ZyNOS FAQ


  1. What is ZyNOS?
  2. How do I access the Prestige SMT menu?
  3. What is the default console port baud rate? Moreover, how do I change it?
  4. How do I update the firmware and configuration file?
  5. How do I upload the ZyNOS firmware via console?
  6. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?
  7. How do I upload ROMFILE via console?
  8. How do I backup/restore SMT configurations by using TFTP client program via LAN?
  9. What should I do if I forget the system password?
  10. How do I use the reset button?
  11. What is SUA? When should I use SUA?
  12. What is the difference between SUA and Multi-NAT?
  13. Is it possible to access a server running behind SUA from the outside Internet? If possible, how?
  14. When do I need Multi-NAT?
  15. What IP/Port mapping does Multi-NAT support?
  16. How many network users can the SUA/NAT support?
  17. What are Device filters and Protocol filters?
  18. Why can't I configure device filters or protocol filters?
  19. How can I protect against IP spoofing attacks? 

1. What is ZyNOS? 

ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all Prestige routers that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites as they become available.
 
2. How do I access the Prestige SMT menu?

The SMT interface is a menu driven interface, which can be accessed via a RS232 console or a Telnet connection. To access the Prestige via SMT console port, a computer equipped with communication software such as HyperTerminal must be configured with the following parameters.

The default console port baud rate is 9600bps, you can change it to 38400bps in Menu 24.2.2 to speed up the SMT access.
 
3. What is the default console port baud rate? Moreover, how do I change it? 

The default console port baud rate is 9600bps. When configuring the SMT, please make sure the terminal baud rate is also 9600bps. You can change the console baud rate from 9600bps to 38400bps in SMT menu 24.2.2.

4. How do I update the firmware and configuration file?

You can upload the firmware and configuration file to Prestige using console port, FTP or TFTP client software. You CAN NOT upload the firmware and configuration file via Telnet because the Telnet connection will be dropped during uploading the firmware. Please do not power off the router right after the FTP or TFTP uploading is finished, the router will upload the firmware to its flash at this moment. 

5. How do I upload the ZyNOS firmware code via console?

The procedure for uploading ZyNOS via console is as follows.

  1. Enter debug mode when powering on the Prestige using a terminal emulator
  2. Enter 'ATUR' to start the uploading
  3. Use X-modem protocol to transfer the ZyNOS code
  4. Enter 'ATGO' to restart the Prestige

6. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?

The Prestige allows you to transfer the firmware from/to Prestige by using TFTP program via LAN. The procedure for uploading ZyNOS via TFTP is as follows.

  1. Use the TELNET client program in your PC to login to your Prestige.
  2. Enter CI command  'sys stdio 0' in menu 24.8 to disable console idle timeout
  3. To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the Prestige. After data transfer is finished, the Prestige will program the upgraded firmware into FLASH ROM and reboot itself.
  4. To backup your firmware, use the TFTP client program to get file 'ras' from the Prestige.

7. How do I upload ROMFILE via console port? 

In some situations, you may need to upload the ROMFILE, such as losing the system password, or  the need of resetting SMT to factory default.

The procedure for uploading ROMFILE via the console port is as follows.

  1. Enter debug mode when powering on the Prestige using a terminal emulator
  2. Enter 'ATLC' to start the uploading
  3. Use X-modem protocol to transfer ROMFILE
  4. Enter 'ATGO' to restart the Prestige

8. How do I backup/restore SMT configurations by using TFTP client program via LAN? 

  1. Use the TELNET client program in your PC to login to your Prestige.
  2. Enter CI command  'sys stdio 0' in menu 24.8 to disable console idle timeout.
  3. To backup the SMT configurations, use TFTP client program to get file 'rom-0' from the Prestige.
  4. To restore the SMT configurations, use the TFTP client program to put your configuration in file rom-0 in the Prestige.

9. What should I do if I forget the system password? 

In case you forget the system password, you can erase the current configuration and restore factory defaults in three way.

  1. Use the Web Configurator.
  2. Use the RESET button on the rear panel of Prestige 661H/HW to reset the router. After the router is reset, the LAN IP address and the SMT password will be reset to '192.168.1.1' and '1234'. So now you can reach the router through console port or telnet again.
  3. Upload the default ROMFILE via console port to reset the SMT to factory default. After uploading ROMFILE, the default system password is '1234'.

