ZyXEL Communications 792H specs

Image 43

ZyXEL Communications 792H manual

Contents

Prestige 792H Page Trademarks DisclaimerPage Certifications Page Information for Canadian Users Page Safety Warnings ZyXEL Limited WarrantyPage Customer Support Page Table of Contents WAN Setup LAN Setup Dynamic DNS Setup Creating Custom Rules 10-1 Firewall ConfigurationCustomized Services 11-1 Content Filtering 12-1 15-1 14-1 Dial Backup 21-1 Maintenance 17-1General Setup 19-1 WAN Setup 20-4 25-1 22-123-1 24-1 Firmware and Configuration File Maintenance 31-1 Filter Configuration 28-1Snmp Configuration 29-1 System Maintenance 30-1 Remote Management 35-1 System Maintenance and Information 32-1IP Policy Routing 33-1 Call Scheduling 34-1 Internal Sptgen 38-1 VPN/IPSec Setup 36-1Troubleshooting 39-1 SA Monitor 37-1 List of Figures Xviii List of Figures List of Figures Xix Diagnostic General 17-8 List of Figures Xxi Xxii List of Figures List of Figures Xxiii Xxiv List of Figures List of Figures Xxv Page List of Tables List of Tables Xxvii Xxviii List of Tables 28-15 Xxx List of Tables Page Syntax Conventions Related Documentation Xxxii Preface Introduction to G.SHDSL Introduction to DSL Part Page Scalability Features of the PrestigeSymmetrical High Speed Internet Access Getting to Know Your G.SHDSL Router Snmp Simple Network Management Protocol versions 1 IPSec VPN CapabilityFirewall Traffic Redirect 10/100MB Auto-negotiation Ethernet/Fast Ethernet Interface SUA for Single-IP Address Internet AccessIP Alias IP Policy Routing Full Network Management Upgrade Firmware via LANEase of Installation Universal Plug and Play UPnP Application Scenarios for the Prestige Internet AccessLAN-to-LAN Application Web Configurator Overview Introducing the Web ConfiguratorAccessing the Prestige Web Configurator Password Screen Navigating the Prestige Web Configurator Configuring Password Label Description Resetting the Prestige Uploading a Configuration File Via Console Port Using The Reset ButtonPage Service Type Wizard SetupWizard Setup Introduction WAN Setup PPP over Ethernet Standard ModeEncapsulation Transfer Rates VC-based Multiplexing MultiplexingPPPoA 4 RFC VPI and VCI Wizard Setup Configuration First Screen Rate and the same Transfer Min Rate Server see Service Type VCI IP Address and Subnet MaskPPPoE VPI IP Assignment with PPPoA or PPPoE Encapsulation IP Address Assignment IP Assignment with Enet Encap Encapsulation IP Assignment with RFC 1483 EncapsulationPrivate IP Addresses Nailed-Up Connection PPP Wizard Setup Configuration ISP Parameters10 NAT Internet Connection with PPPoA Internet Internet Connection with RFC 11.2 RFC Enet Encap Internet Connection with Enet Encap Internet Connection with PPPoE PPPoE Dhcp Setup IP Pool Setup Wizard Setup Configuration LAN Configuration Wizard LAN Configuration Wizard Screen LAN COnfiguration Wizard Setup Configuration Connection Tests Wizard Screen Connection Tests Test Your Internet ConnectionPage LANs, WANs and the Prestige LAN SetupLAN Overview DNS Server Address LAN TCP/IP DNS Server Address Assignment Multicast Factory LAN DefaultsRIP Setup IP Address and Subnet Mask LAN Configuring LAN TCP/IP LAN WAN Overview WAN SetupMetric PPPoE Encapsulation Traffic Shaping Example of Traffic Shaping Configuring WAN Setup WAN Setup ATM traffic. Enter the VCI assigned to you Subnet as the remote node For remote node setup, enter the IP address in the same Encap in the Encapsulation field Traffic Redirect Traffic Redirect LAN Setup Configuring WAN Backup WAN Backup Cost WAN , Traffic Redirect , Dial Backup Outgoing Authentication Protocol38400 , 57600 , 115200 or 230400 bps Configuring Advanced WAN Backup Advanced WAN Backup 57600 , 115200 or 230400 bps Choose Both, In Only or Out Only Choose RIP-1,RIP-2B or RIP-2M Connection settings AT Command Strings Configuring Advanced Modem Setup DTR SignalResponse Strings Advanced Modem Setup Nmbr Clid Part Page What NAT Does Network Address Translation NATNAT Overview NAT Definitions NAT Application How NAT Works NAT Application With IP Alias NAT Mapping Types Type IP Mapping SMT Abbreviation SUA Single User Account Versus NATMapping types NAT Mapping Types SUA Server Port Forwarding Services and Port Numbers Echo Configuring Servers Behind SUA ExampleServices and Port Numbers Services Port Number Multiple Servers Behind NAT Example Selecting the NAT Mode Configuring SUA Server Edit SUA/NAT Server Set Configuring Address Mapping Many-to-One and Server mapping types Address Mapping Rules Address Mapping Rule Edit Editing an Address Mapping Rule Address Mapping Rules screen Page Dyndns Wildcard Dynamic DNS SetupConfiguring Dynamic DNS Dynamic DNS Ddns Firewall and Content Filter Page Packet Filtering Firewalls FirewallsFirewall Overview Types of Firewalls Stateful Inspection Firewalls Introduction to ZyXEL’s Firewall Basics Denial of Service Common IP Ports Types of DoS Attacks Three-Way Handshake Icmp Commands That Trigger Alerts Message Request Positive Negative Retarget Keepalive Legal NetBIOS CommandsLegal Smtp Commands Stateful Inspection Stateful Inspection Stateful Inspection Process Stateful Inspection and the Prestige 4 UDP/ICMP Security TCP Security Upper Layer Protocols Guidelines for Enhancing Security with Your FirewallSecurity In General Packet Filtering Packet Filtering Vs Firewall Firewall When To Use Filtering Prestige 792H G.SHDSL Router Remote Management and the Firewall Firewall ConfigurationEnabling the Firewall E-mail Configuring E-mail Alerts Attack Alert Daily Weekly Hourly When Log is Full None Threshold Values AlertsHalf-Open Sessions TCP Maximum Incomplete and Blocking Time Following table describes the labels in this screen Alert 256 Page Rules Overview Rule ChecklistStudy these points carefully before configuring rules Creating Custom Rules Security Ramifications Key Fields For Configuring RulesBlock means the firewall silently discards the packet LAN to WAN Rules Connection Direction WAN to LAN Rules Logs Label Description Example Firewall Logs Block, Forward or None Rule Summary Firewall Rules Summary First Screen Predefined Services Service Description Predefined Services PINGICMP0 RLOGINTCP513NEWSTCP144 NNTPTCP119 Creating/Editing Firewall Rules Creating/Editing a Firewall Rule Source and Destination Addresses Range Address , Subnet Address and Any Address Timeout Timeout Factors Influencing Choices for Timeout Values 10-16 Creating Custom Rules Introduction to Customized Services Customized Services Creating/Editing a Customized Service Creating/Editing a Customized Service Click Rule Summary under Internet to Local Network Set Example Custom Service Firewall Rule Configure Source IP Example Syslog Rule Configuration Example Rule Summary Example Content Filtering Overview Content FilteringConfiguring Keyword Blocking Content Filter Keyword Content Filter Schedule Configuring the Schedule Content Filter Trusted Configuring Trusted Computers Content Filter Logs Configuring Logs BLOCKJAVAAPPLET, BLOCKCOOKIE, Blockproxy BLOCKUNTRUSTDOMAIN, BLOCKKEYWORD, BlockactivexBlockcybernot VPN/IPSec Page Security Association Introduction to IPSecVPN Overview IPSec VPN Applications Data Origin AuthenticationData Integrity VPN Application IPSec Architecture Key Management IPSec Algorithms Tunnel Mode Transport ModeIPSec and NAT VPN and NAT Security Protocol Mode NATESP IPSec Algorithms AH Authentication Header ProtocolVPN Screens 14.1 VPN/IPSec Overview AH and ESP My IP AddressSecure Gateway Address Dynamic Secure Gateway Address IPSec Summary Fields VPN Summary Screen VPN Summary Keep Alive ID Type and Content Local ID TYPE= CONTENT= ID Type and Content ExamplesLocal ID Type and Content Fields Peer ID Type and Content Fields Editing VPN Policies Matching ID Type and Content Configuration ExampleMismatching ID Type and Content Configuration Example Pre-Shared Key VPN IKE VPN Screens 14-9 14-10 VPN Screens VPN Screens 14-11 IKE Authentication Algorithm fields described next Two Phases to Set Up the IPSec SA IKE Phases Diffie-Hellman DH Key Groups Negotiation Mode Perfect Forward Secrecy PFS 14.11Configuring Advanced IKE Settings Label Description VPN IKE VPN IKE Advanced VPN Screens 14-17 14-18 VPN Screens Security Parameter Index SPI 14.12Manual Key Setup VPN Manual Key 14.13Configuring Manual Key SPI 14-22 VPN Screens VPN Screens 14-23 14.14Viewing SA Monitor 10 SA Monitor SA Monitor 11 Global Setting 14.15Configuring Global Setting 12 VPN Logs 14.16Configuring IPSec Logs LOG Message Description 13 Sample IKE Key Exchange Logs Request conflict with rule #d 14 Sample IPSec Logs During Packet Transmission LOG Display Payload Type 15 RFC-2408 Isakmp Payload Types Telecommuters Sharing One VPN Rule Example 14.17Telecommuter VPN/IPSec ExamplesHeadquarters Telecommuters All Headquarters Rules All Telecommuter Rules Telecommuters Using Unique VPN Rules Example 14.18VPN and Remote Management Remote Management and UPnP Remote Management and NAT Remote Management ConfigurationRemote Management Overview Remote Management Limitations 15.4 Web System TimeoutTelnet 15.3 FTP Remote Management Configuring Remote Management NAT Transversal How do I know if Im using UPnP?Universal Plug-and-Play UPnP Universal Plug and Play Overview Configuring UPnP Accessing the Prestige Web Configurator to Configure UPnPUPnP and ZyXEL Field Description Installing UPnP in Windows Example Installing UPnP in Windows Me Double-clickNetwork Connections Installing UPnP in Windows XPOptional Networking Component Auto-discover Your UPnP-enabled Network Device Using UPnP in Windows XP Example Internet Connection Properties Click start and then Control Panel Web Configurator Easy Access ExampleConnections Select My Network Places under Other Places UPnP 16-9 Maintenance Page Maintenance Overview MaintenanceSystem Status Screen System Status VPI/VCI System Status Show Statistics System Statistics Maintenance 17-5 Dhcp Table Dhcp Table Screen Diagnostic General Screen Diagnostic ScreensMAC Diagnostic General Prestige 792H G.SHDSL Router Diagnostic DSL Line Screen Firmware Screen Firmware Upgrade Network Temporarily Disconnected SMT General Configuration Introducing the SMT Procedure for SMT Configuration via Console PortProcedure for SMT Configuration via Telnet Entering Password Prestige SMT Menu Overview Login Screen Prestige Menu Overview ? or ChangeMe Main Menu CommandsNavigating the SMT Interface Operation Keystroke Description Main Menu Summary System Management Terminal Interface SummaryMenu Title Description Menu 23 System Password Changing the System Password General Setup General SetupConfiguring Menu Field Description Example Configure Menu 1.1 Configure Dynamic DNS discussed nextYes User Configuring Dynamic DNSPage From the main menu, enter 2 to open menu WAN Setup Screen 20-5 Dial Backup Overview Dial BackupConfiguring Dial Backup in Menu 9600, 19200, 38400, 57600, 115200 or 230400 bps Advanced WAN SetupEnter to go to Menu 2.1 Advanced Setup 115200 Nmbr = Field Description Default Advanced WAN Port Setup Call Control Parameters Remote Node Profile Backup ISPConnect CHAP/PAP Remote Node Profile Backup ISP Press Enter to go to Menu 11.3 Remote Node Network Editing TCP/IP Options Editing PPP OptionsOtherwise select Standard PPP NAT Enter to open Menu 11.3 Network Layer Options RIP-1 Editing Filter SetsBoth Both/ None /In Only /Out Only and None Menu 11.5 Remote Node Filter Ethernet LAN Port Filter Setup Ethernet Setup TCP/IP and Dhcp Setup IP Alias Setup Both , In Only or Out Only Route IP SetupRIP-2B or RIP-2M General Setup 22.1.4 TCP/IP Ethernet Setup and Dhcp RIP-1 Both Both, In Only, Out Only or NoneRIP-1,RIP-2B or RIP-2M 22-6 Internet