Introduction

Maybe you've had a broadband connection for a while, and want to expand, or maybe you're just getting set up. Either way, you may find yourself wanting to hook a couple of computers together
and share that cable modem or xDSL connection, but how will you share the single, dynamic IP address they gave you, and what about security?

Enter, the ZyXEL Prestige Series P310 WAN Router.

Features

The ZyXEL P310 is a unique router with a lot to offer, but has few quirks as well.
It has the ability to allow you to share an internet connection over either xDSL or cable.
It also has a built in hardware firewall, it can assign addresses for the devices on your network, and it can even allow multiple computers to be seen as coming from one place. And that...is just the beginning! All in all, the P310 has some powerful features, but because of that, does suffer from a potentially complex setup.

A quick look at some of the listed features.

Internet support

IP routing support
NAT/SUA 
NAT (PAT)
Multimedia applications support (NetMeeting, CuSeeMe, Quake, ICQ, etc.)
PPPoE and PPTP support
RoadRunner Manager 
Toshiba Authentication
DDNS Support

IP Protocol Support

PPP support
IP Routing Protocol: TCP, UDP, ICMP, ARP and Proxy ARP
IP Multicasting
Transparent Bridging
RIP-1, RIP-2

Network Management Support

Local and remote console management
SNMP management support 
UNIX Syslog support 
(CLI) support
Trivial File Transfer Protocol(TFTP)/FTP firmware upgrade and
configuration backup and restore
DHCP server/DHCP client support
Built-in diagnostic and remote support tools

The Good

In order to understand how the router does what it does, we need to take a moment and look at how you get connected to your ISP.

Cable modems authenticate by a couple of different means. One of the more popular methods is to use the hardware address of a network card in your computer to identify the user to the network. This way, passwords don't have to be sent and the process appears to be transparent to the user. What the ZyXEL P310 can do, is grab this address from a computer, and then pass this ID to the network authenticator. There are other methods as well, and the ZyXEL does address those. It has support for hardware authentication,
Toshiba authentication, RR Login, PPPoE, and PPTP for Virtual Private Networking.

But wait, there's more.

The ZyXEL has a very configurable on-board firewall. The firewall allows you to assign up to 12 rules per filter, and up to 6 filters, for a total of 72 rules. You can apply as many as 24 rules to a single port (i.e. port 80 or http access.) When you set up a filter, you are telling the router what to do with packets under what conditions. Sound complicated? It can be, and that's the major problem I see with this router, but I'll come back to that.

The ability to customize is also this routers greatest strength. Within it's price class, it's very hard to name any other router that has all the potential of the P310. This is because the firewall will let you open ports individually, so that if you want to run a particular service, you can. You can also have the firewall deliberately stop all undesireable types of traffic along unusual or rarely used ports or to certain machines. The firewall will also let you open multiple public servers (known as DMZ servers), so that you could have your own email, web servers, databases or other publicly accessible servers (like a game server maybe?) all running across the router at the same time. Nice.

The P310 will do your inside addressing for you, if you'd like. Dynamic Host Control Protocol, or DHCP, is the assignment of network addresses as needed. As devices come onto or leave the network, they're assigned an address from a pool of numbers. Should they leave the network for a
certain period of time, that address is returned to the pool for re-assignment. In this case, you simply tell the router what range of numbers to assign from, and it does the rest. It's a nice feature, since once it's configured, you never need to worry about addressing new machines. You simply tell them where to get their network address from, and voile', done. Even further, the router will get IT'S address from your cable or xDSL company, so it will support DHCP both as a client of the Cable or xDSL company, and simultaneously as a server to the rest of your network. Very nice, ZyXEL.

The router also does Network Address Translation, or NAT. NAT, allows you to use private addresses inside of your network, and public addresses on the outside. This adds a layer of security, and standing alone or better yet combined with the built-in firewall, can prevent intrusions into your network. The P310 combines this with something ZyXEL calls SUA or "Single User Account". SUA, allows multiple inside addresses, to be mapped to one public address. It may sound complicated, but the bottom line is that you can use a bunch of computers inside your network, but they'll all be seen as coming from the one public address given to you by your xDSL or cable company. This even works across DHCP!

The router will also let you group computers. This is called subnetting, and the router allows you to subnet into three groups, each consisting of up to 253 devices, for a total of 759 potential addresses/devices. You can use this in conjunction with the firewall to keep certain devices from ever talking to the internet, or each other if you'd like. You can do it by function, location, or department, it's entirely up to you.

Thought we were done? Think again!