10. How to use the Reset button?

  1. Turn your Prestige off and then on. Make sure the SYS led is on (not blinking)
  2. Press the RESET button for five seconds and then release it. If the SYS LED begins to blink, the defaults have been restored and the Prestige restarts.

11.What is SUA? When should I use SUA? 

SUA (Single User Account) is a unique feature supported by Prestige router which allows multiple people to access Internet concurrently for the cost of a single user account.

When Prestige acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool. It then recomputes the appropriate header checksums and forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by ISP. When reply packets from the external Internet are received by Prestige, the original IP source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.

12.  What is the difference between SUA and Multi-NAT? 

SUA (Single User Account) in previous ZyNOS versions is a NAT set with 2 rules, Many-to-One and Server. The Prestige 661H/HW now has Full Feature NAT support to map global IP addresses to local IP addresses of clients or servers. With multiple global IP addresses, multiple severs of the same type (e.g., FTP servers) are allowed on the LAN for outside access. In previous ZyNOS versions that supported SUA 'visible' servers had to be of different types. The Prestige 661H/HW supports NAT sets on a remote node basis. They are reusable, but only one set is allowed for each remote node. The Prestige 661H/HW supports 8 sets since there are 8 remote node. The default SUA (Read Only) Set in SMT 15.1.255 - Address Mapping Rules is a convenient, pre-configured, read only, Many-to-One mapping set, sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions.
 
13. Is it possible to access a server running behind SUA from the outside Internet? If possible, how?

Yes, it is possible because Prestige 661H/HW delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured in Menu 15.2.1 - NAT Server Setup.

14. When do I need Multi-NAT?

When NAT is enabled the local computers are not accessible from outside. You can use Multi-NAT to make an internal server accessible from outside.

Some servers providing Internet applications such as some mIRC servers do not allow users to login using the same IP address. Thus, users on the same network can not login to the same server simultaneously. In this case it is better to use Many-to-Many No Overload or One-to-One NAT mapping types, thus each user login to the server using a unique global IP address.

15. What IP/Port mapping does Multi-NAT support?

NAT supports five types of IP/port mapping. They are: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping between ILA and IGA are described as below. Here we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA),

  1. One to One

In One-to-One mode, the Prestige661 maps one ILA to one IGA.

  1. Many to One

In Many-to-One mode, the Prestige661 maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature that previous ZyNOS routers supported (the SUA only option in today's routers).

  1. Many to Many Overload

In Many-to-Many Overload mode, the Prestige661 maps the multiple ILA to shared IGA.

  1. Many One-to-One

In Many One-to-One mode, the Prestige661 maps each ILA to unique IGA.

  1. Server

In Server mode, the Prestige 661H/HW maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note, if you want to map each server to one unique IGA please use the One-to-One mode.

The following table summarizes these types. 

NAT Type IP Mapping
One-to-One ILA1<--->IGA1
Many-to-One (SUA/PAT) ILA1<--->IGA1 
ILA2<--->IGA1 
...
Many-to-Many Overload ILA1<--->IGA1 
ILA2<--->IGA2 
ILA3<--->IGA1 
ILA4<--->IGA2 
...
Many

One-to-One

ILA1<--->IGA1 
ILA2<--->IGA2 
ILA3<--->IGA3 
ILA4<--->IGA4 
...
Server Server 1 IP<--->IGA1
Server 2 IP<--->IGA1

16. How many network users can the SUA/NAT support?

The Prestige does not limit the number of the users but the number of the sessions. The Prestige 661HW supports 1024 sessions that you can use the 'ip nat iface wanif0 st' command in menu 24.8 to view the current active sessions.

17. What are Device filters and Protocol filters? 

In ZyNOS, the filters have been separated into two groups.  One group is called 'device filter group', and the other is called 'protocol filter group'.  Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'.
 
18.  Why can't I configure device filters or protocol filters? 

In ZyNOS, you can not mix different filter groups in the same filter set.  

19. How can I protect against IP spoofing attacks? 

The Prestige's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows:

For the input data filter:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask:

For the output data filters:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.


All contents copyright © 2005 ZyXEL Communications Corporation.