Product FAQ


General FAQ

  1. What is the Prestige 334w Internet Access Sharing Router?
  2. Will the Prestige 334w work with my Internet connection?
  3. What do I need to use the Prestige?
  4. What is PPPoE?
  5. Does the Prestige support PPPoE?
  6. How do I know I am using PPPoE?
  7. Why does my provider use PPPoE?
  8. Which Internet Applications can I use with the Prestige?
  9. How can I configure the Prestige?
  10. What network interface does the Prestige support?
  11. What can we do with Prestige?
  12. Does Prestige support dynamic IP addressing?
  13. What is the difference between the internal IP and the real IP from my ISP?
  14. How does e-mail work through the Prestige?
  15. What is the main difference between WinGate and the Prestige?
  16. What is the difference between the 'Standard' and 'RoadRunner' service?
  17. Is it possible to access a server running behind SUA from the outside Internet? If possible, how?
  18. What DHCP capability does the Prestige support?
  19. What to do when Prestige response nothing via Console?
  20. What network interface does the new Prestige series support?

Advanced FAQ

  1. How does the Prestige support TFTP?
  2. Can the Prestige support TFTP over WAN?
  3. How can I upload data to outside Internet over the one-way cable?
  4. How fast can the data go?
  5. My Prestige can not get an IP address from the ISP to connect to the Internet, what can I do?
  6. How do I make VPN client x work through my Prestige?
  7. What is Multi-NAT?
  8. When do I need Multi-NAT?
  9. What IP/Port mapping does Multi-NAT support?
  10. What is the difference between SUA and Multi-NAT?
  11. What is BOOTP/DHCP?
  12. What is DDNS?
  13. When do I need DDNS?
  14. What DDNS servers does the Prestige support?
  15. What is DDNS wildcard?
  16. Does the Prestige support DDNS wildcard?
  17. Can the Prestige's SUA handle IPsec packets sent by the IPsec gateway?
  18. How do I setup my Prestige for routing IPsec packets over SUA?
  19. Why can't I use video conferencing with MSN 4.6?
  20. How can I access internal server via public IP address assigned on WAN?
  21. Should I create any firewall rule to allow incoming traffic when NAT is used?

1. What is the Prestige 334w Internet Access Sharing Router?

The Prestige series fulfills a range of application environments, from small and medium businesses, SOHO, or Telecommuters, to home user or education applications. The Prestige series provides a robust Firewall to protect your network. Prestige's design helps users to save expenses, minimize maintenance, and simultaneously provide a high quality networking environment.

The Prestige series is a robust solution complete with everything needed for providing Internet access to multiple workstations through your cable or ADSL modem. The router equipped with 1 auto-MDI/MDIX 10/100Mbps Ethernet WAN port and 4 auto-MDI/MDIX 10/100Mbps Etherent LAN port.

Virtually all-popular applications over Internet, such as Web, E-Mail, FTP, Telnet, Gopher, are supported. 

2. Will the Prestige 334w work with my Internet connection?

The Prestige 334w is designed to be compatible with cable and ADSL modems. Most external Cable and ADSL modems use an Ethernet port to connect to your computer so the Prestige is placed in the line between the computer and the External modem. As long as your Internet Access device has an Ethernet port, you can use the Prestige. Besides, if your ISP supports PPPoE you can also use the Prestige, because PPPoE had been supported in the Prestige.

3. What do I need to use the Prestige?

You need a ADSL modem or cable modem with an Ethernet port to use the Prestige. The Prestige has two Ethernet ports: LAN port and WAN port. You should connect the computer to the LAN port and connect the external modem to the WAN port. If the ISP uses PPPoE or RoadRunner Authentication you need the user account to enter in the Prestige.

4. What is PPPoE?

PPPoE stands for Point-to-Point Protocol Over Ethernet that is an IETF draft standard specifying how a computer interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) to achieve access to the high-speed data networks via a familiar PPP dialer such as 'Dial-Up Networking' user interface. PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management. There are some service providers running of PPPoE today. Before configuring PPPoE in the Prestige, please make sure your ISP supports PPPoE.

5. Does the Prestige support PPPoE?

Yes. The Prestige supports PPPoE.

6. How do I know I am using PPPoE?

PPPoE requires a user account to login to the provider's server. If you need to configure a user name and password on your computer to connect to the ISP you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the Prestige if the ISP uses PPPoE.

7. Why does my provider use PPPoE?

PPPoE emulates a familiar Dial-Up connection. It allows your ISP to provide services using their existing network configuration over the broadband connections. Besides, PPPoE supports a broad range of existing applications and service including authentication, accounting, secure access and configuration management.

8. Which Internet Applications can I use with the Prestige?

Most common applications includes MIRC, PPTP, ICQ, Cu- SeeMe, NetMeeting, IP/TV, RealPlayer, VDOLive, Quake, Quake11, Quake111, StarCraft, & Quick Time.

9. How can I configure the Prestige?

10. What network interface does the Prestige support?

The Prestige supports 10/100M Ethernet to connect to the computer and 10M Ethernet to connect to the external cable or ADSL modem..

11. What can we do with Prestige?

Browse the World Wide Web (WWW), send and receive individual e-mail, and download software. These are just a few of many benefits you can enjoy when you put the whole office on-line with the Prestige Internet Access Sharing Router.

12. Does Prestige support dynamic IP addressing?

The Prestige supports either a static or dynamic IP address from ISP.

13. What is the difference between the internal IP and the real IP from my ISP?

Internal IPs are sometimes referred to as virtual IPs. They are a group of up to 255 IPs that are used and recognized internally on the local area network. They are not intended to be recognized on the Internet. The real IP from ISP, instead, can be recognized or pinged by another real IP. The Prestige Internet Access Sharing Router works like an intelligent router that routes between the virtual IP and the real IP.

14. How does e-mail work through the Prestige?

It depends on what kind of IP you have: Static or Dynamic. If your company has a domain name, it means that you have a static IP address. Suppose your company's e-mail address is xxx@mycompany.com. Joe and Debbie will be able to send e-mail through Prestige Internet Access Sharing Router using jane@mycompany.com and debbie@mycompany.com respectively as their e-mail addresses. They will be able to retrieve their individual private and secure e-mail, if they have been assigned the proper access right.

If your company does not have a domain name, it means that your ISP provides you with a dynamic IP address.

Suppose your company's e-mail address is mycompany@ispname.com. Jane and John will be able to send e-mail through Prestige Internet Access Sharing Router using "jane"<mycompany@ispname.com> and "john"<mycompany@ispname.com> respectively as their e-mail addresses. Again, they will be able to retrieve their individual private and secured e-mail, if they have been assigned the proper access right.

15. What is the main difference between WinGate and the Prestige?

  1. WinGate is a software only solution that needs to be installed in a dedicated Windows 95 PC based server. The total cost and complexity are many times over ATI’s product. The Prestige Internet Access Sharing Router is a plug-n-play internet appliance.
  2. WinGate requires all TCP/IP applications such as Netscape Navigator to be reconfigured to have the dedicated server as a proxy. The Prestige Internet Access Sharing Router does not require users to reconfigure any software at all.
  3. The Prestige Internet Access Sharing Router uses Network Address Translation (NAT) scheme, which supports all TCP/UDP ports. WinGate only supports limited number of ports, such as http(80), ftp(21), telnet(23), and pop3(110).
  4. WinGate works as a proxy, while the Prestige Internet Access Sharing Router works as a gateway. The gateway approach is more efficient than the proxy during the processing of TCP/IP commands. As a result, the Prestige Internet Access Sharing Router achieves 10% to 20% higher performance than that of software solutions such as WinGate.
  5. The Prestige Internet Access Sharing Router uses Solid State Disk technology. There are no moving parts in the product. It is much more reliable than any hard disk based system, such as the one for WinGate.

16. What is the difference between the 'Standard' and 'RoadRunner' service? 

The US Road Runner service requires the user to "log in" to the service before it can send any packets to the outside network. This is apparently implemented in the TAS (Toshiba Authentication System) with a packet filtering firewall in the upstream direction. Before login, one can send ICMP packets (e.g., ping) to the outside Internet, but nearly all other upstream TCP and UDP packets are blocked. The user can only speak to the local DNS/login server. Downstream packets do not appear to be filtered or blocked at any time. 

While Standard service means the cable services which have no login requirement. Prestige supports both Road Runner & Standard services in menu 4 for connecting to cable ISPs. 
 