Access Overview Internet AccessInternet Access Setup UBR Enet EncapOr Enet Encap LLC-based SUA Only Dynamic Advanced Applications Remote Node Setup Remote Node ConfigurationRemote Node Overview Encapsulation and Multiplexing Scenarios Remote Node Setup Based or LLC-based Then the Rem Login, Rem Password, My Login, My Allocated Budget is 10 minutes and the Period hr ChapTo display Menu 11.3 Remote Node Network Layer Options To display Menu 11.6 Remote Node ATM Layer Options Remote Remote Node Network Layer Options Static Options are Both, In Only, Out Only or None My WAN Addr Sample IP Addresses Sample IP Addresses for a TCP/IP LAN-to-LAN Connection Remote Node Filter VC-based Multiplexing non-PPP Encapsulation Editing ATM Layer OptionsPress Enter to open Menu 11.6 Remote Node ATM Layer Options Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation LLC-based Multiplexing or PPP Encapsulation Static Route Overview Static Route Setup Static Route Setup Edit IP Static Route Page Bridging Overview Bridging SetupBridge Ethernet Setup Remote Node Bridging Setup Remote Node Bridging Options Bridge Static Route Setup Bridge Static Route Setup 26-4 Bridging Setup Applying NAT Applying NAT for Internet Access Enter 1 to bring up Menu 15.1 Address Mapping Sets NAT SetupFull Feature Address Mapping Sets Address Mapping Rules SUA Address Mapping Sets User-Defined Address Mapping Sets Natset Field Desription Example Edit Global Start/End IPsSelect Rule item For Server One-to-OneTo-One,Many-to-One and Server types NAT Server Sets NAT Server Setup General NAT Examples Example 1 Internet Access Only 11 NAT Example 13 NAT Example Example 2 Internet Access with an Inside Server 14 NAT Example 2 Menu Example 3 Multiple Public IP Addresses With Inside Servers 15 NAT Example 17 Example 3 Menu Enter 2 in Menu 15 NAT Setup 19 Example 3- Menu Example 4 NAT Unfriendly Application Programs 21 Example 4 Menu 22 Example 4 Menu Advanced Management Page About Filtering Filter Configuration Outgoing Packet Filtering Process Filter Rule Process Execute Filter Rule Filter Structure of the Prestige Filter Set Configuration NetBios WAN Filter Rules Summary TelnetWAN Filter Rules Summary Ftpwan Filter Rules Summary Abbreviations Used in the Filter Rules Summary Menu Filter Rules Summary Menus GEN Filter Rule ConfigurationRule Abbreviations Used Filter Type Description TCP/IP Filter Rule 28.3.1 TCP/IP Filter RuleChoices are TCP/IP Filter Rule or Generic Filter Rule Choices are None , Less , Greater , Equal or Not Equal TCP/IP Filter RuleIf More is Yes , then Action Matched and Action Not Check Next Rule, Forward or Drop Check Next RuleChoices are Check Next Rule, Forward or Drop 12 Executing an IP Filter 13 Generic Filter Rule Generic Filter Rule Generic Filter Rule Menu Fields Example Filter Filter Types and NAT 15 Sample Telnet Filter 16 Sample Filter Rules Summary Menu 17 Sample Filter Rules Summary Menu Filter Sets Description Applying Filters and Factory DefaultsEthernet Traffic Filter Sets Table 19 Filtering Ethernet Traffic Remote Node FiltersPage Snmp is only available if TCP/IP is configured Snmp ConfigurationSnmp Overview Supported MIBs Snmp Configuration Trap # Trap Name Description Snmp TrapsSnmp Traps Snmp 29-4 Snmp Configuration System Maintenance Overview System MaintenanceSystem Status System Maintenance Status System Information System InformationWAN LAN Menu 1 General Setup Log and Trace Viewing Error LogConsole Port Speed Syslog Sample Error and Information Messages Parameter Description System Maintenance Menu Syslog ParametersCDR System Maintenance Diagnostic Diagnostic System Maintenance Menu Diagnostic Page Filename Conventions Firmware and Configuration File Maintenance Filename Conventions Backup ConfigurationFile Type Internal External Name Description Using the FTP Command from the Command Line Backup ConfigurationExample of FTP