One VERY cool feature of this router is that the P310 will let you run Dynamic DNS, which is a way of associating a domain name, like www.whatever.com, with a dynamically addressed system. A DDNS server will "hold" an ip number for whatever.com, and then authenticates you when you log on, and then re-routes all requests for whatever.com to your new dynamic address. If you go away and come back later with a different ID, you just re-authenticate, and requests are redirected to the new address. It's a slick idea, in that it lets folks with dynamic addresses do their own
web/game/e-commerce servers etc, and it's nice to see ZyXEL support it. It currently supports dyndns.org, and ddns.org servers.

The router can be setup to interface with your office securely via PPTP. Point-To-Point Tunneling Protocol, is a way of setting up an *encrypted* link between you and another site. With PPTP, you can set up a Virtual Private Network, which would allow you to communicate directly with your office LAN, via the internet, very securely. At this point, it will only act as a PPTP VPN gateway with certain French xDSL devices, though it will pass PPTP traffic back and forth using any system.

All these features combined could easily cost you upwards of a few thousand dollars on another router, and ZyXEL has done very well to pack so much, into such a small router.

The Bad

The ZyXEL P310 does have one bad side though, and it's not even really the fault
of the router itself. Generally speaking, the more you make a tool customizable, the less intuitive that tool becomes. In this case, the router doesn't really come pre-configured with very much, just a few basic filters in the firewall, and the manual is not as helpful as it might be. It's not that the manual is skimpy. At a length of 48 pages, it's a pretty decently sized manual. What the manual doesn't do though, is take you step by step through how to set things up. At all. It just basically tells you what the hardware is, what the various functions do, and from there on out, you're pretty much on your own. This can be a stumbling block if you aren't comfortable with exploring the router.

In my case, I have a very basic setup, consisting of one machine connected to the router, and I use the hardware authentication described earlier. In order for me to get my setup working, it was necessary to:

A) Unplug the cable modem power,
B) Physically plug into the router via crossover cable from my NIC card,
C) Plug the WAN port straight through cable into the Cable modem,
D) Physically connect to the router via serial interface,
E) Program the router for DHCP and MAC address bridging and give it the appropriate DNS numbers,
F) Configure my computer for DHCP through the router,
G) Restart the router,
H) Restart my computer,
I) Go back and tell the router what my new address was in order for it to get the MAC address,
J) Restart the router again,
K) Give it a moment to boot up and grab the correct address for MAC bridging
L) And finally, plug the cable modem power back in.

Wait for it to all sync up, and voile', I'm back in business.

It seems pretty straightforward, except that NO WHERE in the manual does it spell these steps out. You have to figure out not only the correct programming for your type of connection, but also the proper sequence of events to get it running correctly. This can be a huge drawback if you're not comfortable with experimenting and spending some time troubleshooting trying to find the correct path and sequence of events.

You can avoid some of this, by doing pre-installation research and talking to your cable or xDSL company to see what kinds of settings you will need. This is not an intuitive setup though and trying to feel your way through will make for a very frustrating experience.

Configuration Software

I finally got the windows software loaded after I had upgraded the firmware for the router to the latest version, and downloaded the latest software. It's important to note that once you upgrade the router firmware, any configuration you may have is wiped out, so you'll need to write down all the settings you had and reconfigure the router. The windows software is nice looking graphically, but is rather basic, and really only covers simple setup and monitoring. Any real customizing currently has to be done through the serial interface. I sincerely hope they add the ability to configure the firewalls and other services through a graphic interface as soon as
possible, both for convenience, and because the serial interface is a rather dry technical interface, and can be intimidating to novice users.

Support Issues

ZyXEL tech support is decent, usually responding to emails the same or next business day. It took some searching through their support area, but I did finally find some sample firewall configurations to look at, and that made it easier to understand how the firewall setup occurs in the ZyXEL. I really wish they'd included this with the printed manual, and would really push for them to add it to any future releases of that manual. Without those kinds of instructions at hand, and information from your service provider about the type of connection and authentication they do, router setup can be a daunting task.

I cannot really speak to speeds across the WAN port, primarily because I have a 1.5mbps cable connection so I'll never reach 10mbps or anything near it. I've not seen any noticeable slowdown in downloads or uploads as a result of the router now being between me and the my cable connection, and various bandwidth speed tests did not seem to suffer at all, so I feel confident I'm reaching at least 1.5mbps across the WAN. As to latency, the router seems to add between a 5-10ms delay, which is very little for the amount of work it's doing, and worth the extra security it adds.

Interface
Windows Prestige Network Commander (PNC) Software

Maintenance Commander

Systems staus screen

PNC Software Login

TFTP loader

Int Access Wizard

Serial Interface

Main Menu

SUA setup

Maintenence Menu main page

Maintenence Menu Systems

Best Wishes,
Tom "Bouncer" Blakely, CCNA

Rating
Overall Rating: