Page 1
Prestige 310
Broadband Sharing Gateway
User’s Guide
Version 2.51
Nov 2000
Page 2
Prestige 310 Broadband Sharing Gateway
Prestige 310
Broadband Sharing Gateway
Copyright
Copyright © 2000 by ZyXEL Communications Corporation.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a
retrieval system, translated into any language, or transmitted in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written
permission of ZyXEL Communications Corporation.
Published by ZyXEL Communications Corporation. All rights reserved.
Disclaimer
ZyXEL does not assume any liability arising out of the application or use of any products, or software
described herein. Neither does it convey any license under its patent rights nor the patent rights of others.
ZyXEL further reserves the right to make changes in any products described herein without notice. This
publication is subject to change without notice.
Trademarks
Trademarks mentioned in this publication are used for identification purposes only and may be properties of
their respective owners.
ii Copyright
Page 3
Prestige 310 Broadband Sharing Gateway
Federal Communications Commission (FCC) Interference Statement
This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions:
This device may not cause harmful interference.
This device must accept any interference received, including interference that may cause undesired
operations.
This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy, and if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications.
If this equipment does cause harmful interference to radio/television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and the receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Notice 1
Changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment.
Notice 2
Shielded RS-232 cables are required to be used to ensure compliance with FCC Part 15, and it is the
responsibility of the user to provide and use shielded RS-232 cables.
FCC iii
Page 4
Prestige 310 Broadband Sharing Gateway
Information for Canadian Users
The Industry Canada label identifies certifi ed equi pme nt. This certification means that the equipment meet s
certain telecommunications network protective, operation, and safety requirements. The Industry Canada
does not guarantee that the equipment will operate to a user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of
the local telecommunications company. The equipment must also be installed using an acceptable method of
connection. In some cases, the company's inside wiring associated with a single line individual service may be
extended by means of a certified connector assembly. The customer should be aware that the compliance
with the above conditions may not prevent degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by
the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may
give the telecommunications company cause to request the user to disconnect the equipment.
For their own protection, users should ensure that the electrical ground connections of the power utility,
telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution
may be particularly important in rural areas.
Caution
Users should not attempt to make such connectio ns the mse lv es, but should contact the appropriate electrical
inspection authority, or electrician, as appropriate.
Note
This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus set
out in the radio interference regulations of Industry Canada.
iv Information for Canadian Users
Page 5
Prestige 310 Broadband Sharing Gateway
CE v
Page 6
Page 7
We, the Manufacturer/Importer,
(reference to the specification under which conformity is declared)
Prestige 310 Broadband Sharing Gateway
Declaration of Conformity
ZyXEL Communications Corp.
No. 6, Innovation Rd. II,
Science-Based Industrial Park,
Hsinchu, Taiwan, 300 R.O.C
declare that the product
Prestige 310
is in conformity with
Standard
• EN 55022
• EN 61000-3-2
• EN 61000-3-3
• EN 61000-4-2
• EN 61000-4-3
• EN 61000-4-4
• EN 61000-4-5
• EN 61000-4-6
• EN 61000-4-8
• EN61000-4-11
Standard Item
Radio disturbance characteristics – Limits and method of
measurement.
Disturbance in supply system caused by household appliances
and similar electrical equipment “Harmonics”.
Disturbance in supply system caused by household appliances
and similar electrical equipment “Voltage fluctuations”.
Electrostatic discharge immunity test – Basic EMC Publication 1995
Radiated, radio-frequency, electromagnetic field immunity test 1996
Electrical fast transient / burst immunity test - Basic EMC
Publication
Surge immunity test 1995
Immunity to conducted disturbances, induced by radio-frequency
fields
Voltage dips, short interruptions and voltage variations immunity
tests
Version
1994
1995
1995
1995
1996
1993
1994
Declaration of Conformity vii
Page 8
Prestige 310 Broadband Sharing Gateway
ZyXEL Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or
workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon
proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials,
ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either
parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper
operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product
of equal value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product is
modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions.
Note
Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This
warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability
or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential
damages of any kind of character to the purchaser.
To obtain the services of this warranty, contact ZyXEL's Service Center; refer to the separate Warranty Card
for your Return Material Authorization number (RMA). Products must be returned Postage Prepaid. It is
recommended that the unit be insured when shipped. Any returned products without proof of purchase or
those with an out-dated warranty will be repaired or replaced (at the discretion of ZyXEL) and the customer
will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the
corresponding return address, Postage Paid (USA and territories only). If the customer desires some other
return destination beyond the U.S. borders, the customer shall bear the cost of the return shipment. This
warranty gives you specific legal rights, and you may also have other rights that vary from state to state.
Please register your ZyWALL (fast , eas y online reg ist rat io n at www.zyxel.com) for free
product updates and information.
viii ZyXEL Limited Warranty
Page 9
Prestige 310 Broadband Sharing Gateway
Customer Support
If you have questions about your ZyXEL product or desire assistance, contact ZyXEL Communications
Corporation offices worldwide, in one of the ways listed below.
When Contacting Customer Support Representative
When you contact your customer support representative have the following information ready:
• Prestige Model and serial number
• Information in Menu 24.2.1 –System Information
• Warranty Information
• Date you received your Prestige
• Brief description of the problem and the steps you took to solve it.
Method
Region
Worldwide
North
America
EMAIL – Support Telephone Web Site
EMAIL – Sales Fax FTP Site
support@zyxel.com.tw
support@europe.zyxel.com
sales@zyxel.com.tw +886-3-578-2439 ftp.europe.zyxel.com
support@zyxel.com +1-714-632-0882
sales@zyxel.com +1-714-632-0858 ftp.zyxel.com
+886-3-578-3942 www.zyxel.com
www.europe.zyxel.com
www.zyxel.com
800-255-4101
Regular Mail
ZyXEL Communications
Corp., 6 Innovation Road II,
Science-Based Industrial
Park, HsinChu, Taiwan.
ZyXEL Communications Inc.,
1650 Miraloma Avenue,
Placentia, CA 92870, U.S.A.
Scandinavia
Austria
Germany
support@zyxel.dk +45-3955-0700 www.zyxel.dk
sales@zyxel.dk +45-3955-0707 ftp.zyxel.dk
support@zyxel.at +43-1-4948677-0
sales@zyxel.at
support@zyxel.de
sales@zyxel.de +49-2405-6909-99 ftp.europe.zyxel.com
0810-1-ZyXEL
0810-1-99935
+43-1-4948678
+49-2405-6909-0
0180-5213247
Tech Support hotline
0180-5099935
RMA/Repair hotline
www.zyxel.at
ftp.zyxel.at
Note: for Austrian users with *.at
domain only!
www.zyxel.de
ZyXEL Communications A/S,
Columbusvej 5, 2860
Soeborg, Denmark.
ZyXEL Communications
Services GmbH.,
Thaliastrasse 125a/ 2/2/ 4,
A-1160 Vienna, Austria
ZyXEL Deutschland GmbH.,
Adenauerstr. 20/A4, D-5 214 6
Wuerselen, German y.
Customer Support ix
Page 10
Page 11
Prestige 310 Broadband Sharing Gateway
Table of Contents
Copyright...................................................................................................................................................ii
Federal Communications Commission (FCC) Interference Statement ................................................... iii
Information for Canadian Users...............................................................................................................iv
ZyXEL Limited Warranty......................................................................................................................viii
Customer Support...........................................................................................................................ix
When Contacting Customer Support Representative...............................................................................ix
Table of Contents............................................................................................................................xi
List of Figures..............................................................................................................................xvii
List of Tables.................................................................................................................................xxi
Preface .......................................................................................................................................xxiii
Part I:.............................................................................................................................................I
Chapter 1 : Getting to Know Your Prestige ..................................................................................1-1
1.1 The Prestige 310 Broadband Sharing Gateway.......................................................................... 1-1
1.2 Quick Feature Overview of the Prestige 310 ............................................................................. 1-1
1.3 Detailed Features of the Prestige 310......................................................................................... 1-1
1.4 Applications for Prestige 310..................................................................................................... 1-3
1.4.1 Broadband Internet Access via Cable or xDSL Modem.................................................... 1-3
1.5 Internet Access Configuration Checklist.................................................................................... 1-3
Chapter 2
Table of Contents xi
: Hardware Installation & Initial Setup .........................................................................2-1
2.1 Front Panel LEDs and Back Panel Ports.................................................................................... 2-1
2.1.1 Front Panel LEDs............................................................................................................... 2-1
2.2 Prestige 310 Rear Panel and Connections.................................................................................. 2-2
2.3 Additional Installation Requirements.........................................................................................2-3
2.4 Power Up Your Prestige............................................................................................................. 2-4
2.5 Navigating the SMT Interface.................................................................................................... 2-5
2.5.1 Main Menu......................................................................................................................... 2-6
2.5.2 System Management Terminal Interface Summary........................................................... 2-6
Page 12
Prestige 310 Broadband Sharing Gateway
2.6 Changing the System Password..................................................................................................2-7
2.6.1 Resetting the Prestige..........................................................................................................2-7
2.7 General Setup..............................................................................................................................2-8
2.7.1 Dynamic DNS .....................................................................................................................2-8
2.7.2 Configuring Dynamic DNS.................................................................................................2-9
2.8 WAN Setup...............................................................................................................................2-10
2.9 LAN Setup................................................................................................................................2-11
2.9.1 LAN Port Filter Setup.......................................................................................................2-12
Chapter 3 : Internet Access..........................................................................................................3-1
3.1 TCP/IP and DHCP for LAN.......................................................................................................3-1
3.1.1 Factory LAN Defaults......................................................................................................... 3-1
3.1.2 IP Address and Subnet Mask..............................................................................................3-1
3.1.3 Private IP Addresses...........................................................................................................3-2
3.1.4 RIP Setup............................................................................................................................3-2
3.1.5 DHCP Configuration...........................................................................................................3-3
3.1.6 IP Multicast.........................................................................................................................3-3
3.1.7 IP Alias ...............................................................................................................................3-4
3.2 TCP/IP and DHCP Ethernet Setup..............................................................................................3-4
3.2.1 IP Alias Setup .....................................................................................................................3-7
3.3 Internet Access Setup..................................................................................................................3-8
3.3.1 Ethernet Encapsulation .......................................................................................................3-8
3.3.2 PPTP Encapsulation..........................................................................................................3-10
3.3.3 Configure PPTP Client......................................................................................................3-11
3.3.4 PPPoE Encapsulation ........................................................................................................3-11
3.4 Internet Test Setup....................................................................................................................3-13
3.5 Basic Setup Complete...............................................................................................................3-13
Part II:...........................................................................................................................................II
Chapter 4
Chapter 5 Remote Node Setup.....................................................................................................5-1
xii Table of Contents
: SUA and Multiple SUA Servers.................................................................................4-1
4.1 Single User Account (SUA)........................................................................................................4-1
4.1.1 Basics..................................................................................................................................4-1
4.1.2 Single User Account Configuration....................................................................................4-2
4.2 Multiple Servers behind SUA.....................................................................................................4-3
4.2.1 Configuring a Server behind SUA......................................................................................4-3
Page 13
Prestige 310 Broadband Sharing Gateway
5.1 Remote Node Profile.................................................................................................................. 5-1
5.1.1 Ethernet Encapsulation....................................................................................................... 5-1
5.1.2 PPTP Encapsulation...........................................................................................................5-3
5.1.3 PPPoE Encapsulation......................................................................................................... 5-4
5.2 Editing TCP/IP Options (with Ethernet Encapsulation)............................................................. 5-6
5.2.1 Editing TCP/IP Options (with PPTP Encapsulation)......................................................... 5-7
5.2.2 Editing TCP/IP Options (with PPPoE Encapsulation)....................................................... 5-9
5.3 Remote Node Filter.................................................................................................................. 5-10
Chapter 6 : IP Static Route Setup................................................................................................6-1
6.1 IP Static Route Setup ................................................................................................................. 6-2
Part III:.........................................................................................................................................III
Chapter 7
Chapter 8 : SNMP Configuration..................................................................................................8-1
Chapter 9 : System Information & Diagnosis ...............................................................................9-1
: Filter Configuration....................................................................................................7-1
7.1 About Filtering........................................................................................................................... 7-1
7.1.1 The Filter Structure of the Prestige .................................................................................... 7-2
7.2 Configuring a Filter Set.............................................................................................................. 7-4
7.2.1 Filter Rules Summary Menu .............................................................................................. 7-6
7.2.2 Configuring a Filter Rule ................................................................................................... 7-7
7.2.3 TCP/IP Filter Rule.............................................................................................................. 7-7
7.2.4 Generic Filter Rule........................................................................................................... 7-12
7.3 Example Filter.......................................................................................................................... 7-14
7.3.1 Before you begin.............................................................................................................. 7-14
7.3.2 Filter Configuration Steps................................................................................................ 7-14
7.4 Filter Types and SUA............................................................................................................... 7-17
7.5 Applying a Filter and Factory Defaults.................................................................................... 7-18
7.5.1 LAN traffic...................................................................................................................... 7-18
7.5.2 Remote Node Filters......................................................................................................... 7-18
8.1 SNMP......................................................................................................................................... 8-1
8.1.1 SNMP Configuration.......................................................................................................... 8-2
9.1 System Status............................................................................................................................. 9-2
9.2 System Information and Console Port Speed............................................................................. 9-4
9.2.1 System Information............................................................................................................ 9-4
Table of Contents xiii
Page 14
Prestige 310 Broadband Sharing Gateway
9.2.2 Console Port Speed.............................................................................................................9-5
9.3 Log and Trace.............................................................................................................................9-5
9.3.1 Viewing Error Log..............................................................................................................9-6
9.3.2 UNIX Syslog.......................................................................................................................9-6
9.3.3 Call-Triggering Packet ......................................................................................................9-10
9.4 Diagnostic.................................................................................................................................9-11
9.4.1 WAN DHCP .....................................................................................................................9-11
Chapter 10
10.1 Filename conventions...............................................................................................................10-1
10.2 Backup Configuration...............................................................................................................10-2
10.3 Restore Configuration...............................................................................................................10-4
10.4 Upload Firmware......................................................................................................................10-5
1.2 Upload Router Configuration File............................................................................................10-9
Chapter 11 : System Maintenance & Information......................................................................11-1
: Transferring Files...................................................................................................10-1
10.1.1 Firmware Development.....................................................................................................10-2
10.4.1 Upload Router Firmware via the Console Port.................................................................10-6
10.4.2 Upload Router Firmware using FTP.................................................................................10-6
1.1.1 Example - Using the FTP command from the DOS Prompt.............................................10-7
1.1.1 Upload Router Firmware using TFTP...............................................................................10-8
1.1.2 Example Using TFTP To Upload Prestige Firmware.......................................................10-9
1.2.1 Upload Router Configuration File using the Console Port ...............................................10-9
1.2.2 Upload Router Configuration File using FTP.................................................................10-10
1.2.3 Upload Router Configuration File using TFTP...............................................................10-11
11.1 Command Interpreter Mode......................................................................................................11-1
11.2 Call Control Support.................................................................................................................11-1
11.2.1 Budget Management.........................................................................................................11-2
11.2.2 Call History.......................................................................................................................11-3
11.3 Time and Date Setting ..............................................................................................................11-4
11.4 Boot commands........................................................................................................................11-6
Chapter 12 : Call Schedule Setup ..............................................................................................12-1
12.1.1 Applying A Schedule Set..................................................................................................12-3
