ZyNOS FAQ


  1. What is ZyNOS? 
  2. How do I access the ZyAIR G-2000P SMT menu?
  3. How do I upload the ZyNOS firmware code via console?
  4. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?
  5. How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN?
  6. How do I backup/restore SMT configurations by using TFTP client program via LAN? 
  7. How do I backup/restore configurations by using FTP client program via LAN? 
  8. Why can't I make Telnet to ZyAIR G-2000P from WAN? 
  9. What should I do if I forget the system password? 
  10. What is SUA? When should I use SUA? 
  11. What is the difference between NAT and SUA?
  12. How many network users can the SUA support? 
  13. What are Device filters and Protocol filters? 
  14. Why can't I configure device filters or protocol filters? 
  15. How can I protect against IP spoofing attacks? 


1. What is ZyNOS? 

ZyNOS is ZyXEL's proprietary Network Operating System. It is the platform on all ZyXEL device that delivers network services and applications. It is designed in a modular fashion so it is easy for developers to add new features. New ZyNOS software upgrades can be easily downloaded from our FTP sites as they become available.
 
2. How do I access the ZyAIR G-2000P SMT menu?

The SMT interface is a menu driven interface, which can be accessed via Telnet connection. To access the ZyAIR G-2000P telnet, you will need a host equipped with telnet client and telnet into the device IP.  If you are managing the device from LAN, the default LAN IP is 192.168.1.1.  Type in the password when you are prompt to.  The default password is 1234 if unchanged.

 3. How do I upload the ZyNOS firmware code from Web GUI?

The procedure for uploading ZyNOS via Web GUI is as follow.

  1. Download the latest firmware from public download site from www.zyxel.com and save it to a directory on your PC and unzip the file.
  2. Start your web browser and enter the device IP in the URL field.  If you are managing it from LAN the default IP is 192.168.1.1 if it's unchanged.
  3. Enter your password when prompt to.  The default password is '1234' is unchanged.
  4. Click on F/W upload under maintenance category and click on browse to where the firmware is kept after file is downloaded.  The firmware is the file with extension of *.bin.
  5. Select the firmware than click on upload button on the GUI to start upload.

4. How do I upgrade/backup the ZyNOS firmware by using TFTP client program via LAN?

The ZyAIR G-2000P allows you to transfer the firmware from/to ZyAIR G-2000P by using TFTP program via LAN. The procedure for uploading ZyNOS via TFTP is as follows.

  1. Use the TELNET client program in your PC to login to your ZyAIR G-2000P.
  2. Enter CI command  'sys stdio 0' in menu 24.8 to disable console idle timeout
  3. To upgrade firmware, use TFTP client program to put firmware in file 'ras' in the ZyAIR G-2000P. After data transfer is finished, the ZyAIR G-2000P will program the upgraded firmware into FLASH ROM and reboot itself.
  4. To backup your firmware, use the TFTP client program to get file 'ras' from the ZyAIR G-2000P.

5. How do I upgrade/backup the ZyNOS firmware by using FTP client program via LAN?

The ZyAIR G-2000P allows you to transfer the firmware from/to ZyAIR G-2000P by using FTP program via LAN. The procedure for uploading ZyNOS via FTP is as follows.

  1. Use the TELNET client program in your PC to login to your ZyAIR.
  2. To upgrade firmware, use FTP client program to put firmware in file 'ras' in the ZyAIR G-2000P. After data transfer is finished, the ZyAIR will program the upgraded firmware into FLASH ROM and reboot itself.
  3. To backup your firmware, use the FTP client program to get file 'ras' from the ZyAIR G-2000P.

6. How do I backup/restore SMT configurations by using TFTP client program via LAN? 

  1. Use the TELNET client program in your PC to login to your ZyAIR G-2000P.
  2. Enter CI command  'sys stdio 0' in menu 24.8 to disable console idle timeout.
  3. To backup the SMT configurations, use TFTP client program to get file 'rom-0' from the ZyAIR G-2000P.
  4. To restore the SMT configurations, use the TFTP client program to put your configuration in file ROM-0 in the ZyAIR G-2000P.