17. Is it possible to access a server running behind SUA from the outside Internet? If possible, how?

Yes, it is possible because Prestige delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured in Menu 15 - SUA Server Setup.

18. What DHCP capability does the Prestige support?

The Prestige supports DHCP client on the WAN port and DHCP server on the LAN port. The Prestige's DHCP client allows it to get the Internet IP address from ISP automatically. The Prestige's DHCP server allows it to automatically assign IP and DNS addresses to the clients on the local LAN.   

19. What to do when when Prestige response nothing via console ?

When Prestige responses nothing on your terminal (e.g. embedded HyperTerminal), please try following methods 

1. Make sure the CON/AUX (which is close to the power jet) switch of Prestige 334w is set to CON, not AUX.

2. Please check whether RS-232 cable is well connected between Prestige and your computer.

3. Please try any baud rate between 9600 bps to 115200 bps in case the baud has been changed.

20. What network interface does the new Prestige series support?

The new Prestige series support auto MDX/MDIX 10/100M Ethernet LAN/WAN port to connect to the computer on LAN and 10/100M Ethernet to connect to the external cable or ADSL modem on WAN.


Advanced FAQ

1. How does the Prestige support TFTP?

In addition to the direct console port connection, the Prestige supports the uploading/download of the firmware and  configuration file using TFTP (Trivial File Transfer Protocol) over LAN.

2. Can the Prestige support TFTP over WAN? 

Although TFTP should work over WAN as well, it is not recommended because of the potential data corruption problems.

3. How can I upload data to outside Internet over the one-way cable? 

A workaround is to use an alternate path for your upstream path, such as a dialup connection to an Internet service provider. So, if you can find another way to get your upstream packets to the Internet you will still be able to receive downstream packets via Prestige.

4. How fast can the data go? 

The speed of the cable modem is only one part of the equation. There are a combination of factors starting with how fast your PC can handle IP traffic, then how fast your PC to cable modem interface is, then how fast the cable modem system runs and how much congestion there is on the cable network, then how big a pipe there is at the head end to the rest of the Internet.

Different models of PCs and Macs are able to handle IP traffic at varying speeds. Very few can handle it at 30 Mbps. 

Ethernet (10baseT) is the most popular cable modem interface standard for the PC. This automatically limits the speed of the connection to under 10 Mbps even if the cable modem can receive at 30 Mbps. Most Local Area Networks use 10baseT Ethernet, and although they are 10 Mbps networks, it takes a LOT longer than one second to transmit 10 megabits (or 1.25 megabytes) of data from one terminal to another.

Cable modems on the same node share bandwidth, which means that congestion is created when too many people are on simultaneously. One user downloading large graphic or video files can use a significant portion of shared bandwidth, slowing down access for other users in the same neighborhood.

Most independent Internet Service Providers today connect to the Internet using a single 1.5 Mbps "T1" telephone line. All of their subscribers share that 1.5 Mbps pipeline. Cable head-ends connecting to the Internet backbone using a T1 limit their subscribers to an absolute maximum of 1.5 Mbps. 

To create the appearance of faster network access, service companies plan to store or "cache" frequently requested web sites and Usenet newsgroups on a server at their head-end. Storing data locally will remove some of the bottleneck at the backbone connection. 

How fast can they go? In a perfect world (or lab) they can receive data at speeds up to 30 Mbps. In the real world, with cost conscious cable companies running the systems, the speed will probably fall to about 1.5 Mbps.

5. My Prestige can not get an IP address from the ISP to connect to the Internet, what can I do?

Currently, there are various ways that ISPs control their users. That is, the WAN IP is provided only when the user is checked as an authorized user. The ISPs currently use three ways:

  1. Check if the 'MAC address' is valid

  2. Check if the 'Host Name' is valid, e.g., @home

  3. Check if the 'User ID' is valid, e.g., RR-Toshiba Authentication Service, RR-Manager Authentication Service

If you are not able to get the Internet IP from the ISP, check which authentication method your ISP uses and troubleshoot the problem as described below.

