Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 1600 Filter Configuration, 10.1About Filtering, 10.2The Filter Structure of the Prestige, Figure 10-1Outgoing Packet Filtering Process

1 163

Download 163 pages, 3.27 Mb

Prestige 1600 Universal Access Concentrator

Chapter 10

Filter Configuration

This chapter shows you how to create and apply filter(s).

10.1About Filtering

Your Prestige uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later.

Data filtering screens the data to determine if the packet should be allowed to pass. Data filters are divided into incoming and outgoing filters, depending on the direction of the packet relative to a port. Data filtering can be applied on either the WAN side or the LAN side. Call filtering is used to determine if a packet should be allowed to trigger a call. Outgoing packets must undergo data filtering before they encounter call filtering as shown in the following figure.

Call Filtering

No

Built-in

No

User-defined

No

Active Data

Outgoing

Data

match

default

match

Call Filters

match

Initiate call

Packet

Filtering

Call Filters

(if applicable)

if line not up

Send packet

and reset

Match

Match

Match

Idle Timer

Drop

Drop packet

Drop packet

packet

if line not up

if line not up

Or

Or

Send packet

Send packet

but do not reset

but do not reset

Idle Timer

Idle Timer

Figure 10-1 Outgoing Packet Filtering Process

The following sections describe how to configure filter sets. Please see the application notes for more information and examples on creating and configuring filters.

10.2The Filter Structure of the Prestige

A filter set consists of one or more filter rules. Usually, you would group related rules, e.g., all the rules for NetBIOS, into a single set and give it a descriptive name. The Prestige allows you to configure up to twelve filter sets with six rules in each set, for a total of 72 filter rules in the system.

You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.

The following diagram illustrates the logic flow when executing a filter rule.

