier (VPI) that the telephone
company gives you.
VCI # Enter the Virtual Channel Identifier (VCI) that the telephone
company gives you.
Service Name Only available when PPPoE encapsulation is used. Enter
the name of your PPPoE service provider. This is the same
as PPPoE Service Name in menu 11.1.
My Login Enter the login name that your ISP gives you. tarbuck
My Password Enter the password associated with the login name above. ***
Single User Account Press the [SPACE BAR] to enable or disable SUA. Please
see the following section for a more detailed discussion on
MyISP
PPP
VC-based
10
10
No
Internet Access 3-13
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
the Single User Account feature.
IP Address Assignment
IP Address Enter the IP address supplied by your ISP if applicable.
ENET ENCAP Gateway Enter the gateway IP address supplied by your ISP if
Press the [SPACE BAR] to select Static or Dynamic
address assignment. Please see section 3.9 for related
information.
applicable.
Dynamic
At this point, if all your settings are correct your Prestige should connect automatically to the Internet.
3.11 Single User Account
Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, you will have
to lease a block of legal, or globally unique, IP addresses from the ISP.
The Single User Account (SUA) feature allows you to have the same benefits as havi ng multip le legal
addresses, but only pay for one IP address, thus saving significantly on the subscription fees. (Check with
your ISP before you enable this feature). SUA supports popular Internet applications such as MS traceroute,
CuSeeMe, IRC, RealAudio, VDOLive, Quake and PPTP with no extra configuration needed.
3-14 Internet Access
Prestige 645 ADSL Internet Access Router
Figure 3-8 Single User Account Topology
The IP address for the SUA can be either fixed or dynamically assigned by the ISP. In addition, you can
designate servers; for example, a web server and a telnet server, on your local network and make them
accessible to the outside world. If you do not define any server, SUA offers the additional benefit of firewall
protection. If no server is defined, all incoming inquiries will be filtered out by your Prestige, thus
preventing intruders from probing your network. Your Prestige accomplishes this address sharing by
translating the internal LAN IP addresses to a single address that is globally unique on the Internet. For more
information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
3.11.1 Advantages of SUA
In summary:
" SUA is a cost-effective solution for small offices to access the Internet or other remote TCP/IP
networks.
" SUA supports servers to be accessible to the outside world.
" SUA can provide firewall protection if you do not specify a server. All incoming inquiries will be
filtered out by your Prestige.
Internet Access 3-15
Prestige P645 ADSL Internet Access Router
" UDP and TCP packets can be routed. In addition, partial ICMP, including echo and traceroute, is
supported.
3.11.2 Single User Account Configuration
The steps for configuring your Prestige for Single User Account are identical to the conventional Internet
access with the exception that you need to fill in two extra fields in Menu 4 - Internet Access Setup, as
shown below.
Menu 4 - Internet Access Setup
SUA
ISP's Name= 1
Encapsulation= ENET ENCAP
Multiplexing= LLC-based
VPI #= 10
VCI #= 10
Service Name= N/A
My Login= N/A
My Password= N/A
Single User Account= Yes
IP Address Assignment= Static
IP Address= 192.168.1.100
ENET ENCAP Gateway= 192.168.1.1
Press ENTER to Confirm or ESC to Cancel:
Figure 3-9 Menu 4 – Internet Access Setup for Single User Account
To enable the SUA feature in menu 4, move the cursor to the Single User Account field and select Yes (or
No to disable SUA). Then follow the instructions on how to configure the SUA fields.
Table 3-6 Single User Account Menu Fields
FIELD DESCRIPTION
Single User Account
Use the [SPACE BAR] to select Yes to enable SUA or No to
disable it.
IP Address Assignment
IP Address
Use the [SPACE BAR] to select Static or Dynamic.
With Dynamic in the IP Address Assignment field, this field
will be N/A; otherwise, enter the static IP address here.
Press [ENTER] at the message [Press ENTER to Confirm ...] to save your configuration,
or press [ESC] at any time to cancel.
3-16 Internet Access
Prestige 645 ADSL Internet Access Router
3.12 Multiple Servers behind SUA
If you wish, you can make inside servers for different services, e.g., web or FTP, visible to outside users,
even though SUA makes your whole inside network appear as a single machine to the outside world. A
service is identified by the port number, e.g., web service is on port 80 and FTP on port 21.
As an example, if you have a web server at 192.168.1.2 and an FTP server 192.168.1.3, then you need to
specify for port 80 (web) the server at IP address 192.168.1.2 and for port 21 (FTP) another at IP address
192.168.1.3.
Please note that a server can support more than one service, e.g., a server can provide both FTP and DNS
service, while another provides only web service. Also, since you need to specify the IP address of a server
in the Prestige, a server must have a fixed IP address and not be a DHCP client whose IP address potentially
changes each time it is turned on.
In addition to the servers for specific services, SUA supports a default server. A service request that does not
have a server explicitly designated for it is forwarded to the default server. If the default server is not
defined, the service request is simply discarded.
To make a server visible to the outside world, specify the port number of the service and the inside IP address
of the server in Menu 15 - Multiple Server Configuration.
3.12.1 Configuring a Server behind SUA
Follow the steps below to configure a server behind SUA:
1. Enter 15 in the main menu to go to Menu 15 - Multiple Server Configuration.
2. Enter an index number in menu 15 to go to Menu 15.1 - SUA Server Configuration.
3. Enter the service port number in the Port # field and the inside IP address of the server in the IP
Address field.
4. Press [ENTER] at the “Press [ENTER] to confirm …” prompt to save your configuration after you
define all the ser ve rs or press [ESC] at any time to cancel.
Internet Access 3-17
Prestige P645 ADSL Internet Access Router
Menu 15 - Multiple Server Configuration
Port #
---1 Default 192.168.1.33
2.21 192.168.1.34
3.23 192.168.1.35
4.25 192.168.1.36
5.80 192.168.1.37
6. 0 0.0.0.0
7. 0 0.0.0.0
8. 0 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 3-10 Multiple Server Configuration
The most often used port numbers are:
Table 3-7 Services vs. Port number
SERVICES PORT NUMBER
FTP (File Transfer Protocol) 21
Telnet 23
SMTP (Simple Mail Transfer Protocol) 25
DNS(Domain Name System) 53
IP Address
---------------
HTTP (Hyper Text Transfer protocol or WWW, Web) 80
PPTP (Point-to-Point Tunneling Protocol) 1723
3-18 Internet Access
Advanced Applications
PPaarrtt IIII:
:
Advanced Applications
This part describes Remote Node Configuration, Remote Node TCP/IP Configuration, IPX
Configuration and Bridging Setup.
II
Prestige P645 ADSL Internet Access Router
Chapter 4
Remote Node Configuration
This chapter is about parameters that are protocol independent. The protocol-dependent
configuration will be covered in subsequent chapters.
