ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H devrait contenir:
- informations sur les caractéristiques techniques du dispositif ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H
- nom du fabricant et année de fabrication ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H
- instructions d'utilisation, de réglage et d’entretien de l'équipement ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service ZyXEL Communications en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation ZyXEL Communications G.SHDSL.bis 4-port Security Gateway P-793H. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    www .zyxel.com P-793H G .SHDSL.bis 4-port Security Gateway User ’ s Guide V ersion 3.40 1/2007 Edition 2[...]

  • Page 2

    [...]

  • Page 3

    About This User's Guide P-793H User’s Guide 3 About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator . Y ou should have at leas t a basic knowledge of TCP/IP networking concepts and topology . Related Document ation • Quick Start Guide The Quick S [...]

  • Page 4

    Document Conventions P-793H User’s Guide 4 Document Conventions W arnings and Notes These are how warnings and notes are shown in this User ’ s Guide. 1 W arnings tell you about things that could harm you or your device. " Notes tell you other important informati on (for example, other things you may need to configure or helpful tip s) or [...]

  • Page 5

    Document Conventions P-793H User’s Guide 5 Icons Used in Figures Figures in this User ’ s Guide may use the followi ng generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall T ele phone Switch Router[...]

  • Page 6

    Safety Warnings P-793H User’s Guide 6 Safety Warnings 1 For your safety , be sure to read and follow all warni ng notices and instructions. • Do NOT use this product near water , for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store thin gs on the device. ?[...]

  • Page 7

    Safety Warnings P-793H User’s Guide 7 This product is recyclable . Dispose of it properly .[...]

  • Page 8

    Safety Warnings P-793H User’s Guide 8[...]

  • Page 9

    Contents Overview P-793H User’s Guide 9 Contents Overview Introduction, Wizards and T utorials ..................................................................................... 37 Getting T o K now Y our ZyXEL Device .............. ............. ................ ............. ................ ............. ... 39 Introducing the Web Configura[...]

  • Page 10

    Contents Overview P-793H User’s Guide 10 Firewall Setup ................. ............. ................ ............. ............. ................ ............. ........... ......... . 293 Filter Configuration ......... ............. ............. ................ ............. ................ ............. ............. ........ 2 95 SNMP Co[...]

  • Page 11

    Table of Contents P-793H User’s Guide 11 Table of Contents About This User's Guide ........................................................................... ............................... 3 Document Conventions.................................................................. ......................................... .4 Safety Warnings ..[...]

  • Page 12

    Table of Contents P-793H User’s Guide 12 3.1 Internet Setup Wiza rd ......... ............. ............. ............. ............. ................ ............. ........... ..... 54 3.1.1 Screen 1 ....... ............. ............. ............. ............. ................ ............. ............. ........... ..... 54 3.1.2 Screen 2 ..[...]

  • Page 13

    Table of Contents P-793H User’s Guide 13 5.5.2 Configuring More Connections Advanced Set up ............. ................ ................ .......... 84 5.6 T raffic Redirect ................... ............. ................ ............. ............. ............. ................ ... .......... 85 5.7 Dial Backup Interface ......... ........[...]

  • Page 14

    Table of Contents P-793H User’s Guide 14 Part III: Security and Advanced Setup ..................... ........................... 1 15 Chapter 8 Firewalls........................................................... ........................................................... ........... 1 17 8.1 Firewall Overview ......... ................ .........[...]

  • Page 15

    Table of Contents P-793H User’s Guide 15 9.7.2 Customized Services .................. ............. ................. ............ ............. ................ ..... 139 9.7.3 Configuring A Customized Service .... ............. ................ ............. ............. ............. . 139 9.8 Example Firewall Rule ........... ...............[...]

  • Page 16

    Table of Contents P-793H User’s Guide 16 13.2 Application-based Bandwidth Management ..... ............. ................ ................. ............ ..... 181 13.3 Subnet-based Bandwidth M anagement ........... ................. ............ ............. ................ ..... 181 13.4 Application and Subnet-ba sed Bandwidth Management .....[...]

  • Page 17

    Table of Contents P-793H User’s Guide 17 16.1.1 How do I know if I'm using U PnP? .... ............. ............. ................ ............. ............. . 205 16.1.2 NA T Traversal ... ............. ............ ................. ............. ................ ............. ................ . 20 5 16.1.3 Cautions with UPnP ...........[...]

  • Page 18

    Table of Contents P-793H User’s Guide 18 21.2 SMT Menu Items . .......... ............. ............. ................ ............. ............. ............. ............ ... .. 24 0 21.3 Navigating the SMT Int erface .............. ............. ................. ................ ............. ................ . 242 Chapter 22 General Setup..[...]

  • Page 19

    Table of Contents P-793H User’s Guide 19 Chapter 28 NA T Setup ......................... .................................................................................... ......... ........ 279 28.1 Using NA T ............ ............. ................ ............. ................ ............. ............. ................ ........ 2 79 2[...]

  • Page 20

    Table of Contents P-793H User’s Guide 20 33.1 Introduction to System S tatus ........... ................ ................. ............ ................. ............ ..... 31 3 33.2 System S tatus ... ................ ............. ................ ............. ............. ................ ............. ..... ...... 313 33.3 System Informati[...]

  • Page 21

    Table of Contents P-793H User’s Guide 21 35.1 Command Interpreter Mode ............. ............. ............. ............. ................ ............. ........... 3 37 35.1.1 Command Syntax ........... ................ ............. ................ ............. ................ ............. . 337 35.1.2 Command Usage ....... ...........[...]

  • Page 22

    Table of Contents P-793H User’s Guide 22 Appendix E IP Addresses and Subnetting ........................................................................... 389 Appendix F IP Address Assignment Co nflicts ................................................................ ...... 397 Appendix G Common Services .........................................[...]

  • Page 23

    List of Figures P-793H User’s Guide 23 List of Figures Figure 1 High-speed Internet Acce ss with Y our ZyXEL Device .................... ............. ................ ............. 39 Figure 2 Point-to-point Connections with Y our ZyXEL Device ...... ............. ................ ............. ............. ... 40 Figure 3 Point-to-2points Conn[...]

  • Page 24

    List of Figure s P-793H User’s Guide 24 Figure 39 LAN > IP > Advanc ed Setup ........ ............ ................. ............. ............ ............. ................ ....... 98 Figure 40 LAN > DHCP Setup .................. .......... ... ............. ................ ............. ............. ............. . ............ 99 F[...]

  • Page 25

    List of Figures P-793H User’s Guide 25 Figure 82 VPN > Setup ............................ ....... ... ................ ............. ............. ............. ............ ....... ........ 162 Figure 83 VPN > Setup > Edit ............... ............. ................ ............. ............. ............. ............. .. .........[...]

  • Page 26

    List of Figure s P-793H User’s Guide 26 Figure 125 Logs > View Log ........ ................. ............ ................. ............. ................ ............. .... ............. 226 Figure 126 Logs > Log Settings .. ............. ................ ............. ................. ............ ................. ...... .......... . 2[...]

  • Page 27

    List of Figures P-793H User’s Guide 27 Figure 168 Menu 15.1.1: Address Mapping Rules ....... ............. ................ ............. ................ ............. . 28 2 Figure 169 Menu 15.1.1.1: Addres s Mapping Rule ............ ............. ................ ............. ............. ........... 28 4 Figure 170 Menu 15.2: NA T Server S[...]

  • Page 28

    List of Figure s P-793H User’s Guide 28 Figure 21 1 Menu 24.5: Bac kup Configuration ....... ............. ................ ................ ................. ............ ... .. 325 Figure 212 FTP Session Example ................... ... .......... ................ ............. ............. ............. ......... ........ 325 Figure 213 System[...]

  • Page 29

    List of Figures P-793H User’s Guide 29 Figure 254 Windows XP: Internet Pr otocol (TCP/IP) Properties .. ............. ................ ............. .............. 373 Figure 255 Windows XP: Advanced TCP/IP Propert ies ............ ................ ............. ............. ................ . 374 Figure 256 Windows XP: Internet Pr otocol (TCP/I[...]

  • Page 30

    List of Figure s P-793H User’s Guide 30[...]

  • Page 31

    List of Tables P-793H User’s Guide 31 List of Tables T able 1 LEDs ........... ............. ................ ............. ............. ................ ............. ............. ..... ..................... ... 42 T able 2 Web Configurator Screens Summary ... ................ ............. ................ ................ ................ ..[...]

  • Page 32

    List of Tables P-793H User’s Guide 32 T able 39 Firewall > General ............ ............. ... ................ ............. ............. ............. ............. .. ............... 134 T able 40 Firewall > Rules .................. ................ ............. ............. ................ ............. ........... ........... ..[...]

  • Page 33

    List of Tables P-793H User’s Guide 33 T able 82 Syst em > Time Setting ........ ............. ................ ............. ................ ............. ................ .......... . 221 T able 83 Logs > View Log . ................ ................ ............. ................ ............. ................ .......... ............. . 2[...]

  • Page 34

    List of Tables P-793H User’s Guide 34 T able 125 General C ommands for GUI-based FTP Clients ........... ................ ................ ................ ..... 326 T able 126 General C ommands for GUI-based TFTP Clients ... ................ ................ ................ ........... 327 T able 127 Menu 24.9.1 - Budget Management ............[...]

  • Page 35

    List of Tables P-793H User’s Guide 35 T able 168 Syslog Logs ...................... ................ ............. ................ ............. ............. ........... ............... . 423 T able 169 RFC -2408 ISAKMP Payload T ypes ........ ................. ............. ................ ................ ............. . 42 3 T able 170 Net [...]

  • Page 36

    List of Tables P-793H User’s Guide 36[...]

  • Page 37

    37 P ART I Introduction, W izards and Tu t o r i a l s Getting T o Know Y our ZyXEL Device (39) Introducing the W eb Configurator (43) W izards (53) Point-to-(2)point Configuration (63)[...]

  • Page 38

    38[...]

  • Page 39

    P-793H User’s Guide 39 C HAPTER 1 Getting To Know Your ZyXEL Device This chapter introduces the main features and applications of your ZyXEL De vice. 1.1 Overview This ZyXEL Device is a secure G .SHDSL.bis router with a 4-port switch. Set up your ZyXEL Device for high-s peed Internet acce ss or for high-speed point-to-po int connections with othe[...]

  • Page 40

    Chapter 1 Getting To Kn ow Your ZyXEL Device P-793H User’s Guide 40 1.1.2 High-speed Point-to-point Connections Use two ZyXEL Devices to create a cost-effectiv e, high-speed connectio n for high-bandwidth applications suc h as videocon fe rencing and distance learning. Figure 2 Point-to-po int Connectio ns with Y our ZyXE L Device The ZyXEL Devic[...]

  • Page 41

    Chapter 1 Getting To Know Your ZyXEL Device P-793H User’s Guide 41 1.2 W ays to Manage the ZyXEL Device Use any of the following method s to manage the ZyXEL Device. • W eb Configurator . This is recommended fo r everyday management of the ZyXEL Device using a (s upported) w eb browser . Se e Chapter 2 on page 43 . • Command Line Interface. L[...]

  • Page 42

    Chapter 1 Getting To Kn ow Your ZyXEL Device P-793H User’s Guide 42 The following table describes the LEDs. T able 1 LEDs LED COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and functioning properly . Blinking The ZyXEL Device is rebooting or performing diagnostics. Red On Power to the ZyXEL Device is too low . Off The[...]

  • Page 43

    P-793H User’s Guide 43 C HAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy ZyXEL Device setup and management via Internet browser . Use Internet Explorer 6.0 and later or Nets[...]

  • Page 44

    Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 44 Figure 5 Login Screen 6 If you entered the use r password, the St a t u s screen appears. See Section 2.4 on page 48 . If you entered the admin password, the following screen appe ars. Figure 6 Change Password at Login It is highly recommended you change the de fault admin passwor[...]

  • Page 45

    Chapter 2 Introducing the Web Configurator P-793H User’s Guide 45 7 Select Go to Wizard setup , an d click Apply to display the wizard main screen. Select Go to Advanced setup , and click Apply to display the St a t u s screen. Sele ct Click her e to always start with the Advanced setup if you want the ZyXEL Device to skip this screen from now on[...]

  • Page 46

    Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 46 Figure 8 Web Configurator : Main Screen " Click the icon (located in the top right corner of most screens) to view embedded help. Use submenus to config ure ZyXEL Device Click the Logout icon at any time to exit the web configurator . T able 2 Web C onfigurator Screens S umma[...]

  • Page 47

    Chapter 2 Introducing the Web Configurator P-793H User’s Guide 47 LAN IP Use this screen to configure LAN TCP/IP settings and other advanced properties. DHCP Setup Use this screen to configure LAN DHCP settings. Client List Use this screen to view current DHCP client information and to always assign an IP address to a MAC address (and host name).[...]

  • Page 48

    Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 48 2.4 St atus Screen The following summarizes how to navigate the web configurator from the St a t u s screen. " Some fields or links are not available if you entered the user password in the login password screen (see Figure 5 on p age 44 ). Remote MGMT WWW Use this screen to [...]

  • Page 49

    Chapter 2 Introducing the Web Configurator P-793H User’s Guide 49 Figure 9 S tatus The following table describes the labels shown in the St a t u s screen. T able 3 Status LABEL DESCRIPTION Refresh Int erval Sele ct a number of second s or None from th e drop-down list b ox to refresh all screen statistics automa tically at the e nd of every time[...]

  • Page 50

    Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 50 2.4.1 St atus: Bandwidth S tatus This is the same screen discussed in Figure 97 on page 190 . VPI/VCI This is the Virtual Path Identifier and Vi rtual Channel Iden tifier that you e ntered in the Wizard or W AN screen . LAN Information IP Address This is the LAN port IP addre ss. [...]

  • Page 51

    Chapter 2 Introducing the Web Configurator P-793H User’s Guide 51 2.4.2 St atus: Packet St atistics Click the Packet S tatistics hyperlink in the St a t u s screen. Read-only information here includes port status and packet specific statisti cs. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) fi[...]

  • Page 52

    Chapter 2 Introducing the Web Configur ator P-793H User’s Guide 52 2.4.3 St atus: VPN St atus This is the same screen discussed in Figure 86 on page 173 . 2.5 Resetting the ZyXEL Device If you forget your password or cannot access th e web configurator , you will need to use the RESET button at the back of the ZyXEL Device to reload th e factory-[...]

  • Page 53

    P-793H User’s Guide 53 C HAPTER 3 Wizards Use these screens to configure Internet access or to configure basic bandwidth management. " See the advanced menu chapters for ba ckground information on these fields. T o access the wizards , click Go to Wizard setup in Figure 7 on page 45 , or click the wizard icon ( ) in the top right corner of t[...]

  • Page 54

    Chapter 3 Wizards P-793H User’s Guide 54 3.1 Internet Setup Wizard Use these screens to configure Internet ac cess settings. T o access this wizard, click INTERNET SETUP in the wizard main screen. 3.1.1 Screen 1 This screen lets you enter some of the ISP settings for your Internet connection. Figure 12 Internet Access Wizard Setup: ISP Parameters[...]

  • Page 55

    Chapter 3 Wizards P-793H User’s Guide 55 3.1.2 Screen 2 These screens let you enter the rest of the Inte rnet settings , which depend on the encapsu lation your Internet connection u s es (and the mode you selected, for RFC1483). This screen appears if your Internet connection uses Ethernet encapsulation. Figure 13 Internet Setup Wizard: I SP Par[...]