Filter Configuration

10-1

Contents

Page Prestige Universal Access Concentrator Copyright Disclaimer Trademarks ZyXEL Limited Warranty Customer Support When Contacting Customer Support Representative Table of Contents Page Page Page Page Page List of Figures Page Page Page List of Tables Page Preface About the Prestige Network Modules Configuring your Prestige About this Guide Related Documentation What is DSL SDSL (Symmetric DSL) ADSL (Asymmetric DSL) IDSL (ISDN DSL) DSL Comparison Chart Getting to Know Your Concentrator 1.1Overview of the Prestige Physical Dimensions Power Requirement Operating Environment 1.2Key Benefits 1.3Detailed Features of the Prestige Modular Architecture Configuration Types Network Interfaces Network Protocol Support Robust Security Features Internet Access Sharing Remote Software Upgrades 1.4Prestige 1600 and Prestige DSL Clients Page Prestige 1600 Applications 2.1Multi Purpose Concentrator 2.2Prestige 1600 Deployment Scenarios 2.2.1Deployed at a High-risefor High-SpeedInternet Access 2.2.2Campus Connectivity 2.2.3Deployed at ISPs and Other Service Providers 2.2.4Configuration Example One 2.2.5Configuration Example Two 2.2.6Configuration Example Three 2.2.7Configuration Example Four Initial Setup 3.1Initial Screen 3.1.1Password 3.2Navigating the SMT Interface 3.3SMT Menus At A Glance Page 3.3.1P1600 Main Menu - Primary 3.3.2Secondary and Standalone Main Menu 3.4Changing the System Password 3.5Resetting the Prestige 3.6General Setup 3.6.1DNS Server Address Figure 3-7Menu 1 - General Setup (Primary) Configuration Type Figure 3-8Menu 1 - General Setup (Secondary/Standalone) Table 3-3General Setup Fields Field Page WAN Port Setup 4.1Configuring The WAN Port For PPP over HDLC 4.2Configuring The WAN Port For Frame Relay 4.2.1Standards 4.2.2How To Configure The WAN Port For Frame Relay 4.3How To Configure Frame Relay for Internet Access 4.3.1Encapsulation 4.3.2DLCI 4.3.3CIR (Committed Information Rate) 4.3.4EIR (Excess Information Rate) 4.3.5How To Configure Frame Relay for Internet Access 4.4How To Configure Frame Relay For A Remote Node Figure 4-7Menu 11.1 - Remote Node Profile Figure 4-8Menu 11.4 - Remote Node Frame Relay Options Internet Access 5.1Introduction 5.1.1IP Address assignment Page 5.1.2Standalone IP Pool 5.2TCP/IP Parameters 5.2.1IP Address and Subnet Mask 5.2.2RIP Setup 5.2.3IP Multicast 5.3IP Policies 5.4TCP/IP Ethernet Setup 5.5Collecting Internet Account Information 5.6Internet Access using the Prestige 1600 Primary Figure 5-2Menu 4 - Internet Access Setup Table 5-4Internet Access Setup Menu Fields Observation Address Mapping Set below DSL Port Setup Figure 6-2DSL Port Setup Table 6-1DSL Port Setup Fields Option Yes/No IDSL 6.1Port Usage 6.1.1Example IDSL Port Setup 6.1.2User Authentication 6.1.3PAP/CHAP Page Remote Node Configuration 7.1Remote Node Setup Table 7-1Remote Node Profile Menu Fields for Leased Lines No (default) bring you to Menu 11.2 - Remote Node PPP Default 7.2Outgoing Authentication Protocol 7.3Editing PPP Options 7.4Edit IP Parameters Menu 11 - Remote Node Profile Table 7-3TCP/IP related fields in Menu 11.1 - Remote Node Profile Menu 11.3 - Remote Node Network Layer Options Table 7-4Remote Node TCP/IP Configuration Full Page Static Route 8.1.1Basics 8.1.2Static Route Setup Menu 12 - IP Static Route Setup Figure 8-2Menu 12 - IP Static Route Setup Figure 8-3Menu 12.1 - Edit IP Static Route Menu 12.1 - Edit IP Static Route Setup Table 8-1Edit IP Static Route Menu Fields Menu 12 - IP Static Route Setup Page Network Address Translation (NAT) 9.1Introduction 9.1.1NAT Definitions 9.1.2What NAT Does 9.1.3How NAT works 9.1.4NAT Mapping Types 9.1.5SUA (Single User Account) Versus NAT 9.2SMT Menus 9.2.1Applying NAT in the SMT Menus Figure 9-2Applying NAT for Internet Access Menu 11.3 - Remote Node Network Layer Options Figure 9-3Applying NAT to the Remote Node Table 9-2Applying NAT in Menus 4 & Full Feature: 9.2.2Configuring NAT 9.2.3Address Mapping Sets and NAT Server Sets: Figure 9-6SUA Address Mapping Rules Table 9-3SUA Address Mapping Rules Options/Example SUA Select Rule 9.2.4Ordering Your Rules Action Menu 15.1.1.1 - Address Mapping Rule Figure 9-8Editing an Individual Rule in a Set Table 9-5Menu 15.1.1.1 - configuring an individual rule Option/Example 9.3NAT Server Sets 9.3.1Multiple Servers behind NAT 9.3.2Configuring Inside Servers 9.4Examples 9.4.1Internet Access Only 9.4.2Example 2 - Internet Access with a Default Inside Server 9.4.3Example 3 - General Case Menu 15.1 - Address Mapping Sets Edit Type One-to-One