ZyXEL Communications 662HW Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications 662HW Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications 662HW Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications 662HW Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications 662HW Series should contain:
- informations concerning technical data of ZyXEL Communications 662HW Series
- name of the manufacturer and a year of construction of the ZyXEL Communications 662HW Series item
- rules of operation, control and maintenance of the ZyXEL Communications 662HW Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications 662HW Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications 662HW Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications 662HW Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications 662HW Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Prestige 662H/HW Series ADSL 2+ 4-Port Security Gateway User ’ s Guide V ersion 3.40 November 2 0 04[...]

  • Page 2

    Prestige 662H/HW Series User’s Guide Copyright 2 Copyright Copyright © 2004 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , magnet[...]

  • Page 3

    Prestige 662H/HW Series User’s Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accep[...]

  • Page 4

    Prestige 662H/HW Series User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product h[...]

  • Page 5

    Prestige 662H/HW Series User’s Guide 5 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. METHOD LOCATI[...]

  • Page 6

    Prestige 662H/HW Series User’s Guide Customer Support 6[...]

  • Page 7

    Prestige 662H/HW Series User’s Guide 7 Customer Suppo rt[...]

  • Page 8

    Prestige 662H/HW Series User’s Guide 8 T able of Content s Copyright .................................................. ................................................................ 2 Federal Communications Commissi on (FCC) Interference St atement ............... 3 ZyXEL Limited W arranty ......................................................[...]

  • Page 9

    Prestige 662H/HW Series User’s Guide 9 3.1.1 Encapsulation ........... ................. ............. ............ ................. ............ ......... 60 3.1.1.1 ENET ENCAP ..................... ............. ................ ............. ............. .....60 3.1.1.2 PPP over Ethernet .............. .......................................[...]

  • Page 10

    Prestige 662H/HW Series User’s Guide 10 6.3 DNS Server Address Assignment ................ ............. ................ ............. ............ 79 6.4 LAN TCP/IP ........ ............. ................ ............. ............. ................ ............. ............ 80 6.4.1 Factory LAN Defaults .... ............. ................ ...[...]

  • Page 11

    Prestige 662H/HW Series User’s Guide 11 8.12.3 Authentication Required: WP A-PSK ........ ............. ............. ................ ...106 8.13 Configuring Local User Authentication ........... ............ ............. ................ ....... 108 8.14 Configuring RADIU S ..... ................ ............. ................ ............. ..[...]

  • Page 12

    Prestige 662H/HW Series User’s Guide 12 Chapter 12 Time and Date ................................................................ ....................................... 142 12.1 Configuring T ime and Date ........... .... ......... ................ ............. ............. .......... 142 Chapter 13 Firewalls ..................................[...]

  • Page 13

    Prestige 662H/HW Series User’s Guide 13 14.3.3.3 Source Address . ............. ................ ............. ............. ............ .......160 14.3.3.4 Destination Addr es s ............. ............. ................ ............. ............. 161 14.4 Connection Direction Example ............. ................ ................ .........[...]

  • Page 14

    Prestige 662H/HW Series User’s Guide 14 Chapter 17 Anti-Virus Packet Sca n ................................................. ....................................... 204 17.1 Overview ................. ................ ............. ............. ................ ............. ................ 204 17.1.1 T ypes of Computer Viruses .............. .[...]

  • Page 15

    Prestige 662H/HW Series User’s Guide 15 19.7 NA T Traversal .. ................ ............. ................. ............ ................. ................ ...222 19.7.1 NA T Traversal Config uration .................... ............. ................ ............. ...223 19.7.2 Remote DNS Server ...... ................ ............. ........[...]

  • Page 16

    Prestige 662H/HW Series User’s Guide 16 Chapter 22 Logs Screens ................................................................. ....................................... 264 22.1 Logs Overview ..................... ................ ............. ................ ............. ................ 264 22.1.1 Alerts and Logs .............. ............[...]

  • Page 17

    Prestige 662H/HW Series User’s Guide 17 24.6.1 Diagnostic General Screen ...... ............. ................ ............. ................ ...290 24.6.2 Diagnostic DSL Line Screen ....... ... ............. ................ ............. ............. 291 24.7 Firmware Screen .............. ................. ............. ................ .....[...]

  • Page 18

    Prestige 662H/HW Series User’s Guide 18 Chapter 30 Internet Access .................................................................................. .................. 320 30.1 Internet Access Overview ................. ............. ................ ............. ............ .......320 30.2 IP Policies ........................ ............. ..[...]

  • Page 19

    Prestige 662H/HW Series User’s Guide 19 34.2 Applying NA T ... ............. ................ ............. ................ ............. ................ ....... 344 34.3 NA T Set up ............... ............. ................ ............. ................ ............. ................ 346 34.3.1 Address Mapping Sets ................ .....[...]

  • Page 20

    Prestige 662H/HW Series User’s Guide 20 Chapter 38 System Security ....................................... .......................................... .................. 380 38.1 System Security ... ...... ...... ................. ............. ............ ................. ............ ....... 380 38.1.1 System Passw ord ....... ................[...]

  • Page 21

    Prestige 662H/HW Series User’s Guide 21 40.4.6 TFTP Upload Command Example . ................................................ ....... 408 40.4.7 Uploading Via Consol e Port ..... ................ ............. ................ ............. ...408 40.4.8 Uploading Firmware F ile Via Console Port .............. ............. ................ 408 4[...]

  • Page 22

    Prestige 662H/HW Series User’s Guide 22 45.4 IKE Setup ... ................ ............. ................ ............. ............. ................ ............. 441 45.5 Manual Setup .......... ... ...... ............. ................. ............ ............. ............. .......... 443 45.5.1 Active Protocol .. ...... ............. ...[...]

  • Page 23

    Prestige 662H/HW Series User’s Guide 23 Configuring ......... ............. ................ ............. ................ ............. ................ ...... 464 V erifying Settings ....... ................ ............. ................ ............. ................ ............ 465 Windows 2000/NT/XP ............ ................ .........[...]

  • Page 24

    Prestige 662H/HW Series User’s Guide 24 IEEE 802.1x ..... ................ ............. ................ ............. ................ ............. ............... 490 Advantages of the IEEE 802. 1x ................. ................................ ............. ............... 490 RADIUS Server Authentication Sequence ........... ...........[...]

  • Page 25

    Prestige 662H/HW Series User’s Guide 25 Appendix O Firewall Commands ...................................................... ....................................... 530 Appendix O Sys Firewall Comma nds ........... ............. ............. ................ ............. ...530 Appendix P NetBIOS Filter Commands .................................[...]

  • Page 26

    Prestige 662H/HW Series User’s Guide 26 List of Figures Figure 1 Prestige Internet Access Applicati on ... ............. ................ ............. ................ ....... 51 Figure 2 Firewall Application ........ ................ .......... ................ ............. ............. ................ ... 52 Figure 3 Prestige LAN-to-LAN App[...]

  • Page 27

    Prestige 662H/HW Series User’s Guide 27 Figure 37 Example of T raffic Shaping ....... ...... .......... ............. ............. ................ ............. ... 1 14 Figure 38 W AN Setup (PPPoE) ................................................................................ .......... 1 1 5 Figure 39 T raffic Redirect Example .............[...]

  • Page 28

    Prestige 662H/HW Series User’s Guide 28 Figure 80 Content Access Contro l: General: Diagnose ....................... ................ ............. 198 Figure 81 Content Access Control: User Profiles .......................... ............. ................ ....... 199 Figure 82 Content Access Control: O nline S tatus ......... ................ .[...]

  • Page 29

    Prestige 662H/HW Series User’s Guide 29 Figure 123 View Logs .. ................ ............. ................ ............. ................ ............. ................ 2 67 Figure 124 E-mail Log Example ...... ................ ................ ............. ................ ................ ....... 268 Figure 125 Application-based Bandwidth[...]

  • Page 30

    Prestige 662H/HW Series User’s Guide 30 Figure 166 Menu 1 1.1 Remote Node Profile .. ............. ............. ................ ............. ............. 328 Figure 167 Menu 1 1.3 Remote Node Network Layer Options .................. ................ .......... 330 Figure 168 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection ........... .[...]

  • Page 31

    Prestige 662H/HW Series User’s Guide 31 Figure 209 NetBIOS_LAN Filter Rules Summary ................. ................ ............. ................ 365 Figure 210 IGMP Filter Rules Summary .. ...... ....... ............. ................ ............. ............ ....... 365 Figure 21 1 Menu 21.1.x.1 TCP/IP Filter Rule .... ................. .[...]

  • Page 32

    Prestige 662H/HW Series User’s Guide 32 Figure 252 T elnet Into Menu 24.7.2 Syst em Ma intenance ................. ............. ................ ... 406 Figure 253 FTP Session Example of Firmware F ile Upload ........... ............. ................ ....... 407 Figure 254 Menu 24.7.1 As Seen Using the Cons ole Port .......................... .[...]

  • Page 33

    Prestige 662H/HW Series User’s Guide 33 Figure 7 Windows 95/98/Me: TCP/IP Properties : IP Address ................ ................ ............. 464 Figure 8 Windows 95/98/Me: TCP/IP Properties : DNS Configuration ...................... .......... 465 Figure 9 Windows XP: S tart Menu .. ............. ................ ................ ...........[...]

  • Page 34

    Prestige 662H/HW Series User’s Guide 34 List of T ables T able 1 AD SL S tandards ...... ................ ............. ................. ................ ............. ................ ... 44 T able 2 IEEE802.1 1g ................ ................................................................ .......................... 46 T able 3 Web Configur[...]

  • Page 35

    Prestige 662H/HW Series User’s Guide 35 T able 37 Dynamic DN S ........ ................ ................. ............. ................ ............. ................ ... 141 T able 38 Time and Date .............. ................ ................ ............. ................ ................ .......... 14 3 T able 39 Common IP Ports ........[...]

  • Page 36

    Prestige 662H/HW Series User’s Guide 36 T able 80 Configuring UPnP ............... ................ ................. ............ ................. ................ ... 252 T able 81 Log Settings ........ ................ ................ ............. ................ ................. ............ ...... .2 6 5 T able 82 View Logs . ..........[...]

  • Page 37

    Prestige 662H/HW Series User’s Guide 37 T able 123 Menu 15.1.1 First Set .............. ............. ................ ................ ............. ................ 349 T able 124 Menu 15.1.1.1 Editing/ Configuring an Individual Rule in a Set ...... ................ ... 350 T able 125 Abbreviations Used in the Filter Ru les Summary Menu .......[...]

  • Page 38

    Prestige 662H/HW Series User’s Guide 38 T able 3 Allowed IP A ddress Range By Class . ....... ............. ............ ................. ............ ....... 475 T able 4 “Natural” Masks ...... ................ ............. ................. ............ ................. ............ ....... 4 75 T able 5 Alternativ e Subnet Mask Notation[...]

  • Page 39

    Prestige 662H/HW Series User’s Guide 39 T able 46 Syslog Logs .. ................ ............. ................ ............. ................ ................ ............. 551 T able 47 RFC-2408 ISAKMP Payload T ypes .... ................. ................ ............. ............ ....... 551[...]

  • Page 40

    Prestige 662H/HW Series User’s Guide Preface 40 Preface Congratulations on your p urchase of the Pres tige 662HW W ireless ADSL Security Gateway or the Prestige 662H ADSL Security Gateway . The Prestige 662HW has the bu ilt-in IEEE 802.1 1g wireless fe ature that provides wireless LAN connection without the expense of ad ditional network cabling [...]

  • Page 41

    Prestige 662H/HW Series User’s Guide 41 Preface Refer to the included CD for support documents. • Quick Start Guide The Quick S tart Guide is designed to help you get up and running right away . They contain connection information and instructions on getting st arted. • W eb Configurator Online Help Embedded web help for descriptions of indiv[...]

  • Page 42

    Prestige 662H/HW Series User’s Guide Introduction to DSL 42 Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices. While the wire itself can handle higher frequencies, the telephone [...]

  • Page 43

    Prestige 662H/HW Series User’s Guide 43 Introduction to DSL[...]

  • Page 44

    Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 44 C HAPTER 1 Getting T o Know Y our Prestige This chapter describes the key fe atur es and applications of your Pr estige. 1.1 Introducing the Prestige Y our Prestige integrates high-speed 10/100Mb ps auto-negotiating LAN interface(s) and a high-speed ADSL port into a [...]

  • Page 45

    Prestige 662H/HW Series User’s Guide 45 Chapter 1 G etting To Know Your Pres tige Models ending in “1”, for example P restige 662HW -61, denote a d e vice that work s over the analog telephone system, POTS (P lain Old T elephone Service). Models ending in “3 ” denote a device that works o ver ISDN (Integrated Sy nchr onous Digital System)[...]

  • Page 46

    Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 46 Content Filtering Content filtering allows you to block access to fo rbidden Internet web sit es, schedule when the Prestige should perform the filtering and give trusted LAN IP addresses unfiltered Internet access. Content Access Control The Prestige can control acc[...]

  • Page 47

    Prestige 662H/HW Series User’s Guide 47 Chapter 1 G etting To Know Your Pres tige External Antenna The Prestige is equipped with an antenna conn ector and comes with a detachable 5dBi antenna to provide clear radio signal between th e wireless stations and the acce ss points. Wireless LAN MAC Address Filtering Y our Prestige can check the MA C ad[...]

  • Page 48

    Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 48 PPPoE Support (RFC2516) PPPoE (Point-to-Point Pro tocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing netw ork configuration with newer broadband techn o logies such as ADSL. The PPPoE driver on the Prestige is tran sparent to[...]

  • Page 49

    Prestige 662H/HW Series User’s Guide 49 Chapter 1 G etting To Know Your Pres tige • Supports Multi-Mode standard (ANSI T1.413, Issue 2; G .dmt (G .992.1); G .lite (G992.2)). • TCP/IP (T ransmission Control Protocol/Internet Protocol) n e twork layer protocol. • A TM Forum UNI 3.1/4.0 PVC. • Supports up to 8 PV Cs (UBR, CBR, VBR). • Mult[...]

  • Page 50

    Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 50 Multiplexing The Prestige supports VC-ba sed and LLC-based multiplexing. Encap sulation The Prestige supports PPPoA (RFC 2364 - PPP over A TM Ad aptation Layer 5), RFC 1483 encapsulation over A TM, MAC encapsulated routing (ENET encapsul ation) as well as PPP over Et[...]

  • Page 51

    Prestige 662H/HW Series User’s Guide 51 Chapter 1 G etting To Know Your Pres tige Housing Y our Prestige's compact and ven tilated housing minimizes space requirements making it easy to position anywhere in your busy office. 1.1.2 Applications for the Prestige Here are some example uses for which the Prestige is well suited. 1.1.2.1 Internet[...]

  • Page 52

    Prestige 662H/HW Series User’s Guide Chapter 1 Getting To Kn ow Your Prestige 52 Figure 2 Firewall Application 1.1.3.1 LAN to LAN Application Y ou can use the Prestige to connect two geogr aphical ly dispersed networks over the ADSL line. A typical LAN-to-LAN application for your Prestige is shown as follows. Figure 3 Prestige LAN-to-LAN Applicat[...]

  • Page 53

    Prestige 662H/HW Series User’s Guide 53 Chapter 1 G etting To Know Your Pres tige[...]

  • Page 54

    Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 54 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to acces s and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy Prestige setup and management via Int[...]

  • Page 55

    Prestige 662H/HW Series User’s Guide 55 Chapter 2 Introducing the Web Configurator Figure 4 Password Screen 6 It is highly recommended you change the de fault password! Enter a new password, retype it to confirm and click Apply ; alternatively click Ignor e to proceed to the main menu if you do not want to chang e the password now . Figure 5 Chan[...]

  • Page 56

    Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 56 2 Press the RESET button for ten seconds or until the PWR/SYS LED begins to blink and then release it. When the PWR/SYS LED begins to blink, the defaults have b een restored and the Prestige restarts. 2.1.3 Navigating the Pr estige Web Configurator The following s[...]

  • Page 57

    Prestige 662H/HW Series User’s Guide 57 Chapter 2 Introducing the Web Configurator T able 3 Web Config urator Scre ens Summ ary LINK SUB-LINK FUNCTION Wizard Setup Connection Setup Use these screens for initial co nfiguratio n including general setup, ISP parameters for In ternet Access and WAN IP/DNS Server/MAC address assignme nt. Media Bandw i[...]

