How do I access the AMG1202-T10B/AMG1302-T10B Command Line
Interface (CLI)?
The Command Line Interface is for the Administrator use only, and it could be
accessed via telnet session.
Note: It is protected by super password, ‘1234’ by factory default.
How do I update the firmware and configuration file?
You can do this via accessing web GUI of AMG1202-T10B/AMG1302-T10B as
Administrator. Firmware update function is under Maintanance -> Firmware
Upgrade. Configuration update function is under Maintanance ->
Backup/Restore.
What should I do if I forget the system password?
In case you forget the system password, you can erase the current
configuration and restore factory defaults this way:Use the RESET button on the rear panel of AMG1202-T10B/AMG1302-T10B
to reset the router. After the router is reset, the LAN IP address will be reset to
'192.168.1.1', the common user password will be reset to '1234', and the
Administrator password will be reset to ‘1234’.
How to use the Reset button?
a. Turn your AMG1202-T10B/AMG1302-T10Bon. Make sure the POWER
led is on (not blinking)
b. Press the RESET button for longer than one second and shorter than
five seconds and release it.
c. Press the RESET button for six seconds and then release it. If the
POWER LED begins to blink, the default configuration has been
restored and the AMG1202-T10B/AMG1302-T10B restarts.
What is SUA?
When should I use SUA?
SUA (Single User Account) is a unique feature supported by Prestige router
which allows multiple people to access Internet concurrently for the cost of a
single user account.
When Prestige acting as SUA receives a packet from a local client destined for
the outside Internet, it replaces the source address in the IP packet header
with its own address and the source port in the TCP or UDP header with
another value chosen out of a local pool. It then recomputed the appropriate
header checksums and forwards the packet to the Internet as if it is originated
from Prestige using the IP address assigned by ISP. When reply packets from
the external Internet are received by Prestige, the original IP source address
and TCP/UDP source port numbers are written into the destination fields of the
packet (since it is now moving in the opposite direction), the checksums are
recomputed, and the packet is delivered to its true destination. This is because
SUA keeps a table of the IP addresses and port numbers of the local systems
currently using it.
Is it possible to access a server running behind SUA from the outside
Internet?
How can I do it?
Yes, it is possible because AMG1202-T10B/AMG1302-T10B delivers the
packet to the local server by looking up to a SUA server table. Therefore, to
make a local server accessible to the outside users, the port number and the
inside IP address of the server must be configured. (You can configure it in
Web Configurator, Advanced Setup, Network Setting-> NAT -> Port
Forwarding).
What IP/Port mapping does Multi-NAT support?
Multi-NAT supports five types of IP/port mapping: One to One, Many to One,
Many to Many Overload, Many to Many No Overload and Server. The details
of the mapping between ILA and IGA are described as below. Here we define
the local IP addresses as the Internal Local Addresses (ILA) and the global IP
addresses as the Inside Global Address (IGA),
One to One: In One-to-One mode, the
AMG1202-T10B/AMG1302-T10B maps one ILA to one IGA.
Many to One: In Many-to-One mode, the
AMG1202-T10B/AMG1302-T10B maps multiple ILA to one IGA. This is
equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single
User Account feature (the SUA is optional in today's Prestige routers).
Many to Many Overload: In Many-to-Many Overload mode, the
AMG1202-T10B/AMG1302-T10B maps the multiple ILA to shared IGA.
Many One-to-One: In Many One-to-One mode, the
AMG1202-T10B/AMG1302-T10B maps each ILA to unique IGA.
Server: In Server mode, the AMG1202-T10B/AMG1302-T10B maps
multiple inside servers to one global IP address. This allows us to
specify multiple servers of different types behind the NAT for outside
access. Note; if you want to map each server to one unique IGA please
use the One-to-One mode.
How many network users can
the SUA/NAT support?
The Prestige does not limit the number
of the users but the number of the
sessions. The
AMG1202-T10B/AMG1302-T10B
supports 8192 sessions.
What are Device filters and
Protocol filters?
The filters have been separated into
two groups. One group is called
'device filter group', and the other is
called 'protocol filter group'. Generic
filters belong to the 'device filter group',
TCP/IP and IPX filters belong to the 'protocol filter group'. You can configure the filter rule in CLI.
How can I protect against IP spoofing attacks?
The AMG1202-T10B/AMG1302-T10B’s filter sets provide a means to protect
against IP spoofing attacks. The basic scheme is as follows:
For the input data filter:
Deny packets from the outside that claim to be from the inside
Allow everything that is not spoofing us
Filter rule setup:
Filter type =TCP/IP Filter Rule
Active =Yes
Source IP Addr =a.b.c.d
Source IP Mask =w.x.y.z
Action Matched =Drop
Action Not Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask:
For the output data filters:
Deny bounce back packet
Allow packets that originate from us
Filter rule setup:
Filter Type =TCP/IP Filter Rule
Active =Yes
Destination IP Addr =a.b.c.d
Destination IP Mask =w.x.y.z
Action Matched =Drop
Action Not Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask.
What is the default password for Web Configurator?
There are two different accounts for AMG1202-T10B/AMG1302-T10B Web
Configurator: Common User Account and Administrator Account.
By factory default the password for the two accounts are:
Common User Account: 1234
Administrator Account: 1234.
You can change the password after you logging in the Web Configurator.
Please record your new password whenever you change it. The system
will lock you out if you have forgotten your password.
How do I know the AMG1202-T10B/AMG1302-T10B’s WAN IP
address assigned by the ISP?