A remote node is required for placing calls to a remote gateway. A remote node represents both the remote
gateway and t he network behind it across a WAN connection. Note that when yo u use menu 4 to set up
Internet access, you are actually configuring one of the remote nodes.
4.1 Remote Node Setup
This section describes the protocol-independent parameters for a remote node.
4.1.1 Remote Node Profile
To configure a remote node, follow these steps:
Step 1. In the main menu, enter 11 to open menu 11 - Remote Node Setup.
Step 2. When menu 11 appears, as shown below, enter the number of the remote node that you wish to
configure.
Menu 11 - Remote Node Setup
1. ChangeMe (ISP, SUA)
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
Enter Node # to Edit:
Figure 4-1 Menu 11 – Remote Node Setup
When Menu 11.1 - Remote Node Profile appears fill in the fields to define this remote profile.
Descriptions and information about configuring the fields is given in the table that follows.
Remote Node Configuration 4-1
Prestige P645 ADSL Internet Access Router
4.1.2 Encapsulation & Multiplexing Scenarios
For Internet Access you should use the encapsulation and multiplexing methods used by your ISP. Fo r a
LAN-to-LAN application, e.g., branch office and corporate headquarters, prior mutual agreement on
methods used is necessary because there is no mechanism to automatically determine
encapsulation/multiplexing. Selection of which encapsulatio n and multiplexing methods to use depends on
how many VCs you have and how many different network protocols you need. The extra overhead that
PPPoE and ENET ENCAP encapsulation entails makes it a poor choice in a LAN-to-LAN application.
Here are some examples of more suitable combinations in such an application.
Scene 1. One VC, Multiple Protocols
PPP (RFC 2364) encapsulation with VC-based multiplexing is the best combination because the extra
protocol identifying headers that LLC-based multiplexing uses are unneeded. The PPP protocol already
contains this information.
Scene 2. One VC, One Protocol (IP)
Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0
octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to
select PPP encapsulation instead of RFC-1483, so you don’t need to reconfigure when the time comes.
Scene 3. Multiple VCs
If you have an equal number (or more) of VCs than the number of protocols, then select RFC-1483
encapsulation and VC-based multiplexing.
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe
Active= Yes
Encapsulation= PPP
Multiplexing= VC-based
Incoming:
Rem Login=
Rem Password=********
Outgoing:
My Login= oscar
My Password= ********
Authen= CHAP/PAP
Route= IP
Bridge= No
Edit PPP Options= No
Rem IP Addr= 0.0.0.0
Edit IP/IPX/Bridge= No
Session Options:
Edit Filter Sets= No
PPPoE Idle Timeout (sec)= N/A
PPPoE Service Name= N/A
Schedule Sets= N/A
Enter a unique
name, up to eight
characters, for the
remote node.
Use 0.0.0.0 to
connect to your
ISP or enter the IP
address of the
remote gateway
Press ENTER to CONFIRM or ESC to CANCEL:
here.
Figure 4-2 Menu 11.1 Remote Node Profile
Table 4-1 Remote Node Profile Menu Fields
4-2 Remote Node Configuration
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
Rem Node Name This is a required field [?]. Enter a descriptive name for the
remote node, for example, “Changeme”. This field can be up to
eight characters. This name must be unique from any other
remote node name.
Active
Encapsulation=
Multiplexing=
Press the [SPACE BAR] to select either Yes or No. Inactive
nodes are displayed with a minus sign (-) at the beginning of
the name in menu 11.
PPP refers to RFC 2364, "PPP Encapsulation over ATM
Adaptation Layer 5". If RFC 1483 ("Multiprotocol Encapsulation
over ATM Adaptation Layer 5") or ENET ENCAP are selected,
then the Rem Login, Rem Password, My Login, My
Password, Edit PPP Options and Authen fields will not be
applicable (N/A). Moreover, ENET ENCAP encapsulation does
not apply for IPX routing.
Press the [SPACE BAR] to select either VC-based or
LLC-based multiplexing.
Changeme
No
PPP
LLC-based
Incoming: Rem
Login
Name
Incoming: Rem
Password
Outgoing: My Login Enter the login name for your Prestige when it calls this remote
Outgoing: My
Password
Outgoing: Authen
Route This field determines the protocols that your Prestige will route.
Enter the login name that this remote node will use when it calls
your Prestige.
The login name in this field combined with the Rem Node
Password will be used to authenticate this node.
Enter the password used when this remote node calls your
Prestige.
node.
Enter the password for your Prestige when it calls this remote
node.
This field sets the authentication protocol used for outgoing
calls.
Options for this field are:
CHAP/PAP - Your Prestige will accept either CHAP or PAP
when requested by this remote node.
CHAP - accept CHAP only.
PAP - accept PAP only.
Options are IP, IPX, IP+!PX and None; although with ENET
bucket
***
oscar
***
CHAP/PAP
IP
Remote Node Configuration 4-3
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
ENCAP the only available protocol is IP.
Bridge Bridging is used for protocols that are not supported by the
Prestige, e.g., SNA, or are not turned on in the previous Route
field. Select Yes to enable and No to disable. When bridging is
enabled, your Prestige will forward any packet that it does not
route to this remote node; otherwise, the packets are discarded.
Edit PPP Options Only available when using PPPoE or PPP. To edit the PPP
options for this remote node, move the cursor to this field, use
the [SPACE BAR] to select Yes and press [ENTER]. This will
bring you to Menu 11.2 - Remote Node PPP Options. For
more information on configuring PPP options, see the section
Editing PPP Options
.
No
(default)
No
(default)
Rem IP Addr Enter the IP address of the remote gateway or leave this field
set to 0.0.0.0 for connecting to your ISP.
Edit IP/IPX/Bridge
Session Options:
Edit Filter Sets
PPPoE Idle
Timeout (sec)
PPPoE Service
Name
Schedule Sets Only available when using PPPoE. You can select up to four
Once you have completed filling in Menu 11.1 – Remote Node Profile, press [ENTER] at the message
[Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
Press the [SPACE BAR] to select Yes and press [ENTER] to go
to Menu 11.3 - Remote Node Network Layer Options menu.
Use the [SPACE BAR] to select Yes in this field and press
[ENTER] to open menu 11.5 to edit the filter sets. See the
Remote Node Filter section for more details.
This value specifies the number of idle seconds that elapse
before the Prestige automatically disconnects the PPPoE
session.
Only available when PPPoE encapsulation is used. Enter the
name of your PPPoE service provider. This is the same as
Service Name in menu 4.
schedule sets here and configure them in menu 26. For more
details, please see the Call Scheduling chapter.