  • Page 58

    Prestige 662H/HW Series User’s Guide Chapter 2 Introducing the Web Configur ator 58 Media Bandw idth Management Summary Use this screen to allocate an i nterface's outg oing capacity to specific types of traffic. Class Setup Use this screen to define a bandwidth class. Monitor Use this screen to view bandwidth class statistics. Maintenance S[...]

  • Page 59

    Prestige 662H/HW Series User’s Guide 59 Chapter 2 Introducing the Web Configurator[...]

  • Page 60

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 60 C HAPTER 3 W izard Setup for Internet Access This chapter pr ovides information on the W izard Se tup scr eens for Internet access in the web configurator . 3.1 Introduction Use the W izard Setup screens to configure your system for Internet access with the inform[...]

  • Page 61

    Prestige 662H/HW Series User’s Guide 61 Chapter 3 Wiz ard Setup f or Internet Ac cess 3.1.1.4 RFC 1483 RFC 1483 describes two methods for Multipro tocol Encapsulation over A TM Adaptation Layer 5 (AAL5). The first method allows mult iplexing of multiple protocols over a single A TM virtual circuit (LLC-based multiplexing ) and the second method a[...]

  • Page 62

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 62 Figure 7 Internet Access Wizard Setup: First Screen The following table describes the fields in this screen. 3.3 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network numb[...]

  • Page 63

    Prestige 662H/HW Series User’s Guide 63 Chapter 3 Wiz ard Setup f or Internet Ac cess If the ISP did not expl icitly give you an IP network n u mber , then most likely you have a sin gle user account and the ISP will assign you a d ynamic IP address when the connection is established. If this is the case, it is recomm ended that you select a netw[...]

  • Page 64

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 64 3.3.1.4 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fice s, you can assign any IP addresses to the hosts without problems. However ,[...]

  • Page 65

    Prestige 662H/HW Series User’s Guide 65 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 8 Internet Connection with PPPoE The following table describes the fields in this screen. Table 5 Internet Connection with PPPoE LABEL DESCRIPTION Service Name T ype the name of your PPPoE service here. User Name Enter the us er name exactly as your ISP a[...]

  • Page 66

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 66 Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode fiel d. T ype your ISP as signed IP[...]

  • Page 67

    Prestige 662H/HW Series User’s Guide 67 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Table 7 Internet Connection with ENET ENCAP LABEL DESCRIPTION IP Address A st atic IP add ress is a fixed IP that your ISP gives you. A dynamic IP address is n[...]

  • Page 68

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 68 Figure 1 1 Internet Connect ion with PPPoA The following table describes the fields in this screen. Table 8 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the lo gin name that your ISP gives y ou. Password Enter the password associated with the u[...]

  • Page 69

    Prestige 662H/HW Series User’s Guide 69 Chapter 3 Wiz ard Setup f or Internet Ac cess 3.4.1 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server[...]

  • Page 70

    Prestige 662H/HW Series User’s Guide Chapter 3 Wizard Setup for Internet Acces s 70 Figure 13 Internet Access Wizard Setup: LAN Configuration The following table describes the fields in this screen. 3.5 Internet Access Wizard Setup: Connection T est The Prestige automatically tests the connectio n to the computer(s) connected to the LAN ports. T [...]

  • Page 71

    Prestige 662H/HW Series User’s Guide 71 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 14 Internet Access Wizard Setup: Connection T ests 3.5.1 T est Y our Internet Connection Launch your web brows er and navigate to www .zyxel.com . Internet access is just the beginning. Refer to the res t of this User ’ s Guide for more detailed informa[...]

  • Page 72

    Prestige 662H/HW Series User’s Guide Chapter 4 Wiza rd Setup fo r Media Ban dwidth Mana gement 72 C HAPTER 4 Wizard Setup for Media Bandwid th Management This chapter shows you how to configur e basic bandwidth management using the wiza rd scr eens. 4.1 Introduction The web configurator’ s Media Bandwidth Magnt. screens under Wi zard Setup allo[...]

  • Page 73

    Prestige 662H/HW Series User’s Guide 73 Chapter 4 Wizard Setup for Media Bandwidth Ma nagement 4.2 Media Bandwid th Management Setup 1 Click Media Bandwidth Mgnt. under Wizard Setup in the SITE MAP screen. FTP File Transfer Program enabl es fast transf er of files, including large files that may not be possible by e -mail. FTP uses po rt number 2[...]

  • Page 74

    Prestige 662H/HW Series User’s Guide Chapter 4 Wiza rd Setup fo r Media Ban dwidth Mana gement 74 Figure 15 Media Bandwid th Mgnt. Wiza rd Setup: First Scr een The following table describes the labels in this screen. 4.3 Media Bandwid th Mgnt. Wizard Setup: Second Screen The Prestige automatically creates the bandwi dth class for each service you[...]

  • Page 75

    Prestige 662H/HW Series User’s Guide 75 Chapter 4 Wizard Setup for Media Bandwidth Ma nagement Figure 16 Media Bandwid th Mgnt. Wizard Setup: Se cond Screen The following table describes th e fields in this screen. 4.4 Media Bandwid th Mgnt. Wizard Setup: Finish W ell done! Y ou have finished configuration o f Media Bandwidth Manag ement. Y ou ma[...]

  • Page 76

    Prestige 662H/HW Series User’s Guide Chapter 5 Password Setup 76 C HAPTER 5 Password Setup This chapter pr ovides information on the Password scr een. 5.1 Password Overview It is highly recommended that you ch ange the password for accessing the Prestige. 5.1.1 Configuring Password T o change your Prestige’ s password (recommended), click Passw[...]

  • Page 77

    Prestige 662H/HW Series User’s Guide 77 Chapter 5 Password Setup[...]

  • Page 78

    Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 78 C HAPTER 6 LAN Setup This chapter describes how to configur e LAN settings. 6.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor o[...]

  • Page 79

    Prestige 662H/HW Series User’s Guide 79 Chapter 6 LAN Setup 6.2 DNS Server Address DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely impo rtant because without it, you must know the IP address of a machine before you can access it. The DNS server addre sses that you e[...]

  • Page 80

    Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 80 6.4 LAN TCP/IP The Prestige has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability . 6.4.1 Factory LAN Default s The LAN parameters of the Prestige are preset in the factory with the following values: • IP address of[...]

  • Page 81

    Prestige 662H/HW Series User’s Guide 81 Chapter 6 LAN Setup 6.4.4 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1. IGMP (Internet Gr[...]

  • Page 82

    Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 82 Figure 20 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address that is in the same subnet as the Prestige’ s IP address. 6.5.1 How Any IP Works Address Resolution Protocol (ARP) is a prot ocol for mapping an Internet[...]

  • Page 83

    Prestige 662H/HW Series User’s Guide 83 Chapter 6 LAN Setup After all the routing information is updated, the computer can access the Prestige and the Internet as if it is in the same subnet as the Prestige. 6.6 Configuring LAN Click LAN and LAN Setup to open the following screen. Figure 21 LAN Setup[...]

  • Page 84

    Prestige 662H/HW Series User’s Guide Chapter 6 LAN Setup 84 The following table describes the fields in this screen. 6.7 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Table 14 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server , your Prestige can[...]

  • Page 85

    Prestige 662H/HW Series User’s Guide 85 Chapter 6 LAN Setup Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of hexadec imal characters, for example, 00:A0:C5:00:00:02. T o change your Prestige’ s static DHCP settings, click LAN , then the S t atic DHCP[...]

  • Page 86

    Prestige 662H/HW Series User’s Guide Chapter 7 DMZ 86 C HAPTER 7 DMZ This chapter describes how to configur e the Pr e stige’ s DMZ. 7.1 Introduction The DeMilitarized Zone (DMZ) auto-negotiating 10/100 Mbps E thernet port provides a way for public servers (W eb, e-mail, FTP , etc.) to be visible to the outside world (while still being protecte[...]

  • Page 87

    Prestige 662H/HW Series User’s Guide 87 Chapter 7 DMZ Figure 23 DMZ The following table describes the labels in this screen.. Table 16 DMZ LABEL DESCRIPTION DMZ TCP/IP IP Address T ype the IP address of your Presti ge’s DMZ port in dotted decimal notation. Make sure the IP address i s on a separate subnet from the LAN port. IP Subnet Mask The s[...]

  • Page 88

    Prestige 662H/HW Series User’s Guide Chapter 7 DMZ 88 Allow between DMZ and LAN Select this check box to forward NetBIOS packets from the LAN to the DMZ and from the DMZ to the LAN. If your firewall is enabled with the default policy set to block DMZ to LAN traffic, you also need to enable the default DMZ to LAN firewall rule that forwards NetBIO[...]

  • Page 89

    Prestige 662H/HW Series User’s Guide 89 Chapter 7 DMZ[...]

  • Page 90

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 90 C HAPTER 8 W ireless LAN Setup This chapter discusses how to con figur e W ire less LAN on the Pr estige. 8.1 Introduction This section introduces the wireless LAN and some basic configurations. W i reless LANs c an be as simple as two computers with wireless LAN cards communica[...]

  • Page 91

    Prestige 662H/HW Series User’s Guide 91 Chapter 8 Wireless LAN Setup 8.1.3 ESS ID An Extended Service Set (ESS) is a group of access points or wireless gateways connected to a wired LAN on the same subnet. An ESS ID uniquely identifies ea ch set. All access points or wireless gateways and their associated wireles s stations in the same set must h[...]

  • Page 92

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 92 If the RT S / C T S value is greater than the Fragmentation Threshold value (see next), then the R TS (Request T o Send)/CTS (Clear to Send) ha ndshake will never occur as data frames will be fragmented befo re they reach RT S/ CT S s ize. 8.1.5 Fragment ation Threshold A Fragme[...]

  • Page 93

    Prestige 662H/HW Series User’s Guide 93 Chapter 8 Wireless LAN Setup Figure 25 Prestige Wireless Security Levels If you do not enable any wireless security on y our Prestige, your network is accessible to any wireless networki ng device that is within range. Use the Prestige web configurator to configur ator to set up your wireless LAN security s[...]

  • Page 94

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 94 Click W ireless LAN , W ireless to open the Wir eless screen. Figure 26 Wirele ss LAN The following table describes the fields in this screen. Table 17 Wirel ess LAN LABEL DESCRIPTION Enable Wireless LAN The wireless LAN is turned off by default, before you enable the wireless L[...]

  • Page 95

    Prestige 662H/HW Series User’s Guide 95 Chapter 8 Wireless LAN Setup 8.5 Configuring MAC Filter The MAC filter screen allows you to configure the Prestige to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from ac cessing the Prestige (Deny Association). Every Ethernet device has a uniq ue MAC (Media Acce[...]

  • Page 96

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 96 Figure 27 MAC Addres s Filter The following table describes the fields in this menu. Table 18 MAC Address F ilter LABEL DESCRIPTION Active Select Ye s from the drop down list box to enable MAC address fil tering. Action Define the filter action for the list of MAC addresses in t[...]

  • Page 97

    Prestige 662H/HW Series User’s Guide 97 Chapter 8 Wireless LAN Setup 8.6 Network Authentication Y ou can set the Prestige a nd your network to auth enticate a wireless st ation before the wireless station can communicate with th e Prestige and the wired network to which the Prestige is connected. 8.6.1 EAP EAP is an authentication prot ocol desig[...]

  • Page 98

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 98 • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and th[...]

  • Page 99

    Prestige 662H/HW Series User’s Guide 99 Chapter 8 Wireless LAN Setup 3 The wireless station replies with identity info rmation, including username and password. 4 The RADIUS server checks the user informa tion against its user profile database and determines whether or not to au thenticate the wireless station. 8.7 Introduction to WP A W i-Fi Pro[...]

  • Page 100

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 100 By generating unique data encryption keys for ev ery data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more dif ficult to decode data on a W i-Fi network than WEP , making it dif ficult for an intruder to break into the network. The encryptio[...]

  • Page 101

    Prestige 662H/HW Series User’s Guide 101 Cha pter 8 Wireless LAN Setu p 2 The RADIUS server then checks the user's iden tification against its database and grants or denies network access accordingly . 3 The RADIUS server distributes a Pairwise Mast er Key (PMK) key to th e AP that then sets up a key hierarch y and management system, u sing [...]

  • Page 102

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 102 8.1 1 Wireless Client WP A Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the mo st widely availa ble supplicants are the WP A patch for W indows XP , Funk Softwa[...]

  • Page 103

    Prestige 662H/HW Series User’s Guide 103 Cha pter 8 Wireless LAN Setu p 8.12.1 Authenticatio n Required: 802.1x Select Authentication Required in the Wireless Port Contr ol field and 802.1x in the Key Management Protocol field to display the next screen. Figure 32 Wireless LAN: 802.1x/WP A for 802.1x Protocol The following table describes the lab[...]

  • Page 104

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 104 T able 21 Wireless LAN: 802.1x/WP A for 802.1x Protocol LABEL DESCRIPTION Wireless Port Control T o control wireless stations access to the wired network, sele ct a control method from the drop-down list box. Choose from No Authentication R equired , Authenticati on Requir ed a[...]

  • Page 105

    Prestige 662H/HW Series User’s Guide 105 Cha pter 8 Wireless LAN Setu p 8.12.2 Authenticat ion Required: WP A Select Authentication Required in the Wir eless Port Control field and WP A in the Key Management Protocol field to display the next screen. Figure 33 Wireless LAN: 802.1x /WP A for WP A Protocol The following table describes the labels n[...]

  • Page 106

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 106 8.12.3 Authenticatio n Required: WP A-PSK Select Authentication Required in t he Wireless Port Contr ol field and WP A-PSK in the Key Management Protocol field to display the next screen. Table 22 Wireless LAN: 802.1x /WP A for WP A Protocol LABEL DESCRIPTION Key Management Pro[...]

  • Page 107

    Prestige 662H/HW Series User’s Guide 107 Cha pter 8 Wireless LAN Setu p Figure 34 Wireless LAN: 802.1x/WP A for W P A-PSK Protocol The following table describes the labels not previously discussed. Table 23 Wireless LAN: 802.1x/WP A for W P A-PSK Protocol LABEL DESCRIPTION Key Management Protocol Choose WP A-PSK in th is field. Pre-Shared Key T h[...]

  • Page 108

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 108 8.13 Configuring Local User Authentication By storing user profiles locally , your Prestige is able to authenticate wireless users without interacting with a network RADIUS server . However , there is a limit on the number of users you may authentica te in this way . T o change[...]

  • Page 109

    Prestige 662H/HW Series User’s Guide 109 Cha pter 8 Wireless LAN Setu p 8.14 Configuring RADIUS Once you enable the EAP authentication, you need to specify th e external sever for remote user authenticatio n and accounting. T o set up your Prestige’ s RADIUS server settings, click WIRELESS LAN , RADIU S . The screen appears as shown. Figure 36 [...]

  • Page 110

    Prestige 662H/HW Series User’s Guide Chapter 8 Wireless LAN Setup 110 Table 25 RADIUS LABEL DESCRIPTION Authentication Server Active Select Ye s from the drop-down list box to enable user authentication through an external authentication server . Server IP Address Enter the IP address of the external authenticat ion serve r in dotted decimal nota[...]

  • Page 111

    Prestige 662H/HW Series User’s Guide 111 Cha pter 8 Wireless LAN Setu p[...]

  • Page 112

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 112 C HAPTER 9 W AN Setup This chapter describes how to configur e W AN settings. 9.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Internet. See Chapter 3, on page 6 0 for more information on th e fields in the W AN screens. 9.2 Metric The me[...]

  • Page 113

    Prestige 662H/HW Series User’s Guide 113 Chapter 9 WAN Setup 9.3 PPPoE Encap sulation The Prestige supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. The PP PoE option is for a dial-up c[...]

  • Page 114

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 114 Figure 37 Example of T ra ffic Shaping 9.5 Zero Configuration Internet Access Once you turn on and connect the Prestige to a telephone jack, it automatically detects the Internet connection settings (s uch as the VCI/VPI numbers an d the encapsulation method) from the ISP and makes the [...]