  • Page 56

    Chapter 3 Wizards P-793H User’s Guide 56 Figure 14 Internet Se tup Wizard: ISP Parameters (PPPoE) The following table describes the fields in this screen. This screen appears if your Internet connection uses RFC1483 encapsulation . T able 8 Internet Se tup Wizard: ISP Parameters (PPPoE) LABEL DESCRIPTION User Name Enter the user na me exactly as [...]

  • Page 57

    Chapter 3 Wizards P-793H User’s Guide 57 Figure 15 Internet Setup Wizard: IS P Parameters (RFC1483) The following table describes the fields in this screen. This screen appears if your Internet connection uses PPPoA encapsulation. Figure 16 Internet Se tup Wizard: ISP Parameters (PPPoA) T able 9 Internet Setup Wizard : ISP Parameters (RFC1483) LA[...]

  • Page 58

    Chapter 3 Wizards P-793H User’s Guide 58 The following table describes the fields in this screen. 3.1.3 Screen 3 This screen appears when you complete the Internet Se tup wizard. Figure 17 Internet Setup Wizard: Summ ary Screen 3 Use the read-only summary table to check wh ether what you h ave configured is correct. Click Finish to complete and s[...]

  • Page 59

    Chapter 3 Wizards P-793H User’s Guide 59 Launch your web brows er and navigate to www .zyxel.com . If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. Internet access is just the beginning. Refer to the rest of this guide for more detailed informa[...]

  • Page 60

    Chapter 3 Wizards P-793H User’s Guide 60 T o access this wizard, open the we b configurator (see Section 2.2 on page 43 ) and click BANDWIDTH MANAGEMENT SETUP in the wizard main screen. 3.2.1 Screen 1 Activate bandwidth management and select to a llocate bandwidth to packets ba sed on the services. Figure 18 Bandwidt h Management Wizard: General [...]

  • Page 61

    Chapter 3 Wizards P-793H User’s Guide 61 3.2.2 Screen 2 Use the second wizard screen to select the se rvices that you want to apply bandwidth management, and select the p riorities that you want to apply to the services listed. Figure 19 Bandwidt h Management Wizard: Configuration The following table describes the labels in this screen. T able 14[...]

  • Page 62

    Chapter 3 Wizards P-793H User’s Guide 62 3.2.3 Screen 3 Follow the on-screen in structions and click Finish to complete the wizard setup and save your configuration. Figure 20 Bandwid th Management Wizard: Complete[...]

  • Page 63

    P-793H User’s Guide 63 C HAPTER 4 Point-to-(2)point Configuration This chapter introduces point-to -poi nt and point-to-2point connections. 4.1 Point-to-point Connection Overview Y ou can set up point-to-point connection be tween two ZyXEL Devices. These connections offer a cost-ef fective, high-s peed connection for high-bandwidth ap plications [...]

  • Page 64

    Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 64 T o establish a point-to-p oint connection, on e of the ZyXEL Devices becomes the server (instead of the ISP). The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL op erational mode. Otherwise, there is no difference between the se[...]

  • Page 65

    Chapter 4 Point-to-(2) point Configuration P-793H User’s Guide 65 3 Set the VPI , VCI , Multiplexing , and Encapsulation to the same values you set in the server . 4 Scroll down to the Service T ype section. See Figure 22 on page 64 abov e. 5 In the Service Mode field, select the same type of connec tion you selected for the server . 6 In the Ser[...]

  • Page 66

    Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 66 In a point-to-2points connectio n, the ZyXEL Device wh ich has a physical connection to both client devices becomes the server . The server controls some of the attributes of the DSL connection, such as the transfer rate and the DSL operational mode. 4.4 Point-to-2point Connection [...]

  • Page 67

    Chapter 4 Point-to-(2) point Configuration P-793H User’s Guide 67 4.4.2 Set up the Clients 1 Log in to one of th e ZyXEL Devices that will be the client. (See Chapter 2 on page 43 .) 2 Click Network > W AN > Internet Connection . 3 Set the VPI , VCI , Multiplexing , and Encapsulation to the same values you set in the server . 4 Scroll down [...]

  • Page 68

    Chapter 4 Point- to-(2)point Configuration P-793H User’s Guide 68[...]

  • Page 69

    69 P ART II Network Setup WA N S e t u p ( 7 1 ) LAN Setup (93) Network Address T ranslation (NA T) Screens (103)[...]

  • Page 70

    70[...]

  • Page 71

    P-793H User’s Guide 71 C HAPTER 5 WAN Setup This chapter describes how to configure W AN settings. 5.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or t he Internet. 5.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP . The ZyXEL Device supports the following methods. 5.1.1.[...]

  • Page 72

    Chapter 5 WAN Setup P-793H User’s Guide 72 5.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over A TM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial -up Internet connection. The ZyXEL Device encapsulates the PPP session based on RF C1483 and sends it through an A TM PVC (Permanent V irtual Circuit) to the Internet Se rv[...]

  • Page 73

    Chapter 5 WAN Setup P-793H User’s Guide 73 5.1.4.1 IP Assignment with PPPoA or PPPoE Encap sulation If you have a dynamic IP , the n the IP Address and ENET ENCAP Gateway fields are not applicable (N/A). If you have a static IP , then you only need to fill i n the IP Address field and not the ENET ENCAP Gateway field. 5.1.4.2 IP Assignment with R[...]

  • Page 74

    Chapter 5 WAN Setup P-793H User’s Guide 74 For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal rout e fails to connect to the Intern et, the ZyXEL Devic[...]

  • Page 75

    Chapter 5 WAN Setup P-793H User’s Guide 75 5.3.1 A TM T raffic Classes These are the basic A TM traffic classes define d by the A TM Forum T raffic Management 4.0 Specification. 5.3.1.1 Const ant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is genera lly time-s[...]

  • Page 76

    Chapter 5 WAN Setup P-793H User’s Guide 76 Figure 26 W AN > Internet Connection The following table describes the labels in this screen. T able 15 WAN > Internet Connection LABEL DESCRIPTION General Name Enter the name of your Internet Se rvice Pro vider , for example “MyISP”. This information is for descr iptive purposes only . Mode Se[...]

  • Page 77

    Chapter 5 WAN Setup P-793H User’s Guide 77 Password (PPPoA and PPPoE only ) Enter the p assword associ ated with the user name above. Service Name (PPPoE only) T ype the name of your PPPoE service here. Multiplexing Select the method of multip lexing used by your ISP from the drop-down list. Choices ar e VC or LL C . Virtual Circuit ID VPI (Virtu[...]

  • Page 78

    Chapter 5 WAN Setup P-793H User’s Guide 78 5.4.1 2Wire-2Line Service Mode The Service Mode section of the Internet Connection screen allows you to set up two DSL connections when you select 2wire-2line mode. This allows you to create a point-to-2points configuration. See Section 5.4.1 on page 78 for more background information about this mode. Fi[...]

  • Page 79

    Chapter 5 WAN Setup P-793H User’s Guide 79 The following table describes the labels in this screen. 5.4.2 Configuring Advance d Internet Connection Use this screen to edit your ZyXEL Device's ad vanc ed settings for more connections. Clic k the Advanced Setup button in the Internet Connection screen. The screen appears as shown. Figure 28 W [...]

  • Page 80

    Chapter 5 WAN Setup P-793H User’s Guide 80 The following table describes the labels in this screen. T able 17 WAN > Internet Connection > Advanced Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other ro uters. The [...]

  • Page 81

    Chapter 5 WAN Setup P-793H User’s Guide 81 5.5 Configuring More Connections This section describes the protocol-independent parameters for a remote network. They are required for placing calls to a remote gate way and the network behind it across a W AN connection. When you use the W AN > Internet Connection screen to set up Internet access, y[...]

  • Page 82

    Chapter 5 WAN Setup P-793H User’s Guide 82 Figure 30 W AN > More Connections > Edit The following table describes the labels in this screen. T able 19 W AN > More Connectio ns > Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descri ptive[...]

  • Page 83

    Chapter 5 WAN Setup P-793H User’s Guide 83 Multiplexing Select the method of multip lexing used by your ISP from the drop-down list. Choices ar e VC or LL C . By prior agreement, a protocol is assigned a specifi c virtual circuit, for exampl e, VC1 will carry IP . If you select VC, spec ify separate VPI and VCI numbers for each protocol. For LLC-[...]

  • Page 84

    Chapter 5 WAN Setup P-793H User’s Guide 84 5.5.2 Configuring More Connections Advanced Setup Use this screen to edit your ZyXEL Devi ce's advanced W AN settings. Click the Advanced Setup button in the More Connections Edit screen. The screen appears as shown. Figure 31 W AN > More Connections > Advanced Setup The following table descri[...]

  • Page 85

    Chapter 5 WAN Setup P-793H User’s Guide 85 5.6 T raffic Redirect T raffic redirect forwards traf fic to a backup gate way when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below . Figure 32 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues when the bac[...]

  • Page 86

    Chapter 5 WAN Setup P-793H User’s Guide 86 Figure 33 T raffic Redirect LAN Setup 5.7 Dial Backup Interface The Dial Backu p port can be used in reserve, as a traditional dial-up connection should the broadband connectio n to the W AN port fa il. T o set up the auxiliary port ( Dial Backup ) for use in the event that the regu lar W AN connection i[...]

  • Page 87

    Chapter 5 WAN Setup P-793H User’s Guide 87 Figure 34 WA N > WAN B a c k up S e t u p The following table describes the labels in this screen. T able 21 W AN > WAN Backup Setup LABEL DESCRIPTION Backup T ype Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connect[...]

  • Page 88

    Chapter 5 WAN Setup P-793H User’s Guide 88 T imeout T ype the number of seconds (3 recomm ended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check W AN IP Address field before timing out the request. The W AN connectio n is considered "down" after the ZyXEL Device times out the numbe r of times [...]

  • Page 89

    Chapter 5 WAN Setup P-793H User’s Guide 89 5.8.1 Advanced Backup Setup Use this screen to change your ZyXEL Devi ce’ s advanced dial backup settings. Click WA N > W AN Backup Setup > Advanced Setup . The screen appears as shown. Figure 35 W AN > W AN Backup Setup > Advanced Setu p The following table describes the labels in this scr[...]

  • Page 90

    Chapter 5 WAN Setup P-793H User’s Guide 90 Advanced Modem Setup Click Edit to change the advanced setting s for the modem. TCP/IP Options Metric This field sets this route's priority among the routes the ZyXEL Device uses. The metric represents the "cost of transmissio n". A router determines the b est route for transmission by cho[...]

  • Page 91

    Chapter 5 WAN Setup P-793H User’s Guide 91 5.8.2 Advanced Modem Setting s for Dial Backup Use this screen to change your Zy XEL Device’ s modem settings for dial back up. Click WA N > W AN Backup Setup > Advanced Setup > Edit . The screen appears as shown. Figure 36 W AN > WAN Backup Setup > Adva nced Setup > Edit The followin[...]

  • Page 92

    Chapter 5 WAN Setup P-793H User’s Guide 92 CLID Enter the keyword that precedes the CLID (Calling Line Identification) in the A T response string. This lets the ZyXEL Device capture the CLID in the A T response string that comes from the W AN device. CL ID is required for CLID authentication. Called ID Enter th e keyword preceding the dialed numb[...]

  • Page 93

    P-793H User’s Guide 93 C HAPTER 6 LAN Setup This chapter describes how to configure LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a building. The LAN screen s can hel[...]

  • Page 94

    Chapter 6 LAN Setup P-793H User’s Guide 94 6.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server . Y ou can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server , the ZyXEL Device provides the TCP/IP c[...]

  • Page 95

    Chapter 6 LAN Setup P-793H User’s Guide 95 • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the DHCP Setup screen. • The ZyXEL Device acts as a DNS proxy when the Primary and Secondary DNS Server fiel[...]

  • Page 96

    Chapter 6 LAN Setup P-793H User’s Guide 96 6.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems. However , the Internet Assigned Numbers Authority ([...]

  • Page 97

    Chapter 6 LAN Setup P-793H User’s Guide 97 6.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1. IGMP (Internet Group Multicast Pro[...]

  • Page 98

    Chapter 6 LAN Setup P-793H User’s Guide 98 6.3.1 Configuring Advanced LAN Setup Use this screen to edit your ZyXEL Devi ce's advanced LAN settings. Click the Advanced Setup button in the LAN IP screen. The screen a ppears as shown. Figure 39 LAN > IP > Advanced Setup The following table describes the labels in this screen. T able 25 LA[...]

  • Page 99

    Chapter 6 LAN Setup P-793H User’s Guide 99 6.4 DHCP Setup Use this screen to configure th e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 40 LAN > DHCP Setup The following table describes the labels in this screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring[...]

  • Page 100

    Chapter 6 LAN Setup P-793H User’s Guide 100 6.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of hexadec imal charact[...]

  • Page 101

    Chapter 6 LAN Setup P-793H User’s Guide 101 6.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyXEL Device s upports three logical LA N interfaces via its single physical Ethernet interface with th e ZyXEL Device itself as the gateway for each LAN network. [...]

  • Page 102

    Chapter 6 LAN Setup P-793H User’s Guide 102 Figure 43 LAN > IP Alias The following table describes the labels in this screen. T able 28 LAN > IP Alias LABEL DESCRIPTION IP Alias 1, 2 S elect the check box to confi gure another LAN network for the Z yXEL Device. IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation.[...]

  • Page 103

    P-793H User’s Guide 103 C HAPTER 7 Network Address Translation (NAT) Screens This chapter discusses how to configure NA T on the ZyXEL Device. 7.1 NA T Overview NA T (Network Address T ranslation, RFC 1631) is th e translation of the IP address of a host in a packet, for example, the source address of an outgoing pac ket, used w ithin one network[...]

  • Page 104

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 104 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the response comes back, NA T tra[...]

  • Page 105

    Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 105 Figure 45 NA T Application With IP Alias 7.1.5 NA T Mapp ing T yp es NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyXEL Devi ce maps one local IP address to one global IP address. • Many to One : In Many-to-One mode, t[...]

  • Page 106

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 106 The following table summarizes these types. 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server . The ZyXEL Device also supports Full Feature NA T [...]

  • Page 107

    Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 107 The following table describes the labels in this screen. 7.4 Port Forwarding A port forwarding set is a list of inside (behind NA T on the LAN) servers, for example, web or FTP , that you can make visible to the outside world even thoug h NA T makes your whole inside net[...]

  • Page 108

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 108 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup. 7.4.2 Port Forwarding: Se rvices and Port Numbers Use the Port Forwarding screen to forward[...]

  • Page 109

    Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 109 " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote management setup. Click Network > NA T > Port Forwarding to open the following screen. See Appendix G on[...]

  • Page 110

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 0 7.5.1 Port Forwarding Rule Edit Use this screen to edit a port forwarding rule. Cl ick the rule’ s edit icon in the Port Forwarding screen to display the screen show n next. Figure 49 NA T > Port Forwarding > Edit The following table describes th e fields in th[...]

  • Page 111

    Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 111 7.6 Address Mapping " The Address Mapping screen is available only when you select Full Feature in the NA T > General screen. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify . When a rule matches the cu r[...]

