How do I access the AMG1202-T10B/AMG1302-T10B Command Line
Interface (CLI)?
The Command Line Interface is for the Administrator use only, and it could be accessed via telnet session. Note: It is protected by super password, ‘1234’ by factory default.
How do I update the firmware and configuration file?
You can do this via accessing web GUI of AMG1202-T10B/AMG1302-T10B as Administrator. Firmware update function is under Maintanance -> Firmware Upgrade. Configuration update function is under Maintanance -> Backup/Restore.
What should I do if I forget the system password?
In case you forget the system password, you can erase the current configuration and restore factory defaults this way:Use the RESET button on the rear panel of AMG1202-T10B/AMG1302-T10B to reset the router. After the router is reset, the LAN IP address will be reset to '192.168.1.1', the common user password will be reset to '1234', and the Administrator password will be reset to ‘1234’.
How to use the Reset button?
a. Turn your AMG1202-T10B/AMG1302-T10Bon. Make sure the POWER led is on (not blinking) b. Press the RESET button for longer than one second and shorter than five seconds and release it. c. Press the RESET button for six seconds and then release it. If the POWER LED begins to blink, the default configuration has been restored and the AMG1202-T10B/AMG1302-T10B restarts.
What is SUA?
When should I use SUA? SUA (Single User Account) is a unique feature supported by Prestige router which allows multiple people to access Internet concurrently for the cost of a single user account. When Prestige acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool. It then recomputed the appropriate header checksums and forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by ISP. When reply packets from the external Internet are received by Prestige, the original IP source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.
Is it possible to access a server running behind SUA from the outside Internet?
How can I do it? Yes, it is possible because AMG1202-T10B/AMG1302-T10B delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured. (You can configure it in Web Configurator, Advanced Setup, Network Setting-> NAT -> Port Forwarding).
What IP/Port mapping does Multi-NAT support?
Multi-NAT supports five types of IP/port mapping: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping between ILA and IGA are described as below. Here we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA),
One to One: In One-to-One mode, the AMG1202-T10B/AMG1302-T10B maps one ILA to one IGA.
Many to One: In Many-to-One mode, the AMG1202-T10B/AMG1302-T10B maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA is optional in today's Prestige routers).
Many to Many Overload: In Many-to-Many Overload mode, the AMG1202-T10B/AMG1302-T10B maps the multiple ILA to shared IGA.
Many One-to-One: In Many One-to-One mode, the AMG1202-T10B/AMG1302-T10B maps each ILA to unique IGA.
Server: In Server mode, the AMG1202-T10B/AMG1302-T10B maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note; if you want to map each server to one unique IGA please use the One-to-One mode.
How many network users can the SUA/NAT support?
The Prestige does not limit the number of the users but the number of the sessions. The AMG1202-T10B/AMG1302-T10B supports 8192 sessions.
What are Device filters and Protocol filters?
The filters have been separated into two groups. One group is called 'device filter group', and the other is called 'protocol filter group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'. You can configure the filter rule in CLI.
How can I protect against IP spoofing attacks?
The AMG1202-T10B/AMG1302-T10B’s filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows: For the input data filter:
Deny packets from the outside that claim to be from the inside
Allow everything that is not spoofing us Filter rule setup:
Filter type =TCP/IP Filter Rule
Active =Yes
Source IP Addr =a.b.c.d
Source IP Mask =w.x.y.z
Action Matched =Drop
Action Not Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: For the output data filters:
Deny bounce back packet
Allow packets that originate from us Filter rule setup:
Filter Type =TCP/IP Filter Rule Active =Yes
Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z
Action Matched =Drop Action Not Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.
What is the default password for Web Configurator?
There are two different accounts for AMG1202-T10B/AMG1302-T10B Web Configurator: Common User Account and Administrator Account. By factory default the password for the two accounts are: Common User Account: 1234
Administrator Account: 1234. You can change the password after you logging in the Web Configurator.
Please record your new password whenever you change it. The system will lock you out if you have forgotten your password.
How do I know the AMG1202-T10B/AMG1302-T10B’s WAN IP address assigned by the ISP?
You can view "My WAN IP : x.x.x.x" shown in Web Configurator
‘Status->Device Information ->WAN Information’ to check this IP address.
The AMG1202-T10B/AMG1302-T10B supports Bridge and Router mode, what's the difference between them?
When the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use bridge mode which works as an ADSL modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet. For most Internet users having multiple computers want to share an Internet account for Internet access, they have to add another Internet sharing device, like a router. In this case, we use the router mode which works as a general Router plus an ADSL Modem.