0.0.0.0
No
No
(default)
N/A
N/A
N/A
4.1.3 Outgoing Authentication Protocol
For obvious reasons you should generally employ the strongest authentication protocol possible. However,
some vendors’ implementation includes a specific authentication protocol in the user profile. It will
disconnect if the negotiated protocol is different from that in the user profile, even when the negotiated
protocol is stronger than specified. If you encounter a case where the peer disconnects right after a
4-4 Remote Node Configuration
Prestige P645 ADSL Internet Access Router
successful authentication, please make sure that you specify the correct authentication protocol when
connecting to such an implementation.
4.1.4 Editing PPP Options
To edit the remote node PPP Options, move the cursor to the Edit PPP Options field in Menu 11.1 Remote Node Profile, and use the [SPACE BAR] to select Yes. Press [ENTER] to open menu 11.2, as
shown next.
Menu 11.2 - Remote Node PPP Options
Encapsulation= Standard PPP
Compression= No
Press Space Bar to Toggle.
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 4-3 Menu 11.2 - Remote Node PPP Options
The following table describes the Remote Node PPP Options Menu, and contains instructions on how to
configure the PPP options fields.
Table 4-2 Remote Node PPP Options Menu Fields
FIELD DESCRIPTION EXAMPLE
Encapsulation
Compression Turn on/off Stac Compression. The default for this
Once you have completed filling in Menu 11.2 – Remote Node PPP Options, press [ENTER] at the
message [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
Select CISCO PPP only when this remote node is a
Cisco machine; otherwise, select the Standard PPP.
field is Off.
Standard PPP
Off
(Default)
4.1.5 Remote Node Filter
Use Menu 11.5 – Remote Node Filter to specify the filter set(s) to apply to the incoming and outgoing
traffic between this remote node and the Prestige. You can specify up to four filter sets separated by
commas, e.g., 1, 5, 9, 12, in each filter field. The Prestige comes with default filter number 6 applied. This
filter blocks FTP, Telnet, TFTP and HTTP from coming in from the WAN.
Remote Node Configuration 4-5
Prestige P645 ADSL Internet Access Router
Note that spaces are accepted in this field. For more information on defining the filters, see the section on
Filter Configuration.
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 6
device filters=
Output Filter Sets:
protocol filters=
device filters=
Figure 4-4 Menu 11.5 – Remote Node Filter
Enter here to CONFIRM or ESC to CANCEL:
4-6 Remote Node Configuration
Prestige P645 ADSL Internet Access Router
Chapter 5
Remote Node TCP/IP Configuration
This chapter shows you how to configure the TCP/IP parameters of a remote node.
A typical LAN-to-LAN application is to use your Prestige to connect a branch office to the headquarters, as
depicted in the following diagram.
5.1 LAN-to-LAN Application
Figure 5-1 TCP/IP LAN-to-LAN Application
For the branch office, you need to configure a remote node in order to dial out to the headquarters.
Additionally, you may also need to define static routes if some services reside beyond the immediate
remote LAN.
5.1.1 Editing TCP/IP Options
Follow the steps below to edit Menu 11.3 - Remote Node Network Layer Options shown next.
In menu 11.1, move the cursor to the Edit IP/IPX/Bridge, then press the [SPACE BAR] to select Yes.
Press [ENTER]
There are two versions of menu 11.3 for the Prestige, depending on whether you chose VC-based or LLC-
based multiplexing in menu 11.1.
Remote Node TCP/IP Configuration 5-1
to open Menu 11.3 - Network Layer Options.
Prestige P645 ADSL Internet Access Router
VC-Based Multiplexing
Remember that for VC-based multiplexing, by prior mutual agreement, a protocol is assigned a sp ecific
virtual circuit, e.g., VC1 will carry IP, VC2 will carry IPX etc.
Menu 11.3 - Remote Node Network Layer Options
IPX Options :
Rem LAN Net #= N/A
My WAN Net #= N/A
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
IP Address Assignment = Dynamic
My WAN Addr= 0.0.0.0
Single User Account= No
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-2B
Multicast= None
IP Policies=
VPI #= 0
VCI #= 35 Enter here to Confirm
Press Space Bar to Toggle.
Figure 5-2 Menu 11.3 for VC-based multiplexing with RFC 1483 and ENET ENCAP
In this case, separate VPI and VCI numbers must be specified for each protocol.
Hop Count= N/A
Tick Count= N/A
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)=N/A
Dial-On-Query= N/A
VPI #= N/A
VCI #= N/A
Bridge Options:
Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= N/A
VPI #= N/A
VCI #= N/A
Or ESC to Cancel:
LLC-based multiplexing
For LLC-based multiple xing, one VC carries multiple protocols with protocol identifying information
being contained in each packet header.
5-2 Remote Node TCP/IP Configuration
Prestige P645 ADSL Internet Access Router
Menu 11.3 - Remote Node Network Layer Options
VPI/VCI (LLC-mux or PPP/PPPoE Encap):
VPI #= 0
VCI #= 35
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
IP Address Assignment = Dynamic
My WAN Addr= 0.0.0.0
Single User Account= Yes
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= None
IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
IPX Options :
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)=N/A
Dial-On-Query= N/A
Bridge Options:
Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Figure 5-3 Menu 11.3 for LLC-based multiplexing
In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for
the VPI is 1 to 255 and for the VCI is 32 to 65535 (1 to 32 is reserved for local management of ATM
traffic).
The following diagram explains the Sample IP Addresses to help you understand the My Wan Addr field
in menu 11.3. Refer to the section on Internet access for a brief review of what a WAN IP is. My WAN
Addr indicates the local Prestige WAN IP while Rem IP Address indicates the peer WAN IP.
Remote Node TCP/IP Configuration 5-3
Prestige P645 ADSL Internet Access Router
Figure 5-4 Sample IP Addresses for a TCPI/IP LAN-to-LAN Connection
To configure the TCP/IP parameters of a remote node, first configure the fields in Menu 11.1 – Remote
Node Profile, as shown in the next table. For more details on the IP Option fields, refer to the section on
Internet access.
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe
Active= Yes
Encapsulation= PPP
Multiplexing= VC-based
Incoming:
Rem Login=
Rem Password=********
Outgoing:
My Login= oscar
My Password= ********
Authen= CHAP/PAP
Route= IP
Bridge= No
Edit PPP Options= No
Rem IP Addr= 0.0.0.0
Edit IP/IPX/Bridge= No
Session Options:
Edit Filter Sets= No
PPPoE Idle Timeout (sec)= N/A
PPPoE Service Name= N/A
Schedule Sets= N/A
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 5-5 Menu 11.1 Remote Node Profile
5-4 Remote Node TCP/IP Configuration
Prestige P645 ADSL Internet Access Router
Table 5-1 TCP/IP related fields in Remote Node Profile
FIELD DESCRIPTION EXAMPLE
Route
Make sure IP is among the protocols in the Route field in
IP
Menu 11.1 - Remote Node Profile. Options are IP, IPX,
IP+IPX and None; although with ENET ENCAP the only
available protocol is IP.