  • Page 112

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 2 7.6.1 Address Mapping Rule Edit Use this screen to edit an address mapping rule. Click the rule’ s edit icon in the Addr e ss Mapping screen to display the screen shown next. Figure 51 NA T > Ad dress Mappin g > Edit The following table describes th e fields in[...]

  • Page 113

    Chapter 7 Network Address Translation (NAT ) Screens P-793H User’s Guide 11 3 Local End IP This is the end local IP address (ILA). If your rule is for all local IP addresses, then enter 0.0.0.0 as the Local S tart IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-One a nd Server mapping types. Global S tart [...]

  • Page 114

    Chapter 7 Network Add ress Translat ion (NAT) Screens P-793H User’s Guide 11 4[...]

  • Page 115

    11 5 P ART III Security and Advanced Setup Firewalls (1 17) Firewall Configuration (129) Content Filtering (149) IPSec VPN (153) S tatic Route (177) Bandwidth Management (1 81) Dynamic DNS Setup (191) Remote Management Configurat ion (195) Universal Plug-and-P lay (UPnP) (205)[...]

  • Page 116

    11 6[...]

  • Page 117

    P-793H User’s Guide 11 7 C HAPTER 8 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 8.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designe d to prevent the spread of fire from one room to another . The ne tworking term “firewall” is [...]

  • Page 118

    Chapter 8 Firewalls P-793H User’s Guide 11 8 8.2.2 Applicatio n-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP , FTP and telnet, they can evaluate network packets for valid ap plication-sp ecific data. Applicati[...]

  • Page 119

    Chapter 8 Firewalls P-793H User’s Guide 11 9 8.3.1 Denial of Service Att acks Figure 52 ZyXEL Device Firewall Application 8.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet. Their goal is not to st eal in formation, but to disable a device or ne twork so users no longer have[...]

  • Page 120

    Chapter 8 Firewalls P-793H User’s Guide 120 4 IP Spoofing. 5 " Ping of Death " and " T eardr op " attacks exploit bugs in th e TCP/IP implementations of various computer and host systems. • Ping of Death uses a "ping" utility to creat e an IP packet that exceeds the maximum 65,536 bytes of data allowed by the IP sp[...]

  • Page 121

    Chapter 8 Firewalls P-793H User’s Guide 121 Figure 54 SYN Flood •I n a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of the targeted system . This makes it appear as if the host computer sent the packets to itself, making the sy stem unavaila ble while the target system tries to respond to itself. 7 A[...]

  • Page 122

    Chapter 8 Firewalls P-793H User’s Guide 122 8.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that works in concert with IP . The following ICMP types trigger an alert: 8.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal. All SMTP commands are illegal except for tho[...]

  • Page 123

    Chapter 8 Firewalls P-793H User’s Guide 123 are allowed in. The ZyXEL Device uses stateful packet inspection to protect the private LAN from hackers and vandals on the Internet. By de fault, the ZyXEL Device’ s stateful inspection allows all communications to the Internet that or iginate from the LAN, and blocks all traffic to the LAN that orig[...]

  • Page 124

    Chapter 8 Firewalls P-793H User’s Guide 124 6 Later , an inbound packet reac hes the interface . This packet is part of the connection previously established with the outbound packet. The inbound packet is ev aluated against the inbound access list, and is permitted because of the temporary access list entry previously crea ted. 7 The packe t is [...]

  • Page 125

    Chapter 8 Firewalls P-793H User’s Guide 125 If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the In ternet. Assuming that this is an acceptable part of the security policy (as is the case w ith the default policy), the connection will be allowed. A cache entry is added which inc[...]

  • Page 126

    Chapter 8 Firewalls P-793H User’s Guide 126 8.6 Guidelines for Enhancing Security with Y our Firewall • Change the default pa ssword. • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use. An y enabled service could present a potential security risk. A determined hacke[...]

  • Page 127

    Chapter 8 Firewalls P-793H User’s Guide 127 • Always shred confidential inform ation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or indivi duals for information that might help them in an attack. 8.7 Packet Filtering vs. Firewall Below are some comparisons be tween the ZyXEL Devi[...]

  • Page 128

    Chapter 8 Firewalls P-793H User’s Guide 128 • T o selectively bloc k/allow inbound or outbou nd traffic between inside host/networks and outside host/networks. Remember that filters can not distinguish traf fic originating from an inside host or an ou tside host by IP address. • The firewall performs better than filtering if you need to check[...]

  • Page 129

    P-793H User’s Guide 129 C HAPTER 9 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 9.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer . For this rea son, it is recommended that you co nfigure your firewall usi[...]

  • Page 130

    Chapter 9 Firewall Configuration P-793H User’s Guide 130 " If you configure firewall rules without a good underst anding of how they work, you might inadvertently introduce securi ty risks to the fire wall and to the protected network. Make su re you test your rules after you configure them. For example, you may create rules to: • Block ce[...]

  • Page 131

    Chapter 9 Firewall Configuration P-793H User’s Guide 131 3 Is it possible to modify the rule to be more specific? For ex ample, if IRC is blocked for all users, will a rule that blocks just certain users be more effective? 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP[...]

  • Page 132

    Chapter 9 Firewall Configuration P-793H User’s Guide 132 9.4.1 LAN to W AN Rules The default rule for LAN to W AN traffic is that all users on the LAN are allowed non- restricted access to the W AN. When you config ure a LAN to W AN rule, you in essenc e want to limit some or all users from accessing cer tain services on the W AN. W AN to LAN Rul[...]

  • Page 133

    Chapter 9 Firewall Configuration P-793H User’s Guide 133 Figure 58 “T ria ngle Route” Prob lem 9.5.2 Solving the “T ri angle Route” Problem Y ou can have the ZyXEL Device allow triangle route sessions. However this can allow traffic from the W AN to go directly to a LAN computer without p assing through the ZyXEL Device and its firewall p[...]

  • Page 134

    Chapter 9 Firewall Configuration P-793H User’s Guide 134 Figure 60 Firewall > Gene ral The following table describes the labels in this screen. T able 39 Firewall > General LABEL DESCRIPTION Active Firewall S elect th is check box to activate the firewa ll. The ZyXEL Device performs access control and protects against Denial of Service (DoS[...]

  • Page 135

    Chapter 9 Firewall Configuration P-793H User’s Guide 135 9.7 Firewall Rules Summary " The ordering of your rules is very important as rules are applied in turn. Refer to Section 8.1 on page 1 17 for more information. Click Security > Firewall > Rules to bring up the following scre en. This scree n displays a list of the configured fire[...]

  • Page 136

    Chapter 9 Firewall Configuration P-793H User’s Guide 136 9.7.1 Configuring Firewa ll Rules Refer to Section 8.1 on page 1 17 for more information. Use this screen to create or edit a firewall rule. In the Rules sc reen, select an index number and click Add or click a rule’ s Edit icon to display this screen and refer to the following table for [...]

  • Page 137

    Chapter 9 Firewall Configuration P-793H User’s Guide 137 Figure 62 Firewall > Rules > Add/Edit The following table describes the labels in this screen. T able 41 Firewall > Rules > Add/Edit LABEL DESCRIPTION Edit Rule # Activ e Select this option to enable th is firewall rule. Action for Matched Packet Use the drop-down list box to se[...]

  • Page 138

    Chapter 9 Firewall Configuration P-793H User’s Guide 138 Source/Destination Address Address T ype Do you want your rule to apply to packets with a p articu lar (single) IP , a range of IP addresses (for example 192.168.1.10 to 192.169.1.50 ), a subnet or any IP address? Select an option from the d rop-down list box that incl udes: Single Address [...]

  • Page 139

    Chapter 9 Firewall Configuration P-793H User’s Guide 139 9.7.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) web site. For further inform ation on these services, please read Appendix[...]

  • Page 140

    Chapter 9 Firewall Configuration P-793H User’s Guide 140 Figure 64 Firewall > Rules > Add/Edit > Ed it Customized Services > Edit The following table describes the labels in this screen. 9.8 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “MyService” connection from the Internet. 1 Click [...]

  • Page 141

    Chapter 9 Firewall Configuration P-793H User’s Guide 141 Figure 65 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule b ecomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule config[...]

  • Page 142

    Chapter 9 Firewall Configuration P-793H User’s Guide 142 Figure 67 Firewall Example: Edit Ru le: Des tination Addres s 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. " Custom services show up with an “*” before their names i[...]

  • Page 143

    Chapter 9 Firewall Configuration P-793H User’s Guide 143 Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the W AN to IP addresses 10.0.0.10 through 10.0.0.15 [...]

  • Page 144

    Chapter 9 Firewall Configuration P-793H User’s Guide 144 Figure 69 Firewall Example: Rules: MyService 9.9 Anti-Probing If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists. The ZyXEL Device supports anti- pr[...]

  • Page 145

    Chapter 9 Firewall Configuration P-793H User’s Guide 145 The following table describes the labels in this screen. 9.10 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established. These thresholds ap ply globally to all sessions. Y ou can use the default threshold value[...]

  • Page 146

    Chapter 9 Firewall Configuration P-793H User’s Guide 146 9.10.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service a ttack is occurring. For TCP , "half- open" means that the session has not reached the establis hed state-t[...]

  • Page 147

    Chapter 9 Firewall Configuration P-793H User’s Guide 147 Figure 71 Firewall > Thre shold The following table describes the labels in this screen. T able 45 Firewall > Threshold LABEL DESCRIPTION Denial of Service Thresholds One Minute Low T ype the rate of ne w half-open sessions that causes the firewa ll to stop dele ting half-open session[...]

  • Page 148

    Chapter 9 Firewall Configuration P-793H User’s Guide 148 Action taken when TCP Maximum Incomplete reached threshold Delete the Oldest Half Open Session when New Connection Request Comes. Select this to clear the oldest half-open sessi on when a new connectio n request comes . Deny New Connection Request for Select this, and specify for how long t[...]

  • Page 149

    P-793H User’s Guide 149 C HAPTER 10 Content Filtering This chapter covers how to configure content filtering. 10.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web sites that contain key words (that you spec[...]

  • Page 150

    Chapter 10 Content Filtering P-793H User’s Guide 150 The following table describes the labels in this screen. 10.3 Configuring the Schedule Use this screen to set the days and times for the ZyXEL Device to pe rform content filtering. Click Security > Content Filter > Schedule . The screen appears as shown. Figure 73 Content Filter > Sche[...]

  • Page 151

    Chapter 10 Con tent Filter ing P-793H User’s Guide 151 The following table describes the labels in this screen. 10.4 Configuring T rusted Computers Use this screen to exclude a range of users on the LAN from content f iltering on your ZyXEL Device. Click Security > Content Filter > Tr u s t e d . The sc reen appears as shown. Figure 74 Cont[...]

  • Page 152

    Chapter 10 Content Filtering P-793H User’s Guide 152[...]

  • Page 153

    P-793H User’s Guide 153 C HAPTER 11 IPSec VPN This chapter explains how to set up and maintain IPSec VPNs in the ZyXEL Device. 1 1.1 IPSec VPN Overview A virtual private network (VPN) provides secu re communications between sites without the expense of leased site-to-site lines. A secure VP N is a combination of tunneling, encryption, authenticat[...]

  • Page 154

    Chapter 11 IPSec VPN P-793H User’s Guide 154 Figure 76 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B . Inside networks A and B , the data is transmitte d the same way data is normally transmitted in the networks. Between routers X an d Y , the data is protected by the tunneling, [...]

  • Page 155

    Chapter 11 IPSec VPN P-793H User’s Guide 155 1 1.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, au thentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device a nd remote IPSec router use in the IKE SA. In main mode, this is done i n steps 1 and 2, as illustrated below . Figure 77 IKE S[...]

  • Page 156

    Chapter 11 IPSec VPN P-793H User’s Guide 156 1 1.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other ’ s identity . This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Dev ice and remote I PSec router authenticate each other in steps 5 and 6[...]

  • Page 157

    Chapter 11 IPSec VPN P-793H User’s Guide 157 In the following example, the authentication fails, so they cannot establish an IKE SA. It is also possible to config ure the ZyXEL Device to ignore the identity of the remote IPSec router . In this case, you usually set the pee r ID type to Any . This is not as secure as other peer ID types, however .[...]

  • Page 158

    Chapter 11 IPSec VPN P-793H User’s Guide 158 Aggressive mode does not provid e as much security as main mo de because the identity of the ZyXEL Device and the identity of the remote IPSec router ar e not encrypted. It is usually used when the address of the initiator is not known by the responder and both parties want to use pre-shared ke ys for [...]

  • Page 159

    Chapter 11 IPSec VPN P-793H User’s Guide 159 " An IPSec SA stays connecte d even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA. 1 1.1.3.1 Local Network and Remote Network In IPSec SA terminology , the local network, th e one(s) connected to the ZyXEL Device, may be called the local [...]

  • Page 160

    Chapter 11 IPSec VPN P-793H User’s Guide 160 • Inside header: The inside IP header contains the IP address of the computers behind the ZyXEL Device or remote IPSec router . In transport mode, the IP header is the origin al IP header , and the encapsulation depends on the active prot ocol. If the active protocol is AH, the ZyXEL Device includes [...]

  • Page 161

    Chapter 11 IPSec VPN P-793H User’s Guide 161 In IPSec SAs using manual keys, the ZyXEL Devi ce and remote IPSec router do not establish an IKE SA. They only establish an IPSec SA. As a result, an IPSec SA using manual keys has some characteristics of IKE SAs and some charac teristics of IPSec SAs. There are also some differences between IPSec SAs[...]

  • Page 162

    Chapter 11 IPSec VPN P-793H User’s Guide 162 Figure 82 VPN > Setup The following table describes the fields in this screen. T able 51 VPN > Setup LABEL DESCRIPTION No. This is the VPN policy index number . Click a number to edit VPN policies. Activ e This field displays whether the VPN policy is acti ve or not. A Ye s signifies that this VP[...]

  • Page 163

    Chapter 11 IPSec VPN P-793H User’s Guide 163 1 1.3 Editing VPN Policies See Section 1 1.1 on page 153 for backgrou nd info rmation. Us e this screen to edit VPN policies. Click an Edit icon in the VPN Setup Screen . Figure 83 VPN > Setup > Edit Modify Click the Ed it icon to go to the screen whe re you can edit the VPN configuration. Click [...]

  • Page 164

    Chapter 11 IPSec VPN P-793H User’s Guide 164 The following table describes the fields in this screen. T able 52 VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy . This opti on determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Ye s [...]

  • Page 165

    Chapter 11 IPSec VPN P-793H User’s Guide 165 End / Subnet Mask When the Local Address T ype field is configured to Single , this field is N/A. When the Local Address T ype field is configured to Range , enter the end (static) IP address, in a range of computers on the LAN behind your ZyXEL Device. When the Lo cal Address T ype field is configured[...]

  • Page 166

    Chapter 11 IPSec VPN P-793H User’s Guide 166 My IP Addr ess Enter the W AN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this fi eld is configured as 0.0.0.0 : The ZyXEL Device uses the current ZyXE L Device WAN IP addres s (static or dynamic) to set up the VPN tunnel. If th[...]

  • Page 167

    Chapter 11 IPSec VPN P-793H User’s Guide 167 1 1.4 Configuring Advanced IKE Settings See Section 1 1.1 on page 153 for backgrou nd info rmation. Us e this screen to configure advanced settings for the VPN tunnel. Click Advanced in the Editing VPN Polic ies screen to open this screen. Figure 84 VPN > Setup > Edit > Advanced Encryption Alg[...]