Start IP 9.4.4NAT Unfriendly Application Programs 9.4.5Example 4 - Remote Management 9.4.6Applying NAT to the Ethernet Port Figure 9-19Ethernet SUA Figure 9-20Applying NAT on the LAN Port Menu 12 - IP Static Route Setup Page Filter Configuration 10.1About Filtering 10.2The Filter Structure of the Prestige Filter Set Execute Filter Rule Figure 10-2Filter Rule Process 10.3Configuring a Filter Set 10.3.1 Filter Rules Summary Menu 10.4Configuring a Filter Rule 10.5Filter Types and NAT 10.5.1 TCP/IP Filter Rule Figure 10-6Menu 21.1.1 - TCP/IP Filter Rule Table 10-4TCP/IP Filter Rule Menu Fields None/Less/Grea ter/Equal/Not Equal Yes/N/A If More is Yes, then Action Matched and Action Not Matched will be N/A Action Not Matched 10.5.2 Device Filter Rule Figure 10-8Menu 21.1.2 - Device Filter Rule Table 10-5Device Filter Rule Menu Fields Yes / N/A If More is Yes, then Action Matched and Action Not Matched will be N/A 10.6Applying a Filter 10.6.1 Ethernet traffic 10.6.2 Remote Node Filters 10.7Filter Example 10.7.1 Configuring a FTP_WAN Filter Rule Figure 10-11FTP_WAN Filter Configuration Figure 10-12Filter Rule Configuration Figure 10-13Filter Rule Configuration Figure 10-14FTP_WAN Filter Rules Summary Menu 11. 1 - Remote Node Profile Input Protocol Filter Set Figure 10-15Remote Node Profile Page SNMP Configuration 11.1About SNMP 11.2Supported MIBs 11.3SNMP Configuration 11.4SNMP Traps Page System Security 12.1Changing the System Password 12.2RADIUS Support 12.2.1 About RADIUS 12.2.2 Using RADIUS Authentication 12.3RADIUS Authentication 12.3.1 Installing a RADIUS Server 12.3.2 The Key Field 12.3.3 Adding Users to the RADIUS Database 12.3.4 RADIUS Server Configuration 12.4RADIUS Accounting Menu 24.3.2 - System Maintenance - External Server Figure 12-5Menu 24.3.2 - System Maintenance - Accounting Server Table 12-2Menu 24.3.3 System Maintenance - Accounting Server Fields Figure 12-6Examples of RADIUS Accounting Message Table 12-3Accounting Attributes Remote Management 13.1About Telnet 13.2Telnet Behind NAT 13.3Telnet Capabilities 13.3.1 Single Administrator 13.3.2 System Timeout 13.4Remote Management Through NAT 13.4.1 Procedure to Set Up NAT for Remote Management Figure 13-5Address Mapping Rule Summary Figure 13-6Apply the New NAT Set System Information and Maintenance 14.1System Status 14.1.1 WAN/LAN Status 14.1.2 DSL Port Status 14.1.3 Route Status 14.2System Information 14.2.1 Console Port Speed 14.3Log and Trace 14.3.1 Viewing Error Log 14.3.2 Syslog And Accounting 14.4Diagnostic 14.5Boot Module Commands 14.6Command Interpreter Mode 14.7Time and Date Setting Configuration & Firmware Maintenance 15.1Filenames Figure 15-1Internal and External Filenames Table 15-1Filenames Internal Filename FTP Command Example Filename 15.2Backup Configuration 15.2.1 Backup using FTP 15.2.2 Backup using TFTP 15.2.3 Backup using the Console Port 15.3Restore Configuration 15.3.1 Restore using FTP 15.3.2 Restore using TFTP 15.3.3 Restore using the Console Port 15.4Upload Firmware 15.4.1 Dual Firmware Block Structure 15.4.2 Upload Prestige Firmware using FTP 15.4.3 Example - Using the FTP command from the DOS Prompt 15.4.4 Upload Prestige Firmware using TFTP 15.4.5 Third Party TFTP Clients - General Commands 15.4.6 Upload Prestige Firmware via the Console Port 15.5Upload Prestige Configuration File 15.5.1 Upload Prestige Configuration File using FTP 15.5.2 Upload Prestige Configuration File using TFTP 15.5.3 Upload Prestige Configuration File using the Console Port Page Page IP Policy Routing 16.1Introduction 16.1.1 Benefits 16.1.2 Routing Policy 16.2IP Routing Policy Setup Figure 16-1Menu 25 - IP Routing Policy Setup Menu 25 - IP Routing Policy Setup Menu 25.1 - IP Routing Policy Summary Figure 16-2Menu 25 - IP Routing Policy Summary Table 16-1IP Routing Policy Summary Meaning Figure 16-3Menu 25.1.1 - IP Routing Policy 16.3Applying an IP Policy 16.3.1 Ethernet IP Policies 16.3.2 DSL IP Routing Policies 16.4IP Policy Routing Example Figure 16-6Example of IP Policy Routing Menu 25.1 - IP Routing Policy Figure 16-7IP Routing Policy Example Menu 25.1 - IP Routing Policy Setup Figure 16-8IP Policy Routing Figure 16-9Applying IP Policies Troubleshooting 17.1Problems Starting Up the Prestige 17.2Problems With the xDSL Port 17.3Problems with the WAN Port 17.4Problems with the LAN Interface 17.5Problems Connecting to a Remote Node or ISP 17.6General Instructions CI Commands Page Page DSL related CI Commands IP related CI Commands Page Page Ethernet Related CI Command Glossary Page Page Page Page Page Index