ZyNOS FAQ


  1. What is ZyNOS?
  2. What is the default console port baud rate? How to change it?
  3. How do I upload the ZyNOS firmware via console?
  4. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?
  5. How do I upload ROM FILE via console?
  6. Why can't I make Telnet to ZyXEL device from WAN?
  7. What should I do if I forget the system password?
  8. What is SUA? When should I use SUA?
  9. What is the difference between NAT and SUA?
  10. How many network users can the SUA support?
  11. What are Device filters and Protocol filters?
  12. Why can't I configure device filters or protocol filters?
  13. How can I protect against IP spoofing attacks?

 



1. What is ZyNOS? 

2. What is the default console port baud rate? How do change it? 

The default console port baud rate is 9600bps. When configuring, please make sure the terminal baud rate is also 9600bps. You can change the console baud rate from 9600bps to 115200bps.
 
3. How do I upload the ZyNOS firmware code via console?

The procedure for uploading ZyXEL device via console is as follows.

  1. Enter debug mode when powering on the ZyXEL device using a terminal emulator
  2. Enter 'ATUR' to start the uploading
  3. Use X-modem protocol to transfer the ZyNOS code
  4. Enter 'ATGO' to restart the ZyXEL device.

4. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?

The ZyXEL device allows you to transfer the firmware from/to ZyXEL device by using TFTP program via LAN. The procedure for uploading ZyNOS via TFTP is as follows.

  1. Use the TELNET client program in your PC to login to your ZyXEL device.
  2. Enter CI command  'sys stdio 0' in menu 24.8 to disable console idle timeout
  3. To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the ZyXEL device. After data transfer is finished, the ZyXEL device will program the upgraded firmware into FLASH ROM and reboot itself.
  4. To backup your firmware, use the TFTP client program to get file 'ras' from the ZyXEL device.

5. How do I upload ROMFILE via console port? 

In some situations, you may need to upload the ROMFILE, such as losing the system password, or  the need of resetting to factory default.

The procedure for uploading ROMFILE via the console port is as follows.

  1. Enter debug mode when powering on the ZyXEL device using a terminal emulator
  2. Enter 'ATLC' to start the uploading
  3. Use X-modem protocol to transfer ROMFILE
  4. Enter 'ATGO' to restart the ZyXEL device.

6. Why can't I make Telnet to ZyXEL device from WAN? 

There are three reasons that Telnet from WAN is blocked.

  1. You have disabled Telnet service.

Source IP= Telnet host
Destination IP= P-335 Plus's WAN IP
Service= TCP/23
Action=Forward

  1. Telnet service is enabled but your host IP is not the securied host entered in Menu 24.11. In this case, the error message 'Client IP is not allowed!' is appeared on the Telnet screen.
  2. The filter rule is applied in the Input Protocol field  to block Telnet service.
  3. The console port is in use.


7. What should I do if I forget the system password? 

In case you forget the system password, you need to upload ROMFILE to reset to factory default. After uploading ROMFILE, the default system password is '1234'.
 
8. What is SUA? When should I use SUA? 

SUA (Single User Account) is a unique feature supported by ZyXEL router which allows multiple people to access Internet concurrently for the cost of a single user account.

When ZyXEL device acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool. It then recomputes the appropriate header checksums and forwards the packet to the Internet as if it is originated from ZyXEL device using the IP address assigned by ISP. When reply packets from the external Internet are received by ZyXEL device, the original IP source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.

9.  What is the difference between NAT and SUA? 

NAT is a generic name defined in RFC 1631 'The IP Network Address Translator (NAT)'.
SUA (Internet Single User Account) is ZyXEL device's implementation and trade name for functioning PAT which is a specific type of NAT. SUA( or PAT for NAT) translates address into port mapping.

The primary motivation for RFC 1631 is that there is not enough IP address to go around. In addition, many corporations simply did not bother to obtain legal (globally unique) IP addresses for their networks and now finding themselves unable to connect to the Internet.

Basically, NAT is a process of translating one address to another. A NAT implementation can be as simple as substituting an IP address with another. This allows a network to rectify the illegal address problem mentioned above without going through each and every host.

The design goal of ZyXEL device's SUA is to minimize the Internet access cost in a small office environment by using a single IP address to represent the multiple hosts inside. It does more than IP address translation, so that multiple hosts on the LAN can access the Internet at the same time.
 
10. How many network users can the SUA/NAT support? 

The ZyXEL device does not limit the number of the users but the number of the sessions. The ZyXEL device 335 supports 2048 sessions that you can use the 'ip nat iface enif1' command to view the current active sessions.
 
11. What are Device filters and Protocol filters? 

In ZyNOS, the filters have been separated into two groups.  One group is called 'device filter group', and the other is called 'protocol filter group'.  Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'.
 
12.  Why can't I configure device filters or protocol filters? 

In ZyNOS, you can not mix different filter groups in the same filter set.
 
13. How can I protect against IP spoofing attacks? 

The P-335 Plus’s firewall will automatically detect the IP spoofing and drop it if the firewall is turned on. If the firewall is not turned on we can configure a filter set to block the IP spoofing attacks. The basic scheme is as follows:

For the input data filter:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask:

For the output data filters:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.


All contents copyright (c) 2006 ZyXEL Communications Corporation.