  • Page 168

    Chapter 11 IPSec VPN P-793H User’s Guide 168 The following table describes the fields in this screen. T able 53 VPN > Setup > Edit > Advanced LABEL DESCRIPTION VPN - IKE - Advanced Setup Protoc ol Ente r the IP protocol number whose traffic is allowed to use the VPN tunnel. Enter 0 to allow all IP protocols to u se the VPN tunnel. See Ap[...]

  • Page 169

    Chapter 11 IPSec VPN P-793H User’s Guide 169 1 1.5 Configuring Manual Key Y ou only configure VPN Man ual Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Key Group Y ou must choose a DH key group for the IKE SA. The longer the key group, the stronger the encryption, bu[...]

  • Page 170

    Chapter 11 IPSec VPN P-793H User’s Guide 170 Figure 85 VPN > Setup > Edit > Manual The following table describes the fields in this screen. T able 54 VPN > Setup > Edit > Manual LABEL DESCRIPTION IPSec Setup Activ e Select this check box to activate this VPN policy . Name T ype up to 32 characters to identify this VPN policy . Y[...]

  • Page 171

    Chapter 11 IPSec VPN P-793H User’s Guide 171 Local Local IP addresses must b e static and corresp ond to the remote IPSec router's configured remote IP addresses. T wo active SAs cannot have the local and remote IP address(es) both the same. T wo active SAs can have the same lo cal or remote IP ad dress, but not both. Y ou can configure mult[...]

  • Page 172

    Chapter 11 IPSec VPN P-793H User’s Guide 172 1 1.6 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monito r screen as shown. Use this scree n to display and ma nage active VPN conn ections. When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or in[...]

  • Page 173

    Chapter 11 IPSec VPN P-793H User’s Guide 173 Figure 86 VPN > Monitor The following table describes the fields in this screen. 1 1.7 Configuring Global Setting Use this screen to change your Zy XEL Device’ s global settings. Click VPN and then VPN Global Setting . The screen appears as shown. Figure 87 VPN > VPN Global Setting T able 55 VP[...]

  • Page 174

    Chapter 11 IPSec VPN P-793H User’s Guide 174 The following table describes the fields in this screen. 1 1.8 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL D e vice at head quarters. The te lecommuters use IPSec routers with dynamic W AN IP addresses. The ZyXEL Dev[...]

  • Page 175

    Chapter 11 IPSec VPN P-793H User’s Guide 175 1 1.8.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this). W ith aggressive negotiation mode (see Section 1 1.1.2.1 on page 157 )[...]

  • Page 176

    Chapter 11 IPSec VPN P-793H User’s Guide 176 1 1.9 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you should configure remote management ( Remote Management ) to allow access for that service. T able 58 T elecommuters Using Uniq ue VPN Rules Example T ELECOMMUTERS HEADQUARTER S All T e lecommuter Rules: All Headquarters [...]

  • Page 177

    P-793H User’s Guide 177 C HAPTER 12 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 12.1 S tatic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the ne tworks beyond. For insta nce, the ZyXEL Device knows about ne two[...]

  • Page 178

    Chapter 12 Static Rou te P-793H User’s Guide 178 Figure 91 S tatic Route > S tatic Route The following table describes the labels in this screen. 12.2.1 S tatic Route Edit Select a static route index numb er and click Edit . The screen shown next appears. Use this screen to configure the required information for a static route. T able 59 Stati[...]

  • Page 179

    Chapter 12 Static Route P-793H User’s Guide 179 Figure 92 S tatic Route > S tatic Route > Edit The following table describes the labels in this screen. T able 60 Static Route > Static Route > Edit LABEL DESCRIPTION Activ e This field allows you to activa te/deactivate this static route. Route Name Enter the name of the IP static ro ut[...]

  • Page 180

    Chapter 12 Static Rou te P-793H User’s Guide 180[...]

  • Page 181

    P-793H User’s Guide 181 C HAPTER 13 Bandwidth Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth managem ent logs. 13.1 Bandwid th Management Overview ZyXEL ’ s Bandwidth Management allows you to specify bandwidth management rules based on an applicatio[...]

  • Page 182

    Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 182 Figure 93 Subnet-based Bandwid th Management Example 13.4 Application and Subnet-based Bandwid th Management Y ou could also create bandwidth clas ses based on a combination of a subnet and an application. The following exam ple table shows bandwidth alloca tions for application specific t[...]

  • Page 183

    Chapter 13 Bandwidth Management P-793H User’s Guide 183 13.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth. 13.6 Maximize Bandwid th Usage The maximize bandwid th usage option[...]

  • Page 184

    Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 184 The ZyXEL Device divides up the unb udgeted 2048 kbps among the class es that require more bandwidth. If the administratio n department only uses 1024 kbps of the budg eted 2048 kbps, the ZyXEL Device also divides the remaining 10 24 kbps among the classes that re quire more bandwidth. The[...]

  • Page 185

    Chapter 13 Bandwidth Management P-793H User’s Guide 185 13.6.3 Over Allotment of Bandw id th Y ou can set the bandwidth management speed fo r an interface higher than the interface’ s actual transmission speed. Higher priority traf fi c gets to use up to its allocated bandwidth, even if it takes up all of the interface’ s ava ilable bandwidth[...]

  • Page 186

    Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 186 Figure 94 Bandwid th MGMT > Summary The following table describes the labels in this screen. T able 67 Bandwidth MGMT > Summary LABEL DESCRIPTION Interface These read-only l abels represent the physica l interfaces. Sele ct an interface’s check box to enable bandwidth management on[...]

  • Page 187

    Chapter 13 Bandwidth Management P-793H User’s Guide 187 13.8 Bandwid th Management Rule Setup See Section 13.1 on page 181 for background information. Y ou must use the Band width Management Summary screen to enable bandwidth ma nagement on an interface before you can configure rules for that interface. Click Advanced > Bandwidth MGMT > Rul[...]

  • Page 188

    Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 188 13.8.1 Rule Configuration See Section 13.1 on page 181 for background information. Use this screen to configure a bandwidth management rule. Use bandwidth ru le s to allocate spec ific amounts of bandwidth capacity (bandwidth budgets) to specific appli cations and/or subnets. T o open this[...]

  • Page 189

    Chapter 13 Bandwidth Management P-793H User’s Guide 189 13.9 Bandwid th Monitor See Section 13 .1 on page 181 for background information. Us e this screen to view the ZyXEL Device’ s bandwidth usage and allotments. Click Advanced > Bandwidth MGMT > Monitor . The screen appears as shown. Servi ce This field simp lifies bandwidth class conf[...]

  • Page 190

    Chapter 13 Bandwid th Manageme nt P-793H User’s Guide 190 Select an interface from the drop-down li st box to view the bandwidth usage of its bandwidth rules. Figure 97 Bandwid th MGMT > Monitor[...]

  • Page 191

    P-793H User’s Guide 191 C HAPTER 14 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 14.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.). Y ou can also access[...]

  • Page 192

    Chapter 14 Dy namic DNS Se tup P-793H User’s Guide 192 Figure 98 Dynamic DNS > Dynamic DNS The following table describes th e fields in this screen. T able 70 Dynamic DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dy namic DNS. Service Prov ider This is the name of your Dynamic DNS serv[...]

  • Page 193

    Chapter 14 Dynamic DNS Setup P-793H User’s Guide 193 Use specified IP Address T ype the IP address of the host name(s). Use this if you have a static IP add ress. Apply Click Apply to save your change s back to the ZyXEL Device. Cancel Click Cancel to b egin configuring this screen afre sh. T able 70 Dynamic DNS > Dynamic DNS (continued) LABEL[...]

  • Page 194

    Chapter 14 Dy namic DNS Se tup P-793H User’s Guide 194[...]

  • Page 195

    P-793H User’s Guide 195 C HAPTER 15 Remote Management Configuration This chapter provides information on config uring remote management. 15.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyXEL Device interface (if any) from which computers. " When you configure remote managem[...]

  • Page 196

    Chapter 15 Remote Management Configuration P-793H User’s Guide 196 15.1.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, [...]

  • Page 197

    Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 197 15.3 T elnet Y ou can configure your ZyXEL Device for remote T elnet access as show n next. The administrator uses T elnet from a computer on a remote netw ork to access the ZyXEL Device. Figure 100 T elnet Configuration on a TCP/IP Network 15.4 Configuring T elnet See Section 15[...]

  • Page 198

    Chapter 15 Remote Management Configuration P-793H User’s Guide 198 The following table describes the labels in this screen. 15.5 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmw are and configuration files using FTP , please see the chapter on firmware and configuration file maintenance for details. T o use this feature, [...]

  • Page 199

    Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 199 15.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol used for ex changing management information b e tween network devices. SNMP is a member of the TCP/IP protocol suite. Y our ZyXEL Device support s SNMP agent functiona lity , which allows a manager station to man[...]

  • Page 200

    Chapter 15 Remote Management Configuration P-793H User’s Guide 200 The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of variab les include such as number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of m[...]

  • Page 201

    Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 201 15.6.3 Configuring SNMP See Section 15.1 on page 195 for background information. Us e this screen to change your ZyXEL Device’ s SNMP settings. Click Advanced > Remote MGMT > SNMP . The screen appears as shown. Figure 104 Remote MGMT > SNMP The following table describe[...]

  • Page 202

    Chapter 15 Remote Management Configuration P-793H User’s Guide 202 15.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on LAN for background information. See Section 15.1 on page 195 for background information. Click Advanced > Remote MGMT > DNS . The sc[...]

  • Page 203

    Chapter 15 Remote Ma nagement Configuration P-793H User’s Guide 203 Figure 106 Remote MGMT > ICMP The following table describes the labels in this screen. 15.9 TR-069 TR-069 is a standa rd that defines how your ZyXEL Device can be managed via a mana gement server such as ZyXEL ’ s V antage CNM Access. TR-069 is based on sending RPCs (Remote [...]

  • Page 204

    Chapter 15 Remote Management Configuration P-793H User’s Guide 204 " In this example a.b.c.d is the IP address of CN M Access. Y ou must change this value to reflect y our actual managem ent server IP address or domain name. See T able 79 on p age 204 for detailed descriptions of the comman ds. Figure 107 Enabling TR-0 69 The following table[...]

  • Page 205

    P-793H User’s Guide 205 C HAPTER 16 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 16.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices. A UPnP device can [...]

  • Page 206

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 206 When a UPnP device joins a network, it announ ces its presence with a multicast mess age. For security reasons, the ZyXEL Device allows multicast messages on the LAN only . All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UP[...]

  • Page 207

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 207 16.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click St a r t and Control Panel . Double-click Add/Remove Pr ograms . 2 Cl[...]

  • Page 208

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 208 Figure 1 10 Add/Remove Programs: Windows Setup: Co mmunication: Components 4 Click OK to go back to the Add/Re move Programs Pr oper ties window and click Next . 5 Restart the computer when prompted. Inst alling UPnP in Windows XP Follow the steps below to inst all the UPnP in W in[...]

  • Page 209

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 209 Figure 1 12 Windows Optional Networ king Components Wizard 5 In the Networking Services window , select the Universal Plug and Play check box. Figure 1 13 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next .[...]

  • Page 210

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 210 16.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already have UPnP installed in W indows XP and UP nP activated on the ZyXEL Device. Make sure the computer is co nnected to a LAN port of the ZyXEL Device. T urn on [...]

  • Page 211

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 21 1 Figure 1 15 Internet Connection Properties 4 Y ou may edit or delete the port mappings o r click Add to manually add port mappings. Figure 1 16 Internet Connection Prope rties: Advanced Settings[...]

  • Page 212

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 212 Figure 1 17 Internet Connection Properties: Adva nced Settings: Add 5 When the UP nP-enabled device is disconne cted from your computer , all port mappings will be deleted automatically . 6 Select Show icon in noti fication area when connected option and click OK . An icon displays[...]

  • Page 213

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 213 Figure 1 19 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-ba sed configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. Th is comes helpful if you do not know the IP address of the ZyXEL Device.[...]

  • Page 214

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 214 Figure 120 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for y our ZyXEL Device an d select Invoke . The web co nfigurator login screen displays.[...]

  • Page 215

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 215 Figure 121 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device. Figure 122 Network Connections: My Networ k Places: Properties: Example[...]

  • Page 216

    Chapter 16 Universal Plug-and-Play (UPnP) P-793H User’s Guide 216[...]

  • Page 217

    217 P ART IV Maintenance System (219) Logs (225) T ools (229) Diagnostic (235)[...]

  • Page 218

    218[...]

  • Page 219

    P-793H User’s Guide 219 C HAPTER 17 System This chapter explains how to configure the ZyXEL Device’ s system name, domain name, password, and time and date settings. 17.1 General Setup 17.1.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However , [...]

  • Page 220

    Chapter 17 System P-793H User’s Guide 220 Figure 123 System > Gen eral The following table describes the labels in this screen. T able 81 System > General LABEL DESCRIPTION System Setup System Name Choose a descrip tive name for identificatio n purposes. It is reco mmended you enter your computer ’s “Computer name” in this field. This[...]

  • Page 221

    Chapter 17 System P-793H User’s Guide 221 17.2 T ime Setting T o change your ZyX EL Device’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone. Figure 124 System > T ime Setting The following table describes the [...]

  • Page 222

    Chapter 17 System P-793H User’s Guide 222 T ime and Date Setup Manual Select this radio button to enter the time and da te manually . If you configure a new time and date, T ime Zone and Daylight Saving at the sa me time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. New T ime (hh:[...]

  • Page 223

    Chapter 17 System P-793H User’s Guide 223 End Date Configure the day and time when Dayli ght Saving Time ends i f you selected Enable Daylight Saving . The o' clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving T i me ends in the United S tates on the last Sunday of October . Each time zone in the United S tat[...]

  • Page 224

    Chapter 17 System P-793H User’s Guide 224[...]

  • Page 225

    P-793H User’s Guide 225 C HAPTER 18 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 18.1 Logs Overview The web confi gurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log[...]

  • Page 226

    Chapter 18 Logs P-793H User’s Guide 226 Figure 125 Logs > V iew Log The following table describes th e fields in this screen. 18.3 Configuring Log Settings See Section 18.1 on page 225 for background information. Use the Log Settings screen to configure where the ZyX EL Devi c e is to send logs; the sched ule for when the ZyXEL Device is to se[...]

  • Page 227

    Chapter 18 Lo gs P-793H User’s Guide 227 Figure 126 Logs > Log Settings The following table describes the fields in this screen. T able 84 Logs > Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail se rver for the e-mai l addresses specified below . If this field is left blank, [...]

  • Page 228

    Chapter 18 Logs P-793H User’s Guide 228 Log Schedule This drop-down menu is used to config ure the frequency of log messages being sent as E-mail: Daily Weekly Hourly When Log is Full None. If you select Wee kl y or Daily , specify a time of day when the E-mail should be sent. If you select Weekly , then also specify whi ch day of the week the E-[...]

  • Page 229

    P-793H User’s Guide 229 C HAPTER 19 Tools This chapter covers uploadin g new firmware, managing config uration and restarting your ZyXEL Device. 19.1 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "ZyXEL Device.bin". The upload process uses HTTP (H[...]