Chapter 13
13.1 About Telnet Configuration......................................................................................................13-1
xiv Table of Contents
: Telnet Configuration and Capabilities....................................................................13-1
Page 15
Prestige 310 Broadband Sharing Gateway
13.2 Telnet Under SUA.................................................................................................................... 13-1
13.3 Telnet Capabilities ................................................................................................................... 13-1
13.3.1 Single Administrator........................................................................................................13-1
13.3.2 System Timeout................................................................................................................ 13-2
Part IV: ........................................................................................................................................IV
Chapter 14 : Troubleshooting.....................................................................................................14-1
14.1 Problems Starting Up the Prestige............................................................................................ 14-1
14.2 Problems with the LAN Interface............................................................................................ 14-2
14.3 Problems with the WAN interface........................................................................................... 14-2
14.4 Problem with Remote Node or ISP Connection....................................................................... 14-3
14.5 Problems with Internet Access................................................................................................. 14-3
14.6 General Instructions................................................................................................................. 14-3
Appendix A: PPTP..........................................................................................................................E
What is PPTP?.......................................................................................................................................... E
How can we transport PPP frames from a PC to a broadband modem over Ethernet? ............................ E
PPTP and the Prestige.............................................................................................................................. E
PPTP Protocol Overview.......................................................................................................................... E
Control & PPP connections.......................................................................................................................F
Appendix B: PPPoE....................................................................................................................... G
Appendix C: Hardware Specifications.............................................................................................I
Appendix D: Important Safety Instructions.....................................................................................K
Glossary of Terms...........................................................................................................................L
Index...............................................................................................................................................S
Table of Contents xv
Page 16
Page 17
Prestige 310 Broadband Sharing Gateway
List of Figures
Figure 1-1 Internet Access Application................................................................................................... 1-3
Figure 2-1 Front Panel............................................................................................................................ 2-1
Figure 2-2 Prestige 310 Rear Panel and Connections..............................................................................2-2
Figure 2-3 Initial Screen .......................................................................................................................... 2-4
Figure 2-4 P assword Screen..................................................................................................................... 2-5
Figure 2-5 Prestige 310 Main Menu....................................................................................................... 2-6
Figure 2-6 Menu 23 - System Security .................................................................................................... 2-7
Figure 2-7 Menu 1 – General Setup......................................................................................................... 2-9
Figure 2-8 Configure Dynamic DNS..................................................................................................... 2-10
Figure 2-9 Menu 2 – WAN Setup ...........................................................................................................2-11
Figure 2-10 Menu 3 - LAN Setup............................................................................................................ 2-12
Figure 2-11 Menu 3.1 – LAN Port Filter Setup....................................................................................... 2-12
Figure 3-1 Physical Network................................................................................................................... 3-4
Figure 3-2 Partitioned Logical Networks................................................................................................. 3-4
Figure 3-3 Menu 3 - LAN Setup (10/100 Mbps Ethernet)....................................................................... 3-5
Figure 3-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup...................................................................... 3-5
Figure 3-5 Menu 3.2.1 - IP Alias Setup................................................................................................... 3-7
Figure 3-6 Internet Access Setup (Ethernet)............................................................................................ 3-8
Figure 3-7 Internet Access Setup (PPTP) ...............................................................................................3-11
Figure 3-8 Internet Access (PPPoE) ...................................................................................................... 3-12
Figure 3-9 Internet Setup Test Example................................................................................................. 3-13
Figure 4-1 An Example of Single User Account Topology..................................................................... 4-1
Figure 4-2 Menu 4 - Internet Access Setup for Single User Account...................................................... 4-2
Figure 4-3 Multiple Server Configuration ............................................................................................... 4-4
Figure 5-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation ................................................ 5-1
List of Figures xvii
Page 18
Prestige 310 Broadband Sharing Gateway
Figure 5-2 Remote Node Profile for PPTP Encapsulation ....................................................................... 5-3
Figure 5-3 Menu 11.1 Remote Node Profile for PPPoE Encapsulation ...................................................5-5
Figure 5-4 Remote Node Network Layer Options...................................................................................5-6
Figure 5-5 Remote Node Network Layer Options...................................................................................5-7
Figure 5-6 Remote Node Network Layer Options...................................................................................5-9
Figure 5-7 Remote Node Filter (Ethernet Encapsulation) ......................................................................5-11
Figure 5-8 Remote Node Filter (PPTP/PPPoE Encapsulation................................................................5-11
Figure 6-1 Example of Static Routing Topology......................................................................................6-1
Figure 6-2 Menu 12 - IP Static Route Setup.............................................................................................6-2
Figure 6-3 Menu 12. 1 - Edit IP Static Route ...........................................................................................6-2
Figure 7-1 Outgoing Packet Filtering Process..........................................................................................7-1
Figure 7-2 Filter Rule Process..................................................................................................................7-3
Figure 7-3 Menu 21 - Filter Set Configuration.........................................................................................7-4
Figure 7-4 NetB IOS_WAN Filter Rules Summary...................................................................................7-5
Figure 7-5 NetBIOS _LAN Filter Rules Summary ..................................................................................7-5
Figure 7-6 TEL_FTP_WEB_WAN Filter Rules Summary......................................................................7-5
Figure 7-7 Menu 21.1.1 - TCP/IP Filter Rule...........................................................................................7-8
Figure 7-8 Executing an IP Filter ...........................................................................................................7-11
Figure 7-9 Menu 21.4.1 - Generic Filter Rule ........................................................................................7-12
Figure 7-10 Filter Example.......................................................................................................................7-14
Figure 7-11 Example Filter - Menu 21.3.1...............................................................................................7-15
Figure 7-12 Example Filter Rules Summary – Menu 21.3....................................................................... 7-16
Figure 7-13 Example Filter Rules Summary............................................................................................7-17
Figure 7-14 Protocol and Device Filter Sets.............................................................................................7-17
Figure 7-15 Filtering LAN Traffic............................................................................................................7-18
Figure 7-16 Filtering Remote Node Traffic..............................................................................................7-19
Figure 8-1 SNMP Management Model ....................................................................................................8-1
xviii List of Figures
Page 19
Prestige 310 Broadband Sharing Gateway
Figure 8-2 Menu 22 - SNMP Configuration............................................................................................ 8-2
Figure 9-1 Menu 24 - System Maintenance............................................................................................. 9-1
Figure 9-2 Menu 24.1 - System Maintenance – Status ............................................................................ 9-2
Figure 9-3 Menu 24.2 – System Information and Console Port Speed................................................... 9-4
Figure 9-4 Menu 24.2.1 System Maintenance - Information.................................................................. 9-4
Figure 9-5 Menu 24.2.2 – System Maintenance – Change Console Port Speed .................................... 9-5
Figure 9-6 Examples of Error and Information Messages....................................................................... 9-6
Figure 9-7 Examples of Error and Information Messages....................................................................... 9-6
Figure 9-8 Menu 24.3.2 - System Maintenance – UNIX Syslog............................................................. 9-7
Figure 9-9 Call-Triggering Packet Example.......................................................................................... 9-10
Figure 9-10 Menu 24.4 - System Maintenance - Diagnostic ....................................................................9-11
Figure 9-11 WAN & LAN DHCP............................................................................................................ 9-12
Figure 10-1 Menu 24.5 - System Maintenance - Backup Configuration (via console port).................... 10-3
Figure 10-2 Backup Example Using HyperTerminal.............................................................................. 10-3
Figure 10-3 Successful Backup Confirmation Screen............................................................................. 10-3
Figure 10-4 Telnet into Menu 24.5 .......................................................................................................... 10-4
Figure 10-5 Menu 24.6 - System Maintenance - Restore Configuration (via console port).................... 10-4
Figure 10-6 Successful Restoration Confirmation Screen...................................................................... 10-5
Figure 10-7 Telnet into Menu 24.6 .......................................................................................................... 10-5
Figure 10-8 Menu 24.7 - System Maintenance - Upload Firmware.........................................................10-5
Figure 10-9 Menu 24.7.1 - System Maintenance - Upload Router Firmware.......................................... 10-6
Figure 10-10 Menu 24.7.1 as seen using Telnet......................................................................................... 10-7
Figure 10-11 FTP Session Example.......................................................................................................... 10-7
Figure 10-12 Menu 24.7.2 as seen using the Console Port..................................................................... 10-10
Figure 10-13 Menu 24.7.2 as seen using Telnet.......................................................................................10-11
Figure 11-1 Command Mode....................................................................................................................11-1
Figure 11-2 Call Control...........................................................................................................................11-2
List of Figures xix
Page 20
Prestige 310 Broadband Sharing Gateway
Figure 11-3 Budget Management............................................................................................................11-2
Figure 11-4 Call History..........................................................................................................................11-3
Figure 11-5 System Maintenance – Time and Date Setting.....................................................................11-5
Figure 11-6 Boot Module Commands......................................................................................................11-6
Figure 12-1 Schedule Setup.....................................................................................................................12-1
Figure 12-2 Schedule Set Setup...............................................................................................................12-2
Figure 12-3 Applying Schedule Set(s) to A Remote Node.......................................................................12-4
Figure 13-1 Telnet Configuration on a TCP/IP Network.......................................................................... 13-1
xx List of Figures
Page 21
Prestige 310 Broadband Sharing Gateway
List of Tables
Table 1-1 Internet Access Configuration Checklist................................................................................... 1-4
Table 2-1 LED functions........................................................................................................................... 2-1
Table 2-2 Terminal Emulation Software.................................................................................................... 2-4
Table 2- 3 Main Menu Commands.............................................................................................................. 2-5
Table 2-4 Main Menu Summary................................................................................................................. 2-6
Table 2-5 General Setup Menu Field ......................................................................................................... 2-9
Table 2-6 Configure Dynamic DNS Menu Fields.................................................................................... 2-10
Table 2-7 WAN Setup Menu Fields...........................................................................................................2-11
Table 3-1 LAN DHCP Setup Menu Fields................................................................................................ 3-6
Table 3-2 LAN TCP/IP Setup Menu Fields ............................................................................................... 3-6
Table 3-3 IP Alias Setup Menu Fields........................................................................................................ 3-7
Table 3-4 Internet Access Setup Menu Fields..........................................................................................3-10
Table 3-5 New Fields in Menu 4 (PPTP) screen .......................................................................................3-11
Table 3-6 New Fields in Menu 4 (PPPoE) screen ....................................................................................3-12
Table 4-1 Single User Account Menu Fields.............................................................................................. 4-2
Table 4-2 Services vs. Port number............................................................................................................ 4-4
Table 5-1 Fields in Menu 11.1 (Ethernet Encapsulation)..........................................................................5-2
Table 5-2 Fields in Menu 11.1 (PPTP Encapsulation)................................................................................ 5-3
Table 5-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only)....................................................... 5-5
Table 5-4 Remote Node Network Layer Options Menu Fields................................................................. 5-6
Table 5-5 Remote Node Network Layer Options Menu Fields................................................................. 5-8
Table 5-6 Remote Node Network Layer Options Menu Fields................................................................. 5-9
Table 6-1 IP Static Route Menu Fields....................................................................................................... 6-3
Table 7-1 Abbreviations Used in the Filter Rules Summary Menu............................................................ 7-6
Table 7-2 Abbreviations Used If Filter Type Is IP..................................................................................... 7-7
List of Tables xxi
Page 22
Prestige 310 Broadband Sharing Gateway
Table 7-3 Abbreviations Used If Filter Type Is GEN..............................................................................7-7
Table 7-4 TCP/IP Filter Rule Menu Fields.............................................................................................7-8
Table 7-5 Generic Filter Rule Menu Fields...........................................................................................7-13
Table 8-1 SNMP Configuration Menu Fields .........................................................................................8-3
Table 9-1 System Maintenance - Status Menu Fields.............................................................................9-3
Table 9-2 Fields in System Maintenance................................................................................................9-5
Table 9-3 System Maintenance Menu Syslog Parameters ......................................................................9-7
Table 9-4 System Maintenance Menu Diagnostic.................................................................................9-12
Table 10- 1 Filename Conventions...........................................................................................................10-2
Table 10-2 Third Party FTP Clients –General fields...............................................................................10-7
Table 10-3 Third Party TFTP Clients –General fields............................................................................ 10-9
Table 11-1 Budget Management.............................................................................................................11-3
Table 11-2 Call History Fields ................................................................................................................11-4
Table 11-3 Time and Date Setting Fields................................................................................................11-5
Table 12-1 Schedule Set Setup Fields.....................................................................................................12-3
Table 14-1 Troubleshooting the Start-Up of your Prestige.....................................................................14-1
Table 14-2 Troubleshooting the LAN Interface......................................................................................14-2
Table 14-3 Troubleshooting the WAN interface.....................................................................................14-2
Table 14-4 Remote Node or ISP Connection..........................................................................................14-3
Table 14- 5 Internet Access......................................................................................................................14-3
xxii List of Tables
Page 23
Prestige 310 Broadband Sharing Gateway
Preface
About Your Gateway
Congratulations on your purchase of the Prestige 310 Broadband Sharing Gateway. Don’t forget to register
your Prestige (fast, easy online registration at www.zyxel.com) for free future product updates and
information.
The Prestige 310 is a dual Ethernet broadband gateway integrated with network management features that
allows access to the Internet via Cable/xDSL modem. It is designed for:
!
Home offices and small businesses with Cable and xDSL modem via Ethernet port as Internet access
media.
!
Multiple office/department connections via access devices.
Your Prestige 310 is easy to install and to configure. The embedded web configurator is a convenient
platform-independent GUI (Graphical User Interface) that allows you to access the Prestige’s management
settings.
All functions of the Prestige 310 are also software configurable via the SMT (System Management Terminal)
interface. The SMT is a menu-driven interface that you can access from a terminal emulator through the
console port or over a telnet connection.
About This User's Manual
This manual is designed to guide you through the SMT configuration of your Prestige 310 for its various
applications.
Structure of this Manual
This manual is structured as follows:
Part I.
install and setup your Prestige to operate on your network and access the Internet.
Part II.
such as Multiple SUA Server Setup, Remote Node Setup and IP Static routes.
Part III. Advanced Management (Chapter 7 - 13) Chapters 7 - 13 provide information on Prestige
Filtering, System Information and Diagnosis, SNMP configuration, Upgrading Software and Telnet.
Part IV. Troubleshooting (Chapter 14), provides information about solving common problems as well
as some Appendices.
Getting Started
Advanced Applications
(Chapters 1-3)
(Chapters 4-6)
is structured as a step-by-step guide to help you connect,
describe the advanced applications of your Prestige,
Regardless of your particular application, it is important that you follow the steps outlined in Chapters 1-2 to
connect your Prestige to your LAN. You can then refer to the appropriate chapters of the manual, depending
on your applications.
Related Documentation
"
More detailed information about the Prestige and examples of its use can be found in our Supporting CD.
This CD contains HTML help on the Web Embedded Configurator, our handy web-based Internet access
wizard designed to get you up and running as soon as possible, the Prestige 310 manual in PDF format,
Preface xxiii
Supporting CD
Page 24
Prestige 310 Broadband Sharing Gateway
Support Notes (that include a General FAQ, an Advanced FAQ, Applications Notes, Troubleshooting,
Reference CI Commands) and bundled software.
" Read Me First
Our Read Me First is designed to help you get your Prestige up and running right away. It contains a detailed
easy to follow connection diagram, Prestige default settings, handy checklists a nd information on setting up
your PC.
" Packing List Card
Finally, you should have a Packing List Card that lists all items that should have come with your Prestige..
" ZyXEL Web Page and FTP Server Site
You can access release notes for firmware upgrades and other information at ZyXEL web pages and FTP
server sites. Refer to the Customer Support page in this User’s Guide for more information.
Syntax Conventions
• “Enter” means for you to type one or more characters and press the carriage return. “Select” or
“Choose” means for you to select one from the predefined choices.
• The SMT menu titles and labels are in Bold Times font. The choices of a menu item are in Bold Arial
font. A single keystroke is in Arial font and enclosed in square brackets, for instance, [ENTER] means
the Enter, or carriage return, key; [ESC] means the Escape Key.
• For brevity’s sake, we will use “e.g.” as a shorthand for “for instance” and “i.e.” for “that is” or “in other
words” throughout this manual.
xxiv Preface
Page 25
Prestige 310 Broadband Sharing Gateway
Part I:
Getting Started
Chapters 1-3 are structured as a step-by-step guide to help you connect, install and setup your
Prestige to operate on your network and access the Internet.
I
Page 26
Page 27
Prestige 310 Broadband Sharing Gateway
Chapter 1
Getting to Know Your Prestige
This chapter introduces the main features and applications of the Prestige as well as a checklist for
fast Internet access.
1.1 The Prestige 310 Broadband Sharing Gateway
The Prestige 310 is a dual Ethernet broadband gateway integrated with robust network management features
for Internet access via external Cable/xDSL modem. Equipped with 10Mbps Ethernet WAN port for WAN,
an auto-negotiating 10/100Mbps Ethernet port for LAN and the Single User Account (SUA) feature, the
Prestige is uniquely suited as a broadband Internet access sharing gateway for small offices and home offices.
1.2 Quick Feature Overview of the Prestige 310
• 10Mbps Ethernet for cable or xDSL modem connection.
• Auto-negotiating 10/100Mbps Ethernet.
•
IP protocol routing.
•
SUA/ NAT (Network Address Translation) enables multiple users to share a single ISP account, thereby
accessing the Internet for the cost of a single IP address.
•
Packet filtering for controlled access to and from your network.
• DHCP Server and Client Support.
•
PPPoE and PPTP Support.
• Enhanced ca l l management using Call Scheduling and Call Co nt rol.
•
IP Multicast Support.
• IP Alias
• Dynamic DNS Support.
•
Time Warner’s RoadRunner Service support.
• Time and Date Setting support.
• Easy network management via console port, Telnet, TFTP, FTP, SNMP and CI mode.
•
Built-in message logging and packet tracing and Unix syslog facility support.
•
Embedded FTP server for faster firmware upgrade and backup and restoration of configuration file.
•
Management via console or Telnet .
• File transfer via console port or use TFTP or FTP.
:
1.3 Detailed Features of the Prestige 310
Getting to Know Your Prestige 1-1
Page 28
Prestige 310 Broadband Sharing Gateway
DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows the individual clients (workstations) to obtain the
TCP/IP configuration at start-up from a centralized DHCP server. The Prestige has built-in DHCP server
capability, enabled by default, which means it can assign IP addresses, an IP de fault gateway and DNS
servers to Windows 9X, Windows NT and other systems that support the DHCP client. The Prestige can now
also act as a surrogate DHCP server (DHCP Relay) where it relays IP address assignment from the actual real
DHCP server to the clients.
Dynamic DNS Support
With Dynamic DNS support, you can have a static hostname alias for a dynamic IP address, allowing the
host to be more easily accessible from various locations on the Internet.
If you want to utilize this service, you must register for this service with a Dynamic DNS client.
PPPoE Support
PPPoE facilitates the interaction of a host with a broadband modem to achieve access to high-speed data
networks via a familiar "dial-up networking" user interface.
PPTP Support
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a
remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the
Internet.
IP Alias
The ability to partition physical network into logical network over the same Ethernet interface is referred to
as IP Alias functionality.
Call Scheduling
The Call Scheduling feature allows you to manage a remote node. You can dictate when a remote node
should be called and for how long.
Call Control
The Prestige provides budget management for outgoing calls and chronicles incoming and outgoing calls.
Full Network Management
Your Prestige offers you a variety of options for network management. It supports password protected local
and remote ne twork management via the console port or a telnet connection usin g SMT (Syste m
Management Interface). It also supports FTP (File Transfer Protocol) server for remote management, TFTP
(Trivial FTP), SNMP (Simple Network Management Protocol) and CI (Command Interpreter) mode.
Time and Date Setting
This new feature (Menu 24.10) allows you to get the current time and date from an external server when you
power up your Prestige. The real time is then displayed in the Prestige Menu 24.1- System Status and error
logs. If you do not choose a time service protocol that your timeserver will send when the Prestige powers up
1-2 Getting to Know Your Prestige
Page 29
Prestige 310 Broadband Sharing Gateway
you can enter the time manually but each time the system is booted, the time & date will be reset to 1/1/1970
0:0:0.
1.4 Applications for Prestige 310
1.4.1 Broadband Internet Access via Cable or xDSL Modem
The Prestige is the ideal high-speed Internet access solution for small offices and home offices. Your Prestige
supports the TCP/IP protocol, which is used by the Internet exclusively. A cable modem or xDSL modem
can connect to the Prestige 310 for broadband Internet access via Ethernet port on the modem. A typical
Internet access application is shown next.
Figure 1-1 Internet Access Application
1.5 Internet Access Configuration Checklist
The following table shows the minimum SMT menu configurations you’ll need to make (without changing
the default Prestige values) in order to access the Internet. Please also refer to the Supporting CD which
contains HTML help on the Web Embedded Configurator, our handy web-based Internet access wizard
designed to get you up and running as soon as possible.
Getting to Know Your Prestige 1-3
Page 30
Prestige 310 Broadband Sharing Gateway
Table 1-1 Internet Access Configuration Checklist
SMT
Menu
1 System Name This field is for identification purposes but because some ISPs check this name you
2 MAC Address:
4 Encapsulation
Once these key fields have been configured, you should be able to enjoy super-fast Internet access with your
Prestige!
Field Action
should enter your PC’s “Computer Name” Click Start -> Settings -> Control Panel ->
Network. Click the Identification tab, note the entry for the Computer name” field and
enter it as the System Name.
The default is Factory Default, which is the factory assigned default MAC Address.
Assigned By
PPTP You need to know your login name, password and connection ID/Name. The latter
PPPoE You need to know your login name, password and service name. The latter may not
IP Address
Assignment
We recommend you choose IP Address attached on LAN and enter the IP address
of the workstation on the LAN whose MAC you are cloning.
Choose PPPoE if you have a dial-up connection to the Internet (or PPTP if you
reside in France or Austria1); otherwise choose Ethernet. Choose from RR-Manager
or RR-Toshiba if your ISP is Time Warner's RoadRunner; otherwise choose
Standard.
may not be obligatory for some ISPs, but if it is you must follow the “c:id” and
“n:name” format.
be obligatory for some ISPs.
If your ISP did not assign you a fixed IP address, select Dynamic, otherwise select
Static and enter the IP address & subnet mask in the IP address and IP Subnet
Mask fields.
1
PPTP only supported in France and Austria at time of writing
1-4 Getting to Know Your Prestige
Page 31
Prestige 310 Broadband Sharing Gateway
Chapter 2
Hardware Installation & Initial Setup
This chapter shows you how to connect the hardware and perform the initial setup.
2.1 Front Panel LEDs and Back Panel Ports
2.1.1 Front Panel LEDs
The LEDs on the front panel indicate the operational status of the Prestige.
Figure 2-1 Front Panel
The following table describes the LED functions:
Table 2-1 LED functions
LEDs Function Indicator
Status
PWR Power Green On The power adapter is connected to the Prestige.
SYS System
10M LAN LAN
100M LAN Orange
Green Off The 10M LAN is not connected.
Active Description
Off The system is not ready or failed.
On The system is ready and running.
Flashing The system is rebooting.
On The Prestige is connected to a 10M LAN.
Flashing The 10M LAN is sending/receiving packets.
Off The 100M LAN is not connected.
On The Prestige is connected to a 100Mbps LAN.
Flashing The 100M LAN is sending/receiving packets.
:
Hardware Installati on & Initia l Setup 2-1
Page 32
Prestige 310 Broadband Sharing Gateway
LEDs Function Indicator
Status
WAN WAN Green
Active Description
Off The WAN Link is not ready, or has failed.
On The WAN Link is ok.
Flashing The 10M WAN link is sending/receiving packets.
2.2 Prestige 310 Rear Panel and Connections
The figure below shows the rear panel of your Prestige 310 and the connection diagram.
Figure 2-2 Prestige 310 Rear Panel and Connections
This section outlines how to connect your Prestige 310 to the LAN and the WAN. In the case of connecting a
Cable Modem you must connect the coaxial cable from your cable service to the threaded coaxial cable
connector on the back of the cable modem. Connect an xDSL Modem to the xDSL Wall Jack. Please also see
Appendix C for important safety instructions on making connections to the Prestige.
Step 1. Connecting the Console Port
2-2
Hardware Installati on & Initia l Setup
Page 33
Prestige 310 Broadband Sharing Gateway
For the initial configuration of your Prestige, you need to use terminal emulator software on a workstatio n
and connect it to the Prestige through the console port. Connect the 9-pin (smaller) end of the console cable
to the console port of the Prestige and the 25-pin (bigger) end to a serial port (COM1, COM2 or other COM
port) of your workstation. You can use an extension RS-232 cable if the enclosed one is too short. After the
initial setup, you can modify the configuration remotely through telnet connections.
Step 2. Connecting the Prestige to the Broadband Modem
Please use the cable supplied with your broadband modem to connect the broadband
modem and the Prestige.
Step 2a. Connecting the Prestige to the Cable Modem
Connect the WAN port (silver) on the Prestige to the Ethernet port on the cable modem using a straight
through Ethernet cable. The Ethernet port on the cable modem is sometimes labeled "PC" or "Workstation".
OR
Step 2b. Connecting the Prestige to the xDSL Modem
Connect the WAN port (silver) on the Prestige to the Ethernet port on the xDSL modem using a straight
through Ethernet cable.
Step 3. Connecting the Prestige to the LAN
When the Prestige Ethernet cable is correctly connected to the PC or hub, the front
panel LAN will go on.
To connect to a single PC, connect the 10/100M LAN port on the Prestige to the Network Adapter on the PC
using the white straight through cable and depress the Uplink button (“on”). If you do not depress the Uplink
button, you must use a crossover cable for this connection. If you have more than one PC, you must use an
external hub. Connect the 10/100M LAN port (gold) on the Prestige to a port on the hub using a straight
through Ethernet cable and make sure the Uplink button is not depressed (“on”).
Step 4. Connecting the Power Adapter to your Prestige
Connect the power adapter to the port labeled POWER on the rear panel of your Prestige.
Step 5. Grounding the Prestige (Optional)
Ground the Prestige by connecting a grounded wire to the F.G. (Frame Ground) of the Prestige.
2.3 Additional Installation Requirements
In addition to the contents of your package, there are other hardware and software requirements you need
before you can install and use your Prestige. These requirements include:
1. A computer with an Ethernet NIC (Network Interface Card) installed.
2. A computer equipped with communications software called terminal emulation software configured to
the following parameters:
♦ VT100 terminal emulation.
♦ 9600 Baud.
Hardware Installati on & Initia l Setup 2-3
Page 34
Prestige 310 Broadband Sharing Gateway
♦ No parity, 8 Data bits, 1 Stop bit, Flow Control set to None.
3. A cable/xDSL modem and an ISP account.
The following table lists some common names for the communications software, based on the type of
computer you are using.
Table 2-2 Terminal Emulation Software
Operating System Software
Windows 95/98 or Windows NT HyperTerminal (bundled with Windows software)
Windows 3.1 Terminal (bundled with Windows software)
Macintosh ProComm, VersaTerm (supplied separately)
After the Prestige is properly set up, you can make future changes to the configuration through telnet
connections.
2.4 Power Up Your Prestige
At this point, you should have connected the console port, the LAN port, the WAN port and the power port to
the appropriate devices or lines. Plug the power adapter into a wall outlet. The Power LED should be on. The
SYS LED will come on after the system tests are complete. The WAN LED and one of the LAN LEDs co me
on immediately after the SYS LED comes on, if connections have been made to the LAN and WAN ports.
Initial Screen
When you power on your Prestige, it performs several internal tests as well a s line initialization.
After the tests, the Prestige asks you to press [
] to continue, as shown.
Enter
Copyright (c) 1994 - 2000 ZyXEL Communications Corp.
initialize ch =0, ethernet address: 00:a0:c5:41:51:61
initialize ch =1, ethernet address: 00:a0:c5:41:51:62
Press ENTER to continue...
Figure 2-3 Initial Screen
Entering Passwo rd
The login screen appears after you press [
Enter
], prompting you to enter the password, as shown below.
For your first login, enter the default password 1234. As you type the password, the screen displays an (X)
for each character you type.
Please note that if there is no activity for longer than 5 minutes after you log in, your Prestige will
automatically log you out and will display a blank screen. If you see a blank screen, press
[Enter]
to bring up
the login screen again.
2-4
Hardware Installati on & Initia l Setup
Page 35
Prestige 310 Broadband Sharing Gateway
Enter Password : XXXX
Figure 2-4 Password Screen
2.5 Navigating the SMT Interface
The SMT (System Management Terminal) is the interface that you use to configure your Prestige.
Several operations that you should be familiar with before you attempt to modify the configuration are listed
in the table below.
Table 2-3 Main Menu Commands
Operation Keystroke Description
Move down to
another menu
Move up to a
previous menu
Move to a “hidden”
menu
Move the cursor [ENTER] or
Enter information Fill in, or
Required fields
N/A fields <N/A> Some of the fields in the SMT will show a <N/A>. This symbol
Save your
configuration
[ENTER] To move forward to a submenu, type in the number of the desired
submenu and press [ENTER].
[Esc] Press the [Esc] key to move back to the previous menu.
Press the [SPACE
BAR] to change No
to Yes then press
[ENTER].
[Up]/[Down] arrow
keys
Press the [SPACE
BAR] to toggle
>
<?
[ENTER] Save your configuration by pressing [ENTER] at the message
Fields beginning with “Edit” lead to hidden menus and have a
default setting of No. Press the [SPACE BAR] to change No to
Yes, then press [ENTER] to go to a “hidden” menu.
Within a menu, press [ENTER] to move to the next field. You can
also use the [Up]/[Down] arrow keys to move to the previous and
the next field, respectively.
You need to fill in two types of fields. The first requires you to type
in the appropriate information. The second allows you to cycle
through the available choices by pressing the [Space] bar.
All fields with the symbol <?> must be filled in order be able to
save the new configuration.
refers to an option that is Not Applicable.
[Press ENTER to confirm or ESC to cancel]. Saving the data on
the screen will take you, in most cases to the previous menu.
Hardware Installati on & Initia l Setup 2-5
Page 36
Prestige 310 Broadband Sharing Gateway
Operation Keystroke Description
Exit the SMT Type 99, then
press [ENTER].
Type 99 at the Main Menu prompt and press [ENTER] to exit the
SMT interface.
2.5.1 Main Menu
After you enter the password, the SMT displays the Prestige 310 Main Menu, as shown next.
Copyright (c) 1994 - 2000 ZyXEL Communications Corp.
Prestige 310 Main Menu
Getting Started Advanced Management
1. General Setup
2. WAN Setup
3. LAN Setup
4. Internet Access Setup
Advanced Applications
11. Remote Node Setup
12. Static Routing Setup
15. SUA Server Setup
Enter Menu Selection Number:
21. Filter Set Configuration
22. SNMP Configuration
23. System Password
24. System Maintenance
26. Schedule Setup
99. Exit
Figure 2-5 Prestige 310 Main Menu
2.5.2 System Management Terminal Interface Summary
Table 2-4 Main Menu Summary
# Menu Title Description
1 General Setup Use this menu to setup general information.
2 WAN Setup Use this menu to setup the WAN.
3 LAN Setup Use this menu to setup the LAN.
4 Internet Access Setup A quick and easy way to setup Internet connection.
11 Remote Node Setup Use this menu to setup the remote node for LAN-to-LAN connection,
including Internet connection.
12 Static Routing Setup Use this menu to setup static route.
15 SUA Setup Use this menu to specify inside servers when SUA is enabled.
2-6
Hardware Installati on & Initia l Setup
Page 37
Prestige 310 Broadband Sharing Gateway
# Menu Title Description
21 Filter Set Configuration Use this menu to setup filters to provide security.
22 SNMP Configuration Use this menu to setup SNMP related parameters
23 System Password Use this menu to setup a new password.
24 System Maintenance This menu provides system status, diagnostics, firmware upload, etc.
26 Schedule Setup Use this menu to schedule outgoing calls.
99 Exit To exit from SMT and return to the blank screen.
2.6 Changing the System Password
The first thing your should do before anything else is to change the default system password by following the
steps below.
Step 1. Enter 23 in the Main Menu to open Menu 23 - System Password as shown below.
Menu 23 - System Password
Old Password= ?
New Password= ?
Retype to confirm= ?
Enter here to CONFIRM or ESC to CANCEL:
Figure 2-6 Menu 23 - System Security
Step 2. Enter your existing password and press [Enter].
Step 3. Enter your new system password and press
[Enter]
.
Step 4. Re-type your new system password for confi rmation and press [Enter].
Note that as you type a password, the screen displays a (X) for each character you type.
2.6.1 Resetting the Prestige
If you have forgotten your password or for some reason cannot access the SMT menu you will need to
reinstall the configuration file. Uploading the configuration file replaces the current configuration file with
the default configuration file, you will lose all configurations that you had before and the speed of the
Hardware Installati on & Initia l Setup 2-7
Page 38
Prestige 310 Broadband Sharing Gateway
console port will be reset to the default of 9600bps with 8 data bit, no parity and 1 stop bit (8n1). The
password will be reset to the default of 1234, also.
Turn off the Prestige and begin a terminal emulation software session with t he de fa ult console port settings.
Turn on the Prestige again. When you see the message "Press Any key to enter Debug Mode within 3
seconds", press any key to enter debug mode. You should already have downloaded the correct file from
your nearest ZyXEL FTP site. See section 10-3 for more information on how to transfer the configuration file
to your Prestige.
2.7 General Setup
Menu 1 - General Setup contains administrative and system-related information. The fields for General
Setup are as shown next. System Name is for identification purposes. However, because some ISPs check
this name you should enter your PC’s “Computer Name” (Start -> Settings -> Control Panel -> Network.
Click the Identification tab, note the entry for the Computer name” field). It is the domain name that will be
propagated to the DHCP clients on the LAN. If you leave this blank, the domain name obtained by DHCP
from the ISP is used. While you must enter the host name (System Name) on each individual machine, the
domain name can be assigned from the Prestige via DHCP.
2.7.1 Dynamic DNS
Dynamic DNS allows you to update your current dynamic IP address with one or ma ny dynamic DNS
services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.) or access your FTP server or Web
site on your own computer using a DNS-like add ress (e.g. myhost.dhs.org, where myhost is a name of your
choice) which will never change instead of using your IP address that changes each time you reconnect. Your
friends or relatives will always be able to call you even if they don’t know your IP address.
First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people
with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name.
To use this service, you must register with the Dynamic DNS client. The Dynamic DNS Client service
provider will give you a password or key. The Prestige at the time of writing supports www.ddns.org and
www.dyndns.org clients. You can apply to either of these clients for Dynamic DNS service.
DYNDNS Wildcard
Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address
as yourhost.dyndns.org. This feature is useful if you want to be able to use for example
www.yourhost.dyndns.org and still reach your hostname.
To enter Menu 1 and fill in the required information, follow these steps:
Step 1. Enter 1 in the Main Menu to open Menu 1 – General Setup.
Step 2. The Menu 1 - General Setup screen appears, as shown below. Fill in the required fields.
2-8
Hardware Installati on & Initia l Setup
Page 39
Prestige 310 Broadband Sharing Gateway
Menu 1 - General Setup
System Name= xxx
Domain Name=zyxel.com.tw
Edit Dynamic DNS= No
Press ENTER to Confirm or ESC to Cancel:
Figure 2-7 Menu 1 – General Setup
Table 2-5 General Setup Menu Field
Field Description Example
System Name Choose a descriptive name for identification purposes. It is
recommended you enter your computer’s “Computer name” in this
field. This name can be up to 30 alphanumeric characters long.
Spaces are not allowed, but dashes “-” and underscores "_" are
accepted.
Domain Name Enter the domain name (if you know it) here. If you leave this field
blank, the ISP may assign a domain name via DHCP. You can go to
Menu 24.8 and type "sys domainname" to see the current domain
name used by your gateway.
If you want to clear this field just press the [SPACE BAR]. The
domain name entered by you is given priority over the ISP assigned
domain name.
Edit Dynamic
DNS
Press the [SPACE BAR] to select Yes or No (default). Select Yes to
configure Menu 1.1 – Configure Dynamic DNS discussed next.
P310
zyxel.com.tw
2.7.2 Configuring Dynamic DNS
To configure Dynamic DNS, go to Menu 1 – General Setup and press select Yes in the Edit Dynamic
DNS field.
Pressing
[ENTER]
takes you to Menu 1.1– Configure Dyna mic DNS a s shown next.
Hardware Installati on & Initia l Setup 2-9
Page 40
Prestige 310 Broadband Sharing Gateway
Menu 1.1 - Configure Dynamic DNS
Service Provider = WWW.DynDNS.ORG
Active= Yes
Host= me.ddns.org
EMAIL= mail@mailserver
User= username
Password= ******
Enable Wildcard= No
Press ENTER to confirm or ESC to cancel:
Figure 2-8 Configure Dynamic DNS
Follow the instructions in the next table to configure Dynamic DNS parameters.
Table 2-6 Configure Dynamic DNS Menu Fields
Field Description Example
Service
Enter the name of your Dynamic DNS client. www.ddns.org
Provider
Active Press [SPACE BAR] to toggle between Yes or No. Yes
Host Enter the domain name assigned to your Prestige by your
me.ddns.org
Dynamic DNS provider.
EMAIL Enter your e-mail address. mail@mailserver
User Enter your user name.
Password Enter the password assigned to you.
Enable
Wildcard
Your Prestige supports DYNDNS Wildcard. Press [SPACE
BAR] to toggle between Yes or No This field is N/A when you
Yes
choose DDNS client as your service provider.
The IP address will be updated when you reconfigure Menu 1 or perform DHCP client renewal.
Please note that:
♦ The Prestige supports basic DDNS, i.e., insecure login and password.
♦ If you have a private WAN IP address, then you can not use this service.
2.8 WAN Setup
This section describes how to configure the WAN using Menu 2 – WAN (10Mbps Ethernet) Setup. Fro m
the Main Menu, enter 2 to open Menu 2.
2-10
Hardware Installati on & Initia l Setup
Page 41
Prestige 310 Broadband Sharing Gateway
You only need to configure this menu if your WAN connection is a cable modem.
MAC Address:
Assigned By=IP address attached on LAN
IP Address= 192.168.1.12
Press Space Bar to Toggle
Press ENTER to Confirm or ESC to Cancel:
Menu 2 - WAN Setup
Figure 2-9 Menu 2 – WAN Setup
The MAC address field allows users to configure the WAN port's MAC Address by either using the factory
default or cloning the MAC address from a workstation on your LAN. Once it is successfully configured, the
address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the
setting in Menu 2 or upload a different rom file.
The following table contains instructions on how to configure your WAN setup.
Table 2-7 WAN Setup Menu Fields
Field Description Examples
MAC Address
Assigned By Press the [SPACEBAR] to choose either of the two methods of
assigning a MAC Address. Choose Factory Default to select the
factory assigned default MAC Address. Choose IP Address attached
on LAN to use the MAC Address of that workstation whose IP you
give in the following field.
IP Address This field is applicable only if you choose IP Address attached on LAN
method. Enter the IP address of the workstation on the LAN whose
MAC you are cloning.
Factory Default
Note: Your Prestige WAN Port is always set at half-duplex mode as most cable modems
only support half-duplex mode . If your cable mode m su pports full-duplex mode, then
If the Prestige was set at half-duplex and the cable modem was set at full-duplex then
you will be able to manually set it at half-du plex mode .
the WAN port would no t func tion properly.
2.9 LAN Setup
This section describes how to configure the LAN using Menu 3 – LAN Setup (10/100Mbps Ethernet).
From the Main M enu, enter 3 to open Me nu 3.
Hardware Installati on & Initia l Setup 2-11
Page 42
Prestige 310 Broadband Sharing Gateway
Menu 3 - LAN Setup
1. LAN Port Filter Setup
2. TCP/IP and DHCP Setup
Enter Menu Selection Number:
Figure 2-10 Menu 3 - LAN Setup
2.9.1 LAN Port Filter Setup
This menu allows you to specify the filter sets that you wish to apply to the LAN traffic. You seldom need to
filter the LAN traffic, however, the filter sets may be useful to block certain packets, reduce traffic and
prevent security breaches.
Menu 3.1 – LAN Port Filter Setup
Input Filter Sets:
protocol filters= 2
device filters=
Output Filter Sets:
protocol filters=
device filters=
Press ENTER to Confirm or ESC to Cancel:
Figure 2-11 Menu 3.1 – LAN Port Filter Setup
Menu 3.2 is discussed in the next part of the manual. Please read on.
2-12
Hardware Installati on & Initia l Setup
Page 43
Prestige 310 Broadband Sharing Gateway
Chapter 3
Internet Access
This chapter shows you how to configure the LAN as well as the WAN of your Prestige for Internet
access.
3.1 TCP/IP and DHCP for LAN
The Prestige has built-in DHCP server capability that assigns IP ad dresses and DNS servers to systems that
support DHCP client capability.
3.1.1 Factory LAN Defaults
The LAN parameters of the Prestige are preset in the factory with the following values:
1. IP address of 192.168.1.1 with subnet mask of 255.255.255.0 (24 bits)
2. DHCP server enabled with 32 client IP addresses starting from 192.168.1.33.
These parameters should work for the majority of installations. If the parameters are satisfactory, you can
skip to section 3.2 to enter the DNS server address(es) if your ISP gives you explicit DNS server address(es).
If you wish to change the factory defaults or to learn more about TCP/IP, please read on.
3.1.2 IP Address and Subnet Mask
Similar to the houses on a street that share a common street name, the machines on a LAN share one
common network number, also.
Where you obtain your network number depends on your par ticular situa tion. If the ISP or your network
administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP
addresses and the subnet mask.
If the ISP di d not explici tly give yo u an IP network number, then most likely you have a single user account
and the ISP will assign you a dynamic IP address when the connection is established. If this is the case, it is
recommended that you select a network number from 192.168.0.0 to 192.168.255.0 (ignoring the trailing
zero) and you must enable the Network Address Translation feature of the Prestige. The Internet Assigned
Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any
other number unless you are told otherwise. Let’s say you select 192.168.1.0 as the network number; which
covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other
words, the first 3 numbers specify the network number while the last number identifies an individual
workstation on that net work.
Once you have decided on the network number, pick an IP address that is easy to remember, e.g.,
192.168.1.1, for your Prestige.
:
Internet Access
3-1
Page 44
Prestige 310 Broadband Sharing Gateway
192.168.1.1 is the default Ethernet IP for the Prestige. If you select this IP address,
the Prestige will automatically enable various default settings such as, enable DHCP
Server, set this IP as the default gateway etc.
The subnet mask specifies the network number portion of an IP address. Your Prestige will compute the
subnet mask automatically based on the IP address that you entered. You don’t need to change the subnet
mask computed by the Prestige unless you are instructed to do otherwise.
3.1.3 Private IP Addresses
Every machine on the Internet must have a unique address. If your networks are isolated from the Internet,
e.g., only between your two branch offices, you can assign any IP addresses to the hosts without problems.
However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP
addresses specifically for private networks:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
For this reason, it is recommended that you choose your network number from the above list.
You can obtain your IP address from the IANA, from an ISP, or assigned from a private network. If you
belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the
Internet addresses for your local networks. On the other hand, if you are part of a much larger organization,
you should consult your network administrator for the appropriate IP addresses.
Regardless of your particular situation, do not create an arbitrary IP address; always
follow the guidelines above. For more information on address assignment, please refer
to RFC 1597, Address Allocati on for Private Internets and RFC 1466, Guidelines for
Management of IP Address Space.
3.1.4 RIP Setup
RIP (Routing Information Prot ocol) allows a router to exchange routing info rmation with other ro uters. The
RIP Direction field controls the sending and receiving of RIP packets. When set to Both or Out Only ,
Prestige will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the
RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP
packets received.
The Version field controls the format and the broadcasting method of the RIP packets that the Prestige
sends (it recognizes both formats when receiving). RIP-1 is universally supported; but RIP-2 carries more
information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Both RIP-2B and RIP-2M sends the routing data in RIP-2 format; the difference being that RIP-2B uses
subnet broadcasting while RIP-2M uses multicasting. Multicasting can reduce the load on non-router
machines since they generally do not listen to the RIP multicast address and so will not receive the RIP
packets. However, if one router uses multicasting, then all routers on your network must use multicasting,
3-2
Internet Access
the
Page 45
Prestige 310 Broadband Sharing Gateway
also. By default, RIP direction is set to Both for the LAN and None for the WAN and the Version set to
RIP-1.
3.1.5 DHCP Configuration
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows the individual clients
(workstati ons) to obtain the TCP/IP configuration at start-up from a server. You can configure the Prestige as
a DHCP Server, Relay or None. When configured as a Server, the Prestige provides the TCP/IP
configuration for the clients. If set to None, DHCP service will be disabled and you must have another
DHCP sever on your LAN, or else the workstation must be manually configured. The Prestige can now also
act as a surrogate DHCP server (Relay) where it relays IP address assignment from the actual real DHCP
server to the clients.
IP Pool Setup
The Prestige is pre-configured with a pool of 32 IP addresses starting from 192.168.1.33 to 192.168.1.64.
This configuration leaves 31 IP addresses (excluding the Prestige itself) in the lower range for other server
machines, e.g., server for mail, FTP, telnet, web, etc., that you may have.
DNS Server Address
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa,
e.g., the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because
without it, you must know the IP address of a machine before you can access it.
There are two ways that an ISP disseminates the DNS server addresses. The first is for an ISP to tell a
customer the DNS server addresses, usually in the form of an information sheet, when you sign up. If your
ISP does give you the DNS server addresses, enter them in the DNS Server fields in DHCP Setup. The
second is to leave this field blank, i.e., 0.0.0.0 – in this case the Prestige acts as a DNS proxy.
Example of network properties for LAN servers with fixed IP#:
Choose an IP:
Netmask: 255.255.255.0
Gateway (or default route): 192.168.1.1 (Prestige LAN IP)
DNS server: 192.168.1.1
Domain: (optional)
192.168.1.2 - 192.168.1.32; 192.168.1.65 - 192.168.1.254.
3.1.6 IP Multicast
Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender – 1 recipient) or
Broadcast (1 sender – everybody on the network). Multicast is a third way to deliver IP packets to a group of
hosts on the network - not everybody.
Internet Access
3-3
Page 46
Prestige 310 Broadband Sharing Gateway
IGMP (Internet Group Multicast Protocol) is a session-layer protocol used to establish membership in a
Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over
version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed
information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of
RFC 2236. The class D IP address is used to identify host groups and can be in the range 224.0.0.0 to
239.255.255.255. The address 224.0.0.0 is not assigned to any group and is used by IP multicast computers.
The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts
(including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address
224.0.0.2 is assigned to the multicast routers group.
The Prestige supports both IGMP version 1 (IGMP-v1) and IGMP version 2 (IGMP-v2). At start up, the
Prestige queries all directly connected networks to gather group membership. After that, the Prestige
periodically updates this information. IP Multicasting can be enabled/disabled on the Prestige LAN and/or
WAN interfaces using menus 3.2 (LAN) and 11.3 (WAN). Select None to disable IP Multicasting on these
interfaces.
3.1.7 IP Alias
IP Alias allows you to partition a physical network into different logical networks over the same Ethernet
interface. The Prestige supports three logical LAN interfaces via its single physical Ethernet interface with
the Prestige itself as the gateway for each LAN network.
Figure 3-1 Physical Network Figure 3-2 Partitioned Logical Networks
Use menu 3.2.1 to configure IP Alias on your Prestige.
3.2 TCP/IP and DHCP Ethernet Setup
From the Main Menu, enter 3 to open Menu 3 - LAN Setup (10/100 Mbps Ethernet) to configure TCP/IP
(RFC 1155) and DHCP Ethernet setup.
3-4
Internet Access
Page 47
Prestige 310 Broadband Sharing Gateway
Menu 3 – LAN Setup
1. LAN Port Filter Setup
2. TCP/IP and DHCP Setup
Enter Menu Selection Number:
Figure 3-3 Menu 3 - LAN Setup (10/100 Mbps Ethernet)
To edit the TCP/IP and DHCP configuration, enter 2 to open Menu 3.2 - TCP/IP and DHCP Ethernet
Setup
as shown next.
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 32
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
TCP/IP Setup:
IP Address= 192.68.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Multicast= None
Edit IP Alias= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Version= RIP-1
Figure 3-4 Menu 3.2 – TCP/IP and DHCP Ethernet Setup
First address
in the IP Pool
Size of the IP
Pool
IP addresses
of the DNS
servers
This is the IP
address of the
Prestige.
Internet Access
3-5
Page 48
Prestige 310 Broadband Sharing Gateway
Follow the instructions in the following table on how to configure the DHCP fields.
Table 3-1 LAN DHCP Setup Menu Fields
Field Description Example
DHCP=
Client IP Pool Starting
Address
Size of Client IP Pool This field specifies the size, or count, of the IP address pool. 32
Primary DNS Server
Secondary DNS
Server
This field enables/disables the DHCP server. If it is set to Server,
your Prestige will act as a DHCP server. If set to None, DHCP
service will be disabled and you must have another DHCP sever
on your LAN, or else the workstation must be manually configured.
When DHCP is set to Server, the following four items need to be
set. The Prestige can now also act as a surrogate DHCP server
(Relay) where it relays IP address assignment from the actual real
DHCP server to the clients.
This field specifies the first of the contiguous addresses in the IP
address pool.
Enter the IP addresses of the DNS servers. The DNS servers are
passed to the DHCP clients along with the IP address and the
subnet mask. Leave these entries at 0.0.0.0 if they are provided by
a WAN DHCP server.
None
Relay
Server (default)
192.168.1.33
Follow the instructions in the following table to configure TCP/IP parameters for the LAN port.
Table 3-2 LAN TCP/IP Setup Menu Fields
Field Description Example
TCP/IP Setup
IP Address Enter the IP address of your Prestige in dotted decimal notation 192.168.1.1
(default)
IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on
the IP address that you assign. Unless you are implementing
subnetting, use the subnet mask computed by the Prestig e
RIP Direction
Version
Multicast IGMP (Internet Group Multicast Protocol) is a session-layer protocol
Press the [SPACE BAR] to select the RIP direction from Both/In
Only/Out Only/None.
Press the [SPACE BAR] to select the RIP version from RIP-1/RIP-
2B/RIP-2M.
used to establish membership in a Multicast group. The Prestige
supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Press the
3-6
255.255.255.0
Both
(default)
RIP-1
(default)
None
Internet Access
Page 49
Prestige 310 Broadband Sharing Gateway
p
Field Description Example
space bar to enable IP Multicasting or select None (default) to
disable it.
Edit IP Alias The Prestige supports three logical LAN interfaces via its single
physical Ethernet interface with the Prestige itself as the gateway for
Yes
No (default)
each LAN network. Press the space bar to toggle No to Yes, then
press [ENTER] to bring you to menu 3.2.1
When you have completed this menu, press [Enter] at the prompt [Press ENTER to Confirm…] to save your
configuration, or press [Esc] at any time to cancel.
3.2.1 IP Alias Setup
You must use Menu 3.2 to co nfigure the first network and move the cursor to the Edit IP Alias field and
SPACE BAR]
press [
to choose Yes and press
Pressing [Ent er] opens M enu 3.2.1 - IP Alias Setup, as shown next.
IP Alias 1= No
IP Address= N/A
IP Subnet Mask= N/A
RIP Direction= N/A
Version= N/A
Incoming protocol filters= N/A
Outgoing protocol filters= N/A
IP Alias 2= No
IP Address= N/A
IP Subnet Mask= N/A
RIP Direction= N/A
Version= N/A
Incoming protocol filters= N/A
Outgoing protocol filters= N/A
Enter here to CONFIRM or ESC to CANCEL:
Press S
ace Bar to Toggle.
[ENTER]
Menu 3.2.1 - IP Alias Setup
to configure the second and third network.
Figure 3-5 Menu 3.2.1 - IP Alias Setup
Follow the instructions in the following table to configure IP Alias parameters.
Table 3-3 IP Alias Setup Menu Fields
Field Description Example
IP Alias Choose Yes to configure the LAN network for the Prestige. Yes
IP Address Enter the IP address of your Prestige in dotted decimal notation 192.168.2.1
IP Subnet Mask Your Prestige will automatically calculate the subnet mask based on
the IP address that you assign. Unless you are implementing
Internet Access
255.255.255.0
3-7
Page 50
Prestige 310 Broadband Sharing Gateway
subnetting, use the subnet mask computed by the Prestig e
RIP Direction Press the space bar to select the RIP direction from None, Both/In
None
Only/Out Only.
Version Press the space bar to select the RIP version from RIP-1/RIP-
RIP-1
2B/RIP-2M.
Incoming
Protocol Filters
Outgoing
Protocol Filters
Enter the filter set(s) you wish to apply to the incoming traffic
between this node and the Prestige.
Enter the filter set(s) you wish to apply to the outgoing traffic between
this node and the Prestige.
When you have completed this menu, press [Enter] at the prompt [Press ENTER to Confirm…] to save
your configuration, or press [Esc] at any time to cancel.
3.3 Internet Access Setup
You will see three different Menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE
Encapsulation.
3.3.1 Ethernet Encapsulation
Step 1. You must choose the Ethernet option when the WAN port is used as a regular Ethernet. The
PPPoE choice is for a dial-up connection using PPPoE. If you choose Ethernet in Menu 4 you will see the
next screen.
3-8
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= Ethernet
Service Type= Standard
My Login= N/A
My Password= N/A
Login Server IP= N/A
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Figure 3-6 Internet Access Setup (Ethernet)
Internet Access
Page 51
Prestige 310 Broadband Sharing Gateway
Internet Access
3-9
Page 52
Prestige 310 Broadband Sharing Gateway
The following table describes this screen.
Table 3-4 Internet Access Setup Menu Fields
Field Description
ISP’s Name Enter the name of your Internet Service Provider, e.g., myISP. This
information is for identification purposes only.
Encapsulation Press the [SPACE BAR] and the press [ENTER] to choose Ethernet. The
encapsulation method influences your choices for IP Address.
Service Type This is applicable only when you choose Ethernet as your encapsulation
method. Press the [SPACE BAR] to select Standard, RR-Toshiba
(RoadRunner Toshiba authentication method) or RR-Manager (RoadRunner
Manager authentication method). Choose a RoadRunner flavor if your ISP is
Time Warner's RoadRunner; otherwise choose Standard.
Note: xDSL users must choose the Standard option only. The Server IP, My Login IP and My Password
fields are not applicable in this case.
My Login Name Enter the login name given to you by your ISP.
My Password Enter the password associated with the login name above.
Login Server IP The Prestige will find the RoadRunner Server IP if this field is left blank. If it
does not, then you must enter the authentication server IP address.
IP Address Assignment If your ISP did not assign you a fixed IP address, select Dynamic, otherwise
select Static and enter the IP address & subnet mask in the following fields.
IP Address Enter the (fixed) IP address assigned to you by your ISP (Static IP Address
Assignment is selected in the previous field).
IP Subnet Mask Enter the subnet mask associated with your static IP.
Gateway IP Address Enter the gateway IP address associated with your static IP.
Single User Account Please see the following chapter for a more detailed discussion on the Single
User Account. The default is Yes.
3.3.2 PPTP Encapsulation
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a
remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-based networks
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the
Internet.
The P310 supports only one PPTP server connection at any given time.
3-10
Internet Access
Page 53
Prestige 310 Broadband Sharing Gateway
3.3.3 Configure PPTP Client
To configure a PPTP client, you must configure My Login and Password fields for PPP connection and
PPTP parameters for PPTP connection.
After configuring the User Name and Password for PPP connection, toggle the space bar in the
Encapsulation field in Menu 4 -Internet Access Setup to choose PPTP as your encapsulation option.
If you choose PPTP in Menu 4 you will see the next screen.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= PPTP
Service Type= N/A
My Login= username
My Password= ******
Idle Timeout= 100
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address=N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Figure 3-7 Internet Access Setup (PPTP)
The following table contains instructions about the new fields when you choose PPTP in the Encapsulation
field in M e nu 4.
Table 3-5 New Fields in Menu 4 (PPTP) screen
Field Description Examples
Encapsulation Press the [SPACE BAR] and then press [ENTER] to choose
PPTP
PPTP. The encapsulation method influences your choices for
IP Address.
Idle Timeout This value specifies the time in seconds that elapses before
the Prestige automatically disconnects from the PPTP server.
100
(default)
3.3.4 PPPoE Encapsulation
The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). You can use PPPoE encapsulation only
when you’re using the Prestige with an xDSL modem as the WAN device.
PPPoE is an IETF Draft standard specifying how a host personal computer (PC) interacts with a broadband
modem (i.e. xDSL, cable, wireless, etc.) to achieve access to high-speed data networks. It preserves the
existing Microsoft Dial-Up Networking experience and requires no new learning or procedures.
Internet Access
3-11
Page 54
Prestige 310 Broadband Sharing Gateway
Operationally, PPPoE saves significant effort for both the end user and ISP/carrier, as it requires no
configuration of the modem at the customer site.
PPPoE uses industry-standard, low-cost Ethernet NICs to connect your PCs to the broadband modem. In
addition, PPPoE allows multiple PCs to share a single broa dband connection, making it the best solution for
small offices and homes that have more than one PC needing high-speed network access. For the service
provider, one of the benefits of PPPoE is the ability to let end users access multiple network services, a
function known as dynamic service selection. This enables the service provider to easily create and offer new
IP services.
If you choose PPPoE in Menu 4, you will see the next screen. For extra information on PPPoE, please see
the appendix.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= PPPoE
Service Type= N/A
My Login=
My Password= ********
Idle Timeout= 100
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Figure 3-8 Internet Access (PPPoE)
Table 3-6 New Fields in Menu 4 (PPPoE) screen
Field Description Examples
Encapsulation Press the [SPACE BAR] and then press [ENTER] to choose
PPPoE. The encapsulation method influences your choices
for IP Address.
Idle Timeout This value specifies the time in seconds that elapses before
the Prestige automatically disconnects from the PPPoE
server.
3-12
PPPoE
100
(default)
Internet Access
Page 55
Prestige 310 Broadband Sharing Gateway
3.4 Internet Test Setup
After configuring the Menu 4 fields when you press [Enter] to confirm you will see the message, " Do you
wish to perform the Internet Setup Test[y/n]:" if you have chosen PPTP or PPPoE as your encapsulation
method. Say 'Y' to test your setup. An example of Internet Setup Test is shown next.
Start dialing for node <ChangeMe>...
### Hit any key to continue.###
$$$ DIALING dev=a ch=0..........
$$$ OUTGOING-CALL phone()
$$$ PPTP: Start tunnel setup, send SCCRQ
$$$ PPTP: OCRQ sent
$$$ CALL CONNECT speed<10000000> type<10> chan<0>
$$$ LCP opened
$$$ CHAP login to remote OK
$$$ IPCP negotiation started
$$$ CCP stopped
$$$ BACP stopped
$$$ IPCP neg' Primary DNS 202.xxx.xxx.x
$$$ IPCP opened
Figure 3-9 Internet Setup Test Example
3.5 Basic Setup Complete
Well Done! You have successfully connected, installed and set up your Prestige to operate on your network
as well as access the Internet.
Internet Access
3-13
Page 56
Prestige 310 Broadband Sharing Gateway
Part II:
Advanced Applications
Advanced Applications
as Remote Node Setup, IP Static routes Setup and configuring SUA servers.
(Chapters 4-6) describe the advanced applications of your Prestige, such
II
Page 57
Prestige 310 Broadband Sharing Gateway
Chapter 4
SUA and Multiple SUA Servers
This chapter helps you in configuring SUA and setting up multiple inside servers in SUA case.
4.1 Single User Account (SUA)
If you wish to know more about SUA please read on. Or you can skip to the section Single User Account
Configuration for configuring SUA and the section Multiple Servers behind SUA for information about
setting up multiple servers when SUA is enabled.
4.1.1 Basics
Typically, if there are multiple users on the LAN wanting to concurrently access the Internet, you will have
to lease a block of legal, or globally unique, IP addresses from the ISP.
Your Prestige accomplishes address sharing by translating the internal LAN IP addresses to a single address
that is globally unique on the Internet. The SUA feature allows you to have the same benefits as having
multiple legal addresses, but allows you to have one legal IP address and many local LAN IP addresses that
can be used in other domains also, thus conserving the number of global IP addresses.
The Single User Account feature may also be used on connections to remote networks other than the ISP.
For example, this feature can be used to simplify the allocation of IP addresses when connecting branch
offices to the corporate network.
The IP address for the SUA can be either fixed or dynamically assigned. In addition, you can designate
servers, e.g., a web server, on your local network in the client side and make them accessible to outside
world.
:
Figure 4-1 An Example of Single User Account Topology
SUA offers the additional benefit of firewall protection. All incoming inquiries will be filtered out by your
Prestige and thus preventing intruders from probing your network.
SUA and Multiple SUA Serv ers 4-1
Page 58
Prestige 310 Broadband Sharing Gateway
For more information on IP address translation as a solution for IP address depletion problem, refer to RFC
1631, The IP Network Address Translator (NAT).
In summary:
• SUA helps in mor e efficien t IP address management.
•
SUA can provide firewall protection. All incoming inquiries will be filtered out by your Prestige.
• UDP and TCP datagrams can be routed. In addition, partial ICMP, including echo (ping) and trace
route, is supported.
• SUA is also a cost-effective solution for offices to access the Internet or other remote TCP/IP networks
as they have to pay for single globally unique IP address only.
4.1.2 Single User Account Configuration
The steps for configuring your Prestige for Single User Account are identical to conventional Internet access
(See configuration instructions in the previous chapter) with the exception that you need to fill in two extra
fields in Menu 4 - Internet Access Setup, as shown in the following figure. SUA here is applied solely to
the output interface and is valid only for LAN to WAN connections and not for connections between LANs.