  • Page 115

    Prestige 662H/HW Series User’s Guide 115 Chapter 9 WAN Setup Figure 38 W AN Setup (PPPoE) The following table describes the fields in this screen. Table 26 WAN Se t u p LABEL DESCRIPTION Name Enter the name of your Internet Service Provider , e.g., MyISP . This information is for identification purpose s only . Mode Select Routing (default) from [...]

  • Page 116

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 116 Encapsulation Select th e method of encapsulatio n used by your ISP from the drop-down list box. Choices vary depending on the mode you select in th e Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483 . If you select Routing in the Mode field, select PP[...]

  • Page 117

    Prestige 662H/HW Series User’s Guide 117 Chapter 9 WAN Setup 9.7 T raffic Redirect T raffic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet. An exampl e is shown in the figu re below . Connect on Demand Select Connect on Demand when you don't want the co nnection up all the ti me and specify an [...]

  • Page 118

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 118 Figure 39 T raffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is co nnected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each L[...]

  • Page 119

    Prestige 662H/HW Series User’s Guide 119 Chapter 9 WAN Setup Figure 41 W AN Backup The following table describes the fields in this screen. Table 27 WAN Ba c k up LABEL DESCRIPTION Backup T ype Select the method that the Pr estige uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. Se[...]

  • Page 120

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 120 Recovery Interval When the Prestige is using a lower priority connection (usu ally a WAN backup connection), it periodically checks to whether or not it can use a higher priority connection. T ype the number of second s (30 recommended) for the Prestige to wait be tween checks. Allow mo[...]

  • Page 121

    Prestige 662H/HW Series User’s Guide 121 Chapter 9 WAN Setup 9.9 Configuring Advanced W AN Backup T o edit your Prestige’ s advanc ed W AN backup settings, click WA N , W AN Backup and then the Advanc ed Setup button. The sc reen appears as shown. Figure 42 Advanced W AN Backup The following table describes the fields in this screen.[...]

  • Page 122

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 122 Table 28 Advanced W AN Backup LABEL DESCRIPTION Basic Login Name T ype the login name a ssigned by your ISP . Password T ype the password assigned by your ISP . Retype to Confirm T ype your password again to make sure that you have entered is correctly . Authentication T ype Use the dro[...]

  • Page 123

    Prestige 662H/HW Series User’s Guide 123 Chapter 9 WAN Setup RIP V ersion The RIP V ersion field controls the format and the broad casting method of th e RIP packets that the Prestige sends (it recognizes both formats when receiving ). Choose RIP-1 , RIP-2B or RIP-2M . RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is p[...]

  • Page 124

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 124 9.10 A T Command Strings For regular telephone lines, the default "Dial" string tells the modem that the line uses tone dialing. " ATDT " is the command for a switch that requir es tone dialing. If your switch requires pulse dialing, change th e string to " ATDP[...]

  • Page 125

    Prestige 662H/HW Series User’s Guide 125 Chapter 9 WAN Setup Figure 43 Advanced Modem Setu p The following table describes the fields in this screen. Table 29 Advanced Mode m Setup LABEL DESCRIPTION A T Command St r in g s Dial T ype the A T Command string to make a call. Example: atdt Drop T ype the A T Command string to drop a call. " ~ &q[...]

  • Page 126

    Prestige 662H/HW Series User’s Guide Chapter 9 WAN Setup 126 Retry Interval T ype a number of seconds for th e Prestige to wait b efore trying another call after a call has failed. This applies before a phone number is blacklisted. Example: 10 Drop T imeout T ype the number of seconds for the Prestige to wait before dropping the DTR signal if it [...]

  • Page 127

    Prestige 662H/HW Series User’s Guide 127 Chapter 9 WAN Setup[...]

  • Page 128

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 128 C HAPTER 10 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige . 10.1 NA T Overview NA T (Network Address Translation - NA T , RFC 1631) is the translation of the IP address of a host in a packet, fo[...]

  • Page 129

    Prestige 662H/HW Series User’s Guide 129 Chapter 10 Network Address Translation (NAT) Scree n s 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W A N side. When the resp onse[...]

  • Page 130

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 130 Figure 44 How NA T W orks 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks. More examples f[...]

  • Page 131

    Prestige 662H/HW Series User’s Guide 131 Chapter 10 Network Address Translation (NAT) Scree n s • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One : In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance[...]

  • Page 132

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 132 • Choose Full Featur e if you have multiple public W AN IP addresses for your Prestige. 10.3 SUA Server A SUA server set is a list of inside (behind NA T on the LAN) servers, for example, web or FTP, that you can make visible to t he outs ide world ev[...]

  • Page 133

    Prestige 662H/HW Series User’s Guide 133 Chapter 10 Network Address Translation (NAT) Scree n s 10.3.3 Configuring Servers Behind SUA (Example) Let's say you want to assign po rts 21-25 to one FTP , T elnet and SMTP server (A in the example), port 80 to another (B in the exam ple) and assign a default server IP address of 192.168.1.35 to a t[...]

  • Page 134

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 134 Figure 47 NA T Mode The following table describes the labels in this screen. 10.5 Configuring SUA Server If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all packets received for ports that are not specif ied her[...]

  • Page 135

    Prestige 662H/HW Series User’s Guide 135 Chapter 10 Network Address Translation (NAT) Scree n s Figure 48 Edit SUA/NA T Server Set The following table describes the fields in this screen. T able 34 Edit SUA/NA T Server Set LABEL DESCRIPTION S tart Port No. Enter a port number in this f ield. T o forward only one port, enter the port number ag ain[...]

  • Page 136

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 136 10.6 Configuring Address Mapping Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are [...]

  • Page 137

    Prestige 662H/HW Series User’s Guide 137 Chapter 10 Network Address Translation (NAT) Scree n s 10.7 Editing an Address Mapping Rule T o edit an address mapping rule, click the rule’ s link in the NA T Addr ess Mapping Rules screen to display the screen sh own next. Figure 50 Address Mapping Rule Edit The following table describes the fields in[...]

  • Page 138

    Prestige 662H/HW Series User’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 138 Table 36 Address Mapping Rule Edit LABEL DESCRIPTION Ty p e Choose the port mapping type from one of the following. • One-to-One : One-to-One mode maps one local IP address to o ne global IP address. Note that port numbers do not change for One-to-one[...]

  • Page 139

    Prestige 662H/HW Series User’s Guide 139 Chapter 10 Network Address Translation (NAT) Scree n s[...]

  • Page 140

    Prestige 662H/HW Series User’s Guide Chapter 11 Dynamic DNS Setup 140 C HAPTER 11 Dynamic DNS Setup This chapter discusses how to configur e your Prestige to use Dynamic DNS. 1 1.1 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU[...]

  • Page 141

    Prestige 662H/HW Series User’s Guide 141 Chapter 1 1 Dynamic DNS Setup Figure 51 Dynamic DNS The following table describes the fields in this screen. Table 37 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service pr ovider . Host Names T ype th e domain name a[...]

  • Page 142

    Prestige 662H/HW Series User’s Guide Chapter 12 Time and Date 142 C HAPTER 12 T ime and Date This scr een is not available on all models. Us e this scr een to configur e the Pr estige’ s time and date settings. 12.1 Configuring T ime and Date T o change your Prestige’ s time and date, click Time And Date . The screen appears as shown. Use thi[...]

  • Page 143

    Prestige 662H/HW Series User’s Guide 143 Chapter 12 Time and Da te Table 38 T ime and Date LABEL DESCRIPTION T ime Server Use Protocol when Bootup Select the time service protocol that your time server sends w hen you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or [...]

  • Page 144

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 144 C HAPTER 13 Firewalls This chapter gives some backgr ound informa tion on firewall s and intr oduces the Pr estige fir ewall. 13.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . T[...]

  • Page 145

    Prestige 662H/HW Series User’s Guide 145 Chapter 13 Firewalls Information hiding prevents the names of in ternal systems from being made known via DNS to outside systems, since the ap plication gateway is the only ho st whose name must be mad e known to outside systems. Robust authentication and logging pre-authenticates application traffic befor[...]

  • Page 146

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 146 13.3.1 Denial of Service Att acks Figure 53 Prestige Firewall Application 13.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet. Their goal is not to st eal in formation, but to disabl e a device or netwo rk so user[...]

  • Page 147

    Prestige 662H/HW Series User’s Guide 147 Chapter 13 Firewalls 13.4.2 T ypes of DoS Atta cks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death &quo[...]

  • Page 148

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 148 Figure 54 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowle[...]

  • Page 149

    Prestige 662H/HW Series User’s Guide 149 Chapter 13 Firewalls amount of ICMP echo request and response traffic. If a hacker chooses to spoof the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only clog up the "intermedi ary" network, but will also congest the network of the spoofed source IP addre[...]

  • Page 150

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 150 13.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at ta cker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Of[...]

  • Page 151

    Prestige 662H/HW Series User’s Guide 151 Chapter 13 Firewalls Figure 57 S tateful Inspection The previous figure shows the Prestige’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d. However other T elnet[...]

  • Page 152

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 152 temporary entries might be modified, in order to permit only packets that a re valid for the current state o f the connection. 8 Any additional inbound or outb ound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound a[...]

  • Page 153

    Prestige 662H/HW Series User’s Guide 153 Chapter 13 Firewalls If an initiation packet originates on the LAN, this means that someone is trying to make a connection from the LAN to the In ternet. Assuming that this is an acceptable part of the security policy (as is the case w ith the default policy), the connection will be allowed. A cache entry [...]

  • Page 154

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 154 Any protocol that operates in this way must be supported on a case-by-case bas is. Y ou can use the web configurator’ s Custom Ports feature to do this. 13.6 Guidelines for Enhancing Security with Y our Firewall • Change the default passwo rd via SMT or web conf igurator. • Limit[...]

  • Page 155

    Prestige 662H/HW Series User’s Guide 155 Chapter 13 Firewalls • Upgrade your software regularly . Many old er versions of software, especially web browsers, have well known security d efici encies. When you upgrade to the latest versions, you get the latest patches and fixes. • If you use “chat rooms” or IRC sessions, be careful with any [...]

  • Page 156

    Prestige 662H/HW Series User’s Guide Chapter 13 Firewalls 156 • The firewall provides e-mail service to notify you of routine reports and when alerts occur . 13.7.2.1 When T o Use The Firewall • T o prevent DoS attacks and prevent hackers cracking your network. • A range of source an d destination IP address es as well as port numbers can b[...]

  • Page 157

    Prestige 662H/HW Series User’s Guide 157 Chapter 13 Firewalls[...]

  • Page 158

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 158 C HAPTER 14 Firewall Configuration This chapter shows you how to enable and configur e the Pr estige fir ewall. 14.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your Prestige has to offer . For this reason, it is re[...]

  • Page 159

    Prestige 662H/HW Series User’s Guide 159 Chapter 14 Firewall Configuration •W A N t o W A N / R o u t e r This prevents computers on the W AN from using the Prestige as a gateway to communicate with other computers on the W AN and/or managing the Prestige. •D M Z t o L A N • DMZ to DMZ/ Router This prevents computers on the DMZ from co mmun[...]

  • Page 160

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 160 2 What direction of traffic does the rule apply to (refer to the Firewall P olicies Overview section)? 3 What IP services will be affected? 4 What computers on the LAN or DMZ are to be affected (if a ny)? 5 What computers on the Internet will be af fected? The more specif[...]

  • Page 161

    Prestige 662H/HW Series User’s Guide 161 Chapter 14 Firewall Configuration 14.3.3.4 Dest ination Address What is the connection’ s destination address; is it on the LAN, DMZ, W AN? Is it a single IP , a range of IPs or a sub net? 14.4 Connection Direction Example This section describes examples for firewall ru les for connections go ing from LA[...]

  • Page 162

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 162 Figure 59 W AN to LAN T raffic 14.4.3 Alert s Alerts are reports on events, such as attacks, that you may want to know about right away . Y ou can choose to generate an alert when an attack is detected in the Edit Rule screen ( select the Send Alert Message to Administrat[...]

  • Page 163

    Prestige 662H/HW Series User’s Guide 163 Chapter 14 Firewall Configuration Figure 60 Firewall: Default Policy The following table describes the labels in this screen. Table 43 Firewall: Default Policy LABEL DESCRIPTION Firewall En abled Select this check box to activa te the firewa ll. The Prestige performs access control and protects against Den[...]

  • Page 164

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 164 14.6 Rule Summary Click on Fire wall , then Rule Summary to bring up the following screen. This screen is a summary of the existing rules. Note the order in which the rules are listed. Figure 61 Firewall: Rule Summary Note: T he ordering of your rules is very important as[...]

  • Page 165

    Prestige 662H/HW Series User’s Guide 165 Chapter 14 Firewall Configuration 14.6.1 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (i f there is on[...]

  • Page 166

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 166 Figure 62 Firewall: Edit Rule The following table describes the labels in this screen.[...]

  • Page 167

    Prestige 662H/HW Series User’s Guide 167 Chapter 14 Firewall Configuration Table 45 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the radio button to select whether to disca rd ( Block ) o r allow the passage of ( Forward ) packets that match this rule. Source/Destinat[...]

  • Page 168

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 168 14.7 Customized Services Configure customized services and port numb ers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further informa tion on these services, please [...]

  • Page 169

    Prestige 662H/HW Series User’s Guide 169 Chapter 14 Firewall Configuration Figure 64 Firewall: Configure Customized Services The following table describes the labels in this screen. 14.9 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “My Service” connection from the Internet. 1 Click Fir ewall in th[...]

  • Page 170

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 170 Figure 65 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (i f there is one) becomes rule 7. 4 Click Inser t to [...]

  • Page 171

    Prestige 662H/HW Series User’s Guide 171 Chapter 14 Firewall Configuration Figure 66 Firewall Example: Edit Ru le: Des tination Addres s 7 In the Edit Rule screen, click the Customized Servic es link to open the Customized Service screen. 8 Click an index numb er to display the Customized Services -Config screen and configure the screen as follow[...]

  • Page 172

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 172 Figure 68 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rule Summary Note: Custom port s show up with an “*” before their n ames in the Services list box and the Rule Summary list[...]

  • Page 173

    Prestige 662H/HW Series User’s Guide 173 Chapter 14 Firewall Configuration screen should look like the following. Rule 2 allows a “My Service” connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 69 Firewall Example: Rule Summary: My Service 14.10 Predefined Services The A vailable Services list box in the [...]

  • Page 174

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 174 BOOTP_SERVER(UDP:67) DHCP Server . CU-SEEME(TCP/UDP:7648, 24032) A popular videocon ferencing solution from White Pines So ftware. DNS(UDP/TCP:53) Domain Name Server , a servi ce that matches web names (e.g. www .zyxel.com ) to IP numbers. FINGER(TCP:79) Finger is a UNIX [...]

  • Page 175

    Prestige 662H/HW Series User’s Guide 175 Chapter 14 Firewall Configuration 14.1 1 Anti-Probing If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned. This allows the outside user to know the Prestige exists. The Prestige supports anti-probing, which prevents the ICMP respons[...]

  • Page 176

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 176 Figure 70 Firewall: Anti Probing The following table describes the labels in this screen. 14.12 Configuring Att ack Alert Attack alerts are the first defe nse against DOS attacks. In the Threshold screen, shown later , you may choose to generate an alert whenever an attac[...]

  • Page 177

    Prestige 662H/HW Series User’s Guide 177 Chapter 14 Firewall Configuration 14.12.1 Threshold V alues T une these para meters when some thing is not working and after y ou have checked the firewall counters. These default values sh ould work fine for most small offices. Factors influencing choices for threshold values are: • The maximum number o[...]

  • Page 178

    Prestige 662H/HW Series User’s Guide Chapter 14 Firewall Configurat ion 178 Whenever the number of half-o pen sessions with the same destin ation host address rises a bove a threshold ( TCP Maximum Incomplete ), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the de[...]

  • Page 179

    Prestige 662H/HW Series User’s Guide 179 Chapter 14 Firewall Configuration One Minute High This is the rate of new half-open sessio ns that causes the firewall to start deleting half-open sessions. When the rate of new connecti on attempts rises above this number , the Prestige deletes half-open sessions as required to accommodate new connection [...]