Commands from the Command Line Tftp and FTP over WAN Will Not Work When General Commands for GUI-based FTP ClientsCommand Description GUI-based FTP Clients Tftp Command Example Backup Configuration Using TftpGUI-based Tftp Clients General Commands for GUI-based Tftp Clients Backup Via Console Port Backup Configuration Example Restore Configuration System Maintenance Restore Configuration Restore Using FTP Restore Via Console Port Restore Using FTP Session Example Firmware File Upload Uploading Firmware and Configuration Files 13 System Maintenance Upload System Firmware Configuration File Upload FTP Session Example of Firmware File Upload FTP File Upload Command from the DOS Prompt ExampleTftp File Upload Uploading Via Console Port Tftp Upload Command Example Uploading Firmware File Via Console Port Example Xmodem Firmware Upload Using HyperTerminal Example Xmodem Configuration Upload Using HyperTerminal Uploading Configuration File Via Console Port 19 Example Xmodem Upload Command Interpreter Mode System Maintenance and Information Budget Management Call Control Support Budget Management System Maintenance Time and Date Setting Time and Date Setting Time and Date Setting Fields Resetting the TimeNTP RFC-1305 is similar to Time RFC-868 Page Routing Policy IP Policy RoutingIP Policy Routing Overview IP Policy Routing Benefits IP Routing Policy Setup IP Routing Policy Setup Action ServiceAbbreviation Meaning Criterion G t Delay, Max Thruput, Min Cost or Max Reliable Matched Applying an IP PolicyEthernet IP Policies Less, Greater, Less or Equal or Greater or Equal 33-6 IP Policy Routing Example of IP Policy Routing IP Policy Routing Example IP Routing Policy Example Applying IP Policies Page Call Scheduling Schedule SetupCall Scheduling Overview Schedule Set Setup Forced On Once Applying Schedule Sets to a Remote Node PPPoE Remote Management and FTP Services Remote Management and Telnet ServicesRemote Management Remote Management Control Remote Management SetupRemote Management and Web Services Disabling Remote Management Remote Management and NAT System Timeout SMT VPN/IPSec and Internal Sptgen 36.1 VPN/IPSec Overview VPN/IPSec Setup IPSec Summary Screen Menu 27 VPN/IPSec Setup ESP DES MD5 Tunnel 36-4 VPN/IPSec Setup IPSec Setup IPSec Summary Menu 27.1.1 IPSec Setup Gateway Address field below Single Address field set to Subnet Manual Setup Description Example IKE Setup3Menu 27.1.1.1 IKE Setup Field DH1 DESMD5 Active Protocol Encapsulation and Security Protocol Manual SetupMode Security Protocol Active Protocol ESP Tunnel Menu 27.1.1.2 Manual Setup VPN/IPSec Setup 36-15 Page SA Monitor Using SA MonitorSA Monitor Overview ESP DES TaiwanRefresh Viewing IPSec Log Diagram 37-1 Example VPN Responder IPSec LogVPN Responder IPSec Log Page Internal Sptgen Configuration Text File FormatInternal Sptgen Overview 38-2 Internal Sptgen Internal Sptgen FTP Download Example Invalid Parameter Entered Command Line Example Internal Sptgen FTP Upload Example Internal Sptgen FTP Upload Example Appendices and Index Page Troubleshooting the Start-Up of Your Prestige TroubleshootingProblems Starting Up the Prestige Problems with the LAN Interface Troubleshooting Internet Access Problems with the WAN InterfaceProblems with Internet Access Troubleshooting the WAN Interface Troubleshooting Telnet Problems with the PasswordProblems with Telnet Troubleshooting the PasswordPage Traditional Dial-up Scenario Appendix a PPPoEPPPoE in Action Benefits of PPPoE Prestige as a PPPoE Client Diagram 2 Prestige as a PPPoE Client Appendix B Virtual Circuit Topology Diagram 3 Virtual Circuit Topology United Kingdom Plug Standards Power Adapter SpecificationsAppendix C North American Plug Standards AA-121ABN European Plug StandardsChina Standards Power Consumption Safety Standards Ccee GB8898 Index 17-10 28-4 10-7 Local Network30-6 24-1,24-2 24-2 30-5 RIP Traceroute TCP/IP