How do I know I am using PPPoE?
PPPoE requires a user account to login to the provider's server. If you need to configure a user name and password on your computer to connect to the ISP you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the AMG1202-T10B/AMG1302-T10B if the ISP uses PPPoE.
When do I need DDNS service?
When you want your internal server to be accessed by using DNS name rather than using the dynamic IP address, we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the AMG1202-T10B/AMG1302-T10B sends this IP to the DDNS server for its updates.
What is content filter?
Internet Content filter allows you to create and enforce Internet access policies tailored to your needs. Content filter gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the AMG1302-T10B /AMG1202-T10B performs content filtering. You can also specify trusted IP Addresses on LAN for which the AMG1302-T10B /AMG1202-T10B will not perform content filtering. You can configure the details about it in Web Configurator, Advanced setup, Security -> Filter.
How does the AMG1302-T10B /AMG1202-T10B work on a noisy ADSL?
Depending on the line quality, the AMG1302-T10B /AMG1202-T10B uses "Fall Back" and "Fall Forward" to automatically adjust the date rate.
Does the VC-based multiplexing perform better than the LLC-based multiplexing?
Though the LLC-based multiplexing can carry multiple protocols over a single VC, it requires extra header information to identify the protocol being carried on the virtual circuit (VC). The VC-based multiplexing needs a separate VC for carrying each protocol but it does not need the extra headers. Therefore, the VC-based multiplexing is more efficient.
What makes AMG1302-T10B /AMG1202-T10B secure?
The AMG1302-T10B/AMG1202-T10B is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN. The AMG1302-T10B /AMG1202-T10B supports Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses. This adds a level of security since the clients on the private LAN are invisible to the Internet.
Why can't I upload the firmware and configuration file using FTP over WAN?
(1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable FTP from WAN, you must turn the firewall off or create a firewall rule to allow FTP connection from WAN. The WAN-to-LAN ACL summary will look like as shown below.
Source IP= FTP host
Destination IP= AMG1302-T10B/AMG1202-T10B’s WAN IP
Service= FTP TCP/21, TCP/20
Action=Forward
(2) You have disabled FTP service in Web Configurator, Advanced setup, Maintenance -> RemoteMGNT.
(3) FTP service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Maintenance -> RemoteMGNT.
(4) A filter set which blocks FTP from WAN is applied to WAN node.
How do I view the firewall log?
All logs generated in AMG1302-T10B/AMG1202-T10B, including firewall logs, IPSec logs, system logs are migrated to centralized logs. So you can view firewall logs in Centralized logs: Web Configurator, Advanced setup, Maintenance -> Logs ->View Log.
The log keeps 128 entries; the new entries will overwrite the old entries when the log has over 128 entries.
Before you can view firewall logs there are two steps you need to do:
(1) Enable log function in Centralized logs setup via either one of the following methods, Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings, check Access Control and Attacks options depending on your real situation.
(2) Enable log function in firewall default policy or in firewall rules.
After the above two steps, you can view firewall logs via Web Configurator: Advanced setup, Maintenance -> Logs ->View Log.
You can also view Centralized logs via mail or syslog, please configure mail server or Unix Syslog server in Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings.
What are potential factors that may causes interference among WLAN products?
Factors of interference:
(1) Obstacles: walls, ceilings, furniture… etc.
(2) Building Materials: metal door, aluminum studs.
(3) Electrical devices: microwaves, monitors, electric motors.
Solution:
(1) Minimizing the number of walls and ceilings
(2) Antenna is positioned for best reception
(3) Keep WLAN products away from electrical devices, eg: microwaves, monitors, electric motors,…, etc.
(4) Add additional APs if necessary.
What wireless security mode does AMG1302-T10B /AMG1202-T10B support?
The wireless security modes supported on AMG1302-T10B/AMG1202-T10B are: Static WEP, WPA-PSK, WPA, WPA2-PSK, and WPAPSKMixed.
The Command Line Interface is for the Administrator use only, and it could be accessed via telnet session. Note: It is protected by super password, ‘1234’ by factory default.
How do I update the firmware and configuration file?
You can do this via accessing web GUI of AMG1202-T10B/AMG1302-T10B as Administrator. Firmware update function is under Maintanance -> Firmware Upgrade. Configuration update function is under Maintanance -> Backup/Restore.
What should I do if I forget the system password?
In case you forget the system password, you can erase the current configuration and restore factory defaults this way:Use the RESET button on the rear panel of AMG1202-T10B/AMG1302-T10B to reset the router. After the router is reset, the LAN IP address will be reset to '192.168.1.1', the common user password will be reset to '1234', and the Administrator password will be reset to ‘1234’.