Rem IP Address
Enter the IP address of the remote gateway in Menu 11.1 -
0.0.0.0
Remote Node Profile. You must fill in either the remote
Prestige WAN IP address or the remote Prestige LAN IP
address. This depends on the remote router’s WAN IP i.e., for
the (remote) Prestige, the My WAN Addr settings in Menu
11.3 – Remote Node Network Layer Options). For example
(see Figure 5-4), if the remote WAN IP is set to 172.16.0.2 (the
remote router’s WAN IP), then you should enter 172.16.0.2 in
the Rem IP Address field. If the remote WAN IP is 0.0.0.0,
then enter 192.168.1.1(the remote router’s LAN IP) in the Rem
IP Address field).
Edit IP/IPX/Bridge
Press the [SPACE BAR] to select Yes in this field and then
No
press [ENTER] to go to Menu 11.3 - Remote Node Network
Layer Options.
The following table shows the TCP/IP related fields in Menu 11.3 - Remote Node Network Layer
Options.
Menu 11.3 - Remote Node Network Layer Options
IPX Options :
Rem LAN Net #= N/A
My WAN Net #= N/A
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
IP Address Assignment = Dynamic
My WAN Addr= 0.0.0.0
Single User Account= No
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-1
Multicast= None
IP Policies=
VPI #= 0
VCI #= 35 Enter here to Confirm
Press Space Bar to Toggle.
Hop Count= N/A
Tick Count= N/A
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)=N/A
Dial-On-Query= N/A
VPI #= N/A
VCI #= N/A
Bridge Options:
Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= N/A
VPI #= N/A
VCI #= N/A
Or ESC to Cancel:
Figure 5-6 Menu 11.3 for VC-based multiplexing with RFC 1483 and ENET ENCAP
Remote Node TCP/IP Configuration 5-5
Prestige P645 ADSL Internet Access Router
Table 5-2 TCP/IP Remote Node Configuration
FIELD DESCRIPTION EXAMPLE
Rem IP Address This will show the IP address you entered for this remote node in
the previous menu.
Rem IP Subnet
Mask
Enter the subnet mask for the remote network. 255.255.255.0
172.16.0.2
IP Address
Assignment
My WAN Addr Some implementations, especially the UNIX derivatives, require
Single User
Account
Metric The metric represents the “cost” of transmission for routing
Private This parameter determines if the Prestige will include the route to
RIP Direction
Version=
Press the [SPACE BAR] to select Static for a fixed IP address
given by an ISP or Dynamic for the IP address to be assigned
automatically by a server each time the remote node logs on.
the WAN link to have a separate IP network number from the
LAN and each end must have a unique address within the WAN
network number. If this is the case, enter the IP address
assigned to the WAN port of your Prestige.
Note that this is the address assigned to your local Prestige
WAN, not the remote router. If the remote router is a Prestige,
then this entry determines the local Prestige Rem IP Address in
menu 11.1 (see Table 5-1).
Use the [SPACE BAR] to select either Yes or No. Set this field to
Yes to enable the Single User Account feature for your Prestige.
See the section on Internet access for more information on the
Single User Account feature.
purposes. IP routing uses hop count as the measurement of cost,
with a minimum of 1 for directly connected networks. Enter a
number that approximates the cost for this link. The number need
not be precise, but it must be between 1 and 15. In practice, 2 or
3 is usually a good number.
this remote node in its RIP broadcasts. If set to Yes, this route is
kept private and not included in RIP broadcast. If No, the route to
this remote node will be propagated to other hosts through RIP
broadcasts.
Press the [SPACE BAR] to select the RIP direction from Both/In
Only/Out Only or None.
Press the [SPACE BAR] to select the RIP version from RIP-
1/RIP-2B/RIP-2M.
Dynamic
No
2
No
Both
(default)
RIP-1
(default)
5-6 Remote Node TCP/IP Configuration
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
Multicast IGMP (Internet Group Multicast Protocol) is a session-layer
protocol used to establish membership in a Multicast group. The
P645R supports both IGMP version 1 (IGMP-v1) and version 2
(IGMP-v2). Press the [SPACE BAR] to enable IP Multicasting or
select None (default) to disable it.
None
(default)
IP Policies You can apply up to four IP Policy sets (from twelve) by entering
their numbers separated by commas.
VPI (VC –based
ENET ENCAP
and RFC 1483)
VCI (VC –based
ENET ENCAP
and RFC 1483)
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to menu 11.
Press [ENTER] at the message [Press ENTER to Confirm...] to save your configuration, or press [ESC] at
any time to cancel.
Enter the Virtual Path Identifier (VPI) number that your telephone
company supplies.
Enter the Virtual Channel Identifier (VCI) number that your
telephone company supplies.
3,4,5,6
0
35
5.1.2 Static Route Setup
Static routes tell the Prestige routing information that it cannot learn automatically through other means.
This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is
directly connected to a remote node. Each remote node specifies only the network to which the gateway is
directly connected, and the Prestige has no knowledge of the networks beyond.
For instance, the Prestige knows about network N2 in the following diagram through remote node Router 1.
However, the Prestige is unable to route a packet to network N3 because it doesn’t know that there is a
route through remote node Router 1 (via Router 2). The static routes are for you to tell the Prestige about
the networks beyond the remote nodes.
Remote Node TCP/IP Configuration 5-7
Prestige P645 ADSL Internet Access Router
Figure 5-7 Example of Static Routing Topology
Menu 12 - Static Route Setup
1. IP Static Route
2. IPX Static Route
3. Bridge Static Route
Please enter selection:
Figure 5-8 Menu 12 Static Route Setup
Menu 12 Static Route Setup is shown above. This section describes how to configure an IP static route.
See the following chapters for IPX configuration and bridging setup. To configure an IP static route, enter 1
in menu 12 to go to Menu 12.1 – IP Static Route Setup, as shown next. From menu 12.1, enter the index
number of the static route you wish to edit to open Menu 12.1.1 - Edit IP Static Route.
5-8 Remote Node TCP/IP Configuration
Prestige P645 ADSL Internet Access Router
Menu 12.1 - IP Static Route Setup
1. Tokyo
2. Seoul
3. Taipei
4. ________
5. ________
6. ________
7. ________
8. ________
Enter selection number:
Figure 5-9 Menu 12.1 - IP Static Route Setup
Menu 12.1.1 - Edit IP Static Route
Route #: 1
Route Name= Tokyo
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to Confirm or ESC to Cancel:
Figure 5-10 Menu 12.1.1 - Edit IP Static Route
The following table describes the fields for Menu 12.1.1 – Edit IP Static Route Setup.
Table 5-3 Edit IP Static Route Menu Fields
FIELD DESCRIPTION
Route Name Enter a descriptive name for this route. This is for identification purposes only.