  • Page 180

    Prestige 662H/HW Series User’s Guide Chapter 15 Content Filtering 180 C HAPTER 15 Content Filtering This chapter covers how to configur e content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block [...]

  • Page 181

    Prestige 662H/HW Series User’s Guide 181 Chapter 15 Content Filtering Figure 72 Content Filter: Keyword The following table describes the labels in this screen. 15.3 Configuring the Schedule T o set the days and times for the Prestige to perform content filtering, click Cont ent Filter and Schedule . The screen appears as shown. Table 51 Content [...]

  • Page 182

    Prestige 662H/HW Series User’s Guide Chapter 15 Content Filtering 182 Figure 73 Content Filter: Schedule The following table describes the labels in this screen. 15.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content filtering on your Prestige, click Content Filter and Tr u s t e d . The screen appears as shown. [...]

  • Page 183

    Prestige 662H/HW Series User’s Guide 183 Chapter 15 Content Filtering Figure 74 Content Filter: T rusted The following table describes the labels in this screen. Table 53 Content Filter: T rusted LABEL DESCRIPTION T rusted User IP Ran ge From T ype the IP add ress of a computer (or the beginnin g IP address of a speci fic range of computers) on t[...]

  • Page 184

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 184 C HAPTER 16 Content Access Control This chapter gives some backgr ound informa tion on Content Access Contr ol and explains how to get started with the Pr estige Content Access Control. 16.1 Content Access Control Overview Content Access Control (CAC) lets a LA N admini st[...]

  • Page 185

    Prestige 662H/HW Series User’s Guide 185 Chapter 16 Conten t Access Control 16.2 Activating CAC an d Create User Group s From the Site Map , click Content Access Control and General to open the configuration screen. Use this screen to activate Content Access Control and set up the four user groups. Figure 76 Content Access Co ntrol: General The f[...]

  • Page 186

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 186 16.2.1 Configuring T ime Schedule T o set up the time schedule for each user group, click Edit under Tim e in the Control Access Control-General screen. A screen displays as shown next. Group Name Enter the name of a user group for identification purpose s. Restrictions Us[...]

  • Page 187

    Prestige 662H/HW Series User’s Guide 187 Chapter 16 Conten t Access Control Figure 77 Control Access Control: Ge neral: T ime Scheduling The following table describes the labels in this screen. Table 55 Control Access Control: Ge neral: T ime Scheduling LABEL DESCRIPTION T ime Schedu ling Select the first radio button to allow everyday access at [...]

  • Page 188

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 188 16.2.2 Configuring Services T o customize services for e ach user group, click Edit under Se rvices for that user group in the Content Access Control: General screen. Figure 78 Content Access Contro l: General: Services The following table describes the labels in this scre[...]

  • Page 189

    Prestige 662H/HW Series User’s Guide 189 Chapter 16 Conten t Access Control 16.2.2.1 A vailable Services The A vailable Services list box in the Services screen displays some predefined services that the Prestige supports. The following table shows a list of services that can be configured. Next to the name of the service, two fields appear in br[...]

  • Page 190

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 190 MSN Messenger(TCP:1863) Microsoft Networks’ messenger servi ce uses this p rotocol. MUL TICAST(IGMP:0) Internet Group Multicast Pr otocol is used when sending packets to a specific group of hosts. NEW-ICQ(T CP:5190) An Internet chat program. NEWS(TCP:144) A protocol for [...]

  • Page 191

    Prestige 662H/HW Series User’s Guide 191 Chapter 16 Conten t Access Control 16.2.3 Configuring Web Site Filters T o enable content filtering an d to configur e URL keyword blockin g for a user group, click Edit under We b B r o w s i n g in t he Content Access Control: General screen. A screen displays as shown next. TFTP(UDP:69) Tr ivial File Tr[...]

  • Page 192

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 192 Figure 79 Content Access Contro l: G eneral: Web Site Filter[...]

  • Page 193

    Prestige 662H/HW Series User’s Guide 193 Chapter 16 Conten t Access Control The following table describes the labels in this screen. Table 58 Content Access Contro l: General: Web Site Filter LABEL DESCRIPTION Pre-defined Web Content Categories Enable Pre-defined W eb Content Categories to h ave the Prestige check an external database to find to [...]

  • Page 194

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 194 Gambling Selecting this ca tegory excludes pages where a user can place a bet or participate in a betting pool (including lott eries) online. It also includes pages that provide information, assistance, re commendations, or training on placing bets or particip ating in gam[...]

  • Page 195

    Prestige 662H/HW Series User’s Guide 195 Chapter 16 Conten t Access Control Games Selecting this category excludes pages that provide in formation and support game playing or downloading, video game s, computer ga mes, electronic games, tips, and advice on games or how to obtain cheat codes. It also includes pages dedicated to selling board games[...]

  • Page 196

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 196 Religion Selecting this category excludes pages that promote and provide information on conventional or unconventional relig ious or quasi-religious subjects, as well as churches, synagogues, o r othe r houses of worship. It does not include pages containing alternative re[...]

  • Page 197

    Prestige 662H/HW Series User’s Guide 197 Chapter 16 Conten t Access Control 16.2.4 T esting Web Site Access Privileges T o check the acce ss restrictions of a web site, click Diagnose under W eb Br owsing in the Content Access Control: General screen. A screen displays as shown next. The Prestige first checks the web site address for the specifie[...]

  • Page 198

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 198 Figure 80 Content Access Contro l: General: Diagnose The following table describes the labels in this screen. 16.3 User Account Setup W ith Content Access Control, the Prestige requ ires LAN users to login with valid username and password before they are al lowed to access[...]

  • Page 199

    Prestige 662H/HW Series User’s Guide 199 Chapter 16 Conten t Access Control Figure 81 Content Access Co ntro l: User Profiles The following table describes the labels in this screen. Table 60 Content Access Contro l: User Profiles LABEL DESCRIPTION Index This field displays the index numbe r . Username Enter the user name for this account. Passwo[...]

  • Page 200

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 200 16.4 User Online S t atus T o view the online status of each u ser , click Content Access Contro l in the Site Map screen and click Online S tatus to display the screen as shown. Figure 82 Content Access Control: Online S tatus The following table describes the labels in t[...]

  • Page 201

    Prestige 662H/HW Series User’s Guide 201 Chapter 16 Conten t Access Control 16.5 Content Access Control Logins The following sections describe the user and administrator login experience. 16.5.1 User Login 1 Once the initial configuration is complete, a computer on the network cannot gain Internet access without first logging into the Prestige. 2[...]

  • Page 202

    Prestige 662H/HW Series User’s Guide Chapter 16 Content Access Control 202 16.5.2 Administrator Login The administrator can log into the system. • The administrator opens their browser and is di rected to the Prestige user login page (this is the same as the user login). • The administrator enters “admin” as the username a nd the system p[...]

  • Page 203

    Prestige 662H/HW Series User’s Guide 203 Chapter 16 Conten t Access Control[...]

  • Page 204

    Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 204 C HAPTER 17 Anti-V irus Packet Scan This chapter intr oduces and shows you how to configur e the anti-virus packet scan. 17.1 Overview A computer virus is a small program designed to corrupt and/or alter the operati on of other legitimate programs. A worm is a self-replica[...]

  • Page 205

    Prestige 662H/HW Series User’s Guide 205 C hapter 17 Anti-Vir us Packet S can For maximum protection, you must ke ep the pattern file up-to-date. 17.2.1 Computer V irus Infection and Prevention The follow de scribes a sim plistic life cycle of a computer viru s. 1 A computer gets a copy of a virus from an un known source (suc h as the Internet, e[...]

  • Page 206

    Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 206 This is an Internet file transfer service th at operates on the Internet and over TCP/IP networks. A system running the FTP server acc epts commands from a system running an FTP client. The service allows users to send commands to the serv er for uploading and downloading [...]

  • Page 207

    Prestige 662H/HW Series User’s Guide 207 C hapter 17 Anti-Vir us Packet S can 17.4 Anti-virus Packet Scan Configuration Click Anti V irus and Packet Scan to display th e configuration screen as shown next. Figure 86 Anti Virus: Packet Scan The following table describes the labels in this screen. Note: Before you can use the anti-virus packet scan[...]

  • Page 208

    Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 208 17.5 Registration and Online Up date Use the Registration and V ir us Information Update screen to register for and activate the anti-virus packet scan feature on the Prestige. Y ou c an also configure a sch edule for the Prestige to automatically update the vi rus pattern[...]

  • Page 209

    Prestige 662H/HW Series User’s Guide 209 C hapter 17 Anti-Vir us Packet S can Figure 87 Anti Virus: Reg istration and V irus Information Update The following table describes the labels in this screen. Table 64 Anti Vi rus: Registration and V irus Information Update LABEL DESCRIPTION Registrat ion Y ou must register for the anti-virus serv ice bef[...]

  • Page 210

    Prestige 662H/HW Series User’s Guide Chapter 17 Anti-Virus Packet Scan 210 17.5.1 Up dating th e Anti Virus Packet Scan Follow the steps below to update the virus scan on the Prestige manually . 1 In the Registration and V irus Information Update screen, click Update Now . An update progress screen displays as shown. Figure 88 Vi rus Scan Update [...]

  • Page 211

    Prestige 662H/HW Series User’s Guide 211 C hapter 17 Anti-Vir us Packet S can[...]

  • Page 212

    Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 212 C HAPTER 18 Introduction to IPSec This chapter intr oduces the basics of IPSec VPNs. 18.1 VPN Overview A VPN (V irtual Private Network) provides sec ure communications betw een sites without the expense of leased site-to-site lines. A secure VP N is a combination of tunneli[...]

  • Page 213

    Prestige 662H/HW Series User’s Guide 213 Chapter 1 8 Introduc tion to IPSec Figure 90 Encryption and Decryption 18.1.3.2 Dat a Confidentiality The IPSec sender can encrypt packets befo re transmitting them across a network. 18.1.3.3 Dat a Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not be[...]

  • Page 214

    Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 214 Figure 91 IPSec Architecture 18.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402 ) describe the packe t formats and the default standards for packet structure (including implemen tation algor[...]

  • Page 215

    Prestige 662H/HW Series User’s Guide 215 Chapter 1 8 Introduc tion to IPSec Figure 92 T ransport and T unnel Mode IPSec Encapsulation 18.3.1 T ransport Mode Tr a n s p o r t mode is used to protect upper layer prot ocols and only af fects the da ta in the IP packet. In Tr a n s p o r t mode, the IP packet contai ns the security protoc ol ( AH or [...]

  • Page 216

    Prestige 662H/HW Series User’s Guide Chapter 18 Introduction to IPSec 216 NA T is incompatible with the AH protocol in both Tr a n s p o r t and T unnel mode. An IPSec VPN using the AH protocol digitally sig n s the outbound packet, both data p a yload and headers, with a hash value appe nded to the pack et. When using AH protoc ol, packet conten[...]

  • Page 217

    Prestige 662H/HW Series User’s Guide 217 Chapter 1 8 Introduc tion to IPSec[...]

  • Page 218

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 218 C HAPTER 19 VPN Screens This chapter intr oduces the VPN screens. See th e Logs chapter for information on viewing logs and the appendix for IPSec log descriptions. 19.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VP[...]

  • Page 219

    Prestige 662H/HW Series User’s Guide 219 Chapter 19 VP N Screens 19.3 My IP Address My IP Address is the W AN IP address of the Prestige. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup. The following applies if this field is configured as 0.0.0.0 : • The Prestige uses the current Prestige W AN IP address (st[...]

  • Page 220

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 220 19.4 Secure Gateway Address Secure Gateway Address is the W AN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static W AN IP address, enter it in the Secure Gateway Address field. Y ou may alternatively enter the remote secur[...]

  • Page 221

    Prestige 662H/HW Series User’s Guide 221 Chapter 19 VP N Screens Figure 94 VPN Summary The following table describes the fields in this screen. Table 67 VPN Summ ary LABEL DESCRIPTION No. This is the VPN policy index number . Click a numbe r to edit VPN policies. Name This field displays the identificatio n name for this VPN policy . Active This [...]

  • Page 222

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 222 19.6 Keep Alive When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the I PSec SA lifetime period expires (see the IKE Phases section for more on the IPSec SA lifetime). In eff ect, the IPSec tunnel becomes an “always o[...]

  • Page 223

    Prestige 662H/HW Series User’s Guide 223 Chapter 19 VP N Screens Figure 95 NA T Router Between IPSe c Routers Normally you cannot set up a VPN connecti on with a NA T router between the two IPSec routers because the NA T router c hanges the header of th e IPSec packet. In the previous figure, IPSec router A sends an IPSec packet in an attempt to [...]

  • Page 224

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 224 Figure 96 VPN Host using Intranet DNS Server Example If you do not sp ecify an Intran et DNS server on the remote network, th en the VP N host must use IP addresses to access the computers on the remote network. 19.8 ID T ype and Content W ith aggressive negotiation mode (see the Neg[...]

  • Page 225

    Prestige 662H/HW Series User’s Guide 225 Chapter 19 VP N Screens 19.8.1 ID T ype and Content Examples T wo IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two Prestiges in this ex ample can complete negotiation and establish a VPN tunnel. Table 68 Local ID T ype and Content Fie lds LOCAL ID [...]

  • Page 226

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 226 The two Prestiges in this ex ample cannot complete their negotiation because Prestige B’ s Local ID type is IP , but Prestige A ’ s Peer ID type is set to E-mail . An “ID misma tched” message displays in the IPSEC LOG . 19.9 Pre-Shared Key A pre-shared key identifies a commun[...]

  • Page 227

    Prestige 662H/HW Series User’s Guide 227 Chapter 19 VP N Screens Figure 97 VPN IKE The following table describes the fields in this screen.[...]

  • Page 228

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 228 Table 72 VPN IKE LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Th is option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select e ither Ye s or No from the drop-d own list box. Select Ye s to have [...]

  • Page 229

    Prestige 662H/HW Series User’s Guide 229 Chapter 19 VP N Screens End / Subnet Mask When the Loc al Address T ype field is configured to Single , this field is N/ A. When the Loca l Address T ype field is config ured to Range , enter the end (static) IP address, in a range of computers on the LAN behind your Prestige. When the Local Address T ype [...]

  • Page 230

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 230 My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0 : The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel. If [...]

  • Page 231

    Prestige 662H/HW Series User’s Guide 231 Chapter 19 VP N Screens 19.1 1 IKE Phases There are two phases to every IKE (Internet Key Exchange) ne gotiation – phase 1 (Authentication) and ph ase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSe c. Pre-Shared Key T ype your pre-shar[...]

  • Page 232

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 232 Figure 98 T wo Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key . • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Dif fie-Hellman public-key cry p to[...]

  • Page 233

    Prestige 662H/HW Series User’s Guide 233 Chapter 19 VP N Screens • Main Mode ensures the highest level of security when the communi cating parties are negotiating authentication (phase 1). It u ses 6 messages in thr ee round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a n once is a random number). This mode feature[...]

  • Page 234

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 234 Figure 99 VPN IKE: Advanced Setup The following table describes the fields in this screen. Table 73 VPN IKE: Advanced Setup LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 17 for UDP , etc. 0 is the default and signi fies any protocol. Enable Replay Protection As [...]

  • Page 235

    Prestige 662H/HW Series User’s Guide 235 Chapter 19 VP N Screens End Enter a port number in this field to defin e a port range. This port number must be greater than that specified i n the previous fiel d. If Remote St art Port is left at 0, End will also remain at 0. Phase 1 Negotia tion Mode Select Main or Aggressiv e from the drop-down list bo[...]

  • Page 236

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 236 19.13 Manual Key Setup Manual key managemen t is useful if you have pro blems with IKE key managemen t. 19.13.1 Security Parameter Index (SPI) An SPI is used to distinguish dif ferent SAs te rminating at the same de stination and using the same IPSec protocol. This data allows for th[...]

  • Page 237

    Prestige 662H/HW Series User’s Guide 237 Chapter 19 VP N Screens 19.14 Configuring Manual Key Y ou only configure VPN Manu al Key when you select Manual in the IPSec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Figure 100 VPN: Manual Key The following table describes the fields in this screen.[...]

  • Page 238

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 238 Table 74 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy . Name T ype up to 32 characters to ide ntify this VPN policy . Y ou may u se any character , including spaces, but the Prestige drops trailing spaces. IPSec Key Mode Selec[...]

  • Page 239

    Prestige 662H/HW Series User’s Guide 239 Chapter 19 VP N Screens End / Subnet Mask Wh en the Remote Address T ype field is configured to Singl e , this field is N/A. When the Remote Address T ype field is configured to Range , enter the end (static) IP address, in a range of co mputers on the network behind the remote IPSec router . When the Remo[...]

  • Page 240

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 240 19.15 V iewing SA Monitor Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and manage activ e VPN connections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel. This screen displays active VPN c o[...]

  • Page 241

    Prestige 662H/HW Series User’s Guide 241 Chapter 19 VP N Screens 19.16 Configuring Global Setting T o change your Prestige’ s global settings, click VPN an d then Global Setting . The screen appears as shown. Figure 102 VPN: Global Setting The following table describes the fields in this screen. Table 75 LABEL DESCRIPTION No This is the securit[...]

  • Page 242

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 242 19.17 T elecommuter VPN/IPSec Examples The following examples show how multiple telecommuters can make VPN connections to a single Prestige at headquarters. The telecomm uters use IPSec routers with dynamic W AN IP addresses. The Prestige at headquarters ha s a static public IP addre[...]

  • Page 243

    Prestige 662H/HW Series User’s Guide 243 Chapter 19 VP N Screens 19.17.2 T elecommuters Usin g Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresses (use Dynamic DNS to do this). W ith aggressive negotiation mode (see the Negotia[...]

  • Page 244

    Prestige 662H/HW Series User’s Guide Chapter 19 VPN Screens 244 Figure 104 T elecommuters Using Uniq ue VPN Rules Example Table 78 T elecommuters Using Unique VPN Rules Example T ELECOMMUTERS HEADQUARTERS All T elecommuter Rules: All Headquarters Rules: My IP Address 0.0.0. 0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.co[...]

  • Page 245

    Prestige 662H/HW Series User’s Guide 245 Chapter 19 VP N Screens 19.18 VPN and Remote Management If a VPN tunnel uses T e lnet, FTP , WWW , then you should configure remo te management ( Remote Management ) to allow access for that service.[...]

  • Page 246

    Prestige 662H/HW Series User’s Guide Chapter 20 Remote M anagement Configuration 246 C HAPTER 20 Remote Management Configuration This chapter pr ovides in formation on configur ing remote management. 20.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) fro[...]

  • Page 247

    Prestige 662H/HW Series User’s Guide 247 Chapter 20 Remote Ma nagement Configuration • A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e clien[...]

  • Page 248

    Prestige 662H/HW Series User’s Guide Chapter 20 Remote M anagement Configuration 248 20.4 W e b Y ou can use the Prestige’ s embedded web configur ator for configuration and file management . See the online help for details. 20.5 Configuring Remote Management Click Remote Management to open the following screen. Figure 106 Remote Mana gement Th[...]

  • Page 249

    Prestige 662H/HW Series User’s Guide 249 Chapter 20 Remote Ma nagement Configuration[...]

  • Page 250

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 250 C HAPTER 21 Universal Plug-and-Play (UPnP) This chapter intr oduces the UPnP feature in the web configurator . 21.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-pe[...]

  • Page 251

    Prestige 662H/HW Series User’s Guide 251 Chapter 21 Univer sal Plug-and-Play (UPnP) All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 21.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum Creates UPnP™ Impleme[...]

  • Page 252

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 252 21.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click St a r t and Contr ol Panel . Double-click Add/Remo[...]

  • Page 253

    Prestige 662H/HW Series User’s Guide 253 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 108 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check bo x in the Components selection box. Figure 109 Add/Remove Programs: Wind ows Setup: Communication: Components 4 Click OK to go[...]

  • Page 254

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 254 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP . 1 Click St a r t and Control Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking[...]

  • Page 255

    Prestige 662H/HW Series User’s Guide 255 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 1 1 Windows Optional Networking Com ponents Wizard 5 In the Networking Services window , select the Universal Plug and Play check box.[...]

  • Page 256

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 256 Figure 1 12 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 21.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in Wi ndows XP . Y ou must al ready have U[...]

  • Page 257

    Prestige 662H/HW Series User’s Guide 257 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 13 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.[...]

  • Page 258

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 258 Figure 1 14 Internet Connection Properties 4 Y ou may edit or delete the port mappings or click Add to manually add port mappings.[...]

  • Page 259

    Prestige 662H/HW Series User’s Guide 259 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 15 Internet Connection Properties: Adva nced Settings Figure 1 16 Internet Connection Properties: Advanced Settings: Add 5 When the UP nP-enabled device is disconn ected from your computer , all port mappings will be deleted automatically . 6 Select Show [...]

  • Page 260

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 260 Figure 1 17 System T r ay Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection status. Figure 1 18 Internet Connection S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-based configur ator on the Prestige w ithout [...]

  • Page 261

    Prestige 662H/HW Series User’s Guide 261 Chapter 21 Univer sal Plug-and-Play (UPnP) Figure 1 19 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your Prestige and select Invoke . The web configurator login screen displays.[...]

  • Page 262

    Prestige 662H/HW Series User’s Guide Chapter 21 Universa l Plug-and-Play (UPnP) 262 Figure 120 Network Connections: My Network Places 6 Right-click on the icon for your Prestige and select Pr operties . A properties window displays with basic information about the Prestige. Figure 121 Network Connections: My Networ k Places: Properties: Example[...]

  • Page 263

    Prestige 662H/HW Series User’s Guide 263 Chapter 21 Univer sal Plug-and-Play (UPnP)[...]

  • Page 264

    Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 264 C HAPTER 22 Logs Screens This chapter contains informa tion about configuring general log settings and viewing the Pr estige’ s logs. Refer to the appendix for example log messa ge e xplanations. 22.1 Logs Overview The web confi gurator allows you to choose which c ategories of e[...]

  • Page 265

    Prestige 662H/HW Series User’s Guide 265 Chapter 22 Log s Screens Figure 122 Log Settings The following table describes the fields in this screen. Table 81 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below . If this field is left blank, logs [...]

  • Page 266

    Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 266 22.3 Displaying the Logs Click Logs and then Vi e w L o g to open the Vie w L og s sc reen. Use the Vi e w L og s screen to see the logs for the categories that you selected in the Log Settings screen (see the Configuring Log Settings section ). Log entries in red indicate alerts .[...]

  • Page 267

    Prestige 662H/HW Series User’s Guide 267 Chapter 22 Log s Screens Figure 123 Vi ew Logs The following table describes the fields in this screen. 22.4 SMTP Error Messages If there are d iffic ulties in sendi ng e-mail the following error m essages appe ar . E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ?[...]

  • Page 268

    Prestige 662H/HW Series User’s Guide Chapter 22 Logs Scree ns 268 22.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail. • Y ou may edit the subject title. • The date format here is Day-Month-Y ear . • The date format her[...]

  • Page 269

    Prestige 662H/HW Series User’s Guide 269 Chapter 22 Log s Screens[...]

  • Page 270

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 270 C HAPTER 23 Media Bandwid th Management Advanced Setup This chapter describes th e functions and ad vanced configuration of bandwidth managemen t. 23.1 Bandwid th Management Advanced Setup Overview Bandwidth management allo ws you to allocate an interf[...]

  • Page 271

    Prestige 662H/HW Series User’s Guide 271 Chapter 23 Med ia Bandwidth Management Advanced Setu p that you configure child-classes with filters fo r any classes that you co nfigure without filters. The Prestige leaves the bandwidth budget allocate d and unused for a class that does not have a filter itself or child-classes with filters. V iew your [...]

  • Page 272

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 272 Figure 126 Subnet-based Ba ndwidt h Management Example 23.4.3 Application and Subn et-based Bandwid th Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet ar e allo[...]

  • Page 273

    Prestige 662H/HW Series User’s Guide 273 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.5.1 Priority-based Scheduler W ith the priority-based scheduler , the Prestige forwards traffic from bandwidth classes according to the priorities that you assign to the bandwidth classes. The lar ger a bandwidth class’ s priority number is, the h[...]

  • Page 274

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 274 23.6.2 Maximize Ba ndwid th Usag e Example Here is an example of a Prestige that has ma xi mized bandwidth usage ena bled on an interface. The first figure shows each bandwidth class’ s bandwidth bu dget and pr iority . The classes are set up based o[...]

  • Page 275

    Prestige 662H/HW Series User’s Guide 275 Chapter 23 Med ia Bandwidth Management Advanced Setu p Figure 129 Maximize Bandwid th Usage Example 23.7 Bandwid th Borrowing Bandwidth borrowing allows a child -class to borrow unused bandwidth from its paren t class, whereas maximize bandwidth usage allows bandwidth classes to bo rrow any unused or unbud[...]

  • Page 276

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 276 Figure 130 Bandwidth Borrowing Example • The Bill class can borrow un used bandwidth from the Sales USA class because the Bill class has bandwidth borrowing enabled. • The Bill class can also borrow unused bandw idth from the Sales class because th[...]

  • Page 277

    Prestige 662H/HW Series User’s Guide 277 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.7.2 Maximize Bandwid th Us age With Bandwid th Borrowing If you configure both maximiz e bandwidth usage (on the interface) and bandwidth bo rrowing (on individual child-classes), th e Prestige functions as follows. 1 The Prestige sends traffic acco[...]

  • Page 278

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 278 23.9 Configuring Class Setup The class se tup screen displays the configured band width classes by individual interface. Select an interface and click the buttons to pe rform the actions describe d next. Click “+” to expand the class tree or click [...]

  • Page 279

    Prestige 662H/HW Series User’s Guide 279 Chapter 23 Med ia Bandwidth Management Advanced Setu p Figure 132 Media Bandwid th Management: Class Setup The following table describes the labels in this screen. 23.9.1 Media Bandwid th Mana gement Class Configuration Configure a bandwidth management class in the Class Configuration scre en. Y ou must us[...]

  • Page 280

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 280 Figure 133 Media Bandwid th Management: Class Configuration The following table describes the labels in this screen Table 87 Media Bandwid th Management: Class Configuration LABEL DESCRIPTION Class Name Use the auto-generated name or en ter a descripti[...]

  • Page 281

    Prestige 662H/HW Series User’s Guide 281 Chapter 23 Med ia Bandwidth Management Advanced Setu p Service Y ou can select a predefined serv i ce instead of configuring th e Destination Port , Source Port and Protocol ID fields. SIP (Session Initiation Protocol) is a signaling protocol used in Internet telephony , instant messaging and other V oIP ([...]

  • Page 282

    Prestige 662H/HW Series User’s Guide Chapter 23 M edia Bandwidth Managemen t Advanced Setup 282 23.9.2 Media Bandwid th Management St atistics Use the Media Bandwidth Management S tatistics screen to view network performance information. Click the S tatistics button in the Class Setup screen to open the St a t i s t i c s screen. Figure 134 Media[...]

  • Page 283

    Prestige 662H/HW Series User’s Guide 283 Chapter 23 Med ia Bandwidth Management Advanced Setu p 23.10 Bandwid th Monitor T o view the Pres tige’ s bandwidt h usage and allotments, click Media Bandwidth Management , then Monitor . The screen appears as shown. Figure 135 Media Bandwid th Management: Monitor The following table describes the label[...]

  • Page 284

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 284 C HAPTER 24 Maintenance This chapter displays system information such as ZyN OS firmwar e, port IP addresses and port traffic statistics. 24.1 Maintenance Overview The maintenanc e screens can help you view system inform a tion, upload new firmware, manage configuratio n and restart [...]

  • Page 285

    Prestige 662H/HW Series User’s Guide 285 Chapter 24 Maintenance Figure 136 System S tatus The following table describes the fields in this screen. Table 91 System S tatus LABEL DESCRIPTION System S tatus System Name This is the name of your Pre stige. It is for identification purposes.[...]

  • Page 286

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 286 24.2.1 System St atistics Click Show S tatistics in the System S tatus scre en to open the following screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interva[...]

  • Page 287

    Prestige 662H/HW Series User’s Guide 287 Chapter 24 Maintenance Figure 137 System S tatus: Show S tatistics The following table describes the fields in this screen. Table 92 System S tatus: Show S tatistics LABEL DESCRIPTION System up T ime This is the elapsed time the system has been up. CPU Load Th is field specifies the pe rcentage of CPU util[...]

  • Page 288

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 288 24.3 DHCP T able Screen DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige [...]

  • Page 289

    Prestige 662H/HW Series User’s Guide 289 Chapter 24 Maintenance 24.4 Any IP T able Screen Click Maintenance , Any IP . The Any IP table sho ws cu rrent read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate w ith the Prestige. Refer to the Any IP section for more info[...]

  • Page 290

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 290 Figure 140 Associa tion List The following table describes the fields in this screen. 24.6 Diagnostic Screens These read-only screens display information to help you identify proble ms with the Prestige. 24.6.1 Diagnostic General Screen Click Diagnostic and then General to open the s[...]

  • Page 291

    Prestige 662H/HW Series User’s Guide 291 Chapter 24 Maintenance Figure 141 Diagnostic: General The following table describes the fields in this screen. 24.6.2 Diagnostic DSL Line Screen Click Diagnostic and then DSL Line to o pen the screen shown next. Table 96 Diagnostic: General LABEL DESCRIPTION TCP/IP Address T ype the IP address of a compute[...]

  • Page 292

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 292 Figure 142 Diagnostic: DSL Line The following table describes the fields in this screen. Table 97 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation,[...]

  • Page 293

    Prestige 662H/HW Series User’s Guide 293 Chapter 24 Maintenance 24.7 Firmware Screen Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "Prestige.bin". The upload process uses HTTP (Hypertext T ransfer Protocol) and may take up to two minutes. Afte r a successful[...]

  • Page 294

    Prestige 662H/HW Series User’s Guide Chapter 24 Maintenance 294 After you see the Firmware Upload in Pr ocess screen, wait two minutes before logging into the Prestige again. The Prestige automatically restarts in this time causing a temporary networ k disconnect. In some operating systems, you may see the following icon on your desktop. Figure 1[...]

  • Page 295

    Prestige 662H/HW Series User’s Guide 295 Chapter 24 Maintenance[...]

  • Page 296

    Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 296 C HAPTER 25 Introducing the SMT This chapter explains how to ac cess and navigat e the System Management T erminal and giv es an overview of its menus. 25.1 SMT Introduction T he Prestige’ s SMT (System Managem ent T ermin al) is a menu-driven inte rface that you can acces[...]

  • Page 297

    Prestige 662H/HW Series User’s Guide 297 Chapter 25 In troducing the SMT Figure 146 Login Screen 25.1.3 Prestige SMT Menu Overview W e use the Prestige 662HW -61 SMT menus in this guide as an example. The SMT menus vary slightly for different Prestige models. The following figure gives you an overview of the various SMT menu screens of your Pres-[...]

  • Page 298

    Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 298 Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below . After you enter the password, the SMT di splays the main menu, as shown next. Table 99 Navigati ng the SMT Interface OPERATION KEY STROKE DESC[...]

  • Page 299

    Prestige 662H/HW Series User’s Guide 299 Chapter 25 In troducing the SMT 25.2.1 System Manage ment T erminal Interface Summary 25.3 Changing the System Password Change the P restige defau lt password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty . 2 Enter 1 to display Menu 23.1 - System Secur[...]

  • Page 300

    Prestige 662H/HW Series User’s Guide Chapter 25 Intro ducing the SMT 300 Figure 148 Menu 23.1 Chang e Password 4 T ype your new system password in the New Password field (up to 30 characters), and press [ENTER] . 5 Re-type your new system password in the Retype to confirm field for confirmation and press [ENTER] . Menu 23.1 - System Security - Ch[...]

  • Page 301

    Prestige 662H/HW Series User’s Guide 301 Chapter 25 In troducing the SMT[...]

  • Page 302

    Prestige 662H/HW Series User’s Guide Chapter 26 Menu 1 General Setup 302 C HAPTER 26 Menu 1 General Setup Menu 1 - General Setup contains administrative an d system-r elated information. 26.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purp[...]