  • Page 230

    Chapter 19 Tools P-793H User’s Guide 230 1 Do NOT turn off the ZyXEL Device wh ile firmware uplo ad is in progress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again. Figure 128 Firmware Uplo ad In Progres s The ZyXEL Device automatically restarts in this time causing a temporary ne[...]

  • Page 231

    Chapter 19 Tools P-793H User’s Guide 231 Figure 130 Error Message 19.2 Configuration Use this screen to back up or restore the conf ig uration of the ZyXEL Devic e. Y ou ca n also use this screen to reset the ZyXEL Device to the factory default settings. T o access this screen, click Maintenance > T ools > Configuration . Figure 131 T ools [...]

  • Page 232

    Chapter 19 Tools P-793H User’s Guide 232 1 Do not turn off the device while conf iguration file upl oad is in progress. When the ZyXEL Device has finished restoring the selected configuration file, the fol lowing screen appears. Figure 132 Configuration Upload Successfu l The device now automatically restarts. This cau ses a temporary network dis[...]

  • Page 233

    Chapter 19 Tools P-793H User’s Guide 233 Figure 134 Configuration Upload Err or Click Return to go back to the previous screen. 19.3 Rest art System restart allows you t o reboot the Zy XEL Device without tu rning the power of f. Click Mainte nance > T o ols > Restart . Click Restart to have the ZyXEL Device reboot. This does not affect the[...]

  • Page 234

    Chapter 19 Tools P-793H User’s Guide 234[...]

  • Page 235

    P-793H User’s Guide 235 C HAPTER 20 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 20.1 General Diagnostic Use this screen to ping a comp uter on the network. Click Maintenance > Diagnostic to open the screen shown next. Figure 136 Diagnostic > General The following table describe[...]

  • Page 236

    Chapter 20 Diagnostic P-793H User’s Guide 236 Figure 137 Diagnostic > DSL Line The following table describes the fields in this screen. T able 88 Diagnostic > DSL Line LABEL DESCRIPTION AT M S t a t u s Cli ck this button to vie w A TM status. Capture All Logs Click this button to display all logs generated by the DSL line . DSL Line S tatu[...]

  • Page 237

    237 P ART V SMT and T roubleshooting Introducing the SMT (239) General Setup (245) WA N S e t u p ( 2 4 9 ) LAN Setup (257) Internet Access Se tup (263) Remote Node Setup (265) Stat ic Route Setup (275) NA T Setup (279) Firewall Setup (293) Filter Configuration (295) SNMP Configuration (309) System Password (31 1) System Information & Diagnosis[...]

  • Page 238

    238[...]

  • Page 239

    P-793H User’s Guide 239 C HAPTER 21 Introducing the SMT The System Management T erminal (SMT) provides a text-based, menu-driven console to manage the ZyXEL Device. This chapter describ es how to access the SMT and then provides an overview of its menus. 21.1 Accessing the SMT Use T elnet to access the SMT . Follow these steps. 1 In W indows, cli[...]

  • Page 240

    Chapter 21 Introd ucing the SMT P-793H User’s Guide 240 Figure 139 SMT Main Menu " There is an inactivity ti meout, and the de fault value is ten mi nutes. If there is no activity for longer than this, your ZyXEL Device will automatically log you out. Y ou will then have to telnet into the Z yXEL Device again. Y ou can use the web configurat[...]

  • Page 241

    Chapter 21 Introdu cing the SMT P-793H User’s Guide 241 The following table gi ves you an overview of the various SMT menus. 15 NA T Setup Use this menu to configure Network Address Translation (NA T) on the ZyXEL Device. 21 Filter and Firewall Setup Use this menu to configure filters and to activa te or deactivate the firewall. 22 SNMP Configura[...]

  • Page 242

    Chapter 21 Introd ucing the SMT P-793H User’s Guide 242 21.3 Navigating the SMT Interface Y ou should be familiar with the following operations before you try to use the SMT to modify the configuration. 23 System Password 24 System Maintenance 24.1 System Maintenance - St a t u s 24.2 System Information and Console Port S p eed 24.2.1 System Main[...]

  • Page 243

    Chapter 21 Introdu cing the SMT P-793H User’s Guide 243 Move the cursor [ENTER] or [UP]/ [DOWN] arrow keys. Within a menu, press [ENTER] to move to the next field. Y ou can also use the [UP]/[DOWN] arrow ke ys to move to the previous and the nex t field, respectively . Entering information T ype in or press [SP ACE BAR] , then press [ENTER]. Y ou[...]

  • Page 244

    Chapter 21 Introd ucing the SMT P-793H User’s Guide 244[...]

  • Page 245

    P-793H User’s Guide 245 C HAPTER 22 General Setup Use this menu to set up device mode, d ynamic DNS and administrative information. 22.1 Configuring General Setup 1 Enter 1 in the main menu to open Menu 1 - General Setup . 2 The Menu 1 - General Setup screen appears, as shown next . Fill in the required fields. Figure 140 Menu 1: General Setup Th[...]

  • Page 246

    Chapter 22 Gener al Setup P-793H User’s Guide 246 22.1.1 Configuring Dynamic DNS T o configure Dynamic DNS, set the ZyXEL Devi ce to router mode in menu 1 or in the MAINTENANCE Device Mode screen and go to Menu 1 - General Setup and pres s [SP ACE BAR] to select Ye s in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1 - Configur e Dy[...]

  • Page 247

    Chapter 22 General Setup P-793H User’s Guide 247 Follow the instructions in the next tabl e to configure Dynamic DNS parameters. T able 93 Menu 1.1: Configure Dynamic DNS FIELD DESCRIPTION Service Provider This is the na me of your Dynamic DNS service provider . Activ e Press [SP ACE BAR] to select Ye s and then press [ENTER] to make dynamic DNS [...]

  • Page 248

    Chapter 22 Gener al Setup P-793H User’s Guide 248[...]

  • Page 249

    P-793H User’s Guide 249 C HAPTER 23 WAN Setup Use this menu to configure the DSL conn ection, traffic redire ct , and dial-backup interface. 23.1 W AN Setup From the main menu, enter 2 to open menu 2. Figure 142 Menu 2: W AN Setup The following table describes the fields in this screen. Menu 2 - WAN Setup Service Mode= 2wire Service Type= Server [...]

  • Page 250

    Chapter 23 WAN Setup P-793H User’s Guide 250 T ransfer Max Rate(Kbps) This field is e nabled if Se rvice T ype is Server . Press [SP ACE BAR] to set the maximum rate at which the ZyXEL Device sends and receives information . If you enable Rate Adaption , the ZyXEL Device adjusts to the speed of the other device and may exceed this rate. T ransfer[...]

  • Page 251

    Chapter 23 WAN Setup P-793H User’s Guide 251 23.1.1 2wire-2line Service Mode From the main menu, enter 2 to open menu 2, then s elect 2wire-2line in the Servic e Mode field to see the screen as shown below . Figure 143 Menu 2: 2wire- 2line Service M ode The following table describes the fields in this screen. Menu 2 - WAN Setup Service Mode= 2wir[...]

  • Page 252

    Chapter 23 WAN Setup P-793H User’s Guide 252 23.2 Configuring T raffic Redirect From the main menu, in menu 2, select Ye s in T raffic Redirect , a nd then press [ENTER]. Figure 144 Menu 2.1: T raffic Redir ect Setup Check Mechani sm Select the method that the ZyXEL Devi ce uses to check the DSL connection. Select DSL Link to have the ZyXEL Devic[...]

  • Page 253

    Chapter 23 WAN Setup P-793H User’s Guide 253 The following table describes the fields in this menu. 23.3 Dial Backup Interface In the SMT , to set up the auxilia ry port for use, first make sure you have set up the switch and port connection. Then, use the following menus. 1 Menu 2 - W AN Setup 2 Menu 2.2 - Dial Backup Setup 3 Menu 2.2.1 - Advanc[...]

  • Page 254

    Chapter 23 WAN Setup P-793H User’s Guide 254 The following table describes the fields in this menu. 23.5 Advanced Dial Backup Setup " Consult the manual of th e device connected to y our Dial Backup port for specific A T commands. T o edit the advanced setup for the Dial Backup port, move the cursor to the Edit Advan ced Setup field in Menu [...]

  • Page 255

    Chapter 23 WAN Setup P-793H User’s Guide 255 The following table describes fields in this menu. T able 98 Menu 2.2.1: Advanced Dial Backup Setup FIELD DESCRIPTION A T Command St r i n g s : Dial Enter the A T Command string to make a call. Drop Enter the A T Command string to drop a call. “~” represents a one second wa it, for example “~~~ [...]

  • Page 256

    Chapter 23 WAN Setup P-793H User’s Guide 256[...]

  • Page 257

    P-793H User’s Guide 257 C HAPTER 24 LAN Setup Use this to apply LAN filters, configure LAN DHCP and TCP/IP settings, and to activate or deactivate VLAN on each LAN port. 24.1 Accessing the LAN Menus From the main menu, enter 3 to open Menu 3 - LAN Setup . Figure 147 Menu 3: LAN Setup 24.2 LAN Port Filter Setup This menu allows you to specify the [...]

  • Page 258

    Chapter 24 LAN Set up P-793H User’s Guide 258 24.3 TCP/IP and DHCP Setup Menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1 155) and DHCP setup. From menu 3, select the submenu option TCP/IP and DHCP Setup and press [ ENTER ]. The screen now displays Menu 3.2 - TCP/IP and DHCP Ethernet Setup , as shown next. No[...]

  • Page 259

    Chapter 24 LAN Setup P-793H User’s Guide 259 24.4 LAN IP Alias Use menu 3.2 to configure the first ne twork, and you use me nu 3.2.1 to configure the oth er two networks. Move the cursor to the Edit IP Alias field, press [SP ACE BAR] to choose Ye s and press [ENTER] to configure the second and third network. Primary DNS Serve r Secondary DNS Serv[...]

  • Page 260

    Chapter 24 LAN Set up P-793H User’s Guide 260 Figure 150 Menu 3.2.1: IP Alias Setup Use the instructions in the following ta ble to configure IP alias parameters. 24.4.1 Port-based VLAN Setup Y ou use menu 3.6 to con trol whether or not the ZyXEL Device sends layer -2 traffic (M AC addresses) between LAN ports. For example, if LAN port 1 and LAN [...]

  • Page 261

    Chapter 24 LAN Setup P-793H User’s Guide 261 Figure 151 Menu 3.6: Port Ba sed VLAN Setup Press [SP AC E BAR] to select Y es or No to allow or block layer-2 traf fic between each pair of ports. Menu 3.6 - P ort Based VLAN Setup 1 2 3 4 1 - Yes Yes Yes 2 - Yes Yes 3 - Yes 4 -[...]

  • Page 262

    Chapter 24 LAN Set up P-793H User’s Guide 262[...]

  • Page 263

    P-793H User’s Guide 263 C HAPTER 25 Internet Access Setup Use this menu to configure your I nternet co nnection. Use information from your ISP along with the instructions in this chapter to set up your ZyXEL Device to access the Internet. Contact your ISP to determine what encapsulation type you sh ould use. 25.1 Internet Access Setup Enter 4 in [...]

  • Page 264

    Chapter 25 Internet Access Setup P-793H User’s Guide 264 VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of A TM traffic). Enter the VCI assigned to you. A TM QoS T ype Select CBR (Constant Bit Rate) to specify fixed (always-on) bandw idth for voice or data traf fic. Select UBR (Unspecified Bit Rate) for a[...]

  • Page 265

    P-793H User’s Guide 265 C HAPTER 26 Remote Node Setup Use this menu to configure detailed remote node settings (for ex ample, your ISP is a remote node) as well as apply filters. 26.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y . A remote node represents both the remote gateway an d the netwo[...]

  • Page 266

    Chapter 26 Remot e Node Setup P-793H User’s Guide 266 Figure 154 Menu 1 1.1: Remote Node Profile (nodes 1-7) The following table describes the labels in this menu. Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= PPPoE Edit IP/Bridge= No Multiplexing= LLC-based Edit ATM Options= No Service Name=[...]

  • Page 267

    Chapter 26 Remote Node Setup P-793H User’s Guide 267 The following ex plains how to configure remote node 8 fo r the dial backup connection. Bridge If Route is IP , select Y es in this field to en able bridging to this remote node fo r protocols that are not supported by IP -ba sed routing (for example, SNA). If Route is None , select Yes in this[...]

  • Page 268

    Chapter 26 Remot e Node Setup P-793H User’s Guide 268 Figure 155 Menu 1 1.1: Remote Node Profile (node 8) The following table describes the labels in this menu. Menu 11.1 - Remote Node Profile (Backup ISP) Rem Node Name= ? Edit PPP Options= No Active= Yes Rem IP Addr= ? Edit IP= No Outgoing: Edit Script Options= No My Login= My Password= ********[...]

  • Page 269

    Chapter 26 Remote Node Setup P-793H User’s Guide 269 26.4 Remote Node Network Layer Options Move the cursor to the Edit IP/Bridge field in menu 1 1.1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to open Menu 1 1.3 - Remote Node Network Layer Options . Figure 156 Menu 1 1.3: Remote Node Network Layer Options Allocated Budget(min) Enter [...]

  • Page 270

    Chapter 26 Remot e Node Setup P-793H User’s Guide 270 The following table describes the fields in this menu. T able 104 Menu 1 1.3: Remote Node Network Layer Options FIELD DESCRIPTION IP Address Assignment Select Dynamic if your ISP did not give you a fixed (static) IP address. Select Stat ic if you r ISP gave you a fixed (static) IP address. T h[...]

  • Page 271

    Chapter 26 Remote Node Setup P-793H User’s Guide 271 26.5 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1 .1, and then press [SP ACE BAR] to set the value to Ye s . Press [ENTER] to open Menu 1 1.1.5 - Remote Node Filter . Use this menu to specify the filter set(s) to apply to the incoming and outgoing traf fic betwe[...]

  • Page 272

    Chapter 26 Remot e Node Setup P-793H User’s Guide 272 Figure 157 Menu 1 1.5: Remote Node Filter The following table describes the labels in this menu. 26.6 Remote Node A TM Layer Options Move the cu rs or to the Edit A TM Options field in menu 1 1.1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to open this menu. This menu depends on th[...]

  • Page 273

    Chapter 26 Remote Node Setup P-793H User’s Guide 273 Figure 158 Menu 1 1.6: Remote Node A TM Layer Options The following table describes the fields in this menu. Menu 11.6 - Remo te Node ATM Layer Options VPI/VCI (VC-Multiplexing) VC Options for IP: VC Options for Bridge: VPI #= 0 VPI #= 0 VCI #= 38 VCI #= 38 ATM QoS Type= UBR ATM QoS Type= UBR P[...]

  • Page 274

    Chapter 26 Remot e Node Setup P-793H User’s Guide 274 26.7 Advance Setup Options Move the cu rs or to the Edit Advance Options field in menu 1 1.1 (only for remote node 1), then press [SP ACE BAR] to select Ye s . Press [ENTER] to open Menu 1 1.8 - Advanced Setup Options . Figure 159 Menu 1 1.8: Advance Setup Options The following table describes[...]

  • Page 275

    P-793H User’s Guide 275 C HAPTER 27 Static Route Setup Use this menu to configure IP and bridge (MAC) static rout es. 27.1 IP S t atic Route Setup Enter 1 from the menu 12. Sele ct one of the IP static routes as show n next to configure IP static routes in menu 12.1. Figure 160 Menu 12.1: IP S tatic Route Setup Now , enter the index number of th [...]