Active
Destination IP
Address
Use the [SPACE BAR] to select Yes to activate or No to deactivate this static route.
This parameter specifies the IP network address of the final destination. Routing is
always based on network number. If you need to specify a route to a single host, use
a subnet mask of 255.255.255.255 in the subnet mask field to force the network
number to be identical to the host ID.
IP Subnet Mask Enter the subnet mask for this destination.
Gateway IP
Address
Enter the IP address of the gateway. The gateway is an immediate neighbor of your
Prestige that will forward the packet to the destination. On the LAN, the gateway must
be a router on the same segment as your Prestige; over WAN, the gateway must be
the IP address of one of the remote nodes.
Remote Node TCP/IP Configuration 5-9
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION
Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses
hop count as the measurement of cost, with a minimum of 1 for directly connected
networks. Enter a number that approximates the cost for this link. The number need
not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good
number.
Private This parameter determines if the Prestige will include the route to this remote node in
its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP
broadcasts. If No, the route to this remote node will be propagated to other hosts
through RIP broadcasts.
Once you have completed filling in the Edit IP Static Route, press [ENTER] to return to menu 12.1. Press
[ENTER] at the message [Press ENTER to Confirm...] to save your configuration, or press [ESC] at any
time to cancel.
5-10 Remote Node TCP/IP Configuration
Prestige P645 ADSL Internet Access Router
Chapter 6
IPX Configuration
This chapter shows you how to configure the IPX parameters of the Prestige.
6.1 IPX Network Environment
Novell bundles the protocol stack, the server software and routing functionality in their NetWare server
products, so a NetWare server is not only a file or print server, it is also a router.
6.1.1 Network and Node Number
Every IPX machine has a network number and a node number, together they form the complete address of
the machine. The IPX network number is a 32-bit quantity and is usually expressed in 8 hexadecimal
digits, e.g., 0893A8CF. The host number is a 48-bit quantity and usually is taken from the MAC (Media
Access Control) address of the Ethernet hardware, so you don’t have to explici t ly configure the node
number.
An IPX client obtains its network number from a server that has the network numbers statically configured.
If there are multiple servers on a network, only one server needs to have the network numbers configured
and all other stations (clients and servers) can obtain the network numbers from it. The server with
configured network numbers is called a seed router.
If you have a NetWare server on the same LAN as the Prestige 645R, we recommend that you set up a
NetWare server as a seed router. Even though the Prestige 645R is capable of functioning as a seed router,
a NetWare server offers a much more extensive facility for network management.
6.1.2 Frame Types
IPX can run on top of four different frame types on the Ethernet. These frame types are 802.2, 802.3,
Ethernet II (DIX) and SNAP (Sub-Network Access Protocol). Each frame type is a separate logical
network, even though they exist on one physical cable (see the following diagram).
Although there are four frame types available on the Ethernet, you should configure as few frame types as
possible on your NetWare server and use automatic frame detection on the clients to simplify management
and to reduce network overhead.
6.1.3 External Network Number
Each of the four logical networks (based on frame type) has its own external network number.
IPX Configuration 6-1
Prestige P645 ADSL Internet Access Router
6.1.4 Internal Network Number
In addition to the external network numbers, each NetWare server has its own internal network number that
is a virtual network to which the server is attached. It is important to remember that every network number
must be unique for that entire internetwork, either internal or external.
Figure 6-1 NetWare Server
6.2 Prestige in an IPX Environment
There are two scenarios in which your Prestige 645R is deployed, depending on whether there is a NetWare
server on the LAN, as depicted in the following diagram.
6-2 IPX Configuration
Figure 6-2 Prestige 645R in an IPX Environment
6.2.1 Prestige 645R on LAN with Server
Prestige P645 ADSL Internet Access Router
If your Prestige is on a LAN with a seed router, you do not need to configure the LAN network numbers.
Your Prestige will learn the network number from the seed router and add the routes to its routing table.
6.2.2 Prestige 645R on LAN without Server
Each IPX network must have a seed ro uter. If you only have NetWa re clients on your netwo rk, then you
must configure the Prestige as a seed router and set up unique network numbers for each frame type enabled
using the Ethe rnet Setup Menu.
IPX Configuration 6-3
Prestige P645 ADSL Internet Access Router
6.3 IPX Ethernet Setup
From Menu 3 - Ethernet Setup, enter 3 to go to M e nu 3.3 - Novell IPX Ethernet Setup as shown in the
figure below.
Menu 3.3 - Novell IPX Ethernet Setup
Seed Router= No
Frame Type 802.2= Yes
IPX Network #= N/A
Frame Type 802.3= No
IPX Network #= N/A
Frame Type Ethernet II= No
IPX Network #= N/A
Frame Type SNAP= No
IPX Network #= N/A
Press Space Bar to Toggle.
Enter here to CONFIRM or ESC to CANCEL:
Figure 6-3 Menu 3.3 - Novell IPX Ethernet Setup
The following table describes the Novell IPX Ethernet Setup Menu.
Table 6-1 Novell IPX Ethernet Setup Fields
FIELD DESCRIPTION EXAMPLE
Seed Router
Frame Type Enable/Disable the individual frame type.
IPX Network#If your Prestige 645R is a seed router, enter a
Press [ENTER] at the message [Press ENTER to Confirm ...] to save your
configuration, or press [ESC] at any time to cancel.
Select Yes or No to determine if your Prestige 645R
is to act as a seed router.
Remember to enable only the ones that are actually
used on your network. 802.2, 802.3, Ethernet II and
SNAP
unique network number for each frame type enabled.
No
No
N/A
6-4 IPX Configuration
Prestige P645 ADSL Internet Access Router
6.4 LAN-to-LAN Application with Novell IPX
A typical LAN-to-LAN application is to use your Prestige 645R to call from a branch office to the
corporate headquarters to enable the stations in the branch office to access the NetWare servers at the
headquarters, as depicted in the figure below.
Figure 6-4 LAN-to-LAN Application with Novell IPX
6.4.1 IPX Remote Node Setup
Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 Remote Node Profile. For the IPX-specific parameters in Menu 11.3 - Remote Node Network Layer
Options follow the instructions below.
Step 1. In menu 11.1, make sure IPX is among the protocols in the Route field. (The Route field should
display Route = IPX or Route = IP + IPX.)
IPX Configuration 6-5
Prestige P645 ADSL Internet Access Router
Step 2. Move the cursor to the Edit IP/IPX/Bridge field, then press the space bar to select Yes and
press [ENTER]
to open Menu 11.3 - Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
VPI/VCI (LLC-mux or PPP/PPPoE Encap):
VPI #= 0
VCI #= 35
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
IP Address Assignment = Dynamic
My WAN Addr= 0.0.0.0
Single User Account= Yes
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= None
IP Policies=
Press ENTER to CONFIRM or ESC to CANCEL:
IPX Options :
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)=N/A
Dial-On-Query= N/A
Bridge Options:
Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Figure 6-5 Menu 11.3 - Remote Node Novell IPX Options
The table below describes the IPX-specific parameters of the remote node setup.