  • Page 303

    Prestige 662H/HW Series User’s Guide 303 Chapter 26 Menu 1 General Setup Figure 149 Menu 1 General Setu p Fill in the required fields. Refer to the tabl e shown next for more information about these fields. 26.2.1 Procedure to Configure Dynamic DNS T o configure dy namic DNS, go to Menu 1 — General Setup and select Ye s in the Edit Dynamic DNS [...]

  • Page 304

    Prestige 662H/HW Series User’s Guide Chapter 26 Menu 1 General Setup 304 Figure 150 Menu 1.1 Configure Dyn amic DNS Follow the instructions in the next tabl e to configure dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Co[...]

  • Page 305

    Prestige 662H/HW Series User’s Guide 305 Chapter 26 Menu 1 General Setup[...]

  • Page 306

    Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 306 C HAPTER 27 Menu 2 W AN Backup Setup This chapter describes ho w to configur e traffic r edir ect an d dial-backup using menu 2 and 2.1. 27.1 Introduction to W AN Backup Setup This chapter explains how to configure the Pr estige for traf fic redirect and dial backup conne[...]

  • Page 307

    Prestige 662H/HW Series User’s Guide 307 Chapter 27 Menu 2 WAN Backup Setup 27.2.1 T raffic Redirect Setup Configure parameters that determine when th e Prestige will forward W AN traffic to the backup gateway using Menu 2.1 — T raffic Redir ect Setup . Figure 152 Menu 2.1 T raffic Redirect Setup The following table describes the fields in this[...]

  • Page 308

    Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 308 27.3 Configuring Dial Backup Setup 1 From the main menu, enter 2 to open me nu 2. Then move the curs or to the Dial Backup field in 2 Menu 2 - W AN Backup Setup , pre ss the [SP ACE BAR] to select Ye s and then press [ENTER]. Figure 153 Menu 2.2 Dial Backup Setup The foll[...]

  • Page 309

    Prestige 662H/HW Series User’s Guide 309 Chapter 27 Menu 2 WAN Backup Setup 27.4 Advanced Dial Backup Setup T o edit the advanced setup for the dial backup port, move the cursor to the Edit Advanced Setup field in Menu 2.2 Dial Backup Setup , press the [SP ACE BAR] to select Ye s and then press [ENTER]. Edit Advanced Setup T o edit the advanced s[...]

  • Page 310

    Prestige 662H/HW Series User’s Guide Chapter 27 Menu 2 WAN Backup Setup 310 Figure 154 Menu 2.2.1 Advanced Dial Backup Setup The following table describes fields in this menu. Menu 2.2.1 - Advanced Dial Backup Se tup AT Command Strings: Call Control: Dial= atd Dial Timeout(sec)= 60 Drop= ~~+++~~ath Retry Count= 0 Answer= ata Retry Interval(sec)= [...]

  • Page 311

    Prestige 662H/HW Series User’s Guide 311 Chapter 27 Menu 2 WAN Backup Setup Drop T imeout (sec) Enter a number of seconds fo r the Prestige to wait before dropping the DTR signal if it does not receive a positive disconnect confirmatio n. Call Back Delay (sec) Ente r a number of secon ds for the Prestige to wait be tween dropping a callback reque[...]

  • Page 312

    Prestige 662H/HW Series User’s Guide Chapter 28 Menu 3 LAN Setup 312 C HAPTER 28 Menu 3 LAN Setup This chapter covers how to configur e your wir ed Local Ar ea Network (LAN) settings. 28.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup . From the main menu, enter 3 to display menu 3. Figure 155 Menu 3 LA[...]

  • Page 313

    Prestige 662H/HW Series User’s Guide 313 C hapter 28 Men u 3 LAN Setup 28.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, you need to co nfigure the respectiv e Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Configuration section . • For bridging Ethernet set[...]

  • Page 314

    Prestige 662H/HW Series User’s Guide Chapter 28 Menu 3 LAN Setup 314 Figure 157 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Follow the instructions in the following table on how to configure th e DHCP fields. Follow the instructions in the following tabl e to configure TCP/IP parameters for the Ethernet port. Menu 3.2 - TCP/IP and DHCP Setup DHCP Se[...]

  • Page 315

    Prestige 662H/HW Series User’s Guide 315 C hapter 28 Men u 3 LAN Setup IP Subnet Mask Y our Prestige will automatically calculate the su bnet mask based on the IP address that you assign. Unl ess you are implemen ting subnetting, use the subnet mask computed by the Prestige (refer to the IP Subnetting appendix for more information). RIP Direction[...]

  • Page 316

    Prestige 662H/HW Series User’s Guide Chapter 29 Wireless LAN Setup 316 C HAPTER 29 W ireless LAN Setup This chapter covers how to configur e wir e less LAN se ttings in SMT menu 3.5. 29.1 Wireless LAN Overview Refer to the chapter on the wireless LAN scr eens for wireless LAN background information. 29.2 Wireless LAN Setup Use menu 3.5 to set up [...]

  • Page 317

    Prestige 662H/HW Series User’s Guide 317 Chapter 29 Wirele ss LAN Setup 29.2.1 Wireless LAN MAC Address Filter The next layer of security is MAC address filter . T o allow a wireless st ation to associate with the Prestige, enter the MAC address of the wireless LAN ada pter on that wireless station in the MAC address table. Channel ID Press [SP A[...]

  • Page 318

    Prestige 662H/HW Series User’s Guide Chapter 29 Wireless LAN Setup 318 Figure 159 Menu 3.5.1 WLAN MAC Address Filtering The following table describes the fields in this menu. Menu 3.5.1 - W LAN MAC Address Filter Active= No Filter Action= A llowed Association ----------------------------------- --------------------------------------- 1= 00:00:00:[...]

  • Page 319

    Prestige 662H/HW Series User’s Guide 319 Chapter 29 Wirele ss LAN Setup[...]

  • Page 320

    Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 320 C HAPTER 30 Internet Access This chapter shows you how to configur e th e LAN and W AN of your Prestige for Internet access . 30.1 Internet Access Overview Refer to the chapters on the web configurat or’ s wizard, LAN and W AN screens for more background information on fields i[...]

  • Page 321

    Prestige 662H/HW Series User’s Guide 321 Chapter 30 Internet Access Figure 160 IP Alias Network Example Use menu 3.2.1 to co nfigure IP Alias on your Prestige. 30.4 IP Alias Setup Use menu 3.2 to configure the first netw ork. Move the cursor to Edit IP Alias field and press [ SP ACEBAR] to choose Ye s and press [ENTER] to configure the sec ond an[...]

  • Page 322

    Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 322 Figure 162 Menu 3.2.1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. 30.5 Route IP Setup The first step is to en able the IP routing in Menu 1 — General Setup . T o edit menu 1, type 1 in the main menu and press [ ENTER ]. Set th[...]

  • Page 323

    Prestige 662H/HW Series User’s Guide 323 Chapter 30 Internet Access Figure 163 Menu 1 General Setu p 30.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of t he remote nodes that you can access in menu 1 1 . Before you configure your Prestige fo[...]

  • Page 324

    Prestige 662H/HW Series User’s Guide Chapter 30 Internet Access 324 . If all your settings are correct your Prestige shou ld connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps. Table 114 Menu 4 Internet Access Setup FIELD DESCRIPTION [...]

  • Page 325

    Prestige 662H/HW Series User’s Guide 325 Chapter 30 Internet Access[...]

  • Page 326

    Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 326 C HAPTER 31 Remote Node Configuration This chapter covers r emo te node configu ration. 31.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway . A re[...]

  • Page 327

    Prestige 662H/HW Series User’s Guide 327 Chap ter 31 Remote Node Configuratio n Figure 165 Menu 1 1 Remote Node Setup 31.2.2 Encap sulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiple xing methods used by your ISP . Consult your telephone company for informat ion on en capsulation and multiplexing [...]

  • Page 328

    Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 328 Figure 166 Menu 1 1.1 Remote Node Profile In Menu 1 1 .1 – Remote Node Profile , fill in the fields as de scrib ed in the following table. Menu 11.1 - Remote Node Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= N[...]

  • Page 329

    Prestige 662H/HW Series User’s Guide 329 Chap ter 31 Remote Node Configuratio n 31.2.3 Outgoing Au thentication Protocol For obvious reasons, you sho uld employ the strongest authentication protocol possible. However , some vendors’ implementation includ es specific authentication protocol in the user profile. It will disconnect if the negotiat[...]

  • Page 330

    Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 330 31.3 Remote Node Network Layer Options For the TCP/IP parameters, perf orm the following steps to edit Menu 1 1.3 – Remote Node Network Layer Options as shown next. 1 In menu 1 1.1, make sure IP is among the protocols in the Route fi eld. 2 Move the cu rs or to the [...]

  • Page 331

    Prestige 662H/HW Series User’s Guide 331 Chap ter 31 Remote Node Configuratio n 31.3.1 My W AN Addr Sample IP Addresses The following figure uses sample IP addresses to help you understand the field of My W AN Addr in menu 1 1.3. Refer to the previous Figu re 19 in the we b configurator chap ter on LAN setup for a brief review of what a W AN IP i[...]

  • Page 332

    Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 332 Figure 168 Sample IP Addresses for a TC P/IP LAN-to-LAN Connection 31.4 Remote Node Filter Move the cu rs or to the Edit Filter Sets field in menu 1 1 .1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to display Menu 1 1.5 – Remote Node Filter . Use Menu 1 [...]

  • Page 333

    Prestige 662H/HW Series User’s Guide 333 Chap ter 31 Remote Node Configuratio n Figure 169 Menu 1 1.5 Remote Node Filter (RFC 1483 or ENET Encap sulation) Figure 170 Menu 1 1.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 31.5 Editing A TM Layer Options Follow the steps shown next to edit Menu 1 1.6 – Remote Node A TM Layer Options . In me[...]

  • Page 334

    Prestige 662H/HW Series User’s Guide Chapter 31 Remot e Node Configur ation 334 Figure 171 Menu 1 1.6 for VC-based Multiplexing 31.5.2 LLC-based Multiplexing or PPP Encap sulation For LLC-based multiplexing or PPP encapsulation, one VC ca rries multiple protocols with protocol identifyi ng information being contained in each packet header . Figur[...]

  • Page 335

    Prestige 662H/HW Series User’s Guide 335 Chap ter 31 Remote Node Configuratio n Figure 173 Menu 1 1.1 Remote Node Profile Move the cursor to the Edit Advance Options field, press [SP ACE BAR] to select Ye s , then press [ENTER] to display Menu 1 1.8 – Advance Setup Options . Figure 174 Menu 1 1.8 Advance Setu p Options The following table descr[...]

  • Page 336

    Prestige 662H/HW Series User’s Guide Chapter 32 Static Route Setup 336 C HAPTER 32 S t atic Route Setup This chapter shows how to setup IP static ro utes. 32.1 IP S tatic Route Overview Stat ic routes tell the Prestige ro uting information that it cann ot learn automatically through other means. This can arise in cases where RIP is disabled on th[...]

  • Page 337

    Prestige 662H/HW Series User’s Guide 337 Chapter 32 Static Route Setup Figure 176 Menu 12 S tati c Route Setup From menu 12, select 1 to open Menu 12.1 — IP S tatic Route Setup (shown next). Figure 177 Menu 12.1 IP S tatic Route Setup Now , type the route number of a st atic route you want to configure. Figure 178 Menu12.1.1 Edit IP S tatic Rou[...]

  • Page 338

    Prestige 662H/HW Series User’s Guide Chapter 32 Static Route Setup 338 The following table describes the fields for Menu 12.1.1 – Edit IP S tatic Route Setup . Table 118 Menu12.1.1 Edit IP S tatic Route FIELD DESCRIPTION Route # This is the index number of the stat ic route that you chose in menu 12.1. Route Name T ype a descri ptive name for t[...]

  • Page 339

    Prestige 662H/HW Series User’s Guide 339 Chapter 32 Static Route Setup[...]

  • Page 340

    Prestige 662H/HW Series User’s Guide Chapter 33 Bridgin g Setup 340 C HAPTER 33 Bridging Setup This chapter shows you how to configur e the bridging parameters of your Pr es tige. 33.1 Bridging in General Bridging bases the forwarding decision on th e MAC (Media Access Control), or ha rdware address, while routing does it on the network layer (IP[...]

  • Page 341

    Prestige 662H/HW Series User’s Guide 341 Chapter 33 Bridging Setup Figure 179 Menu 1 1.1 Remote Node Profile 3 Move the cursor to the Edit IP/Bridge field, then press [ SP ACE BAR ] to set the value to Ye s a nd press [E NTER] to edit Menu 1 1.3 – Remote Node Network Layer Options . Figure 180 Menu 1 1.3 Remote Node Network Laye r Options Menu [...]

  • Page 342

    Prestige 662H/HW Series User’s Guide Chapter 33 Bridgin g Setup 342 33.2.2 Bridge St atic Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a conn ection is established. Y ou c onfigure b ridge static routes in menu 12.3.1 (go to menu 12, choose option 3, then choose a static[...]

  • Page 343

    Prestige 662H/HW Series User’s Guide 343 Chapter 33 Bridging Setup[...]

  • Page 344

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 344 C HAPTER 34 Network Address T ranslation (NA T) This chapter discusses how to configur e NA T on the Pr es tige. 34.1 Using NA T Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the Pres[...]

  • Page 345

    Prestige 662H/HW Series User’s Guide 345 Chapter 34 Network Address Transla tion (NAT) Figure 182 Menu 4 Applying NA T for Internet Access The following figure shows how you apply NA T to the remote node in menu 1 1.1. 1 Enter 1 1 from the main menu. 2 When menu 1 1 appears, as shown in th e follo wing figure, type the number of the remote node t[...]

  • Page 346

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 346 34.3 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computers on the LAN. Set 255 is used for SUA. When you select Full Feature in menu 4 or 1 1.3, the SMT will use Set 1 . When you sele[...]

  • Page 347

    Prestige 662H/HW Series User’s Guide 347 Chapter 34 Network Address Transla tion (NAT) Figure 185 Menu 15.1 Addr ess Mapping Sets 34.3.1.1 SUA Address Mapping Set Enter 255 to display the next screen (see also secti on 27.1.1). The fields in t his menu cannot be changed. Figure 186 Menu 15.1.255 SUA Address Mapping Rule s The following table expl[...]

  • Page 348

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 348 34.3.1.2 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.1. En ter 1 to bring up this menu. W e’ll just look at the differences from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in thi[...]

  • Page 349

    Prestige 662H/HW Series User’s Guide 349 Chapter 34 Network Address Transla tion (NAT) 34.3.1.3 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the c urrent pack et, the Prestige take s the corresponding action and the remaining rules are ignored. If[...]

  • Page 350

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 350 Figure 188 Menu 15.1.1.1 Editing/Configuring a n Individual Rule in a Set The following table explains the fields in t his menu. 34.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Me[...]

  • Page 351

    Prestige 662H/HW Series User’s Guide 351 Chapter 34 Network Address Transla tion (NAT) Figure 189 Menu 15.2 NA T Server Setup 3 Enter 1 to go to Menu 15.2.1 NA T Server Setup as follows. Figure 190 Menu 15.2.1 NA T Server Setup 4 Enter a port number in an unused St a r t P o r t N o field. T o forward only one port, enter it again in the End Port[...]

  • Page 352

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 352 Figure 191 Multiple Servers Behind NA T Example 34.5 General NA T Examples The following are some exam ples of NA T configuration. 34.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Loc[...]

  • Page 353

    Prestige 662H/HW Series User’s Guide 353 Chapter 34 Network Address Transla tion (NAT) Figure 192 NA T Examp le 1 Figure 193 Menu 4 Internet Access & NA T Example From menu 4, choose the SUA Only option from the Network Address T ranslation field. This is the Many-to-One mapping discus sed in the General NA T Examples section . Th e SUA Only [...]

  • Page 354

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 354 Figure 194 NA T Examp le 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure. Figure 195 Menu 15.2.1 Specifying an Inside Serve[...]

  • Page 355

    Prestige 662H/HW Series User’s Guide 355 Chapter 34 Network Address Transla tion (NAT) Y ou also map your third IGA to the web serv er and mail server on the LAN. T ype Server allows you to specify multiple se rvers, of dif ferent types, to other computers behind NA T on the LAN. The example situation looks somewhat like this: Figure 196 NA T Exa[...]

  • Page 356

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 356 Figure 197 Example 3: Menu 1 1.3 The following figures show how to configure the first rule Figure 198 Example 3: Menu 15.1.1.1 Menu 11.3 - Remote Node Network Laye r Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= [...]

  • Page 357

    Prestige 662H/HW Series User’s Guide 357 Chapter 34 Network Address Transla tion (NAT) Figure 199 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 in Menu 15 - NA T Setup . 3 Enter 1 in Menu 15.2 - NA T Server Sets to see the following menu. Configure[...]

  • Page 358

    Prestige 662H/HW Series User’s Guide Chapter 34 Network Address Translation (NAT) 358 Figure 200 Example 3: Menu 15.2.1 34.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numb ers [...]

  • Page 359

    Prestige 662H/HW Series User’s Guide 359 Chapter 34 Network Address Transla tion (NAT) Figure 202 Example 4: Menu 15.1.1.1 Address Mappin g Rule After you’ve configured your rule , you should be able to check the settings in menu 15.1.1 as shown next. Figure 203 Example 4: Menu 15.1.1 Address Map ping Rules Menu 15.1.1.1 Address Mapping Rule Ty[...]

  • Page 360

    Prestige 662H/HW Series User’s Guide Chapter 35 Enabling the Firewall 360 C HAPTER 35 Enabling the Firewall This chapter shows you how to get started with the Pr estige fir ewall. 35.1 Remote Management and the Firewall When SMT menu 24.1 1 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The [...]

  • Page 361

    Prestige 662H/HW Series User’s Guide 361 Chapter 35 Enablin g the Firewall Figure 204 Menu 21.2 Firewa ll Setup Use the we b configurat or or the comm and in terpreter to configure the firewall rules Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks when it is active. The default Poli cy sets 1. allow all se[...]

  • Page 362

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 362 C HAPTER 36 Filter Configuration This chapter shows you how to cr eate and apply filters. 36.1 About Filtering Y our Prestige uses filters to decide whether or no t to allow passage of a data packet and/or to make a call. There are two types of filter appli cations: data fil[...]

  • Page 363

    Prestige 662H/HW Series User’s Guide 363 Chapter 36 Filter Configuration Figure 206 Filter Rule Process Y ou can apply up to four filter sets to a partic ular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port. For incoming packets, yo ur Prestige a[...]

  • Page 364

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 364 36.2 Configuring a Filter Set for the Prestige T o configure a filter set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Fir ewall Setup . 2 Enter 1 to display Menu 21.1 – Filter Set Configu r ation as shown next. Figure 207 Men[...]

  • Page 365

    Prestige 662H/HW Series User’s Guide 365 Chapter 36 Filter Configuration Figure 209 NetBIOS_LAN Filter Rules Summary Figure 210 IGMP Filter Rules Summary 36.3 Filter Rules Summary Menus The following tables briefly descri be the abbreviations used in menus 21.1.1 and 21.1.2. Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- [...]

  • Page 366

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 366 The protocol dependent filter rules abbreviation are listed as follows: 36.4 Configuring a Filter Rule T o configure a filter rule , type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.1 .x.1 for the rule. There are two types of filter r[...]

  • Page 367

    Prestige 662H/HW Series User’s Guide 367 Chapter 36 Filter Configuration 36.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers. T o configure TCP/IP rules, select TCP/IP Filter Rule from[...]

  • Page 368

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 368 The following figure illustrates th e logic flow of an IP filter. Port # T ype the destination port of the packets you want to fi lter . The field rang e is 0 to 65535. A 0 field i s ignored. Port # Comp Select the comparison to apply to the dest inatio n port in the packet [...]

  • Page 369

    Prestige 662H/HW Series User’s Guide 369 Chapter 36 Filter Configuration Figure 212 Executing an IP Filter 36.4.2 Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP , it is generally easier to us e the IP rules directly . For generic rul[...]

  • Page 370

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 370 T o configure a generic rule select an empty filter set in menu 21, for example 5. Select Generic Filter Rule in the Filter T y pe field and press [ENTER] to open Menu 21.1.5.1 – Generic Filter Rule , as shown in th e following figure. Figure 213 Menu 21.1.5.1 Generic Filt[...]

  • Page 371

    Prestige 662H/HW Series User’s Guide 371 Chapter 36 Filter Configuration 36.5 Filter T ypes and NA T There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/ to LAN and W AN. Protocol Filter rules act on IP packets. When NA T (Network Address T ranslati[...]

  • Page 372

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 372 Figure 215 Sample T elnet Filter 1 Enter 1 in the menu 21 to display Menu 21.1 — Fi lter Set Configuration . 2 Enter the index number of th e filter set you want to configure (in this case 6) . 3 T ype a descriptive name or comment in the Edit Comments field (for example, [...]

  • Page 373

    Prestige 662H/HW Series User’s Guide 373 Chapter 36 Filter Configuration 2 Go to the Edit Filter Sets field, press [SP ACE BAR] to choose Ye s and press [ENTER]. This brings you to menu 11.5. Apply the ex ample filter set (for example, fi lter set 3) in this menu as shown in the next section. This shows you that you have configured and activated [...]

  • Page 374

    Prestige 662H/HW Series User’s Guide Chapter 36 Filter Configuration 374 36.7.1 Ethernet T raffic Y ou seldom need to filter Ethernet traffic; however , the filter sets may be useful to block certain packets, reduce traffic and prevent secur ity breaches. Go to me nu 3.1 (shown next ) and type the number(s) of the filter set (s) that you want to [...]

  • Page 375

    Prestige 662H/HW Series User’s Guide 375 Chapter 36 Filter Configuration[...]

  • Page 376

    Prestige 662H/HW Series User’s Guide Chapter 37 SNMP Configuration 376 C HAPTER 37 SNMP Configuration This chapter explains SNM P Configuration menu 22. 37.1 About SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite. Y o [...]

  • Page 377

    Prestige 662H/HW Series User’s Guide 377 Chapter 37 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of m[...]

  • Page 378

    Prestige 662H/HW Series User’s Guide Chapter 37 SNMP Configuration 378 Figure 221 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters. 37.4 SNMP T rap s The Prestige will send traps to the SNMP mana ger when any one of t he following events occurs: Menu 22 - SNMP Configuration SNMP: Get Community= public Se[...]

  • Page 379

    Prestige 662H/HW Series User’s Guide 379 Chapter 37 SNMP Configuration The port number is its interface index under the interface group. 5 authenticationFailure ( defined in RFC-1215 ) A trap is sent to the manager when receiving any SNMP gets or set s requirements with wrong community (password). 6 whyReboot (defin ed in ZYXEL-MIB) A trap is sen[...]

  • Page 380

    Prestige 662H/HW Series User’s Guide Chapter 38 System Security 380 C HAPTER 38 System Security This chapter describes how to configur e the system security on the Prestige. 38.1 System Security Y ou can configure the system passw ord.. 38.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security . Y ou should change th[...]

  • Page 381

    Prestige 662H/HW Series User’s Guide 381 Chapter 38 Syst em Security Figure 224 Menu 23.2 System Security: RADIUS Server The following table describes the fields in this menu. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.1 1.12.13 Port #= 1812 Shared Secret= ***** *** Accounting Server: Active= [...]

  • Page 382

    Prestige 662H/HW Series User’s Guide Chapter 38 System Security 382 38.1.3 IEEE802.1x The IEEE802.1x standards outline enhanced secur ity methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 [...]

  • Page 383

    Prestige 662H/HW Series User’s Guide 383 Chapter 38 Syst em Security Table 134 Menu 23.4 System Secur ity : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SP ACE BAR] and select a securi ty mode for the wireless LAN access. Select No Authentication Required to allow any wi reless st ations access to your wired network without entering [...]

  • Page 384

    Prestige 662H/HW Series User’s Guide Chapter 38 System Security 384 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on the Prestige for authentication. 38.2 Creating User Account s on the Prestige By storing user profiles locally , your Prestige is able to authenticate wireless us[...]

  • Page 385

    Prestige 662H/HW Series User’s Guide 385 Chapter 38 Syst em Security Figure 227 Menu 14 Dial-in User Setup 2 T ype a number and press [ENTER] to edit the user profile. Figure 228 Menu 14.1 Edit Dial-in User The following table describes the fields in this menu. Menu 14 - Dial-in U ser Setup 1. ________ 9. ________ 17. ________ 25. ________ 2. ___[...]

  • Page 386

    Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 386 C HAPTER 39 System Information and Diagnosis This chapter covers the inform ation and diagnostic tools in SMT menu s 24.1 to 24.4. 39.1 Overview These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system s[...]

  • Page 387

    Prestige 662H/HW Series User’s Guide 387 Chapter 39 System Information and Diagnosis T o get to System Stat us , type 24 to go to Menu 24 — System Maintenance. From this menu, type 1 . System S tatus . There are two commands in Menu 24.1 — System Maintenance — St a t u s . Entering 1 reset s the counters; [ESC] takes you back to the previou[...]

  • Page 388

    Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 388 39.3 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance . 2 Enter 2 to display Menu 24.2 — System Information a nd Console Port Speed. From this menu you have two choices as shown in th e next figure: Fig[...]

  • Page 389

    Prestige 662H/HW Series User’s Guide 389 Chapter 39 System Information and Diagnosis Figure 232 Menu 24.2.1 System Maintenance: In formation The following table describes the fields in this menu. 39.3.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed .[...]

  • Page 390

    Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 390 Figure 233 Menu 24.2.2 System Maintenance : Chang e Console Port Speed Once you change the Prestige console port speed , you must also set the speed parameter for the communication software you are using to connect to the Prestige. 39.4 Log and T race There are [...]

  • Page 391

    Prestige 662H/HW Series User’s Guide 391 Chapter 39 System Information and Diagnosis Figure 235 Sample Error an d Informat ion Messages 39.4.2 Syslog and Accounting The Prestige uses the syslog fa cility to log the CDR (Call Deta il Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 — System M[...]

  • Page 392

    Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 392 Figure 237 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = board xx line xx channel xx , call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference nu[...]

  • Page 393

    Prestige 662H/HW Series User’s Guide 393 Chapter 39 System Information and Diagnosis 39.5 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly . Menu 24.4 allows you to choose among various ty pes of diagnostic tests to evaluate your system, as shown in the following[...]

  • Page 394

    Prestige 662H/HW Series User’s Guide Chapter 39 System Inform ation and Diagnosis 394 The following table describes the diagnostic tests available in menu 24.4 for and the connections. Table 139 Menu 24.4 System Main tenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL Re-initialize the xDSL link to th e telephone company . Ping Host Ping the ho[...]

  • Page 395

    Prestige 662H/HW Series User’s Guide 395 Chapter 39 System Information and Diagnosis[...]

  • Page 396

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 396 C HAPTER 40 Firmware and Configuration File Maintenance This chapter tells you how to ba ckup and r estore your configura tion file as well as upload new firmwar e an d configuratio n files. 40.1 Filename Conventions The configuration file (often ca l[...]

  • Page 397

    Prestige 662H/HW Series User’s Guide 397 Chapter 40 Firmware and Con f iguration File Main tenance The following table is a summary . Please note that the internal filename refe rs to the filename on the Prestige and the external f ilename refers to the filename not on the Prestige, that is, on your computer , local network or FTP site and so the[...]

  • Page 398

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 398 Figure 239 T elnet in Menu 24.5 40.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username.[...]

  • Page 399

    Prestige 662H/HW Series User’s Guide 399 Chapter 40 Firmware and Con f iguration File Main tenance Figure 240 FTP Session Example 40.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. 40.2.5 TFTP and FTP over W AN Management Limit ations TFTP , FTP and T elnet over W AN will not[...]

  • Page 400

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 400 40.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N. Although TFTP should work over W AN as well, it is not recommended. T [...]

  • Page 401

    Prestige 662H/HW Series User’s Guide 401 Chapter 40 Firmware and Con f iguration File Main tenance Refer to the TFTP and FTP over W A N Management Limitations section to r e ad about configurations that disallow TFTP and FTP over W AN. 40.2.9 Backup V ia Console Port Back up configuration vi a console port by followi ng the HyperT erminal pro ced[...]

  • Page 402

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 402 Figure 243 Backup Configuration Example 4 After a successful backup you will see the following screen. Pr ess any key to return to the SMT menu. Figure 244 Successful Backup Co nfirmation Screen 40.3 Restore Configuration This section shows you how to[...]

  • Page 403

    Prestige 662H/HW Series User’s Guide 403 Chapter 40 Firmware and Con f iguration File Main tenance Figure 245 T elnet into Menu 24.6 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default[...]

  • Page 404

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 404 40.3.3 Restore V ia Console Port Restore configuration via console port by fol lowing the HyperT erminal procedure shown next. Procedures using other serial communicat i ons programs should be similar . 1 Display menu 24.6 and enter “y” at the fol[...]

  • Page 405

    Prestige 662H/HW Series User’s Guide 405 Chapter 40 Firmware and Con f iguration File Main tenance Figure 250 Successful Restoration Confirmati on Screen 40.4 Uploading Firmware and Configuration Files This section shows yo u how to upload firmware and co nfiguration files. Y ou can upload configuration files by following the procedure in the Bac[...]

  • Page 406

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 406 Figure 252 T elnet Into Menu 24.7.2 System Maintenance T o upload the firmware and the configuration file, follow these examples 40.4.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer . 2 Enter “ open ?[...]

  • Page 407

    Prestige 662H/HW Series User’s Guide 407 Chapter 40 Firmware and Con f iguration File Main tenance 40.4.4 FTP Session Exampl e of Firmware File Upload Figure 253 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to the TFTP and FTP over W AN Management Limitation[...]

  • Page 408

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 408 40.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ i ” specifies binary image transfer mode (use this mode when transferring binary files), “ host ” is the Prestige’ s IP [...]

  • Page 409

    Prestige 662H/HW Series User’s Guide 409 Chapter 40 Firmware and Con f iguration File Main tenance 40.4.9 Example Xmodem Firmwa re Upload Using HyperT erminal Click T ransfer , then Send File to display the following screen. Figure 255 Example Xmodem Upload After the firmware upload process has comple t e d, the Prestige will automatically restar[...]

  • Page 410

    Prestige 662H/HW Series User’s Guide Chapter 40 Firmware and Confi guration File Maintenance 410 3 Enter “atgo” to restart the Prestige. 40.4.1 1 Example Xmodem Configur ation Upload Using HyperT erminal Click T ransfer , then Send File to display the following screen. Figure 257 Example Xmodem Upload After the configuration upload process ha[...]

  • Page 411

    Prestige 662H/HW Series User’s Guide 411 Chapter 40 Firmware and Con f iguration File Main tenance[...]

  • Page 412

    Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 412 C HAPTER 41 System Maintenance This chapter leads you th r ough SMT menus 24.8 to 24 .10. 41.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware. The CI provides much of the same functionality as the SMT , while a dding some low-level[...]

  • Page 413

    Prestige 662H/HW Series User’s Guide 413 Chapter 41 System M aintena nce 41.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 1 1 .1. The budget management func tion allows you to set a limit on the total outgoing call time of the Prestige within certain times. When the to tal outg[...]

  • Page 414

    Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 414 Figure 261 Menu 24.9.1 System Maintenance: Budg et Management The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked[...]

  • Page 415

    Prestige 662H/HW Series User’s Guide 415 Chapter 41 System M aintena nce Figure 262 Menu 24 System Maintenance Then enter 10 to go to Menu 24.10 System Maintena nce Time and Date Setting to update the time and date settings of your Pres tige as shown in th e following screen. Figure 263 Menu 24.10 System Maintenance : T ime and Date Setting Menu [...]

  • Page 416

    Prestige 662H/HW Series User’s Guide Chapter 41 System Maintenance 416 41.3.1 Resetting the T ime • The Prestige resets the time in three instances: • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver co nfigured in menu 24.10. • 24-hour intervals after starting. Current T ime This field d[...]

  • Page 417

    Prestige 662H/HW Series User’s Guide 417 Chapter 41 System M aintena nce[...]