How to use the Reset button?
a. Turn your AMG1202-T10B/AMG1302-T10Bon. Make sure the POWER led is on (not blinking) b. Press the RESET button for longer than one second and shorter than five seconds and release it. c. Press the RESET button for six seconds and then release it. If the POWER LED begins to blink, the default configuration has been restored and the AMG1202-T10B/AMG1302-T10B restarts.
What is SUA?
When should I use SUA? SUA (Single User Account) is a unique feature supported by Prestige router which allows multiple people to access Internet concurrently for the cost of a single user account. When Prestige acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool. It then recomputed the appropriate header checksums and forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by ISP. When reply packets from the external Internet are received by Prestige, the original IP source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.
Is it possible to access a server running behind SUA from the outside Internet?
How can I do it? Yes, it is possible because AMG1202-T10B/AMG1302-T10B delivers the packet to the local server by looking up to a SUA server table. Therefore, to make a local server accessible to the outside users, the port number and the inside IP address of the server must be configured. (You can configure it in Web Configurator, Advanced Setup, Network Setting-> NAT -> Port Forwarding).
What IP/Port mapping does Multi-NAT support?
Multi-NAT supports five types of IP/port mapping: One to One, Many to One, Many to Many Overload, Many to Many No Overload and Server. The details of the mapping between ILA and IGA are described as below. Here we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the Inside Global Address (IGA),
One to One: In One-to-One mode, the AMG1202-T10B/AMG1302-T10B maps one ILA to one IGA.
Many to One: In Many-to-One mode, the AMG1202-T10B/AMG1302-T10B maps multiple ILA to one IGA. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL's Single User Account feature (the SUA is optional in today's Prestige routers).
Many to Many Overload: In Many-to-Many Overload mode, the AMG1202-T10B/AMG1302-T10B maps the multiple ILA to shared IGA.
Many One-to-One: In Many One-to-One mode, the AMG1202-T10B/AMG1302-T10B maps each ILA to unique IGA.
Server: In Server mode, the AMG1202-T10B/AMG1302-T10B maps multiple inside servers to one global IP address. This allows us to specify multiple servers of different types behind the NAT for outside access. Note; if you want to map each server to one unique IGA please use the One-to-One mode.
How many network users can the SUA/NAT support?
The Prestige does not limit the number of the users but the number of the sessions. The AMG1202-T10B/AMG1302-T10B supports 8192 sessions.
What are Device filters and Protocol filters?
The filters have been separated into two groups. One group is called 'device filter group', and the other is called 'protocol filter group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'. You can configure the filter rule in CLI.
How can I protect against IP spoofing attacks?
The AMG1202-T10B/AMG1302-T10B’s filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows: For the input data filter:
Deny packets from the outside that claim to be from the inside
Allow everything that is not spoofing us Filter rule setup:
Filter type =TCP/IP Filter Rule
Active =Yes
Source IP Addr =a.b.c.d
Source IP Mask =w.x.y.z
Action Matched =Drop
Action Not Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask: For the output data filters:
Deny bounce back packet
Allow packets that originate from us Filter rule setup:
Filter Type =TCP/IP Filter Rule Active =Yes
Destination IP Addr =a.b.c.d Destination IP Mask =w.x.y.z
Action Matched =Drop Action Not Matched =Forward Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.
What is the default password for Web Configurator?
There are two different accounts for AMG1202-T10B/AMG1302-T10B Web Configurator: Common User Account and Administrator Account. By factory default the password for the two accounts are: Common User Account: 1234
Administrator Account: 1234. You can change the password after you logging in the Web Configurator.
Please record your new password whenever you change it. The system will lock you out if you have forgotten your password.
How do I know the AMG1202-T10B/AMG1302-T10B’s WAN IP address assigned by the ISP?
You can view "My WAN IP
The AMG1202-T10B/AMG1302-T10B supports Bridge and Router mode, what's the difference between them?
When the ISP limits some specific computers to access Internet, that means only the traffic to/from these computers will be forwarded and the other will be filtered. In this case, we use bridge mode which works as an ADSL modem to connect to the ISP. The ISP will generally give one Internet account and limit only one computer to access the Internet. For most Internet users having multiple computers want to share an Internet account for Internet access, they have to add another Internet sharing device, like a router. In this case, we use the router mode which works as a general Router plus an ADSL Modem.
How do I know I am using PPPoE?