  • Page 276

    Chapter 27 St atic Route Se tup P-793H User’s Guide 276 Figure 161 Menu 12.1.1: Edit IP S tatic Route The following table describes the fields in this screen. 27.2 Bridge S tatic Route Setup Enter 3 from menu 12. S e lect one of the bridge static routes as shown next to configure IP static routes in menu 12.3. Menu 12.1.1 - Edit IP Static Route R[...]

  • Page 277

    Chapter 27 Stat ic Route Setup P-793H User’s Guide 277 Figure 162 Menu 12.3: Bridge S tatic Route Setup Now , enter the index number of th e static route that you want to configure. Figure 163 Menu 12.3.1: Edit Bridge S tatic Route The following table describes the fields in this screen. Menu 12.3 - Br idge Static Route Setup 1. ________ 2. _____[...]

  • Page 278

    Chapter 27 St atic Route Se tup P-793H User’s Guide 278[...]

  • Page 279

    P-793H User’s Guide 279 C HAPTER 28 NAT Setup Use this menu to configure Network Ad dress Translation (NA T) on the ZyXE L Device. 28.1 Using NA T " Y ou must create a firewall rule in addi tion to setting up SUA/NA T , to allow traffic from the W AN to be forw arded through the ZyXEL Device. 28.1.1 SUA (Single User Account) V ersus NA T SUA[...]

  • Page 280

    Chapter 28 NAT Set up P-793H User’s Guide 280 Figure 164 Menu 4: Applying NA T for Internet Access The following figure shows how you apply NA T to the remote node in men u 1 1.3. 1 Enter 1 1 from the main menu. 2 Enter 1 to open Menu 1 1.1 - Remote Node Pr ofile . 3 Move the cu rs or to the Edit IP/Bridge field, press [SP ACE BAR] to select Ye s[...]

  • Page 281

    Chapter 28 NAT Setup P-793H User’s Guide 281 The following table describes the fields in this menu. 28.2 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computer s on the LAN and the DMZ. Set 255 is used for SUA. When you select Full Feature in menu 4 or menu 1 1.3, the SM[...]

  • Page 282

    Chapter 28 NAT Set up P-793H User’s Guide 282 Figure 167 Menu 15.1: Address Ma pping Sets Select the address mapping set you want to m odify . The fields in address 255 are used for SUA and are read-only . 28.2.1.1 User-Defined Address Mapping Sets " The entire set will be dele ted if you leave the Set Name field blank and press [ENTER] at t[...]

  • Page 283

    Chapter 28 NAT Setup P-793H User’s Guide 283 " The T ype, Local and Global S tart/End IP s are configured in menu 15.1.1.1 (described later) and the values are displayed here. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify . When a rule matches the cu rrent packet, the ZyXEL Device [...]

  • Page 284

    Chapter 28 NAT Set up P-793H User’s Guide 284 Figure 169 Menu 15.1.1.1: Address Mappin g Rule The following table describes the fields in this menu. 28.3 Configuring a Server behind NA T " If you do not assign a Default Server IP address, the Zy XEL Device discards all packet s received for ports that are not specified here or in the remote [...]

  • Page 285

    Chapter 28 NAT Setup P-793H User’s Guide 285 Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup. 2 Enter 2 to open menu 15.2 (an d configure the address mapping rules for the W AN port on a ZyXEL Device with a single W AN port). Figure 170 Menu 15.2: NA T Server Sets 3 Enter 1 to conf[...]

  • Page 286

    Chapter 28 NAT Set up P-793H User’s Guide 286 The first entry is for the Default Serv er . The following table describes the labels in this menu. 28.4 General NA T Examples The following are some exam ples of NA T configuration. 28.4.1 Internet Access Only In the following Internet access example, you only need one rule where all your ILAs (Insid[...]

  • Page 287

    Chapter 28 NAT Setup P-793H User’s Guide 287 Figure 173 Menu 4: Internet Access & NA T Example From menu 4 sho wn abov e, simply choose the SUA Only option from the Network Address Tr a n s l a t i o n field. This is the Many-to-One mapping discussed in Section 28.4 on page 286 . The SUA Only read-only option from the Network Address T ransla[...]

  • Page 288

    Chapter 28 NAT Set up P-793H User’s Guide 288 Figure 175 Menu 15.2: S pecifying an Inside Server 28.4.3 Example 3: Multiple Public IP Addresses With Inside Servers In this example, there are 3 IGAs from our IS P . There are many departments but two have their own FTP server . All departments share th e same router . The example will reserve one I[...]

  • Page 289

    Chapter 28 NAT Setup P-793H User’s Guide 289 1 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets . Therefore you must choose the Full Feature option from the Network Address T rans lation field (in menu 4 or menu 11.3) in Figu re 177 on page 289 . 2 Then enter 15 from the main menu. 3 Enter 1 to config[...]

  • Page 290

    Chapter 28 NAT Set up P-793H User’s Guide 290 Figure 179 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 to go to menu 15 .2. 3 (Enter 1 or 2 from menu 15.2 on a ZyXEL De vice with multiple W AN po rts) configure the menu as shown in Figure 180 o n p[...]

  • Page 291

    Chapter 28 NAT Setup P-793H User’s Guide 291 28.4.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation. In this case it is better to use Many-One-to-One mapping as port numbers do not change for Many-One-to-One (and One-to-One ) NA T mapping types. The following[...]

  • Page 292

    Chapter 28 NAT Set up P-793H User’s Guide 292 Figure 183 Example 4: Menu 15.1.1: Address Mapping Rules Menu 15.1.1 - Address Map ping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- ------------- -- --------------- --------------- -- 1. 192.168.1.10 192.168.1.12 10.132.50.1 10.132.50[...]

  • Page 293

    P-793H User’s Guide 293 C HAPTER 29 Firewall Setup Use this menu to activate or deactivate the firewall. 29.1 Using ZyXEL Device SMT Menus From the main menu enter 21 to go to Menu 21 - Filter and Firewall Setup to display the screen shown next. Figure 184 Menu 21: Filter and Firewa ll Setup 29.1.1 Activating the Firewall Enter option 2 in this m[...]

  • Page 294

    Chapter 29 Fi rewall Setup P-793H User’s Guide 294 Figure 185 Menu 21.2: Fi rewall Setup " It is recommended to configure the fire wall rules using the web configurator . Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. The default Poli cy sets 1. allow all sessions orig inating from[...]

  • Page 295

    P-793H User’s Guide 295 C HAPTER 30 Filter Configuration This chapter shows you how to create and apply filters. 30.1 Introduction to Filters Y our ZyXEL Device uses filters to decide whether to allow passage of a da ta packet and/or to make a call. There are two types of filter appli cations: data filtering an d call filtering. Filters are subdi[...]

  • Page 296

    Chapter 30 Filter Configuration P-793H User’s Guide 296 30.1.1 The Filter Stru cture of the ZyXEL Device A filter set consists of one or more filter rul es. Usually , you would group related rules, for example all the rules for NetBIOS, into a sing le set and give it a descriptive name. The ZyXEL Device allows you to configure up to twelve filter[...]

  • Page 297

    Chapter 30 Filter Configuration P-793H User’s Guide 297 Figure 187 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 30.2 Configuring a Filter Set The ZyXEL Device includes fil[...]

  • Page 298

    Chapter 30 Filter Configuration P-793H User’s Guide 298 1 Enter 21 in the main me nu to open menu 2 1. Figure 188 Menu 21: Filter and Firewa ll Setup 2 Enter 1 to bring up the following menu. Figure 189 Menu 21.1: Filter Set Configuration 3 Select the filter set you wish to configure (1-12) and press [ENTER] . 4 Enter a descriptive name or commen[...]

  • Page 299

    Chapter 30 Filter Configuration P-793H User’s Guide 299 The following table describes the labels in this screen. The following tables contain a brief description of the abbreviations used in the previous menus. The protocol dependent filter ru les abbreviation are listed as follows: Refer to the next section for inform ation on configurin g the f[...]

  • Page 300

    Chapter 30 Filter Configuration P-793H User’s Guide 300 30.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers. T o configure TCP/IP rules, select TCP/IP Filter Rule from th[...]

  • Page 301

    Chapter 30 Filter Configuration P-793H User’s Guide 301 The following figure illustrates th e logic flow of an IP filter . IP Addr Enter the source IP Address of the packet you wish to filter . This field is ignored if it is 0.0.0.0. IP Mask Enter the IP mask to apply to the Source: IP Addr . Port # Enter the source port of the packets that you w[...]

  • Page 302

    Chapter 30 Filter Configuration P-793H User’s Guide 302 Figure 192 Executing an IP Filter 30.2.3 Configuring a Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP , it is generally easier to us e the IP rules directly .[...]

  • Page 303

    Chapter 30 Filter Configuration P-793H User’s Guide 303 For generic rules, the ZyXEL Device treats a pack et as a byte stream as oppos ed to an IP or IPX packet. Y ou specify the portion of the pa cket to check with the Offset (from 0) and the Length fields, both in bytes. The ZyXEL Device applies the Mask (bit-wise ANDing) to the data portion be[...]

  • Page 304

    Chapter 30 Filter Configuration P-793H User’s Guide 304 30.3 Example Filter Let’ s look at an example to bloc k outside us ers from accessing the ZyXEL Device via telne t. Please see our included disk for more example filters. Figure 194 T elnet Filter Exam ple 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup . 2 Enter [...]

  • Page 305

    Chapter 30 Filter Configuration P-793H User’s Guide 305 Figure 195 Example Filter: Menu 21 .1.3.1 The port number for the telnet service (TCP protocol) is 23 . See RFC 1060 for port numbers of well-known services. When you press [ENTER] to confirm, you will see the fo llowing screen. Note that there i s only one filter rule in this set. Figure 19[...]

  • Page 306

    Chapter 30 Filter Configuration P-793H User’s Guide 306 5 Press [ENTER ] to confirm after you enter the set numbers and to leav e menu 1 1.1.4. 30.4 Filter T ypes and NA T There are two classes of filter rules, Generic Filter (Device) rules and protocol filter ( TCP/ IP ) rules. Generic filter rules act on the raw data from/to LAN and W AN. Proto[...]

  • Page 307

    Chapter 30 Filter Configuration P-793H User’s Guide 307 30.6.1 Applying LAN Filters LAN traffic filter sets may be useful to bloc k certain packets, reduce traffic and prevent security breaches. Go to menu 3. 1 (shown next) and enter the number(s) of the filter set(s) that you want to apply as appropriate. Y ou can choo se up to four filter sets [...]

  • Page 308

    Chapter 30 Filter Configuration P-793H User’s Guide 308[...]

  • Page 309

    P-793H User’s Guide 309 C HAPTER 31 SNMP Configuration Use this menu to configure SNMP . See Section 15.6 on page 199 for more information about SNMP . 31.1 SNMP Configuration T o configure SNMP , enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next. The “community” for Get , Set and Tr a p fields is SNMP terminol[...]

  • Page 310

    Chapter 31 SNMP Configuration P-793H User’s Guide 310[...]

  • Page 311

    P-793H User’s Guide 31 1 C HAPTER 32 System Password Use this menu to change your password. This is the same password used to access the web configurator . T o open this menu , enter 23 in the main menu. Figure 201 Menu 23: System Password The following table describes the labels in this menu. Menu 23 - System Password Old Password= ? New Passwor[...]

  • Page 312

    Chapter 32 System Password P-793H User’s Guide 312[...]

  • Page 313

    P-793H User’s Guide 313 C HAPTER 33 System Information & Diagnosis This chapter covers SMT menus 24.1 to 24.4. 33.1 Introduction to System St atus This chapter covers the diagnostic tools that help you to maintain your ZyXEL Device. These tools include updates on system status, po rt status and log and trace capabilities. Select menu 24 in th[...]

  • Page 314

    Chapter 33 System In formation & Diagnosis P-793H User’s Guide 314 Figure 203 Menu 24.1: System Maintenan ce - S tatus The following table describes the fields present in Menu 24.1 - System Maintenance - St a t u s . These fields are read-only and meant for di agnostic purposes. The upper ri ght corner of the screen shows the time and date. M[...]

  • Page 315

    Chapter 33 System Information & Diagnosis P-793H User’s Guide 315 33.3 System Information and Console Port S peed This section describes your system and allows you to choose different console port speeds. T o get to the System Informa tion and Console Port Speed: 1 Enter 24 to go to Menu 24 - System Maintenance . 2 Enter 2 to open Menu 24.2 -[...]

  • Page 316

    Chapter 33 System In formation & Diagnosis P-793H User’s Guide 316 Figure 205 Menu 24.2.1: System Main tenance - Information The following table describes the fields in this screen. 33.3.2 Console Port Speed Y ou can change the speed of the console port through Menu 24.2.2 – System Maintenance - Change Console Port Speed . Y our ZyXEL Devic[...]

  • Page 317

    Chapter 33 System Information & Diagnosis P-793H User’s Guide 317 33.4 Log and T race There are two logging facilities in the ZyXEL De vice. The first is the error logs and trace records that are stored locally . The second is the UNIX syslog facility for message logging. 33.4.1 V iewing Error Log The first place you should look for clues whe[...]

  • Page 318

    Chapter 33 System In formation & Diagnosis P-793H User’s Guide 318 33.4.2 Syslog Logging The ZyXEL Device uses the syslog facility to log the CDR (Ca ll Detail Record) and system messages to a syslog server . Syslog an d accounting can be configured in Menu 24.3.2 - System Maintenance - Syslog Logging , as shown next. Figure 209 Menu 24.3.2: [...]

  • Page 319

    Chapter 33 System Information & Diagnosis P-793H User’s Guide 319 2 Packet triggered 3 Filter log Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTR I, SYSLOG_NOTICE, S tring ); S t ring = Packet trigger: Protocol=xx Data =xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:A T ALK 6:IPNG) Dat a : We will send forty-eight Hex c[...]

  • Page 320

    Chapter 33 System In formation & Diagnosis P-793H User’s Guide 320 4 PPP log 5 Firewall log 33.5 Diagnostic The diagnostic facility allows you to test th e dif ferent aspects of your ZyXEL Device to determine if it is working properly . Menu 24.4 allows you to choose among variou s types of diagnostic tests to evaluate your system, as sh own [...]

  • Page 321

    Chapter 33 System Information & Diagnosis P-793H User’s Guide 321 Figure 210 Menu 24.4: System Maintenan ce - Diagnostic The following table describes the labels in this screen. Menu 24.4 - Syste m Maintenance - Diagnostic xDSL System 1. Reset xDSL 21. Reboot System 22. Command Mode TCP/IP 12. Ping Host Enter Menu Selection Number: Host IP Ad[...]

  • Page 322

    Chapter 33 System In formation & Diagnosis P-793H User’s Guide 322[...]

  • Page 323

    P-793H User’s Guide 323 C HAPTER 34 Firmware and Configuration File Maintenance This chapter tells you how t o back up and rest ore your configuration file as well as upload new firmware and a new configura tion file. 34.1 Introduction Use the instructions in this chapter to chan ge the ZyXEL Device’ s co nfiguration file or upgrade its firmwar[...]

  • Page 324

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 324 The following table is a summary . Please note that the internal filename refe rs to the filename on the ZyXEL Device and the external filename refers to the filename not on the ZyXEL Device, that is, on your comp uter, local network or FTP site and so the name (but [...]

  • Page 325

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 325 Figure 21 1 Menu 24.5: Back up Configura tion 34.3.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “open”, followed by a space and th e IP address of your ZyXEL Device. 3 Press [ENTER] when prompted for a username[...]

  • Page 326

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 326 34.3.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. 34.3.5 File Maintenance Over W AN TFTP , FTP and T elnet over the W AN will not work when: 1 The firewall is active (turn the firewall off in me[...]

  • Page 327

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 327 4 Launch the TFTP client on yo ur computer and connect to the ZyXEL Device. Set the transfer mode to binary before starting data transfer . 5 Use the TFTP client (see the example belo w) to transfer files between the ZyXEL Device and the computer . The file name for [...]

  • Page 328

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 328 Figure 213 System Maintenance: Backup Configuration 2 The following screen indicates that the Xmodem download has started. Figure 214 System Maintenance: S tarting Xmodem Download Screen 3 Run the HyperT erminal program by clicking Tr a n s f e r , then Receive File [...]

  • Page 329

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 329 1 Do not interrupt the fi le transfer process as this may PERMANENTL Y DAMAGE YOUR ZyXEL Device. When the Restore Configuration process is complete, the ZyXEL Device will automatically restart. 34.4.1 Restore Using FTP For details about backup usin g (T)FTP please re[...]

  • Page 330

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 330 34.4.2 Restore Usin g FTP Session Example Figure 218 Restore Using FTP Session Example Refer to Section 34.3.5 o n page 326 to read about configurations that disallow TFTP and FTP over W AN. 34.4.3 Restore V ia Console Port Restore configuration via console port by f[...]

  • Page 331

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 331 Figure 222 Successful Restoration Confirmati on Screen 34.5 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuratio n files. Y ou can upload configuration files by following the procedure in Section 34.4 on page 328 o[...]

  • Page 332

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 332 Figure 224 Menu 24.7.2: System Maintenan ce - Upload System Configuration File T o upload the firmware and the configuration file, follow these examples 34.5.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer . 2 Enter “[...]

  • Page 333

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 333 34.5.4 FTP Session Exampl e of Firmware File Upload Figure 225 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to Section 34.3.5 on page 326 to read about configurations that disal[...]

  • Page 334

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 334 34.5.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (u se this mode when transferring binary files), “host” is the ZyXEL Device’ s IP address, “put[...]

  • Page 335

    Chapter 34 Firmw are and Co nfiguration File Maintenance P-793H User’s Guide 335 Figure 227 Example Xmodem Upload After the firmware upload process has comp leted, the ZyXEL Device will automatically restart. 34.5.10 Uploading Configur ation File V ia Console Port 1 Select 2 from Menu 24.7 – System Main te nance – Upload Firmware to display M[...]

  • Page 336

    Chapter 34 Firmware and Conf iguration File Main tenance P-793H User’s Guide 336 Figure 229 Example Xmodem Upload After the configuration upload process has comple ted, restart the ZyXEL Device by entering “atgo”.[...]

  • Page 337

    P-793H User’s Guide 337 C HAPTER 35 Menus 24.8 to 24.11 This chapter leads you through SM T menus 24.8 to 24.1 1. 35.1 Command Interpreter Mode The Command Interpre ter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the SMT , while a dding some low-level se tup and diagnostic functions. Enter the CI [...]

  • Page 338

    Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 338 The optional fields in a c ommand are enclosed in s quare brackets [] . The | symbol means “or”. For example, sys filter netbios config <type> <on|off> means that you must specify the type of netb ios filter and whether to turn it on or of f. 35.1.2 Command Usage A list of com[...]

  • Page 339

    Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 339 Figure 233 Menu 24.9.1 - Budget Man agement The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked. After each period, the total bud[...]

  • Page 340

    Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 340 Figure 234 Menu 24: System Maintenan ce Enter 10 to go to Menu 24.10 - System Maintena nce - Time and Date Setting to update the time and date settings of your ZyXEL De vice as shown in the following screen. Figure 235 Menu 24.10: System Maintena nce - Time and Da te Setting The following tab[...]

  • Page 341

    Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 341 35.4 Remote Management T o disable remote management of a service, select Disable in the corresponding Server Access field. Enter 1 1 from menu 24 to bring up Menu 24.1 1 - Remote Management Control . Current T ime This field disp lays an updated time only when you reenter this menu. New T im[...]

  • Page 342

    Chapter 35 Menus 24.8 to 24.11 P-793H User’s Guide 342 Figure 236 Menu 24.1 1 – Re mote Manage ment Contro l The following table describes the fields in this screen. 35.4.1 Remote Management Limit ations Remote management over LAN or W AN will not work when: 1 A filter in menu 3.1 (LAN) or in menu 1 1 .5 (W AN) is applied to block a T elnet, FT[...]

  • Page 343

    P-793H User’s Guide 343 C HAPTER 36 IP Routing Policy Setup Use this menu to look at and confi gure policy routes. 36.1 Policy Route T raditionally , routing is based on the destinatio n address only and the ZyXEL Device takes the shortest path to forward a packet. IP Policy Routing (IPPR) prov ides a mechanism to override the default routing beh[...]

  • Page 344

    Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 344 IPPR follows the existing packet filtering fac ility of RAS in style and in implementation. 36.4 IP Routing Policy Setup Use this menu to look at a summary of policy rout es. T o open this menu, enter 25 in the main menu. Figure 237 Menu 25: IP Routing Policy Setup 1 Select the filter se[...]

  • Page 345

    Chapter 36 IP Ro uting Policy Setup P-793H User’s Guide 345 Figure 238 Menu 25.1: IP Routing Policy Setup The following table describes the labels in this menu. Menu 25.1 - I P Routing Policy Setup # A Criteri a/Action - - ------------------------------- --------------------------------------- 1 N SA=1.1.1.1-1.1.1.1 DA=2.2.2.2-2 .2.2.5 SP=20-25 D[...]

  • Page 346

    Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 346 36.6 IP Routing Policy Use this menu to configure policy ro utes. T o open this menu , select Edit and enter the appropriate r ule number in menu 25. Figure 239 Menu 25.1.1: IP Routing Policy The following table describes the labels in this menu. Menu 25.1.1 - IP Routing Policy Policy Se[...]

  • Page 347

    Chapter 36 IP Ro uting Policy Setup P-793H User’s Guide 347 36.7 IP Policy Routing Example If a network has both Internet and remote node connections, you can route W eb packets to the Internet using one policy and route FTP packets to a remote ne twork using another policy . See the next figure. Route 1 represents the default IP route and route [...]

  • Page 348

    Chapter 36 IP Rout ing Policy Setup P-793H User’s Guide 348 Figure 241 IP Routing Policy Example 1 2 Select Ye s in the LAN field in menu 25.1.1 to apply the policy to packets received on the LAN port. 3 Check Menu 25 - IP Routing Policy Summary to see if the rule is added correctly . 4 Create another rule in menu 25.1 for this ru le to route pac[...]

  • Page 349

    P-793H User’s Guide 349 C HAPTER 37 Schedule Setup Use this menu to look at and confi gure the schedule sets in the ZyXEL Device . 37.1 Schedule Set Overview Call scheduling (applicable for PPPoE encapsulation only) a llows the ZyXEL Device to manage a remote node and dictate wh en a remote node should be calle d and for how long. Th is feature i[...]

  • Page 350

    Chapter 37 Schedu le Setup P-793H User’s Guide 350 The following table describes the labels in this menu. 37.3 Schedule Set Setup This menu is only a pplicable if your Internet connec tion uses PPPoE encapsulation. Use this menu to configure the schedule sets in the ZyXEL Device. T o open this menu, enter the number of the schedule set in the Ent[...]

  • Page 351

    Chapter 37 Schedule Setup P-793H User’s Guide 351 The following table describes the labels in this menu. T able 134 Menu 26.1: Schedule Set Setup FIELD DESCRIPTION Activ e Press [SP ACE BAR] to select Ye s or No . Choose Ye s and press [ENTER] to activate the schedule set. St a r t D a t e Should this schedule set recur weekly or be used just onc[...]

  • Page 352

    Chapter 37 Schedu le Setup P-793H User’s Guide 352[...]

  • Page 353

    P-793H User’s Guide 353 C HAPTER 38 Troubleshooting This chapter offers some sugg estions to solve problems you might encounter . The potential problems are divided into the following categories. • Power , Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • Advanced Features 38.1 Power , Hardware Connections[...]

  • Page 354

    Chapter 38 Trou bleshooting P-793H User’s Guide 354 38.2 ZyXEL Device Access and Login V I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1 . 2 Use the console port to lo g in to the ZyXEL Device. 3 If you changed the IP addre ss and have forgotten it, you might get the IP addre ss of the ZyXEL Device by looking[...]

  • Page 355

    Chapter 38 Trou bleshooting P-793H User’s Guide 355 6 If the problem continues, contact the network administrator or vendor , or try the advanced suggestio n. Advanced Suggestion • T ry to access the ZyXEL Device using anot her service, such as T elnet. If you can access the ZyXEL Device, check the remote management settings, fire wall rules, a[...]

  • Page 356

    Chapter 38 Trou bleshooting P-793H User’s Guide 356 V I cannot use the cons ole port to access the ZyXEL Device. Make sure that you are using the included console ca ble and that the CON/AUX switch on the ZyXEL Device is set to CON . See the Quick Start Guide. 38.3 Internet Access V I cannot access the Internet. 1 Check the hardware connections ,[...]

  • Page 357

    Chapter 38 Trou bleshooting P-793H User’s Guide 357 • Check the settings for ba ndwidth management. If it is disab led, you might consider activating it. If it is enabled, you migh t consider changing the allocations. See Chapter 13 on page 181 . V I cannot access a web site (on Mondays). Check your content filtering settings and make sure you [...]

  • Page 358

    Chapter 38 Trou bleshooting P-793H User’s Guide 358 2 P ress and hold the RESET button for ten seconds. Release the RESET button when the POWER LED begins to blin k. The default settings have been restored. If the ZyXEL Device restarts automatically , wa it for the ZyXEL Device to finish restarting, and log in to the web configurator . The passwo[...]

  • Page 359

    359 P ART VI Appendices and Index Product Specification s (361) W all-mounting Instructions (365) Setting up Y our Computer ’ s IP Address (367) Pop-up W indows, JavaScripts and Java Permissions (383) IP Addresses and Subnetting (389) IP Address Assignment Conflicts (397) Common Services (401) Command Interpreter (405) Log Descriptions (41 1) Net[...]

  • Page 360

    360[...]

  • Page 361

    P-793H User’s Guide 361 A PPENDIX A Product S pecifications T able 135 Device Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bi ts) Default Password user: “use r” administrator: “1234” DHCP Pool 192.168.1.33 to 192.168.1.6 4 Dimensions (W x D x H) 180 x 128 x 36 mm Power S pecification 12V AC 1A Built-in Switch Four [...]

  • Page 362

    Appendix A Product Specifications P-793H User’s Guide 362 A TM Support Multiple protocols over AAL5 (RFC1483) PPP over A TM (RFC 2364) PPP over Ethernet (RFC2516) A TM AAL5 supported Support 8 PVCs A TM Forum UNI3.0/4.0 PVC UBR CBR, and VBR traffic shaping Internet Access Sharing NA T (includes multi-to-multi NA T) / SUA, 2048 NA T sessio ns Port[...]

  • Page 363

    Appendix A Product Specifications P-793H User’s Guide 363 T able 137 Firmware Features FEATURE DESCRIPTION Firmware Upgrade Downlo ad new firmware (when available) from the ZyXEL web site and use the web config urator , an FTP or a TFTP tool to put it on the Zy XEL Device. Note: Only upload firmware for your spe cific model! Configuration Backup [...]

  • Page 364

    Appendix A Produ ct Specifications P-793H User’s Guide 364 Fig u re 2 4 5 Y - C a ble Connector Co n f i gu r ation Bandwidth Management Y ou can efficiently manage traffic on your network by rese rving bandwidth and giving priority to certain types of traffic and/or to particular computers. Remote Management This allows you to decide whether a s[...]

  • Page 365

    P-793H User’s Guide 365 A PPENDIX B W all-mounting Instructions Do the following to hang your ZyXEL Devic e on a wall. " See the product specificat ions appendix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on a wall that is free of obstructions. Use a sturdy wall. 2 Drill two holes for the screws.[...]

  • Page 366

    Appendix B Wall-mo unting Instructio ns P-793H User’s Guide 366[...]

  • Page 367

    P-793H User’s Guide 367 A PPENDIX C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your compu[...]

  • Page 368

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 368 Figure 247 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Components The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the adapter: 1 In t[...]

  • Page 369

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 369 Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • If your IP address is dynamic, select Obtain an IP address automatically . • If you have a static IP address, selec[...]

  • Page 370

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 370 Figure 249 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP addr ess, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add . [...]

  • Page 371

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 371 Figure 250 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indow s 2000/NT). Figure 251 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 372

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 372 Figure 252 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties . Figure 253 Windows XP: Local Area Conne ction Properties 5 The Internet Protocol TCP/IP Pr operties wi[...]

  • Page 373

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 373 Figure 254 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP ad dress, remove any previously installed gateways in the IP Settings tab and click OK . Do one or more of the fo llowing if you want to configure additi onal IP addre[...]

  • Page 374

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 374 Figure 255 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indow s XP): • Click Obtain DNS server address automatically if yo u do not know your DNS server IP address(es). • If you know your DNS server I[...]

  • Page 375

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 375 Figure 256 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Properties window . 9 Click Close ( OK in W i ndows 2000/NT) to close the Local Area Connection Properties window . 10 Close the Network Connections w indow ( N[...]

  • Page 376

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 376 Figure 257 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 258 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following:[...]

  • Page 377

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 377 • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Contr ol Panel . 6 Click Save if prompted, to save chan ges to your configuratio [...]

  • Page 378

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 378 Figure 260 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your[...]

  • Page 379

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 379 " Make sure you are logged in as the root administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click [...]

  • Page 380

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 380 • If you have a dyna mic IP address, clic k Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address, click S tatically set IP Addresses and fill in the Address , Sub net mask , and Default Gateway Address[...]

  • Page 381

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 381 Figure 265 Red Hat 9.0: Dynamic IP Address Setting in ifconfig-eth0 • If you have a static IP address, enter static in t he BOOTPROTO= field. T ype IPADDR = followed by the IP address (in do tted decimal notation) and type NETMASK = followed by the subnet mask. The follo[...]

  • Page 382

    Appendix C Setting up Your Computer’s IP Address P-793H User’s Guide 382 V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 269 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWadd r 00:50:BA:72:5B:44 inet addr:172.23.19.129 B cast:172.23.19.255 Mask:255.[...]

  • Page 383

    P-793H User’s Guide 383 A PPENDIX D Pop-up Windows, JavaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-u p windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Intern[...]

  • Page 384

    Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 384 2 Clear the Block pop-ups check box in the Pop-up Block e r section of the screen. This disables any web po p-up blockers you may have ena bled. Figure 271 Internet Options: Privacy 3 Click Apply to save this setting. Enable pop-up Blockers with Exceptions Altern[...]

  • Page 385

    Appendix D Pop-up Windows, JavaScripts and Java Per m issions P-793H User’s Guide 385 Figure 272 Internet Options: Privacy 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites . Fig[...]

  • Page 386

    Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 386 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer , click T ools , Internet Op[...]