Table 6-2 Remote Node Novell IPX Options
FIELD DESCRIPTION EXAMPLE
Rem LAN Net#In this field, enter the internal network number of the NetWare
server on the remote LAN.
My WAN Net#In this field, enter the network number of the WAN link. If you leave
this field as 00000000, your Prestige will determine automatically
the network number through negotiation with the PPP peer.
Hop Count This field indicates the number of intermediate networks that must
be passed through to reach the remote node.
Tick Count This field indicates the time-ticks required to reach the remote node. 2
W/D
Spoofing(min)
This field is for the P645R on the server side. Your Prestige 645R
can spoof a response to a server’s watchdog request after the
connection is dropped. In this field, type in the time (number of
minutes) that you want your Prestige 645R to spoof the watchdog
response.
00000000
00000000
(default)
(default)
(default)
1
6-6 IPX Configuration
Prestige P645 ADSL Internet Access Router
FIELD DESCRIPTION EXAMPLE
SAP/RIP
Timeout (min)
This field indicates the amount of time that you want your Prestige to
maintain the SAP and RIP entries learned from this remote node in
its internal tables after the connection has been dropped. If this
information is retained, then your Prestige will not have to get the
SAP information when the line is brought back up. Enter the time
(number of minutes) in this field.
Dial - On Query
This field is necessary for your Prestige on the client side. When set
to Yes, any Get Service SAP or RIP broadcasts will trigger your
No
Prestige to make a call to that remote mode.
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to menu
11.1. Then press [ENTER] at the message [Press ENTER to Confirm] to save your configuration,
press [ESC] to cancel.
6.4.2 IPX Static Route Setup
Similar to IP, IPX static routes tell the Prestige 645R how to reach servers beyond a remote node before a
connection to that remote node is established.
From menu 12, select 2 to bring up Menu 12.2 IPX Static Route Setup, then select one of the IPX Static
Routes to open Menu 12.2.1 - Edit IPX Static Route, as shown next.
Menu 12.2.1 - Edit IPX Static Route
Route #= 3
Server Name= ?
Active= Yes
Network #= ?
Node #= 000000000001
Socket #= 0451
Type #= 0004
Hop Count= 2
Tick Count= 3
Gateway Node= 1
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-6 Menu 12.2.1 - Edit IPX Static Route
IPX Configuration 6-7
Prestige P645 ADSL Internet Access Router
The following table contains the instructions on how to configure the Edit IP Static Route Menu.
Table 6-3 Edit IPX Static Route Menu Fields
FIELD DESCRIPTION
Route # The number of this static route that you chose in menu 12.2.
Server Name
Active
Network # This field contains the internal network number of the remote server that you wish to
Node # This field contains the address of the node on which the server resides. If you are
Socket # This field contains the socket number on which the server will receive service
Type # This field identifies the type of service the server provides. The default for this field is
Gateway
Node
Hop Count
and Tick
Count
Once you have completed filling in the menu, press [ENTER] at the message [Press ENTER to
Confirm…] to save your configuration, or press [ESC] to cancel.
In this field, enter the name of the server. This must be the exact name configured in
the NetWare server.
Use the [SPACE BAR] to select Yes to activate or No to deactivate this IPX static
route.
access. [00000000] or [FFFFFFFF] are reserved.
using a Novell IPX implementation, this value is [000000000001].
requests. The default for this field is hex [0451].
hex [0004].
In this field, enter the number of the remote node that is the gateway for this static
route.
These two fields have the same meaning as those in the Ethernet setup.
6-8 IPX Configuration
Prestige P645 ADSL Internet Access Router
Chapter 7
Bridging Setup
This chapter shows you how to configure the bridging parameters of your Prestige.
7.1 Bridging in General
Bridging bases the forwarding decision on the MAC (Media Access Control), or hardware address, while
routing does it on the network layer (IP or IPX) address. Bridging allows the Prestige 645R to transport
packets of network layer protocols that the Prestige 645R does not route, e.g., SNA, from one network to
another. The caveat is that, compared to routing, bridging generates more traffic for the same network layer
protocol and it also demands more CPU cycles and memory.
For efficiency reasons, do not turn on bridging unless you need to support protocols other than IP and IPX on
your network. For IP and IPX, enable the respective routing if you need it; do not bridge what the Prestige
645R can route.
7.2 Bridge Ethernet Setup
Basically, all non-local packets are bridged to the WAN; however, your Prestige 645R applies special
handling for certain IPX packets to reduce the number of calls, depending on the setting of the Handle IPX
field.
From Menu 3 - Ethernet Setup, enter 4 to bring up Me nu 3.4 - Bridge Ethernet Setup as shown next.
Menu 3.4 - Bridge Ethernet Setup
Handle IPX= None
Press Space Bar to Toggle.
Bridging Setup 7-1
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-1 Menu 3.4 - Bridge Ethernet Setup
Prestige P645 ADSL Internet Access Router
The following table describes how to configure the Handle IPX field in menu 3.4.
Table 7-1 Bridge Ethernet Setup Menu - Handle IPX Field Configuration
HANDLE IPX
FIELD OPTIONS
None
Client
Server
When there is no IPX traffic on the LAN or when you do not want to apply any
special handling for IPX.
When there are only client computers on the LAN. RIP and SAP (Service
Advertising Protocol) response packets will not trigger calls.
When there are only IPX servers on the LAN. No RIP or SAP packets will trigger
calls. In addition, during the time when the line is down, your Prestige 645R will
reply to watchdog messages from the servers on behalf of remote clients. The
period of time that your Prestige 645R will do this is linked to the Ethernet Address
Timeout parameter in each remote node (see Remote Node Configuration). When a
remote Ethernet address is aged out, there is no need to maintain its connection to
the IPX server.
DESCRIPTION
7.2.1 Remote Node Bridging Setup
Follow the procedure in Chapter 5 to configure the protocol-independent parameters in Menu 11.1 - Remote
Node Profile. For bridging-specific parameters, you need to configur e Menu 11.3 - Remote Node Network
Layer Options.
To set up Menu 11.3 - Remote Node Network Layer Options follow these steps:
Step 1. In menu 11.1, make sure the Bridge field is set to Yes.