PPPoE requires a user account to login to the provider's server. If you need to configure a user name and password on your computer to connect to the ISP you are probably using PPPoE. If you are simply connected to the Internet when you turn on your computer, you probably are not. You can also check your ISP or the information sheet given by the ISP. Please choose PPPoE as the encapsulation type in the AMG1202-T10B/AMG1302-T10B if the ISP uses PPPoE.
When do I need DDNS service?
When you want your internal server to be accessed by using DNS name rather than using the dynamic IP address, we can use the DDNS service. The DDNS server allows to alias a dynamic IP address to a static hostname. Whenever the ISP assigns you a new IP, the AMG1202-T10B/AMG1302-T10B sends this IP to the DDNS server for its updates.
What is content filter?
Internet Content filter allows you to create and enforce Internet access policies tailored to your needs. Content filter gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the AMG1302-T10B /AMG1202-T10B performs content filtering. You can also specify trusted IP Addresses on LAN for which the AMG1302-T10B /AMG1202-T10B will not perform content filtering. You can configure the details about it in Web Configurator, Advanced setup, Security -> Filter.
How does the AMG1302-T10B /AMG1202-T10B work on a noisy ADSL?
Depending on the line quality, the AMG1302-T10B /AMG1202-T10B uses "Fall Back" and "Fall Forward" to automatically adjust the date rate.
Does the VC-based multiplexing perform better than the LLC-based multiplexing?
Though the LLC-based multiplexing can carry multiple protocols over a single VC, it requires extra header information to identify the protocol being carried on the virtual circuit (VC). The VC-based multiplexing needs a separate VC for carrying each protocol but it does not need the extra headers. Therefore, the VC-based multiplexing is more efficient.
What makes AMG1302-T10B /AMG1202-T10B secure?
The AMG1302-T10B/AMG1202-T10B is pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to determine if an inbound connection is allowed through the firewall to the private LAN. The AMG1302-T10B /AMG1202-T10B supports Network Address Translation (NAT), which translates the private local addresses to one or multiple public addresses. This adds a level of security since the clients on the private LAN are invisible to the Internet.
Why can't I upload the firmware and configuration file using FTP over WAN?
(1) When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable FTP from WAN, you must turn the firewall off or create a firewall rule to allow FTP connection from WAN. The WAN-to-LAN ACL summary will look like as shown below.
Source IP= FTP host
Destination IP= AMG1302-T10B/AMG1202-T10B’s WAN IP
Service= FTP TCP/21, TCP/20
Action=Forward
(2) You have disabled FTP service in Web Configurator, Advanced setup, Maintenance -> RemoteMGNT.
(3) FTP service is enabled but your host IP is not the secured host entered in Web Configurator, Advanced setup, Maintenance -> RemoteMGNT.
(4) A filter set which blocks FTP from WAN is applied to WAN node.
How do I view the firewall log?
All logs generated in AMG1302-T10B/AMG1202-T10B, including firewall logs, IPSec logs, system logs are migrated to centralized logs. So you can view firewall logs in Centralized logs: Web Configurator, Advanced setup, Maintenance -> Logs ->View Log.
The log keeps 128 entries; the new entries will overwrite the old entries when the log has over 128 entries.
Before you can view firewall logs there are two steps you need to do:
(1) Enable log function in Centralized logs setup via either one of the following methods, Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings, check Access Control and Attacks options depending on your real situation.
(2) Enable log function in firewall default policy or in firewall rules.
After the above two steps, you can view firewall logs via Web Configurator: Advanced setup, Maintenance -> Logs ->View Log.
You can also view Centralized logs via mail or syslog, please configure mail server or Unix Syslog server in Web configuration: Advanced Setup, Maintenance -> Logs -> Log Settings.
What are potential factors that may causes interference among WLAN products?
Factors of interference:
(1) Obstacles: walls, ceilings, furniture… etc.
(2) Building Materials: metal door, aluminum studs.
(3) Electrical devices: microwaves, monitors, electric motors.
Solution:
(1) Minimizing the number of walls and ceilings
(2) Antenna is positioned for best reception
(3) Keep WLAN products away from electrical devices, eg: microwaves, monitors, electric motors,…, etc.
(4) Add additional APs if necessary.
What wireless security mode does AMG1302-T10B /AMG1202-T10B support?
The wireless security modes supported on AMG1302-T10B/AMG1202-T10B are: Static WEP, WPA-PSK, WPA, WPA2-PSK, and WPAPSKMixed.
olá amigo preciso de sua ajuda com amg1202 ! brasil
ReplyDeletenão consigo atualizar o firmware do amg1202-t10b... fica dizendo que o arquivo é invalido... procedo como??
ReplyDeleteOlá Marcelo, estou com o mesmo problema, conseguiu solucionar?
Delete