  • Page 387

    Appendix D Pop-up Windows, JavaScripts and Java Per m issions P-793H User’s Guide 387 Figure 275 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions make sure that a s[...]

  • Page 388

    Appendix D Pop-up Windows, JavaScripts and Java Perm issions P-793H User’s Guide 388 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is sele cted. 3 Click OK to clos e the window . Figure 277 Java (Sun)[...]

  • Page 389

    P-793H User’s Guide 389 A PPENDIX E IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify ind ividual devices on a network. Every networking device (includin g computers, servers, routers, printe rs, etc.) ne eds an IP address to communicate across the network. These networking devices a re also[...]

  • Page 390

    Appendix E IP Addre sses and Subnetting P-793H User’s Guide 390 Figure 278 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the s ubnet mask. Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of the host I[...]

  • Page 391

    Appendix E IP Addresses and Subnetting P-793H User’s Guide 391 Subnet masks are expressed in dotted decimal no tation just like IP addresses. The follow ing examples show the binary and decimal not ation for 8-bit, 16-bit, 24-bit an d 29-bit subnet masks. Network Size The size of the network number determines the maximum number of possible hosts [...]

  • Page 392

    Appendix E IP Addre sses and Subnetting P-793H User’s Guide 392 Subnetting Y ou can use subnetting to divide one network into multiple sub-networks. In the following example a network administrator creates two sub-networks to isolate a group of servers from the rest of the c ompany network for security reasons. In this example, the company networ[...]

  • Page 393

    Appendix E IP Addresses and Subnetting P-793H User’s Guide 393 Figure 280 Subnetting Example: Af ter Subnetting In a 25-bit subnet the host ID has 7 bits , so each sub-network has a maximum of 2 7 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’ s address itself, all ones is the subnet’ s broadcast address). 192.168.1.0 wit[...]

  • Page 394

    Appendix E IP Addre sses and Subnetting P-793H User’s Guide 394 Example: Eight Subnet s Similarly , use a 27-bit mask to create eight subnets (000, 00 1, 010, 01 1, 100, 101, 1 10 and 111 ) . The following table shows IP address last octet values for each subnet. T able 143 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VA L U E IP Address[...]

  • Page 395

    Appendix E IP Addresses and Subnetting P-793H User’s Guide 395 Subnet Planning The following table is a summary for su bnet planning on a network with a 24-bit network number . The following table is a summary for su bnet planning on a network with a 16-bit network number . 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 T[...]

  • Page 396

    Appendix E IP Addre sses and Subnetting P-793H User’s Guide 396 Configuring IP Addresses Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u a bloc k of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did [...]

  • Page 397

    P-793H User’s Guide 397 A PPENDIX F IP Address Assignment Conflict s This appendix describes situations where IP addre ss conflicts may occur . Subs cribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyXEL Device is using the same LAN and W AN IP addresses The following figure shows an example where the ZyXEL[...]

  • Page 398

    Appendix F IP Ad dress Assignment Conflicts P-793H User’s Guide 398 Figure 282 IP Address Conflicts: Case B T o solve this problem, make sure the ZyXEL De vice LAN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the sub[...]

  • Page 399

    Appendix F IP Address Assignment Conflicts P-793H User’s Guide 399 Figure 284 IP Address Conflicts: Case D This problem can be solved by adding a VLAN- enabled switch or set the computers to obtain IP addresses dynamically .[...]

  • Page 400

    Appendix F IP Ad dress Assignment Conflicts P-793H User’s Guide 400[...]

  • Page 401

    P-793H User’s Guide 401 A PPENDIX G Common Services The following table l ists some commonly-used se rvices and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site . • Name : This is a short, descrip tive name for[...]

  • Page 402

    Appendix G Comm on Services P-793H User’s Guide 402 FTP TCP TCP 20 21 File Tr a nsfer Program, a program to enable fast transfer of files, including large fil es that may not be possible by e-mail. H.323 TCP 1720 NetMeeting uses this protocol. HTTP TCP 80 Hyper T ext T ransfer Protoco l - a client/ server protocol for the world wide web. HTTPS TC[...]

  • Page 403

    Appendix G C ommon S ervices P-793H User’s Guide 403 RTE L N ET TC P 107 Remote T elnet. RTS P TCP/UDP 554 The Real Time S treaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. SFTP TCP 11 5 Simple File Transfer Protocol. SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Inte[...]

  • Page 404

    Appendix G Comm on Services P-793H User’s Guide 404[...]

  • Page 405

    P-793H User’s Guide 405 A PPENDIX H Command Interpreter The following describes how to us e the command interpreter . See Se ction 35.1 on pa ge 337 for how to access the comma nd interpreter from SMT . See www .zyxel.com for more detailed information on these commands. 1 Use of undocumented co mmands or misconfigurat ion can damage the unit and [...]

  • Page 406

    Appendix H Comma nd Interpreter P-793H User’s Guide 406 Configuring What Y ou W ant the ZyXEL Device to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Zy XEL Device is to record. 2 Use sys logs category to view a list of the log categories. Figure 285 Displaying Log Cate gories Examp[...]

  • Page 407

    Appendix H Command Interpreter P-793H User’s Guide 407 Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. Routing Command Use this command to set the ZyXEL Device to route t raffic that doe s not match a NA T rule through a specific interface. An example of when you[...]

  • Page 408

    Appendix H Comma nd Interpreter P-793H User’s Guide 408 ARP Behavior and the ARP ackGratuitous Commands The ZyXEL Device does not accept ARP reply in formation if the ZyXEL Device did not send out a corresponding request. This helps pr event the ZyXEL Device from updating its ARP table with an incorrect IP address to MAC address mapping due to a [...]

  • Page 409

    Appendix H Command Interpreter P-793H User’s Guide 409 Figure 288 Backup Gateway Updating the ARP entries could increase the da nger of spoofing attacks. It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup g a teway example. T urning on the force updates option is more dang erous than [...]

  • Page 410

    Appendix H Comma nd Interpreter P-793H User’s Guide 410 Figure 289 Routing Command Examp l e ras> ipsec ipsecEdit 1 ras> ipsec ipsecConfig encryKeyLen 1 ras> ipsec ipsecDisplay ---------- IPSec Setup ---------- Index #= 1 Active= No Multi P ro = No Protocol= 0 Global SW= 0xA Bound IKE 9999 NailUp = No Netbi os = No Name= test ControlPing[...]

  • Page 411

    P-793H User’s Guide 41 1 A PPENDIX I Log Descriptions This appendix provides descrip tions of example log messages. T able 150 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router h as adjusted its time based on in formation from the time server . Time calibration failed The router failed to get inform ation f[...]

  • Page 412

    Appendix I Log Desc riptions P-793H User’s Guide 412 Successful SSH login Someone has logged on to the router’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server . Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone h[...]

  • Page 413

    Appendix I Log Descriptions P-793H User’s Guide 413 T able 153 TCP Rese t Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination ho st.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when[...]

  • Page 414

    Appendix I Log Desc riptions P-793H User’s Guide 414 Triangle route packet forwarded: ICMP The firewall allowe d a triangle route sessi on to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry . Unsupported/out-of-order ICMP: ICMP The firewall does not sup p[...]

  • Page 415

    Appendix I Log Descriptions P-793H User’s Guide 415 T able 159 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web page matched a user define d keyword. %s: Not in trusted web list The web site is not in a trusted domain, and the router blocks al l traffic except trusted domain sites. %s: Forbidden W[...]

  • Page 416

    Appendix I Log Desc riptions P-793H User’s Guide 416 ip spoofing - WAN [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected an IP spoofing attack on the W A N port. ip spoofing - WAN ICMP (type:%d, code:%d) The firewall detected an ICMP IP spoofing attack on the W AN port. For type and code details, see T able 167 on page 422 . icmp echo: [...]

  • Page 417

    Appendix I Log Descriptions P-793H User’s Guide 417 T able 162 IKE Logs LOG MESSAGE DESCRIPTION Active connection allowed exceeded The IKE process for a new co nnection failed b ecause the limi t of simultaneous phase 2 SAs has b een reached. Start Phase 2: Quick Mode Phase 2 Qu ick Mode has started. Verifying Remote ID failed: The connection fai[...]

  • Page 418

    Appendix I Log Desc riptions P-793H User’s Guide 418 Remote IP <Remote IP> / <Remote IP> conflicts The security ga teway is set to “0.0.0.0” and the route r used the peer ’s “Local Address” a s the router ’s “Remote Address”. This informa tion conflicted with static rule #d; thus the connection is not a llowed. Phase 1[...]

  • Page 419

    Appendix I Log Descriptions P-793H User’s Guide 419 Rule [%d] Phase 2 authentication algorithm mismatch The listed ru le’s IKE phase 2 authentication al gorithm did not match between the router and the peer. Rule [%d] Phase 2 encapsulation mismatch The listed rule’s IKE phase 2 encapsulation did not match between the router a nd the peer. Rul[...]

  • Page 420

    Appendix I Log Desc riptions P-793H User’s Guide 420 Enrollment failed The CMP online certificate enrollment failed. The Destination fi eld records the certification authori ty server ’s IP address and port. Failed to resolve <CMP CA server url> The CMP online certificate enrollment failed because the certification authority server ’s I[...]

  • Page 421

    Appendix I Log Descriptions P-793H User’s Guide 421 7 Certificate was revoked by a CRL. 8 Certificate was not added to the cache. 9 Certificate decoding failed. 10 Certificate was not found (anywhere). 11 Certificate chain looped (did not fi nd trusted root). 12 Certificate contains critical extension that wa s not handled. 13 Certificate issuer [...]

  • Page 422

    Appendix I Log Desc riptions P-793H User’s Guide 422 User logout because of no authentication response from user. The router logge d out a user from which there was no authentication response. User logout because of idle timeout expired. The router l ogged out a us er whose idle ti meout period expired. User logout because of user request. A user[...]

  • Page 423

    Appendix I Log Descriptions P-793H User’s Guide 423 The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. 0 A gateway may discard internet datagrams if it does not have th e buffer space needed to queue the datagrams for output to the next network on th e rout[...]

  • Page 424

    Appendix I Log Desc riptions P-793H User’s Guide 424 Log Commands This section provides some general examples of how to use the log commands. The items that display with your device may vary but the basic function should be the same. Go to the command in terpreter interface. Appendix H on pa ge 405 explains how to access and use the commands. Con[...]

  • Page 425

    Appendix I Log Descriptions P-793H User’s Guide 425 Figure 291 Displaying Log Para meters Example 4 Use sys logs category followed by a log cate gory and a parameter to decide what to record. Use 0 to not record logs for that category , 1 to record only logs fo r that category , 2 to record only alerts for that category , and 3 to record both log[...]

  • Page 426

    Appendix I Log Desc riptions P-793H User’s Guide 426 Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access #.time source destination notes message 0|06/08/200[...]

  • Page 427

    P-793H User’s Guide 427 A PPENDIX J NetBIOS Filter Commands The following describes the NetB IOS packet filter commands. See Appendix H on page 4 05 for information on th e command structure. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. [...]

  • Page 428

    Appendix J NetBIOS Filter Commands P-793H User’s Guide 428 The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off> where T able 170 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and W AN This field displays whether NetBIOS packet[...]

  • Page 429

    P-793H User’s Guide 429 A PPENDIX K Legal Information Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , ma[...]

  • Page 430

    Appendix K Legal In formation P-793H User’s Guide 430 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving antenna. 2 Increas[...]

  • Page 431

    Appendix K Legal Information P-793H User’s Guide 431 ZyXEL) and the customer will be billed for part s and labor . All repaired or replaced products will be shipped by ZyXEL to th e corresponding return address, P o stage Paid. This warranty gives you specific legal rights, and yo u may also have othe r rights that vary from country to country . [...]

  • Page 432

    Appendix K Legal In formation P-793H User’s Guide 432[...]

  • Page 433

    P-793H User’s Guide 433 A PPENDIX L Customer Support Please have the following information r eady when you contact customer support. Required Information • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps you took to solv e it. Corporate Head[...]

  • Page 434

    Appendix L Custo mer Support P-793H User’s Guide 434 Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • T elephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • W eb Site: www .zyxel.dk • Re g u l a r M a i l : ZyXEL Communications A/ S, Columb usvej, 2860 Soeborg, Denmark Finland • Support E-mail: support@zyxel[...]

  • Page 435

    Appendix L Customer Support P-793H User’s Guide 435 • T elephone: +7-3272-590-698 • Fax: +7-327 2-590-689 • W eb Site: www .zyxel.kz • Re g u l a r Ma i l : ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dost yk Business Centre, 050010, Almaty , Republic of Kazakhstan North America • Support E-mail: support@zyxel.com • Sales E-mail: sa[...]

  • Page 436

    Appendix L Custo mer Support P-793H User’s Guide 436 • W eb Site: www .zyxel.es • Re g u l ar M a il : ZyXEL Communications, Art e, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • T elephone: +46-31-744-7700 • Fax: +46-31-744-7701 • W eb Site: www .zyxel.se • Re g u l a[...]

  • Page 437

    Index P-793H User’s Guide 437 Index A active protocol 159 AH 159 and encapsulation 159 ESP 159 address mapping 111 AH 159 and transport mode 160 alert 225 alternative subnet mask notation 391 anti-probing 144 applications high-speed Internet access 39 point-to-point connections 40 A TM traffic class. See traf fic class. authentication algorithms [...]

  • Page 438

    Index P-793H User’s Guide 438 Domain Name System. See DNS. DoS attack 11 9 brute-force 11 9 , 121 IP spoofing 120 LAN 120 ping of death 120 SYN flood 120 teardrop 120 threshold. See DoS thresh old. types of 11 9 using ICMP 122 using illegal NetBIOS commands 122 using traceroute 122 DoS threshold 145 half-open sessions 146 max-incomplete-high 146 [...]

  • Page 439

    Index P-793H User’s Guide 439 main mode 154 , 157 NA T traversal 158 negotiation mode 154 peer identity 156 pre-shared key 156 proposal 155 IKE SA. See also VPN. installation wall-mounting 365 Internet Assigned Nu mbers Authority See IANA 396 Internet Control Message Protocol. See ICMP . Internet Group Multi cas t Protocol. See IGMP . Internet Pr[...]

  • Page 440

    Index P-793H User’s Guide 440 and filter set 306 and IP alias 104 and remote managemen t 196 and VPN 158 examples 286 global 103 how it works 104 inside 103 local 103 many-to-many no overload 105 many-to-many overload 105 many-to-one 105 one-to-one 105 outside 103 port forwarding. See port forwarding. server 104 , 105 SUA. See SUA. types of mappi[...]

  • Page 441

    Index P-793H User’s Guide 441 S safety warnings 6 schedule set 349 Select Mode screen 45 Simple Network Management Protocol. See SNMP . Single User Account. See SUA. SMT 41 , 239 accessing 239 menu items 240 navigation 242 SNMP 41 , 199 agent 199 Get 200 GetNext 200 manager 199 MIB 200 operations 200 remote management 201 Set 200 Tr a p 200 traps[...]

  • Page 442

    Index P-793H User’s Guide 442 minimum requirements 43 Wide Area Network. See W AN. wizards 53 WWW remote management 196 www .dyndns.org 191[...]

  • Page 443

    Index P-793H User’s Guide 443[...]

  • Page 444

    Index P-793H User’s Guide 444[...]