7-2 Bridging Setup
Prestige P645 ADSL Internet Access Router
Step 2. Move the cursor to the Edit IP/IPX/Bridge field, then press the [SPACE BAR] to select Yes
to open Menu 11.3 - Network Layer Options.
and press [ENTER]
Menu 11.3 - Remote Node Network Layer Options
VPI/VCI (LLC-mux or PPP/PPPoE Encap):
VPI #= 0
VCI #= 35
IP Options:
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
IP Address Assignment = Dynamic
My WAN Addr= 0.0.0.0
Single User Account= Yes
Metric= 2
Private= No
RIP Direction= None
Version= RIP-1
Multicast= None
IP Policies=
Enter here to CONFIRM or ESC to CANCEL:
IPX Options :
Rem LAN Net #= 00000000
My WAN Net #= 00000000
Hop Count= 1
Tick Count= 2
W/D Spoofing(min)= N/A
SAP/RIP Timeout(min)=N/A
Dial-On-Query= N/A
Bridge Options:
Dial-On-Broadcast= N/A
Ethernet Addr Timeout(min)= 0
Figure 7-2 Menu 11.3 - Remote Node Bridging Options
The following table describes the bridging-specific parameters in Menu 11.1 - Remote Node Profile and
Menu 11.3 - Remote Node Network Layer Options menus.
Table 7-2 P645R Remote Node Network Layers Menu Bridge Options
FIELD DESCRIPTION
Bridge (menu 11.1)
Edit IP/IPX/Bridge
(menu 11.1)
Make sure this field is set to Yes.
Press the [SPACE BAR] to change it to Yes and press [ENTER] to go to Menu
11.3 –Remote Node Network Layer Options.
Dial-On-Broadcast
(menu 11.3)
This field is necessary for your Prestige on the caller side LAN. When set to Yes,
any broadcasts coming from the LAN will trigger your Presige to make a call to
this remote node. If it is set to No, your Prestige will not make the outgoing call.
Ethernet Addr
Timeout (min) (menu
11.3)
In this field, enter the time (number of minutes) that you wish your Prestige 645R
to retain the Ethernet Addr information in its internal tables while the line is down.
If this information is retained, your Prestige 645R will not have to recompile the
tables when the line is brought back up.
Bridging Setup 7-3
Prestige P645 ADSL Internet Access Router
Once you have completed filling in the Network Layer Options Menu, press [ENTER] to return to menu
11.1. Then press [ENTER] at the message [Press ENTER to Confirm…] to save your configuration, or
press [ESC] to cancel.
7.3 Bridge Static Route Setup
Similar to network layer static routes, a bridging static route tells the Prestige 645R about the route to a node
before a connection is established. You configure bridge static routes in menu 12.3.1, by pressing 3 in menu
12 and then selecting one of the bridge static routes as shown below.
Menu 12.3 - Bridge Static Route Setup
1. ________
2. ________
3. ________
4. ________
Enter selection number:
Figure 7-3 Menu 12.3 - Bridge Static Route Setup
Menu 12.3.1 - Edit Bridge Static Route
Route #: 21
Route Name=
Active= No
Ether Address= ?
IP Address=
Gateway Node= 1
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-4 Menu 12.3.1 - Edit Bridge Static Route
7-4 Bridging Setup
Prestige P645 ADSL Internet Access Router
The following table describes the Bridge Static Route Menu.
Table 7-3 Bridge Static Route Menu Fields
FIELD DESCRIPTION
Route Name Enter a name for the bridge static route for identification purposes.
Active
Ether Address Enter the MAC address of the destination machine that you wish to bridge the packets
IP Address If available, enter the IP address of the destination machine that you wish to bridge the
Gateway Node Enter the number of the remote node that is the gateway of this static route.
Once you have completed filling in this menu, press [ENTER] at the message [Press ENTER to
Confirm…] to save your configuration, or press [ESC] to cancel.
Use the [SPACE BAR] to select Yes to activate or No to deactivate the static route.
to.
packets to.
Bridging Setup 7-5
Advanced Management
PPaarrtt IIIIII:
:
Advanced Management
Advanced Management provides information on Filter Configuration, SNMP Configuration,
System Maintenance, Firmware and Configuration and Firmware File Maintenance, IP Policy
Routing, Call Scheduling and Troubleshooting. Also included are Appendices, a Glossary and the
Index.
III
Prestige 645 ADSL Internet Access Router
Chapter 8
Filter Configuration
This chapter shows you how to create and apply filter(s).
8.1 About Filtering
Your Prestige uses filters to decide whether or not to allow passage of a packet. Data filters are divided into
incoming and outgoing filters, depending on the direction of the packet relative to a port. These filters are
further subdivided into device and protocol filters, which are discussed later. Data filtering can be applied
on either the WAN side or the Ethernet side. Call filtering is used to determine if a packet should be
allowed to trigger a call. Remote node call filtering is only applicable when using PPPoE encapsulation.
Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following
figure.
Call Filtering
Outgoing
Packet
No
Data
Filtering
Drop
packet
match
Match MatchMatch
Call Filters
Drop packet
if line not up
Built-in
default
No
match
Or Or
Send packet
but do not reset
Idle Timer
User-defined
Call Filters
(if applicable)
Drop packet
if line not up
Send packet
but do not reset
Idle Timer
No
match
Active Data
Initiate call
if line not up
Send packet
and reset
Idle Timer
Figure 8-1 Outgoing Packet Filtering Process
For incoming packets, your Prestige applies data filters only. Packets are pro cessed depending upon
whether a match is found. The following sections describe how to configure filter sets.
The following sections describe how to configure filter sets.
Filter Configuration 8-1
Prestige 645 ADSL Internet Access Router
The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve
filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter
rules and protocol filter rules within the same set.
Six sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from
triggering calls and to prevent incoming telnetting. A summary of their filter rules is shown in the figures
that follow and section 8.4 also has example.
The factory configured filters in SMT menu 21.3 are designed to block incoming telnet from the WAN
(DSL) port. Do not configure SMT menu 3.1 filter rules to block all telnet from the Ethernet. This would
block the telnet connection from your computer to the Prestige.
The following diagram illustrates the logic flow when executing a filter rule.
8-2 Filter Configuration
Fetch Next
Filter Set
Prestige 645 ADSL Internet Access Router
Start
Packet
into Filter
Fetch First
Filter Set
Filter Set
Fetch First
Filter Rule
Yes
Yes
Next Filter Set
Available?
No
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter
set having up to six rules, you can have a maximum of 2 4 rules active for a single port.
No
Figure 8-2 Filter Rule Process
Next Filter Rule
Available?
Fetch Next
Filter Rule
Check Next Rule
Drop
Execute Filter
Rule
Forward
Accept PacketDrop Packet
Filter Configuration 8-3
Prestige 645 ADSL Internet Access Router
n
8.2 Configuring a Fil t er Set
To configure a filter set, follow this procedure:
Step 1. Enter 21 from the main menu to open Menu 21 - Filter Set Configuration.
Menu 21 - Filter Set Configuration
Filter
Set #
-----1
2
3
4
5
6
Comments
-----------------NetBIOS_WAN
NetBIOS_LAN
TELNET_WAN
PPPoE
FTP_WAN
FTP_TELNET_WEB
Enter Filter Set Number to Configure=
Edit Comments= NetBIOS_WAN
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 8-3 Menu 21 - Filter Set Configuration
Filter
Set #
-----7
8
9
10
11
12
Comments
-----------------______________
______________
______________
______________
______________
______________
Step 2. Enter the index of the filter set you wish to configure (no. 1-12) and press [ENTER]
.
Step 3. Enter a descriptive name or comment in the Edit Comments field and press [ENTER].
Step 4. Press [ENTER] at the message: [Press ENTER to co nfirm] to open M enu 21.1 - Filter Rules
Summary.
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m
- - ---- -------------------------------------------- --------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure: 1
Figure 8-4 NetBIOS_WAN Filter Rules Summary
8-4 Filter Configuration
Prestige 645 ADSL Internet Access Router
Menu 21.2 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - -
1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F
2 Y
3 Y
4 Y
5 Y
6 Y
Enter Filter Rule Number (1-6) to Configure: 1
Figure 8-5 NetBIOS _LAN Filter Rules Summary
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F
2 N
3 N
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure: 1
Figure 8-6 Telnet Filter Rules Summary
Filter Configuration 8-5
Prestige 645 ADSL Internet Access Router
Menu 21.4 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - 1 Y Gen Off=12, Len=2, Mask=ffff, Value=8863 N F N
2 Y Gen Off=12, Len=2, Mask=ffff, Value=8864 N F D
3 N
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 8-7 PPPoE Filter Rules Summary
Menu 21.5 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------------------------- - - 1 Y IP PR=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D F
2 N
3 N
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 8-8 FTP _WAN Filter Rules Summary
8-6 Filter Configuration
Prestige 645 ADSL Internet Access Router
In filter rule 6, FTP_TELNET_WEB, the WEB means that HTTP and TFTP traffic are blocked.
Menu 21.6 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N
2 N IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D N
3 N IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N
4 N IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=69 N D F
5 N
6 N
Enter Filter Rule Number (1-6) to Configure: 1
Figure 8-9 FTP_TELNET_WEB Filter Rules Summary
8.2.1 Filter Rules Summary Menu
This screen shows a summary of the existing rules in an example filter set. The following tables contain a
brief description of the abbreviations used in menu 21.1.
Table 8-1 Abbreviations Used in the Filter Rules Summary Menu
ABBREVIATIONS DESCRIPTION DISPLAY
# Refers to the filter rule number (1-6).
A Shows whether the rule is active or
not.
[Y] means the filter rule is active.
[N] means the filter rule is inactive.
Type Refers to the type of filter rule. [GEN] = Generic.
[IP] = TCP/IP.
Filter Rules The filter rule parameters will be
displayed here (see below).
M
Refers to More. More in a set
behaves like a logical AND i.e., the
set is only matched if ALL rules in it
[Y] means there are more rules to check.
[N] means there are no more rules to check.
are matched.
[Y] means an action can not yet be
taken as there are more rules to
Filter Configuration 8-7
Prestige 645 ADSL Internet Access Router
ABBREVIATIONS DESCRIPTION DISPLAY
check, which are concatenated with
the present rule to form a rule chain.
When the rule chain is complete an
action can be taken.
[N] means you can now s pecify an
action to be taken i.e., forward the
packet, drop the packet or check the
next rule. For the latter, the next rule
is independent of the rule just
checked.
If More is Yes, then Action Matched
and Action Not Matched will be N/A.
M
N
Refers to Action Matched.
[F] means to forward the packet
immediately and skip checking the
remaining rules.
Refers to Action Not Matched.
[F] means to forward the packet
immediately and skip checking the
remaining rules.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
The protocol dependent filter rules abbreviations are listed as follows:
! If the filter type is IP, the abbreviations listed in the following table will be used.
Table 8-2 Abbreviations Used If Filter Type Is IP
ABBREVIATION DESCRIPTION
Pr Protocol
SA Source Address
SP Source Port number
DA Destination Address
DP Destination Port number
8-8 Filter Configuration
Prestige 645 ADSL Internet Access Router
•
Abbreviations Used If Filter Type Is IPX
Table 8-3 Abbreviations Used If Filter Type Is IPX
ABBREVIATION DESCRIPTION
PT IPX Packet Type
SS Source Socket
DS Destination Socket
! If the filter type is GEN (generic), the abbreviations listed in the following table will be used.
Table 8-4 Abbreviations Used If Filter Type Is GEN
ABBREVIATION DESCRIPTION
Off Offset
Len Length
Refer to the next section for information on configuring the filter rules.
8.3 Configuri ng a Fil t er Rule
To configure a filter rule, enter its number in Menu 21.1 - Filter Rules Summary and press [ENTER] to
open menu 21.1.1 for the rule.
There are three types of filter rules: TCP/IP, IPX and Generic. Depending on the type of rule, the
parameters below the type will be different. Use the [SPACE BAR] to select the type of rule that you wish
to create in the Filter Type field and press [ENTER] to open the respective menu.
To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters.
The class of a filter set is determined by the first rule that you create. When applying the filter sets to a
port, separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set
in a device filters field or vice versa, the Prestige will warn you and will not allow you to save.
8.3.1 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on
the fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rule, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to
open Menu 21.1.1 - TCP/IP Filter Rule, as shown next.
Filter Configuration 8-9
Prestige 645 ADSL Internet Access Router
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
Source: IP Addr= 0.0.0.0
TCP Estab= No
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Figure 8-10 Menu 21.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
Table 8-5 TCP/IP Filter Rule Menu Fields
FIELD DESCRIPTION EXAMPLE
Active
IP Protocol
IP Source Route IP source route is an optional header that dictates the
Destination: IP
Addr
Destination: IP
Mask
Destination: Port # Enter the destination port of the packets that you wish to
Destination: Port #
Comp
Use Yes to activate and No to deactivate the filter rule. Yes
Protocol refers to the upper layer protocol, e.g., TCP is 6,
UDP is 17 and ICMP is 1. This value must be between 0
and 255
route an IP packet takes from its source to its destination.
If Yes, the rule applies to any packet with an IP source
route. The majority of IP packets do not have source route.
Enter the destination IP Address of the packet you wish to
filter. This field is a don’t-care if it is 0.0.0.0.
Enter the IP subnet mask to apply to the Destination: IP
Addr.
filter. The range of this field is 0 to 65535. This field is a
don’t-care if it is 0.
Select the comparison (either None, Less, Greater, Equal
or Not Equal) to apply to the destination port in the packet
against the value given in Destination: Port #.
6
No
0.0.0.0
255.255.255.1
1378
Greater
8-10 Filter Configuration
Loading...