1. Your ISP checks the 'MAC address'

Some ISPs only provide an IP address to the user with an authorized MAC address. This authorized MAC can be the PC's MAC which is used by the ISP for the authentication. So, if a new network card is used or the Prestige is attached to the cable modem directly, the ISP will reject the DHCP discovery from this MAC, thus no IP is assigned by the ISP.

The Prestige supports to clone the MAC from the first PC the ISP installed to be its WAN MAC. To clone the MAC from the PC you need to enter that PC's IP in menu 2. Once the MAC is  received by the Prestige, the WAN MAC in menu 24.1 will be updated and used for the ISP's authentication.


Menu 2 - WAN Setup

Link Mode= Half Duplex

MAC Address:
Assigned By= IP address attached on LAN
IP Address=
192.168.1.33

 

Key settings:

2. Your ISP checks the 'Host Name'

Some ISPs take advantage of the 'host name' message in a DHCP packet such as @home to do the authentication. When first installing, the ISP's tech people configure the host name as the 'Computer Name' of the PC in the 'Networking' settings. When the Prestige is attached to the cable modem to connect to the ISP, we should configure this host name in the Prestige's system (menu 1).

 

Menu 1 - General Setup

System Name= zyxel

Key Setting:

3. Your ISP checks 'User ID'

This authentication type is used by RoadRunner ISP, currently they use RR-TAS(Toshiba Authentication Service) and RR-Manager authentications. You must configure the correct 'Service Type', username and password for your ISP in menu 4.

 

Menu 4 - Internet Access Setup

ISP's Name= ChangeMe
Service Type= RR-Toshiba Authentication Service
Server IP= 0.0.0.0
My Login=
My Password= ********

IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
RIP Direction= None
Version= N/A
Single User Account= Yes
Edit Filter Set= No


Press ENTER to Confirm or ESC to Cancel:

Key settings:

6. How do I make VPN client x work through my Prestige?

The only VPN known for certain to work through the Prestige is Microsoft PPTP.

7. What is Multi-NAT?

NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall protection. In such case, all incoming connections to your network will be filtered out by the Prestige, thus preventing intruders from probing your network.

The SUA feature that the Prestige supports previously operates by mapping the private IP addresses to a global IP address. It is only one subset of the NAT. The Prestige with ZyNOS V3.00 supports the most of the features of the NAT based on RFC 1631, and we call this feature as 'Multi-NAT'. For more information on IP address translation, please refer to RFC 1631, The IP Network Address Translator (NAT).

8. When do I need Multi-NAT?

When NAT is enabled the local computers are not accessible from outside. You can use Multi-NAT to make an internal server accessible from outside.

Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address.

9. What IP/Port mapping does Multi-NAT support?

NAT supports five types of IP/port mapping. They are: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping between ILA and IGA are described as below. Here we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA),

  1. One to One

In One-to-One mode, the Prestige maps one ILA to one IGA.

  1. Many to One

In Many-to-One mode, the Prestige maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA only option in today's routers).

  1. Many to Many Overload

In Many-to-Many Overload mode, the Prestige maps the multiple ILA to shared IGA.

  1. Many to Many No Overload

In Many-to-Many No Overload mode, the Prestige maps each ILA to unique IGA.

  1. Server

In Server mode, the Prestige maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode.

The following table summarizes these types. 

NAT Type IP Mapping
One-to-One ILA1<--->IGA1
Many-to-One (SUA/PAT) ILA1<--->IGA1 
ILA2<--->IGA1 
...
Many-to-Many Overload ILA1<--->IGA1 
ILA2<--->IGA2 
ILA3<--->IGA1 
ILA4<--->IGA2 
...
Many-to-Many No Overload ILA1<--->IGA1 
ILA2<--->IGA2 
ILA3<--->IGA3 
ILA4<--->IGA4 
...
Server Server 1 IP<--->IGA1
Server 2 IP<--->IGA1

10. What is the difference between SUA and Multi-NAT?

SUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server. The Prestige now has Full Feature NAT support to map global IP addresses to local IP addresses of clients or servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP servers) are allowed on the LAN for outside access. In previous ZyNOS versions that supported SUA 'visible' servers had to be of different types. The Prestige supports NAT sets on a remote node basis. They are reusable, but only one set is allowed for each remote node. The Prestige supports 2 sets since there is only one remote node. The default SUA (Read Only) Set in menu 15.1 is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions.