Menu 4 - Internet Access Setup
ISP's Name= ChangeMe
Encapsulation= Ethernet
Service Type= Standard
My Login= N/A
My Password= N/A
Login Server IP= N/A
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
SUA
Gateway IP Address= N/A
Single User Account= Yes
Press ENTER to Confirm or ESC to Cancel:
Figure 4-2 Menu 4 - Internet Access Setup for Single User Account
To enable the SUA feature in Menu 4, move the cursor to the Single User Account field and select Yes (or
No to disable SUA).
Follow the instructions on how to configure the SUA fields in the following table.
Table 4-1 Single User Account Menu Fields
Field Description
Single User Account Select Yes to enable SUA.
Press [ENTER] at the message [Press ENTER to Confirm ...] to save your configuration, or press
at any time to cancel.
[ESC]
4-2 SUA and Multiple SUA Servers
Page 59
Prestige 310 Broadband Sharing Gateway
When SUA is disabled, the Prestige will send the packets from workstations to the remote host with
workstation's IP and port to the destination's IP and port. If the workstation uses private IP (Private Networks
IPs: 10.0.0.0 ~ 10.255.255.255; 172.16.0.0. ~ 172.31.255.255; 192.168.0.0. ~ 192.168.255.255) in SUA
mode, the packet will be routed by the Prestige but will be dropped somewhere and never returned. This is
because only a legal IP is valid on the Internet. Hence, in non-SUA mode, the workstation must use nonprivate/legal IP.
4.2 Multiple Servers behind SUA
If you wish, you can make inside servers for different services, e.g., web or FTP, visible to the outside users,
even though SUA makes your whole inside network appear as a single machine to the outside world. A
service is identified by the port number, e.g., web service is on port 80 and FTP on port 21.
As an example, if you have a web server at 192.168.1.2 and an FTP server 192.168.1.3, then you need to
specify for port 80 (web) the server at IP address 192.168.1.2 and for port 21 (FTP) another at IP address
192.168.1.3.
Please note that a server can support more than one service, e.g., a server can provide both FTP and DNS
service, while another provides only web service. Also, since you need to specify the IP address of a server
in the Prestige, a server must have a fixed IP address and not be a DHCP client whose IP address potentially
changes each time it is powered on.
In addition to the servers for specific services, SUA supports a default server. A service request that does not
have a server explicitly designated for it is forwarded to the default server. If the default server is not
defined, the service request is simply discarded.
To make a server visible to the outside world, specify the port number of the service and the inside IP address
of the server in Menu 15, Multiple Server Configuration.
For more information on configuring supporting applications behind SUA refer to the
ZyNOS Support Note documentation in your Suppor t CD.
4.2.1 Configuring a Server behind SUA
Follow the steps below to configure a server behind SUA:
Step 1 Enter 15 in the main menu to go to Menu 15 - Multiple Server Configuration.
Step 2 Enter the service port number in the Port # field and the inside IP address of the server in the IP
Address field.
Step 3 Press [Enter] at the “Press ENTER to confirm …” prompt to save your configuration after you
define all the ser ve rs or press
SUA and Multiple SUA Serv ers 4-3
ESC
at any time to cancel.
Page 60
Prestige 310 Broadband Sharing Gateway
Menu 15 - Multiple Server Configuration
Port #
----
1
Default
.
2. 0
3. 0
4. 0
5. 0
6. 0
7. 0
8. 0
9. 1025
Press ENTER to Confirm or ESC to Cancel:
Figure 4-3 Multiple Server Configuration
The most often used port numbers are:
Table 4-2 Services vs. Port number
Services Port Number
FTP (File Transfer Protocol) 21
Telnet 23
SMTP (Simple Mail Transfer Protocol) 25
DNS(Domain Name System) 53
HTTP (Hyper Text Transfer protocol or WWW, Web) 80
POP3 (Post Office Protocol, version 3) 110
PPTP (Point-to-Point Tunneling Protocol) 1723
IP Address
---------------
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
RR Reserved
4-4 SUA and Multiple SUA Servers
Page 61
Prestige 310 Broadband Sharing Gateway
Chapter 5
Remote Node Setup
This chapter shows you how to configure a remote node.
A remote node is required for placing calls to a remote gateway. A remote node represents both the remote
gateway and t he network b ehind it acr oss a WAN connection. No te that when you use Menu 4 to set up
Internet access, you are actually configuring a remote node. We will show you how to configure Menu 11.1
Remote Node Profile, Menu 11.3 - Remote Node Network Layer Options and Menu 11.5 - Remote Node
Filter.
5.1 Remote Node Profile
From the Main Menu, select menu option 11 to open Menu 11.1 - Remote Node Profile. There are three
variations of this menu depending on whether you choose Ethernet Encapsulation, PPTP or PPPoE
Encapsulation.
5.1.1 Ethernet Encapsulation
You must choose the Ethernet option when the WAN port is used as a regular Ethernet. The first Menu 11.1
screen you see is for Ethernet Encapsulation shown next.
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe Route= IP
Active= Yes
Encapsulation= Ethernet Edit IP= No
Service Type= Standard Session Options:
Service Name= N/A Edit Filter Sets= No
Outgoing=
My Login= N/A
My Password= N/A
Server IP= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 5-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation
Remote Node Setup
5-1
Page 62
Prestige 310 Broadband Sharing Gateway
Table 5-1 Fields in Menu 11.1 (Ethernet Encapsulation)
Field Description Examples
Rem Node Name Enter a descriptive name for the remote node. This field can
be up to eight characters.
Active Press the [SPACE BAR] to toggle between Yes and No and
activate (deactivate) the remote node.
Encapsulation Ethernet is the default encapsulation. Press the [SPACE BAR]
if you wish to change to PPPoE encapsulation.
Service Type Press the [SPACE BAR] to select from Standard, RR-Toshiba
(RoadRunner Toshiba authentication method) or RR-Manager
(RoadRunner Manager authentication method). Choose one of
the RoadRunner methods if your ISP is Time Warner's
RoadRunner; otherwise choose Standard.
Service Name This is valid only when you have chosen PPPoE encapsulation.
If you are using PPPoE encapsulation, then type the name of
your PPPoE service here.
Outgoing: My
Login
Outgoing: My
Password
Authen=
CHAP/PAP
This field is applicable for PPPoE encapsulation only. Enter the
login name assigned by your ISP when the Prestige calls this
remote node. Some ISPs append this field to the Service
Name field above (e.g., jim@poellc) to access the PPPoE
server.
Enter the password assigned by your ISP when the Prestige
calls this remote node. Valid for PPPoE encapsulation only.
This field sets the authentication protocol used for outgoing
calls. Options for this field are:
CHAP/PAP - Your Prestige will accept either CHAP or PAP
when requested by this remote node.
CHAP - accept CHAP only.
PAP - accept PAP only.
LAoffice
Yes
Ethernet
Standard
poellc
jim
*****
CHAP/PAP
Server IP This field is valid for RoadRunner service type only. The
Prestige will find the RoadRunner Server IP automatically if this
field is left blank. If it does not, then you must enter the
authentication server IP address here.
Route This field refers to the protocol that will be routed by your
Prestige – IP only for the P310.
Edit IP This field leads to a “hidden” menu. Press the [SPACE BAR] to
select Yes and press [ENTER] to go to Menu 11.3 - Remote
IP
Yes
5-2 Remote Node Setup
Page 63
Prestige 310 Broadband Sharing Gateway
Field Description Examples
Node Network Layer Options.
Session Options:
Edit Filter sets
This field leads to another “hidden” menu Use the [SPACE
BAR] to toggle this field to Yes and press [ENTER] to open
Yes
Menu 11.5 to edit the filter sets. See the Remote Node Filter
section for more details.
5.1.2 PPTP Encapsulation
If you change the Encapsulation to PPTP in Menu 1 1.1, then you will see the next screen. Please see the
appendix for information.
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe Route= IP
Active= Yes
Encapsulation= PPTP Edit IP= No
Service Type= Standard Telco Option:
Service Name=N/A Allocated Budget(min)= 0
Outgoing= Period(hr)= 0
My Login= Schedules=
My Password= ******** Nailed-up Connections=
Authen= CHAP/PAP
PPTP : Session Options:
IP Addr= Edit Filter Sets= No
Server IP Addr= Idle Timeout(sec)= 100
Connection ID/Name=
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 5-2 Remote Node Profile for PPTP Encapsulation
The next table shows how to configure the new fields in the Remote Node Profile menu.
Table 5-2 Fields in Menu 11.1 (PPTP Encapsulation)
Field Description Examples
Encapsulation Toggle the space bar to choose PPTP. You must also
PPTP
go to Menu 11.3 to check the IP Address setting once
you have selected the encapsulation method.
Remote Node Setup
5-3
Page 64
Prestige 310 Broadband Sharing Gateway
Field Description Examples
My IP Addr(ess) Enter the IP address of the WAN Ethernet port. 10.0.0.140
(Default)
Server IP
Addr(ess)
Connection
ID/Name
Schedules You can apply up to four schedule sets here. For more
Nailed-Up
Connection
Enter the IP address of the ANT modem. 10.0.0.138
(Default)
Enter the connection ID or connection name in the
ANT. It must follow the “c:id” and “n:name” format.
This field is optional and depends on the requirements
of your xDSL Modem.
details please refer to the chapter
Setup.
This field specifies if you want to make the connection
to this remote node a nailed-up connection. For more
details please refer to the section on
Connection.
Call Schedule
Nailed-Up
N:My ISP
Nailed-Up Connection
A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The
Prestige does two things when you specify a nailed-up connection. T he first is that id le timeout is disabled.
The second is that the Prestige will try to bring up the connection at power-on and whenever the connection
is down. A nailed-up connection can be very expensive for obvious reasons.
Do not specify a nailed-up connection unless your telephone company offers flat-rate
service or you need a constant connection and the cost is of no concern.
5.1.3 PPPoE Encapsulation
The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). You can use PPPoE encapsulation only
when you’re using the Prestige with an xDSL modem as the WAN device. If you change the Encapsulation
to PPPoE, then you will see the next screen. Please see section 3.3.2 for more information on PPPoE.
5-4 Remote Node Setup
Page 65
Prestige 310 Broadband Sharing Gateway
Menu 11.1 - Remote Node Profile
Rem Node Name= ChangeMe Route= IP
Active= Yes
Encapsulation= PPPoE Edit IP= No
Service Type= Standard Telco Option:
Service Name= Allocated Budget(min)= 0
Outgoing= Period(hr)= 0
My Login= Schedules
My Password= ******** Nailed-up Connections=
Authen= CHAP/PAP
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Session Options:
Edit Filter Sets= No
Idle Timeout(sec)= 100
Figure 5-3 Menu 11.1 Remote Node Profile for PPPoE Encapsulation
The next table describes the fields NOT already described in Table 5-1 already.
Table 5-3 Fields in Menu 11.1 (PPPoE Encapsulation Specific Only)
Field Description Examples
Telco Option:
Allocated Budget
The field sets a ceiling for outgoing call time for this remote
node. The default for this field is 0 meaning no budget
control. See
section 11.2.1
for more information.
Period(hr) This field is the time period that the budget should be reset.
For example, if we are allowed to call this remote node for
a maximum of 10 minutes every hour, then the Allocated
Budget is (10 minutes) and the Period(hr) is 1 (hour).
Idle Timeout This value specifies the idle time (i.e., the length of time
there is no traffic from the Prestige to the remote node) in
seconds that can elapse before the Prestige automatically
disconnects the dial-up connection. This option only
applies when the Prestige initiates the call
.
Schedules You can apply up to four schedule sets here. For more
Nailed-Up
Connection
details please refer to the chapter
This field specifies if you want to make the connection to
this remote node a nailed-up connection. For more details
Call Schedule Setup.
please refer to the section on Nailed-Up Connection.
Remote Node Setup
10
1
100
seconds
(default)
5-5
Page 66
Prestige 310 Broadband Sharing Gateway
5.2 Editing TCP/IP Options (with Ethernet Encapsulation)
Move the cursor to the Edit IP field in Me nu 11.1, then press the [SPACE BAR] to toggle and set the value
to Yes. Press [Enter]
The next table gives you instructions about co nfiguring remote node network layer options.
to open Menu 11.3 - Network Layer Options.
Menu 11.3 - Remote Node Network Layer Options
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Addr= N/A
Single User Account= Yes
Metric= N/A
Private= N/A
RIP Direction= None
Version= N/A
Multicast= None
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 5-4 Remote Node Network Layer Options
Table 5-4 Remote Node Network Layer Options Menu Fields
Field Description Example
IP Address
Assignment
If your ISP did not assign you an explicit IP address, select Dynamic;
otherwise select Static and enter the IP address & subnet mask in
Dynamic
the following fields.
IP Address If you have a Static IP Assignment, enter the IP address assigned to
you by your ISP.
IP Subnet
Mask
Gateway IP
Addr
Single User
If you have a Static IP Assignment, enter the subnet mask assigned
to you.
If you have a Static IP Assignment, enter the gateway IP address
assigned to you.
Use the [SPACE BAR] to choose Yes or No. Yes
Account
Metric This field is valid only for PPTP/ PPPoE encapsulation. The metric
3
represents the “cost” of transmission for routing purposes. IP routing
uses hop count as the measurement of cost, with a minimum of 1 for
directly connected networks. Enter a number that approximates the
cost for this link. The number need not be precise, but it must be
5-6 Remote Node Setup
Page 67
Prestige 310 Broadband Sharing Gateway
Field Description Example
between 1 and 15. In practice, 2 or 3 is usually a good number.
Private This field is valid only for PPTP/PPPoE encapsulation. This
Yes
parameter determines if the Prestige will include the route to this
remote node in its RIP broadcasts. If set to Yes, this route is kept
private and not included in RIP broadcast. If No, the route to this
remote node will be propagated to other hosts through RIP
broadcasts.
RIP Press the [SPACE BAR] to select the WAN RIP direction from Both/
None/In Only/Out Only.
Version Press the [SPACE BAR] to select the RIP version from RIP-1/RIP-
None
(default)
RIP-1
2B/RIP-2M and None.
Multicast Turn on/off IGMP support and select the version from IGMP-
None
v2/IGMP-v1/None.
Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to
Menu 11. Press [Enter] at the message [Press ENTER to Confirm...] to save your configuration, or
press [Esc] at any time to cancel.
5.2.1 Editing TCP/IP Options (with PPTP Encapsulation)
Make sure that Encapsulation is set to PPTP in Menu 11.1. Then move the cursor to the Edit IP field in
Menu 11.1, press the
Layer Options.
[SPACE BAR]
to toggle No to Yes. Press
[Enter]
to open Menu 11.3 - Network
Menu 11.3 - Remote Node Network Layer Options
IP Address Assignment= Dynamic
Rem IP Address= N/A
Rem Subnet Mask= N/A
My WAN Addr= 0.0.0.0
Single User Account= Yes
Metric= 1
Private= No
RIP Direction= None
Version= N/A
Multicast= None
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 5-5 Remote Node Network Layer Options
The next table gives you instructions about co nfiguring remote node network layer options.
Remote Node Setup
5-7
Page 68
Prestige 310 Broadband Sharing Gateway
Table 5-5 Remote Node Network Layer Options Menu Fields
Field Description Example
IP Address
Assignment
Rem IP Address If you have a Static IP Assignment, enter the IP address assigned to
Rem IP Subnet
Mask
My WAN Addr Some implementations, especially the UNIX derivatives, require the
Single User
Account
Metric The metric represents the “cost” of transmission for routing purposes.
Private This parameter determines if the Prestige will include the route to this
RIP Press the [SPACE BAR] to select the RIP direction from Both/ None/In
Version Press the [SPACE BAR] to select the RIP version from RIP-1/RIP-
Multicast Turn on/off IGMP support and select the version from IGMP-v2/IGMP-
Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to Menu 11.
Press [Enter] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at
any time to cancel.
If your ISP did not assign you an explicit IP address, select Dynamic;
otherwise select Static and enter the IP address & subnet mask in the
following fields.
the remote node.
If you have a Static IP Assignment, enter the subnet mask assigned to
the remote node.
WAN link to have a separate IP network number from the LAN and
each end must have a unique address within the WAN network number.
If this is the case, enter the IP address assigned to the WAN port of
your Prestige.
Note that this is the address assigned to your local Prestige, not the
remote router.
Use the [SPACE BAR] to choose Yes or No. Yes
IP routing uses hop count as the measurement of cost, with a minimum
of 1 for directly connected networks. Enter a number that approximates
the cost for this link. The number need not be precise, but it must be
between 1 and 15. In practice, 2 or 3 is usually a good number.
remote node in its RIP broadcasts. If set to Yes, this route is kept
private and not included in RIP broadcast. If No, the route to this remote
node will be propagated to other hosts through RIP broadcasts .
Only/Out Only and None.
2B/RIP-2M.
v1/None.
Dynamic
1 to 15
Yes/No
None
(default)
RIP-1
None
5-8 Remote Node Setup
Page 69
Prestige 310 Broadband Sharing Gateway
5.2.2 Editing TCP/IP Options (with PPPoE Encapsulation)
Make sure that Encapsulation is set to PPPoE in Menu 11.1. Then move the cursor to the Edit IP field in
Menu 11.1, press the
[SPACE BAR]
to toggle No to Yes. Press
Layer Options.
Menu 11.3 - Remote Node Network Layer Options
IP Address Assignment= Dynamic
Rem IP Address= N/A
Rem Subnet Mask= N/A
My WAN Addr= 0.0.0.0
Single User Account= Yes
Metric= 1
Private= No
RIP Direction= None
Version= N/A
Multicast= None
Enter here to CONFIRM or ESC to CANCEL:
Press Space Bar to Toggle.
Figure 5-6 Remote Node Network Layer Options
The next table gives you instructions about co nfiguring remote node network layer options.
Table 5-6 Remote Node Network Layer Options Menu Fields
Field Description Example
[Enter]
to open Menu 11.3 - Network
IP Address
Assignment
If your ISP did not assign you an explicit IP address, select Dynamic;
otherwise select Static and enter the IP address & subnet mask in the
following fields.
Rem IP Address If you have a Static IP Assignment, enter the IP address assigned to
the remote node.
Rem IP Subnet
Mask
If you have a Static IP Assignment, enter the subnet mask assigned to
the remote node.
My WAN Addr Some implementations, especially the UNIX derivatives, require the
WAN link to have a separate IP network number from the LAN and
each end must have a unique address within the WAN network number.
If this is the case, enter the IP address assigned to the WAN port of
your Prestige.
Note that this is the address assigned to your local Prestige, not the
remote router.
Single User
Use the [SPACE BAR] to choose Yes or No. Yes
Account
Remote Node Setup
Dynamic
5-9
Page 70
Prestige 310 Broadband Sharing Gateway
Field Description Example
Metric The metric represents the “cost” of transmission for routing purposes.
IP routing uses hop count as the measurement of cost, with a minimum
of 1 for directly connected networks. Enter a number that approximates
the cost for this link. The number need not be precise, but it must be
between 1 and 15. In practice, 2 or 3 is usually a good number.
Private This parameter determines if the Prestige will include the route to this
remote node in its RIP broadcasts. If set to Yes, this route is kept
private and not included in RIP broadcast. If No, the route to this remote
node will be propagated to other hosts through RIP broadcasts .
RIP Press the [SPACE BAR] to select the WAN RIP direction from Both/
None/In Only/Out Only and None.
Version Press the [SPACE BAR] to select the RIP version from RIP-1/RIP-
2B/RIP-2M.
Multicast Turn on/off IGMP support and select the version from IGMP-v2/IGMP-
v1/None.
Once you have completed filling in the Network Layer Options Menu, press [Enter] to return to Menu 11.
Press [Enter] at the message [Press ENTER to Confirm...] to save your configuration, or press [Esc] at
any time to cancel.
1 to 15
Yes/No
None
(default)
RIP-1
None
5.3 Remote Node Filter
Move the cursor to the field Edit Filter Sets in Menu 11.1, then press the
the value to YES. Press [ENTER] to open Menu 11.5 – Remote Node Filter.
Use Menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote
node and the Prestige and to prevent certain packets from triggering calls. You can specify up to 4 filter sets
separated by a comma, e.g., 1, 5, 9, 12, in each filter field.
Note that spaces are accepted in this field. For more information on defining the filters, please refer to
Chapter 7. Note that for PPTP and PPPoE encapsulation, you can also specify remote node call filter sets.
[SPACE BAR]
to toggle and set
5-10 Remote Node Setup
Page 71
Prestige 310 Broadband Sharing Gateway
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 3
device filters=
Output Filter Sets:
protocol filters= 1
device filters=
Enter here to CONFIRM or ESC to CANCEL:
Figure 5-7 Remote Node Filter (Ethernet Encapsulation)
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 3
device filters=
Output Filter Sets:
protocol filters= 1
device filters=
Call Filter Sets:
protocol filters= 1
device filters=
Figure 5-8 Remote Node Filter (PPTP/PPPoE Encapsulation)
Remote Node Setup
Enter here to CONFIRM or ESC to CANCEL:
5-11
Page 72
Page 73
Prestige 310 Broadband Sharing Gateway
Chapter 6
IP Static Route Setup
This chapter shows you how to configure static routes with your Prestige.
Static routes tell the Prestige routing information that it cannot learn automatically through other means. This
can arise in cases where RIP is disabled on the LAN.
Each remote node specifies only the network to which the gateway is directly connected, and the Prestige has
no knowledge of the networks beyond. For instance, the Prestige knows about network N2 in the following
diagram through remote node Router 1. However, the Prestige is unable to route a packet to network N3
because it doesn’t know that there is a route through the same remote node Router 1 (via gateway Router 2).
The static routes are for you to tell the Prestige about the networks beyond the remote nodes.
:
Figure 6-1 Example of Static Routing Topology
IP Static Route Setup 6-1
Page 74
Prestige 310 Broadband Sharing Gateway
6.1 IP Static Route Setup
You configure IP static routes in Menu 12. 1, by selecting one of the IP static routes as shown below. Enter
12 from the Main Menu.
Menu 12 - IP Static Route Setup
1. ________
2. ________
3. ________
4. ________
5. ________
6. ________
7. ________
8. ________
Enter selection number:
Figure 6-2 Menu 12 - IP Static Route Setup
Now, enter the index number of one of the static routes you want to configure.
Menu 12.1 - Edit IP Static Route
Route #: 1
Route Name= ?
Active= No
Destination IP Address= ?
IP Subnet Mask= ?
Gateway IP Address= ?
Metric= 2
Private= No
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 6-3 Menu 12. 1 - Edit IP Static Route
`
The next table describes the IP Static Route Menu fields.
6-2 IP Static Route Setup
Page 75
Prestige 310 Broadband Sharing Gateway
Table 6-1 IP Static Route Menu Fields
Field Description
Route # This is the index number of the static route that you chose in Menu 12.
Route Name Enter a descriptive name for this route. This is for identification purposes only.
Active This field allows you to activate/deactivate this static route.
Destination IP
Address
IP Subnet Mask Enter the IP subnet mask for this destination.
Gateway IP
Address
Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop
Private This parameter determines if the Prestige will include the route to this remote node in
Once you have completed filling in this menu, press [Enter] at the message [Press ENTER to Confirm…]
to save your configuration, or press [Esc] to cancel.
This parameter specifies the IP network address of the final destination. Routing is
always based on network number. If you need to specify a route to a single host, use
a subnet mask of 255.255.255.255 in the subnet mask field to force the network
number to be identical to the host ID.
Enter the IP address of the gateway. The gateway is an immediate neighbor of your
Prestige that will forward the packet to the destination. On the LAN, the gateway must
be a router on the same segment as your Prestige; over the WAN, the gateway must
be the IP address of one of the Remote Nodes.
count as the measurement of cost, with a minimum of 1 for directly connected
networks. Enter a number that approximates the cost for this link. The number need
not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good
number.
its RIP broadcasts. If set to Yes, this route is kept private and not included in RIP
broadcast. If No, the route to this remote node will be propagated to other hosts
through RIP broadcasts.
IP Static Route Setup 6-3
Page 76
Page 77
Prestige 310 Broadband Sharing Gateway
Part III:
Advanced Management
Chapters 7 - 11 provide information on Prestige filtering, System Information and Diagnosis, SNMP
Configuration, Transferring Files and Telnet.
III
Page 78
Page 79
Prestige 310 Broadband Sharing Gateway
Chapter 7
Filter Configuration
This chapter shows you how to create and apply filter(s).
7.1 About Filtering
Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are
two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol
filters, which are discussed later.
Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided
into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering
can be applied on either the WAN side or the Ethernet side. Call filtering is used to determine if a packet
should be allowed to trigger a call. Remote node call filtering is only applicable when using PPTP or PPPoE
encapsulation (see Figure 5-8). Outgoing packets must undergo data filtering before they encounter call
filtering as shown in the following figure.
Call Filtering
Outgoing
Packet
Data
Filtering
Match MatchMatch
No
match
Call Filters
Built-in
default
No
match
User-defined
Call Filters
(if applicable)
No
match
Active Data
Initiate call
if line not up
Send packet
and reset
Idle Timer
:
Drop
packet
Drop packet
if line not up
Drop packet
if line not up
Or Or
Send packet
but do not reset
Idle Timer
Send packet
but do not reset
Idle Timer
Figure 7-1 Outgoing Packet Filtering Process
For incoming packets, your Prestige applies data filters only. Packets are processed depending upon whether
a match is found. The following sections describe how to configure filter sets
The following sections describe how to configure filter sets.
Filters 7-1
Page 80
Prestige 310 Broadband Sharing Gateway
7.1.1 The Filter Structure of the Prestige
A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for
NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve
filter sets with six rules in each set, for a total of 72 filter rules in the system. You cannot mix device filter
rules and protocol filter rules within the same set. You can apply up to four filter sets to a particular port to
block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24
rules active for a single port.
Three sets of factory default filter rules have been configured in Menu 21 to prevent NetBIOS traffic from
triggering calls and to prevent incoming telnetting and FTP connections from the WAN side. A summary of
their filter rules is shown in the figures that follow.
The following diagram illustrates the logic flow when executing a filter rule.
7-2 Filters
Page 81
Fetch Next
Filter Set
Prestige 310 Broadband Sharing Gateway
Start
Packet
into Filter
Fetch First
Filter Set
Filter Set
Fetch First
Filter Rule
Yes
Yes
Next Filter Set
Available?
No
You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set
having up to six rules, you can have a maximum of 24 rules active for a single port.
No
Figure 7-2 Filter Rule Process
Next Filter Rule
Available?
Fetch Next
Filter Rule
Check Next Rule
Drop
Execute Filter
Rule
Forward
Accept PacketDrop Packet
Filters 7-3
Page 82
Prestige 310 Broadband Sharing Gateway
7.2 Configuring a Filter Set
To configure a filter set, follow the procedure below. Select option 21. Filter Set Configuration from the
Main Menu to open Menu 21.
Step 1. Enter 1 to bring up the following menu.
Menu 21.1 - Filter Set Configuration
Filter
Set #
-----1
2
3
4
5
6
Enter Filter Set Number to Configure= 0
Edit Comments=
Comments
-----------------NetBIOS_WAN
NetBIOS_LAN
TEL_FTP_WEB_WAN
______________
______________
______________
Press ENTER to CONFIRM or ESC to CANCEL:
Figure 7-3 Menu 21 - Filter Set Configuration
Filter
Set #
-----7
8
9
10
11
12
Comments
-----------------______________
______________
______________
______________
______________
______________
Step 2. Select the filter set you wish to configure (no. 1-12) and press [Enter]
.
Step 3. Enter a descriptive name or comment in the Edit Comments field and press [Enter].
Step 4. Press
[Enter]
at the message: [Press ENTER to confirm] to ope n M enu 21.1.1 - Filter Rules
Summary.
7-4 Filters
Page 83
Prestige 310 Broadband Sharing Gateway
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
5 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139 N D F
Enter Filter Rule Number (1-6) to Configure:
Press ENTER to Confirm or ESC to Cancel:
Figure 7-4 NetBIOS_WAN Filter Rules Summary
Menu 21.2 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------------- --------- - 1 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F
2 Y
3 Y
4 Y
5 Y
6 Y
Enter Filter Rule Number (1-6) to Configure:
Figure 7-5 NetBIOS _LAN Filter Rules Summary
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -----------------------------------------------------------1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D F
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 7-6 TEL_FTP_WEB_WAN Filter Rules Summary
Filters 7-5
Page 84
Prestige 310 Broadband Sharing Gateway
7.2.1 Filter Rules Summary Menu
This screen shows the summary of the existing rules in the filter set. The following tables contain a brief
description of the abbreviations used in the previous menus.
Table 7-1 Abbreviations Used in the Filter Rules Summary Menu
Abbreviations Description Display
# Refers to the filter rule number (1-6).
A Shows whether the rule is active or not. [Y] means the filter rule is active.
[N] means the filter rule is inactive.
Type Refers to the type of filter rule.
This shows GEN for generic, IP for
TCP/IP
Filter Rules The filter rule parameters will be
displayed here (see below).
M Refers to More.
[Y] means an action can not yet be taken
as there are more rules to check, which
are concatenated with the present rule
to form a rule chain. When the rule chain
is complete an action can be taken.
[N] means you can no w specify an action
to be taken i.e., forward the packet, drop
the packet or check the next rule. For the
latter, the next rule is independent of the
rule just checked.
If More is Yes, then Action Matched and
Action Not Matched will be N/A
m Refers to Action Matched.
[F] means to forward the packet
immediately and skip checking the
remaining rules.
n Refers to Action Not Matched.
[F] means to forward the packet
immediately and skip checking the
remaining rules.
[GEN] for Generic
[IP] for TCP/IP
[Y] means there are more rules to check.
[N] means there are no more rules to check.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
[F] means to forward the packet.
[D] means to drop the packet.
[N] means check the next rule.
7-6 Filters
Page 85
Prestige 310 Broadband Sharing Gateway
The protocol dependent filter rules abbreviation are listed as follows:
#
If the filter type is IP, the following abbreviations listed in the following table will be used.
Table 7-2 Abbreviations Used If Filter Type Is IP
Abbreviation Description
Pr Protocol
SA Source Address
SP Source Port number
DA Destination Address
DP Destination Port number
#
If the filter type is GEN (generic), the following abbreviations listed in the following table will be used.
Table 7-3 Abbreviations Used If Filter Type Is GEN
Abbreviation Description
Off Offset
Len Length
Refer to the next section for information on configuring the filter rules.
7.2.2 Configuring a Filter Rule
To configure a filter rule, type its number in Menu 21.1 - Filter Rules Summary and press [
Menu 21.1.1 for the rule.
To speed up filtering, all rules in a filter set must be of the same class, i.e., protocol filters or generic filters.
The class of a filter set is determined by the first rule that you create. When applying the filter sets to a port,
separate menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a
device filter field or vice versa, the Prestige will warn you and will not allow you to save.
Enter]
to open
7.2.3 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the
fields in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open
Menu 21.1.1 - TCP/IP Filter Rule, as shown below.
Filters 7-7
Page 86
Prestige 310 Broadband Sharing Gateway
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
Source: IP Addr= 0.0.0.0
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
Figure 7-7 Menu 21.1.1 - TCP/IP Filter Rule
The following table describes how to configure your TCP/IP filter rule.