7. How do I backup/restore configurations by using FTP client program via LAN? 

  1. Use the TELNET client program in your PC to login to your ZyAIR G-2000P.
  2. To backup the configurations, use FTPclient program to get file 'rom-0' from the ZyAIR.
  3. To restore the configurations, use the FTP client program to put your configuration in file ROM-0 in the ZyAIR G-2000P.

8. Why can't I make Telnet to ZyAIR G-2000P from WAN? 

For the ZyAIR G-2000P, because a default Telnet filter is configured in ZyAIR G-2000P to prevent outside users from access the ZyAIR G-2000P via Telnet. You can remove the filter set 3 in menu 11.5--Input Filter Sets field.  

For the ZyAIR G-2000P, there are three reasons that Telnet from WAN is blocked.

  1. When the firewall is turned on, all connections from WAN to LAN are blocked by the default ACL rule. To enable Telnet from WAN, you must turn the firewall off (Menu 21.2) or create a firewall rule to allow Telnet connection from WAN. The WAN-to-LAN ACL summary will look like as shown below.

Source IP= Telnet host
Destination IP= ZyAIR G-2000P's WAN IP
Service= TCP/23
Action=Forward

  1. You have disabled Telnet service in Menu 24.11.
  2. Telnet service is enabled but your host IP is not the securied host entered in Menu 24.11. In this case, the error message 'Client IP is not allowed!' is appeared on the Telnet screen.
  3. The default filter rule 3 (Telnet_FTP_WAN) is applied in the Input Protocol field in menu 11.5.
  4. The console port is in use.


9. What should I do if I forget the system password? 

In case you forget the system password, you need to upload ROMFILE to reset the SMT to factory default. After uploading ROMFILE, the default system password is '1234' or press the reset button located by the power jack with a sharp pointed object by holding down the reset button for 10 second.
 
10. What is SUA? When should I use SUA? 

SUA (Single User Account) is a unique feature supported by ZyAIR G-2000P router which allows multiple people to access Internet concurrently for the cost of a single user account.

When ZyAIR G-2000P acting as SUA receives a packet from a local client destined for the outside Internet, it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool. It then recomputes the appropriate header checksums and forwards the packet to the Internet as if it is originated from ZyAIR G-2000P using the IP address assigned by ISP. When reply packets from the external Internet are received by ZyAIR G-2000P, the original IP source address and TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.

11.  What is the difference between NAT and SUA? 

NAT is a generic name defined in RFC 1631 'The IP Network Address Translator (NAT)'.
SUA (Internet Single User Account) is ZyXEL's implementation and trade name for functioning PAT which is a specific type of NAT. SUA( or PAT for NAT) translates address into port mapping.

The primary motivation for RFC 1631 is that there is not enough IP address to go around. In addition, many corporations simply did not bother to obtain legal (globally unique) IP addresses for their networks and now find themselves unable to connect to the Internet.

Basically, NAT is a process of translating one address to another. A NAT implementation can be as simple as substituting an IP address with another. This allows a network to rectify the illegal address problem mentioned above without going through each and every host.

The design goal of ZyXEL's SUA is to minimize the Internet access cost in a small office environment by using a single IP address to represent the multiple hosts inside. It does more than IP address translation, so that multiple hosts on the LAN can access the Internet at the same time.
 
12. How many network users can the SUA support? 

The ZyAIR G-2000P does not limit the number of the users but the number of the sessions. The ZyAIR G-2000P supports 1024 sessions that you can use the 'ip nat iface enif0 st' command in menu 24.8 to view the current active sessions.
 
13. What are Device filters and Protocol filters? 

In ZyNOS, the filters have been separated into two groups.  One group is called 'device filter group', and the other is called 'protocol filter group'.  Generic filters belong to the 'device filter group', TCP/IP and IPX filters belong to the 'protocol filter group'.
 
14.  Why can't I configure device filters or protocol filters? 

In ZyNOS, you can not mix different filter groups in the same filter set.
 
15. How can I protect against IP spoofing attacks? 

The ZyAIR G-2000P's filter sets provide a means to protect against IP spoofing attacks. The basic scheme is as follows:

For the input data filter:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask:

For the output data filters:

Filter rule setup:

Where a.b.c.d is an IP address on your local network and w.x.y.z is your netmask.


All contents copyright © 2004 ZyXEL Communications Corporation.