11. What is BOOTP/DHCP?

BOOTP stands for Bootstrap Protocol. DHCP stands for Dynamic Host Configuration Protocol. Both are mechanisms to dynamically assign an IP address for a TCP/IP client by the server. In this case, the Prestige Internet Access Sharing Router is a BOOTP/DHCP server. Win95 and WinNT clients use DHCP to request an internal IP address, while WFW and WinSock clients use BOOTP. TCP/IP clients may specify their own IP or utilize BOOTP/DHCP to request an IP address.


12. What is DDNS?

The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname, allowing your computer to be more easily accessed from various locations on the Internet. To use the service, you must first apply an account from several free Web servers such as WWW.DYNDNS.ORG.

Without DDNS, we always tell the users to use the WAN IP of the Prestige to reach our internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the Prestige.

When the ISP assigns the Prestige a new IP, the Prestige updates this IP to DDNS server so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.

13. When do I need DDNS service?

When you want your internal server to be accessed by using DNS name rather than using the dynamic IP address we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the Prestige sends this IP to the DDNS server for its updates.

14. What DDNS servers does the Prestige support?

The DDNS servers the Prestige supports currently is WWW.DYNDNS.ORG where you apply the DNS from and update the WAN IP to.

15. What is DDNS wildcard?

Some DDNS servers support the wildcard feature which allows the hostname, *.yourhost.dyndns.org, to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful when there are multiple servers inside and you want users to be able to use things such as www.yourhost.dyndns.org and still reach your hostname.

16. Does the Prestige support DDNS wildcard?

Yes, the Prestige supports DDNS wildcard that WWW.DynDNS.ORG supports. When using wildcard, you simply enter yourhost.dyndns.org in the Host field in Menu 1.1.

17. Can the Prestige SUA handle IPsec packets sent by the IPsec gateway?

Yes, the Prestige's SUA can handle IPsec ESP Tunneling mode. We know when packets go through SUA, SUA will change the source IP address and source port for the host. To pass IPsec packets, SUA must understand the ESP packet with protocol number 50, replace the source IP address of the IPsec gateway to the router's WAN IP address. However, SUA should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed. 

18. How do I setup my Prestige for routing IPsec packets over SUA?

For outgoing IPsec tunnels, no extra setting is required. For forwarding the inbound IPsec ESP tunnel, A 'Default' server set in menu 15 is required. It is because SUA makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. So, to make an internal server for outside access, we must specify the service port and the LAN IP of this server in Menu 15. Thus SUA is able to forward the incoming packets to the requested service behind SUA and the outside users access the server using the Prestige's WAN IP address. So, we have to configure the internal IPsec as a default server (unspecified service port) in menu 15 when it acts a server gateway.

19. Why can't I use video conferencing with MSN 4.6?

This is because MSN 4.6 require support of UPnP (Universal plug n’ play). To be able to use MSN through Prestige, you have to enable the UPnP feature under Advanced-> UPNP and Check the enable UPnP check box and press "Apply button" to make it active.

20. How can I access internal server via public IP address assigned on WAN?

You should be able to access your internal server via it's internal IP address when SUA is on, to access your internal server via the public IP address assigned on WAN, you can enter CI command "ip nat loopback on" in SMT Menu 24.8, To make the configuration permanently, you need to add this command to the system boot file (autoexec.net).  You can refer to Product Support Note section on www.zyxel.com for configuration details.

21. Should I create any firewall rule by myself to allow incoming traffic when NAT is used ?

Built-in firewall function is supported in P334w. When a session is initiated from a user located in Prestige 334w's LAN network, incoming traffic will be allowed by Stateful Inspection mechanism. However, if the session is initiated from WAN side and there is no related access rule for the incoming traffic, the traffic will be blocked by Prestige 334w. To help users get rid of the problem and configuration tasks, Prestige 334w will create firewall policy automatically to allow incoming traffic if NAT is enabled in the Prestige 334ws. Following  NAT types ,including: Port Mapping, One-to-one, Many one-to-one, Server Type are supported with automatic ACL rule creation function for incoming traffic. Therefore, users don't have to configure any access rule by themselves to support FTP, WEB, TELNET ...etc services.


All contents copyright © 2004 ZyXEL Communications Corporation.