Table 7-4 TCP/IP Filter Rule Menu Fields
Field Description Option
Active This field activates/deactivates the filter rule. Yes/No
IP Protocol Protocol refers to the upper layer protocol, e.g., TCP is 6,
0-255
UDP is 17 and ICMP is 1. This value must be between 0
and 255
IP Source Route If Yes, the rule applies to packet with IP source route
Yes/No
option; else the packet must not have source route option.
The majority of IP packets do not have source route.
Destination: IP
Address
Destination: IP
Mask
Destination: Port # Enter the destination port of the packets that you wish to
Enter the destination IP Address of the packet you wish to
filter. This field is a don’t-care if it is 0.0.0.0.
Enter the IP mask that will be used to mask the bits of the
IP address given in the Destination: IP Addr.
IP address
IP mask
0-65535
filter. The range of this field is 0 to 65535. This field is a
don’t-care if it is 0.
Destination: Port # Select the comparison to apply to the destination port in None/Less/Greater/E
7-8 Filters
Page 87
Prestige 310 Broadband Sharing Gateway
Field Description Option
Comp the packet against the value given in Destination: Port #. qual/Not Equal]
Source: IP Address Enter the source IP Address of the packet you wish to
filter. This field is a don’t-care if it is 0.0.0.0.
Source: IP Mask Enter the IP mask that will be used to mask the bits of the
IP address given in the Source: IP Addr.
Source: Port # Enter the source port of the packets that you wish to filter.
The range of this field is 0 to 65535. This field is a don’tcare if it is 0.
Source: Port #
Comp
TCP Estab This field is applicable only when IP Protocol field is 6,
More If yes, a matching packet is passed to the next filter rule
Log Select the logging option from the following:
Action Matched Select the action for a matching packet. Check Next Rule
Action Not Matched Select the action for a packet not matching the rule. Check Next Rule
Select the comparison to apply to the source port in the
packet against the value given in Source: Port #.
TCP. If yes, the rule matches only established TCP
connections; else the rule matches all TCP packets.
before an action is taken; else the packet is disposed of
according to the action fields.
If More is Yes, then Action Matched and Action Not
Matched will be No.
None – No packets will be logged.
Action Matched - Only packets that match the rule
parameters will be logged.
Action Not Matched - Only packets that do not match the
rule parameters will be logged.
Both – All packets will be logged.
IP Address
IP Mask
0-65535
None/Less/Greater/E
qual/Not Equal
Yes/No
Yes / No
None
Action Matched
Action Not Matched
Both
Forward
Drop
Forward
Drop
Filters 7-9
Page 88
Prestige 310 Broadband Sharing Gateway
Field Description Option
Once you have completed filling in Menu 21.1.1.1 - TCP/IP Filter Rule, press [Enter] at the message
[Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be
displayed on Menu 21.1.1 - Filter Rules Summary.
The following diagram illustrates the logic flow of an IP filter.
7-10 Filters
Page 89
Packet
into IP Filter
Prestige 310 Broadband Sharing Gateway
Filter Active?
Yes
Apply SrcAddrMask
to Src Addr
Check Src
IP Addr
Matched
Apply DestAddrMask
to Dest Addr
Check Dest
IP Addr
Matched
Check
IP Protocol
Matched
Check Src &
Dest Port
Matched
More?
No
Not Matched
Not Matched
Not Matched
Not Matched
Yes
No
Action Matched
Drop
Drop Packet Accept Packet
Check Next Rule
Forward
Check Next Rule
Check Next Rule
Action Not Matched
Drop Forward
Figure 7-8 Executing an IP Filter
Filters 7-11
Page 90
Prestige 310 Broadband Sharing Gateway
7.2.4 Generic Filter Rule
This section shows you how to configure a generic filter rule. The purpose of generic rules is to allow you to
filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
For generic rules, the Prestige treats a packet as a byte stream as opposed to an IP or IPX packet. You specify
the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestige
applies the Mask (bit-wise ANDing) to the data portion before comparing the result against the Value to
determine a match. The Mask and Value are specified in hexadecimal numbers. Note that it takes two
hexadecimal digits to represent a byte, so if the length is 4, the value in either field will take 8 digits, e.g.,
FFFFFFFF.
To configure a generic rule, select Generic Filter Rule in the Filter Type field in the Menu 21.4.1 and press
[Enter] to open Generic Filter Rule, as shown below.
Menu 21.4.1 - Generic Filter Rule
Filter #: 4,1
Filter Type= Generic Filter Rule
Active= No
Offset= 0
Length= 0
Mask= N/A
Value= N/A
More= No Log= None
Action Matched= Check Next Rule
Action Not Matched= Check Next Rule
Press Space Bar to Toggle.
Press ENTER to Confirm or ESC to Cancel:
Figure 7-9 Menu 21.4.1 - Generic Filter Rule
7-12 Filters
Page 91
Prestige 310 Broadband Sharing Gateway
The following table describes the fields in the Generic Filter Rule Menu.
Table 7-5 Generic Filter Rule Menu Fields
Field Description Option
Filter # This is the filter set, filter rule co-ordinates, i.e., 2,3 refers to the second
filter set and the third rule of that set.
Filter Type Use the [SPACE BAR] to toggle between both types of rules.
Parameters displayed below each type will be different.
Active Select Yes to turn on the filter rule. Yes/No
Offset Enter the starting byte of the data portion in the packet that you wish to
compare. The range for this field is from 0 to 255.
Length Enter the byte count of the data portion in the packet that you wish to
compare. The range for this field is 0 to 8.
Mask Enter the mask (in Hexadecimal) to apply to the data portion before
comparison.
Value Enter the value (in Hexadecimal) to compare with the data portion.
More If yes, a matching packet is passed to the next filter rule before an
action is taken; else the packet is disposed of according to the action
fields.
If More is Yes, then Action Matched and Action Not Matched will be
No.
Log Select the logging option from the following:
None – No packets will be logged.
Action Matched - Only packets that match the rule parameters will be
logged.
Action Not Matched - Only packets that do not match the rule
parameters will be logged.
Both – All packets will be logged.
Action
Matched
Action Not
Matched
Select the action for a matching packet. Check Next Rule
Select the action for a packet not matching the rule. Check Next Rule
Generic Filter
Rule/
Rule
Default = 0
Default = 0
Yes / No
None
Action Matched
Action Not
Matched
Both
Forward
Drop
Forward
TCP/IP Filter
Filters 7-13
Page 92
Prestige 310 Broadband Sharing Gateway
Drop
Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [Enter] at the message
[Press Enter to Confirm] to save your configuration, or press [Esc] to cancel. This data will now be
displayed on Menu 21.1.1 - Filter Rules Summary.
7.3 Example Filter
Let’s design a filter to block outside users from telnetting and usi ng FTP connections into the Prestige. Please
see our Supporting CD for more example filters.
Figure 7-10 Filter Example
7.3.1 Before you begin
Before configuring a filter, you must know the following information:
The inbound packet type (protocol & port number): In this case, it is TCP (06) protocol with
1.
port 21 (FTP) and port 23 (Telnet).
2. The source IP address: In this case, as all connections from outside are blocked, the source IP is
0.0.0.0.
The destination IP address: It is the Prestige's IP address if SUA is disabled and you have a static
3.
IP; otherwise enter 0.0.0.0 as the destination IP. Once 0.0.0.0 is set as the destination IP, Telnet and
FTP connections are not allowed to reach the Prestige. For the LAN-to-LAN connection, you enter
the Prestige's LAN IP as the destination IP in the filter rule. After the Telnet_WAN filter is applied
to the remote node, it blocks the Telnet and FTP connections to the Prestige, but continues to permit
FTP connection to the local FTP server.
7.3.2 Filter Configuration Steps
Step 1. Enter 21 from the Main Menu to open Menu 21.1 - Filter Set Configuration.
Step 2. Enter the index of the filter set you wish to configure (e.g., 3) and press
7-14 Filters
[Enter]
.
Page 93
Prestige 310 Broadband Sharing Gateway
p
Step 3. Enter a descriptive name or comment in the Edit Comments field (e.g., TELNET_WAN) and
[Enter].
press
Step 4. Press [Enter] at the message: [Press ENTER to confirm] to open Menu 21.3.1 - Filter Rules
Summary.
Step 5. Enter 1 to configure the first filter rule. Make the entries in this menu as shown in the following
figure.
Press S
ace Bar to Toggle.
There are no
more rules to
check.
Select Drop here so that
the packet will be
dropped if its destination
is the telnet port.
Menu 21.3.1 - TCP/IP Filter Rule
Filter #: 3,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
Source: IP Addr= 0.0.0.0
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
IP Mask= 0.0.0.0
Port #= 20
Port # Comp= Equal
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Select Equal
here as we are
looking for
packets going to
port 21 only.
Select Next here so that the
next rule in this set will be
checked.
Press [SPACEBAR] to choose
this filter rule type. The first
filter rule type determines all
subsequent filter types within a
set.
Select Yes to make the rule
active.
6 is the TCP protocol.
The port number for FTP is 21.
See RFC 1060 for port numbers
of well-known services.
Figure 7-11 Example Filter - Menu 21.3.1
Filters 7-15
Page 94
Prestige 310 Broadband Sharing Gateway
When you press [Enter] to confirm, you will see the next screen. Note that there is only one filter rule in this
set.
Menu 21.3 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- --------------------------------------------------------------- - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N
2 N
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure: 2
This shows yo u that you have
configured and activated (A =
Y) a TCP/IP filter rule (Type =
IP, Pr = 6) for destination FTP
ports (DP = 21).
M = N means an action can be taken
immediately. The action is to drop the
packet (m = D) if the action is matched and
to forward the packet immediately (n = N) if
the action is not matched and there are more
rules to be checked (there is one more in this
example).
Figure 7-12 Example Filter Rules Summary – Menu 21.3
Step 6. Enter 2 in the above menu to configure the second rule.. Configure this filter rule with port
number as 23 (Telnet) as shown in the next screen (after you press [ENTER] to confirm.
7-16 Filters
Page 95
Prestige 310 Broadband Sharing Gateway
Menu 21.5 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -----------------------------------------------------------1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=21 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F
3 N
4 N
5 N
6 N
Enter Filter Rule Number (1-6) to Configure:
Figure 7-13 Example Filter Rules Summary
After you’ve created the filter set, you must apply it.
Step 1. Enter 11 from the main menu to go to Menu 11.
Step 2. Go to the Edit Filter Sets field, press the [SPACEBAR] to toggle Yes to No and press
[ENTER].
Step 3. This brings you to Menu 11.5. Apply the TELNET_FTP_WAN filter set (filter set 3) as shown in
Figure 7-16.
7.4 Filter Types and SUA
There are two classes of filter rules, Generic Filter (Device) rules and Protocol Filter (TCP/IP and IPX)
rules. Generic Filter rules act on the raw data from/to LAN and WAN. Protocol Filter rules act on the IP and
IPX packets. Generic and TCP/IP filter rules are discussed in more detail in the next section. When SUA is
enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which
makes it impossible to know the exact address and port on the wire. Therefore, the Prestige applies the
protocol filters to the “native” IP address and port number before SUA for outgoing packets and after SUA
for incoming packets. On the other hand, the generic, or device filters are applied to the raw packets that
appear on the wire. They are applied at the point when the Prestige is receiving and sending the packets; i.e.
the interface. The interface can be an Ethernet port or any other hardware port. The following diagram
illustrates this.
Figure 7-14 Protocol and Device Filter Sets
Filters 7-17
Page 96
Prestige 310 Broadband Sharing Gateway
7.5 Applying a Filter and Factory Defaults
This section shows you where to apply the filter(s) after you design it (them). Three sets of factory default
filter rules have been configured in Menu 21 to prevent NetBIOS traffic from triggering calls and to prevent
incoming telnetting.
7.5.1 LAN traffic
You seldom need to filter LAN traffic; however, the filter sets may be useful to block certain packets, reduce
traffic and prevent security breaches. Go to Menu 3.1 (shown below) and enter the number(s) of the filter
set(s) that you want to apply as appropriate. You can choose up to four filter sets (from twelve) by entering
their numbers separated by commas, e.g., 3, 4, 6, 11. Input filter sets filter incoming traffic to the Prestige
and Output filter sets filter outgoing traffic from the Prestige. The factory default set, NetBIOS_LAN, is
inserted in protocol filters –field under Input Filter Sets in Menu 3.1 to block NetBIOS traffic to the
Prestige from the LAN.
Menu 3.1 – LAN Port Filter Setup
Input Filter Sets:
protocol filters= 2
device filters=
Output Filter Sets:
Protocol filters=
device filters=
Factory
Default
Filter
Press ENTER to Confirm or ESC to Cancel:
Figure 7-15 Filtering LAN Traffic
7.5.2 Remote Node Filters
Go to Menu 11.5 (shown below) and enter the number(s) of the filter set(s) as appropriate. You can cascade
up to four filter sets by entering their numbers separated by commas. The factory default filter set,
NetBIOS_WAN, is inserted in the protocol filters field under Call Filter Sets in Menu 11.5 to block local
NetBIOS traffic from triggering calls to the ISP (when you are using PPTP/PPPoE encapsulation only).
Filter set three, Telnet_FTP_WAN, blocks telnet and FTP connections from the WAN Port to help prevent
security breaches.
7-18 Filters
Page 97
Prestige 310 Broadband Sharing Gateway
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 3
device filters=
Output Filter Sets:
protocol filters= 1
device filters=
Call Filter Sets:
protocol filters= 1
device filters
=
Figure 7-16 Filtering Remote Node Traffic
Factory
Default
Filter
Filters 7-19
Page 98
Page 99
Prestige 310 Broadband Sharing Gateway
Chapter 8
SNMP Configuration
8.1 SNMP
SNMP (Simple Network Management Protocol) is a protocol used for exchanging management information
between network devices. SNMP is a member of TCP/IP protocol suite. Your Prestige supports SNMP agent
functionality, which allows a manager station to manage and monitor the Prestige through the network. The
Prestige supports SNMP version one (SNMPv1).
Note: Keep in mind that SNMP is only available if TCP/IP is configured on your Prestige.
The next figure illustrat es an SNMP management operation.
:
Figure 8-1 SNMP Management Model
An SNMP managed network consists of two main components: agents and manager.
SNMP Configuration 8-1
Page 100
Prestige 310 Broadband Sharing Gateway
An agent is a management software module that resides in a managed device . An agent translates the local
manageme nt informat ion from t he managed device into a form compatible with SNMP. The manager i s the
console through which network administrators perform network management functions. It executes
applications that control and monitor managed devices.
The managed devices contain object variables/managed objects that define each piece of information to be
collected about a device. Examples of variables include such as number of packets received, node port status
etc. A Management Information Ba se (MIB) is a collectio n of managed objects. SNM P allows manager and
agents to communicate for the purpose of accessing these objects.
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a
request and the agent returns responses using the following protocol operations:
Get
Allows the manager to retrieve an object variable from the agent.
GetNext
Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1,
when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed
by a series of GetNext operations.
Set
Allows the manager to set values for object variables within an agent.
Trap
Used by the agent to inform the manager of some events.
8.1.1 SNMP Configuration
To configure SNMP, select option 22. SNMP Configuration from the Main Menu to open Menu 22 - SNMP
Configuration, as shown in the figure. The “community” for Get, Set and Trap fields is simply SNMP’s
terminology for password.
Menu 22 - SNMP Configuration
SNMP:
Get Community= public
Set Community= public
Trusted Host= 0.0.0.0
Trap:
Community= public
Destination= 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Figure 8-2 Menu 22 - SNMP Configuration
8-2 SNMP Configuration
Loading...