You can view "My WAN IP : x.x.x.x" shown in Web Configurator
‘Status->Device Information ->WAN Information’ to check this IP address.
The AMG1202-T10B/AMG1302-T10B supports Bridge and Router
mode, what's the difference between them?
When the ISP limits some specific computers to access Internet, that means
only the traffic to/from these computers will be forwarded and the other will be
filtered. In this case, we use bridge mode which works as an ADSL modem to
connect to the ISP. The ISP will generally give one Internet account and limit
only one computer to access the Internet.
For most Internet users having multiple computers want to share an Internet
account for Internet access, they have to add another Internet sharing device,
like a router. In this case, we use the router mode which works as a general
Router plus an ADSL Modem.
How do I know I am using PPPoE?
PPPoE requires a user account to login to the provider's server. If you need to
configure a user name and password on your computer to connect to the ISP
you are probably using PPPoE. If you are simply connected to the Internet
when you turn on your computer, you probably are not. You can also check
your ISP or the information sheet given by the ISP. Please choose PPPoE as
the encapsulation type in the AMG1202-T10B/AMG1302-T10B if the ISP uses
PPPoE.
When do I need DDNS service?
When you want your internal server to be accessed by using DNS name rather
than using the dynamic IP address, we can use the DDNS service. The DDNS
server allows to alias a dynamic IP address to a static hostname. Whenever
the ISP assigns you a new IP, the AMG1202-T10B/AMG1302-T10B sends this
IP to the DDNS server for its updates.
What is content filter?
Internet Content filter allows you to create and enforce Internet access policies
tailored to your needs. Content filter gives you the ability to block web sites that
contain key words (that you specify) in the URL. You can set a schedule for
when the AMG1302-T10B /AMG1202-T10B performs content filtering. You
can also specify trusted IP Addresses on LAN for which the AMG1302-T10B
/AMG1202-T10B will not perform content filtering. You can configure the
details about it in Web Configurator, Advanced setup, Security -> Filter.
How does the AMG1302-T10B /AMG1202-T10B work on a noisy
ADSL?
Depending on the line quality, the AMG1302-T10B /AMG1202-T10B uses "Fall
Back" and "Fall Forward" to automatically adjust the date rate.
Does the VC-based multiplexing perform better than the
LLC-based multiplexing?
Though the LLC-based multiplexing can carry multiple protocols over a single
VC, it requires extra header information to identify the protocol being carried
on the virtual circuit (VC). The VC-based multiplexing needs a separate VC for
carrying each protocol but it does not need the extra headers. Therefore, the
VC-based multiplexing is more efficient.
What makes AMG1302-T10B /AMG1202-T10B secure?
The AMG1302-T10B/AMG1202-T10B is pre-configured to automatically detect
and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood,
LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to
determine if an inbound connection is allowed through the firewall to the
private LAN. The AMG1302-T10B /AMG1202-T10B supports Network Address
Translation (NAT), which translates the private local addresses to one or
multiple public addresses. This adds a level of security since the clients on the
private LAN are invisible to the Internet.
Why can't I upload the firmware and configuration file using
FTP over WAN?
(1) When the firewall is turned on, all connections from WAN to LAN are
blocked by the default ACL rule. To enable FTP from WAN, you must turn
the firewall off or create a firewall rule to allow FTP connection from WAN.
The WAN-to-LAN ACL summary will look like as shown below.
Source IP= FTP host
Destination IP= AMG1302-T10B/AMG1202-T10B’s WAN IP
Service= FTP TCP/21, TCP/20
Action=Forward
(2) You have disabled FTP service in Web Configurator, Advanced setup,
Maintenance -> RemoteMGNT.
(3) FTP service is enabled but your host IP is not the secured host entered
in Web Configurator, Advanced setup, Maintenance -> RemoteMGNT.
(4) A filter set which blocks FTP from WAN is applied to WAN node.
How do I view the firewall log?
All logs generated in AMG1302-T10B/AMG1202-T10B, including firewall logs,
IPSec logs, system logs are migrated to centralized logs. So you can view
firewall logs in Centralized logs: Web Configurator, Advanced setup,
Maintenance -> Logs ->View Log.
The log keeps 128 entries; the new entries will overwrite the old entries when
the log has over 128 entries.
Before you can view firewall logs there are two steps you need to do:
(1) Enable log function in Centralized logs setup via either one of the following
methods,
Web configuration: Advanced Setup, Maintenance -> Logs -> Log
Settings, check Access Control and Attacks options depending on
your real situation.
(2) Enable log function in firewall default policy or in firewall rules.
After the above two steps, you can view firewall logs via
Web Configurator: Advanced setup, Maintenance -> Logs ->View
Log.
You can also view Centralized logs via mail or syslog, please configure mail
server or Unix Syslog server in Web configuration: Advanced Setup,
Maintenance -> Logs -> Log Settings.
What are potential factors that may causes interference
among WLAN products?
Factors of interference:
(1) Obstacles: walls, ceilings, furniture… etc.
(2) Building Materials: metal door, aluminum studs.
(3) Electrical devices: microwaves, monitors, electric motors.
Solution:
(1) Minimizing the number of walls and ceilings
(2) Antenna is positioned for best reception
(3) Keep WLAN products away from electrical devices, eg: microwaves,
monitors, electric motors,…, etc.
(4) Add additional APs if necessary.
What wireless security mode does AMG1302-T10B
/AMG1202-T10B support?
The wireless security modes supported on AMG1302-T10B/AMG1202-T10B
are: Static WEP, WPA-PSK, WPA, WPA2-PSK, and WPAPSKMixed.