  • Page 418

    Prestige 662H/HW Series User’s Guide Chapter 42 Remo te Management 418 C HAPTER 42 Remote Management This chapter covers r emote manageme nt (SMT menu 24.1 1). 42.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers. When you configure re[...]

  • Page 419

    Prestige 662H/HW Series User’s Guide 419 Chapter 42 Remote Manag ement Figure 264 Menu 24.1 1 Remote M anagemen t Control The following table describes the fields in this menu. 42.2.2 Remote Management Limit ations Remote management over LAN or W AN will not work when: • A filter in menu 3.1 (LAN) or in menu 1 1 .5 (W AN) is applied to block a [...]

  • Page 420

    Prestige 662H/HW Series User’s Guide Chapter 42 Remo te Management 420 42.3 Remote Management and NA T When NA T is enabled: • Use the Prestige’ s W A N IP address when configuring from the W AN. • Use the Prestige’ s LAN IP address when configurin g from the LAN. 42.4 System T imeout There is a default system management idle tim eout of [...]

  • Page 421

    Prestige 662H/HW Series User’s Guide 421 Chapter 42 Remote Manag ement[...]

  • Page 422

    Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 422 C HAPTER 43 IP Policy Routing This chapter covers setting and applyi ng policies used for IP r outing. 43.1 IP Policy Routing Overview T raditionally , routing is based on the destinatio n address only and the IAD takes the shortest path to forward a packet. IP Routing Polic y [...]

  • Page 423

    Prestige 662H/HW Series User’s Guide 423 Chapter 43 IP Policy Routing • routing the packet to a different gate way (and hence the outgoing interface). • setting the TO S and precedence fields in the IP header . IPPR follows the existing packet filtering facility of RAS in st yle and in impl ementation. The policies are divided into sets, wher[...]

  • Page 424

    Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 424 Figure 266 Menu 25.1 IP Routing Po licy Setup T ype a number from 1 to 6 to display Menu 25.1.1 – IP Rou ting Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1 - IP Routing Policy Setup # A Criteri a/Action - - --------------------------[...]

  • Page 425

    Prestige 662H/HW Series User’s Guide 425 Chapter 43 IP Policy Routing Figure 267 Menu 25.1.1 IP Routing Policy The following table describes the fields in this menu. Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/[...]

  • Page 426

    Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 426 43.5 Applying an IP Policy This section shows yo u where to apply the IP policies after you design them. 43.5.1 Ethernet IP Policies From Menu 3 — Ethernet Setup , type 2 to go to Menu 3.2 — TCP/IP and DHCP Ethernet Setup . Y ou can choose up to four IP policy sets (from 12[...]

  • Page 427

    Prestige 662H/HW Series User’s Guide 427 Chapter 43 IP Policy Routing Figure 268 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Go to menu 1 1.3 (shown next) and type the number(s) of the IP Rout ing Policy set(s) as appropriate. Y ou ca n cascade up to four polic y sets by typing their numbers separated by commas. Figure 269 Menu 1 1.3 Remote Node Net[...]

  • Page 428

    Prestige 662H/HW Series User’s Guide Chapter 43 IP Policy Routing 428 Figure 270 Example of IP Policy Routing T o force packets coming from clients with IP addresses of 192.168.1.33 to 192.16 8.1.64 to be routed to the Internet via the W AN port of the Prestige, follow the steps as shown next. 1 Create a routing pol icy set in menu 25 . 2 Create [...]

  • Page 429

    Prestige 662H/HW Series User’s Guide 429 Chapter 43 IP Policy Routing 3 Create a rule in menu 25.1 for this set to route packets from any host ( IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100). Figure 272 IP Routing Policy Example 4 Check Menu 25.1 — IP Routing Policy S e tup to see if th[...]

  • Page 430

    Prestige 662H/HW Series User’s Guide Chapter 44 Call Scheduling 430 C HAPTER 44 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a r emote node should be called and for how long. 44.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a[...]

  • Page 431

    Prestige 662H/HW Series User’s Guide 431 Chapter 44 Call Scheduling T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 275 Menu 26.1 Schedule Set Setup If a connection has been already established, your Prestige will not drop it. O[...]

  • Page 432

    Prestige 662H/HW Series User’s Guide Chapter 44 Call Scheduling 432 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s). Enter 1 1 from the Main Menu and then enter the tar get remote node index. Using [SP ACE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the sc[...]

  • Page 433

    Prestige 662H/HW Series User’s Guide 433 Chapter 44 Call Scheduling[...]

  • Page 434

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 434 C HAPTER 45 VPN/IPSec Setup This chapter intr oduc es the VPN SMT menus. 45.1 VPN/IPSec Overview The VPN/IPSec main SMT menu has these main submenus: Define VPN policies in menu 27.1 su bmenus, including security po licies, endpoint IP addresses, peer IPSec router IP address and [...]

  • Page 435

    Prestige 662H/HW Series User’s Guide 435 Chapter 45 VPN/IPSec Setup Figure 278 Menu 27 VPN/IPSec Setup 45.2 IPSec Summary Screen T ype 1 in menu 27 and then press [ENTER] to display Menu 27.1 IPSec Summary . This is a summary read-only menu of your IPSec rules (t unnels). Edit or create an IPSec rule by selecting an index number and then co nfigu[...]

  • Page 436

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 436 A Y signifies that this VPN rule is active. Local Addr St a r t When the Addr T ype field in Menu 27.1.1 IPSec Setup is configur ed to Sing le , this is a static IP address on the LAN behind your Prestige. When the Addr T ype field in Menu 2 7.1.1 IPSec Setu p is configured to Ra[...]

  • Page 437

    Prestige 662H/HW Series User’s Guide 437 Chapter 45 VPN/IPSec Setup 45.3 IPSec Setup Select Edit in the Select Command field; type the index number of a rule in the Select Rule field and press [ENTER] to edit the VPN using the menu shown next. Secure GW Addr This is the WAN IP address or the do main name (up to the first 15 chara cters are displa[...]

  • Page 438

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 438 Figure 280 Menu 27.1.1 IPSec Setup The following table describes the fields in this menu. Menu 27.1.1 – IPSec Setup Index= 1 Name= Taiwan Active= Yes Keep Alive= No Nat Traversal= No Local ID type= IP Conten t: My IP Addr= 0.0.0.0 Peer ID type= IP Conten t: Secure Gateway Addre[...]

  • Page 439

    Prestige 662H/HW Series User’s Guide 439 Chapter 45 VPN/IPSec Setup Nat T raversal Press [SP ACE BAR] to choose either Ye s or No . Choose Ye s and press [ENTER] to enable NA T traversal. NA T trave rsal allows you to set up a VPN connection when there are NA T routers betwe en the two IPSec rout ers. The remote IPSec router must also have NA T t[...]

  • Page 440

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 440 DNS Server If there is a private DNS server that serv ices the VPN, type its IP address here. The Prestige assigns this additional DNS server to the Prestige's DHCP clients that have IP addresses in this IPSec ru le's range of local addresses. A DNS server allows clie n[...]

  • Page 441

    Prestige 662H/HW Series User’s Guide 441 Chapter 45 VPN/IPSec Setup 45.4 IKE Setup T o edit this menu, the Key Manageme nt field in Menu 27.1.1 – IPSec Setup must be set to IKE . Move the cursor to the Edit Key Management Setup field in Menu 27.1.1 – IPSec Setup ; press [SP ACE BAR] to select Ye s and then press [ENTER] to display Menu 27. 1.[...]

  • Page 442

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 442 Figure 281 Menu 27.1.1.1 KE Setup The following table describes the fields in this menu. Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main Pre-Shared Key= Encryption Algorithm = A ES Authentication Algorithm = SHA1 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Activ[...]

  • Page 443

    Prestige 662H/HW Series User’s Guide 443 Chapter 45 VPN/IPSec Setup 45.5 Manual Setup Y ou only co nfigure Menu 27.1.1.2 – Manual Setup when you select Manual in the Key Management field in Menu 27.1.1 – IPSec Setup . Manual key mana gement is useful if you have problem s with IKE key management. 45.5.1 Active Protocol This field is a combina[...]

  • Page 444

    Prestige 662H/HW Series User’s Guide Chapter 45 VPN/IPSec Setup 444 Figure 282 Menu 27.1.1.2 Manual Setup The following table describes the fields in this menu. Menu 27.1.1.2 – Manual Setup Active Protocol= ESP Tunnel ESP Setup SPI (Decimal)= 0 Encryption Algorithm= DES Key1= ? Key2= N/A Key3= N/A Authentication Algorithm= MD5 Key= ? AH Setup S[...]

  • Page 445

    Prestige 662H/HW Series User’s Guide 445 Chapter 45 VPN/IPSec Setup Authentication Algorithm Press [SP ACE BAR] to choose from MD5 or SHA1 and then press [ENTER]. Key Enter the authentication key to be used by IPSec if applicable. The key must be unique. Ente r 16 characters for MD5 authenticati on and 20 characters for SHA-1 authentication. Any [...]

  • Page 446

    Prestige 662H/HW Series User’s Guide Chapter 46 SA Monitor 446 C HAPTER 46 SA Monitor This chapter teaches you how to manage yo ur SAs by using the SA M onitor in SMT menu 27.2. 46.1 SA Monitor Overview A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel. This menu (shown next) disp lays active VPN con[...]

  • Page 447

    Prestige 662H/HW Series User’s Guide 447 Chapter 46 SA Monitor Figure 283 Menu 27.2 SA Monitor The following table describes the fields in this menu. Menu 27.2 - SA Monitor # Name Encap. IPSec ALgorithm --- -------------------------------- --------- ---------------- 001 Taiwan : 3.3.3.1 – 3.3.3.3.100 Tunnel ESP DES MD5 002 003 004 005 006 007 0[...]

  • Page 448

    Prestige 662H/HW Series User’s Guide Chapter 46 SA Monitor 448 Select Command Press [SP ACE BAR] to choose from Refresh , Disconnect , None , Next Page , or Previous Page and then press [ENTER]. Y ou must select a connection in the ne xt field when you choose the Disconnect command. Refresh displays current active VPN connections. None allows you[...]

  • Page 449

    Prestige 662H/HW Series User’s Guide 449 Chapter 46 SA Monitor[...]

  • Page 450

    Prestige 662H/HW Series User’s Guide Chapter 47 Internal SPTGEN 450 C HAPTER 47 Internal SPTGEN 47.1 Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. In ternal SP TGEN lets you configure, save and upload multiple menus at the same [...]

  • Page 451

    Prestige 662H/HW Series User’s Guide 451 Chapter 47 Int ernal SPTGEN 47.2.1 Internal SPTGEN File Mo dification - Import ant Point s to Remember Each paramete r you enter must be pr eceded by one “=”sign and one spac e. Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 284 ), then[...]

  • Page 452

    Prestige 662H/HW Series User’s Guide Chapter 47 Internal SPTGEN 452 Figure 287 Internal SP TGEN FTP Download Example 47.4 Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter " bin ". The command “ bin ” sets the transfer mode to binary . 3 Upload your “ rom-t ” file from your computer to the Prestige using [...]

  • Page 453

    Prestige 662H/HW Series User’s Guide 453 Chapter 47 Int ernal SPTGEN[...]

  • Page 454

    Prestige 662H/HW Series User’s Guide Chapter 48 Troubleshooting 454 C HAPTER 48 T roubleshooting This chapter covers potential proble ms and the corresponding remedies. 48.1 Problems St arting Up the Prestige 48.2 Problems with the LAN LED Table 155 Troubleshooting the Start-Up of Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on w[...]

  • Page 455

    Prestige 662H/HW Series User’s Guide 455 Chapter 48 Troublesh ooting 48.3 Problems with the DSL LED 48.4 Problems with the LAN Interface 48.5 Problems with the W AN Interface Table 157 Troubleshooting the DSL LED PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telepho ne wire and conne ctions between the Prestige DSL port a nd the wall ja[...]

  • Page 456

    Prestige 662H/HW Series User’s Guide Chapter 48 Troubleshooting 456 48.6 Problems with Internet Access 48.7 Problems with the Password Table 160 Troubleshooting Internet Access PROBLEM CORRECTIVE ACTION I cannot access the Intern et. Make sure the Prestige is turned on and connected to the network. If the DSL LED is off, refer to the Probl ems wi[...]

  • Page 457

    Prestige 662H/HW Series User’s Guide 457 Chapter 48 Troublesh ooting 48.8 Problems with the W eb Configurator 48.9 Problems with Remote Management Table 162 Troubleshooting the Web Configurato r PROBLEM CORRECTIVE ACTION I cannot access the web configurator . Refer to the Quick S tart Guide for hardware connectio ns. Make sure that there is not a[...]

  • Page 458

    Prestige 662H/HW Series User’s Guide Appendix A C able Pin A ssignments 458 Appendix A Cable Pin Assignment s In a serial communications connection, gene rally a computer is DTE (Data T erminal Equipment) and a modem is DCE (Data Circuit- terminating Equipment). The Prestige is DCE when you connect a computer to the console port. The Prestige is [...]

  • Page 459

    Prestige 662H/HW Series User’s Guide 459 Appendix A Cable Pin Assignments Figure 2 Ethernet Cable Pin Assignment s[...]

  • Page 460

    Prestige 662H/HW Series User’s Guide Appendix B Sp litters and M icrofilters 460 Appendix B Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter . Connecting a POTS Splitter When you use the Full Rate (G .dmt) ADSL standard, you ca n use a POTS (Plain Old T elephone Service) splitter to sepa[...]

  • Page 461

    Prestige 662H/HW Series User’s Guide 461 Appen dix B Splitters and Microfilters 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter . 3 Connect another cable from the double jack end of the Y -Connec tor t[...]

  • Page 462

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 462 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the so[...]

  • Page 463

    Prestige 662H/HW Series User’s Guide 463 Appendix C Setting up Your Computer’s IP Address Figure 6 WIndows 95/98/Me: Network: Configuration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the ad[...]

  • Page 464

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 464 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration t[...]

  • Page 465

    Prestige 662H/HW Series User’s Guide 465 Appendix C Setting up Your Computer’s IP Address Figure 8 Windows 95/98/Me: TCP/IP Properties: DNS Con figuration 4 Click the Gateway tab. • If you do no t know your gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and[...]

  • Page 466

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 466 Figure 9 Windows XP: S tart Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 10 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 467

    Prestige 662H/HW Series User’s Guide 467 Appendix C Setting up Your Computer’s IP Address Figure 1 1 Windows XP: Control Panel: Ne twork Connections: Propertie s 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties . Figure 12 Windows XP: Loca l Area Connection Prop erties 5 The Internet Pr otocol TCP/IP [...]

  • Page 468

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 468 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced . Figure 13 Windows XP : Advanced TCP/ IP Settings 6 If you do not know your gateway's IP add[...]

  • Page 469

    Prestige 662H/HW Series User’s Guide 469 Appendix C Setting up Your Computer’s IP Address • Click Obtain D NS server address automatically if you do not know your DNS server IP addre ss(es). • If you know your DNS server IP address(es), click Use the following DNS server addresses , and type them in the Preferr ed DNS server and Alternate D[...]

  • Page 470

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 470 Figure 15 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 16 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.[...]

  • Page 471

    Prestige 662H/HW Series User’s Guide 471 Appendix C Setting up Your Computer’s IP Address 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your Prestige in the Ro[...]

  • Page 472

    Prestige 662H/HW Series User’s Guide Appendix C Setting up Your Computer’s IP Address 472 Figure 18 Macintosh OS X: Network 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP [...]

  • Page 473

    Prestige 662H/HW Series User’s Guide 473 Appendix C Setting up Your Computer’s IP Address[...]

  • Page 474

    Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 474 Appendix D IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation,[...]

  • Page 475

    Prestige 662H/HW Series User’s Guide 475 Appendix D IP Subnettin g Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127. Similarly the first octet of a class “B” must begi n with “10”, therefore the first octet of a class “B” address has a [...]

  • Page 476

    Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 476 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can si mply specify the number of ones instead of writing the value of each octet. This is usually specified by writing[...]

  • Page 477

    Prestige 662H/HW Series User’s Guide 477 Appendix D IP Subnettin g Divide the network 192.168.1. 0 into two separate subnets by converting one of th e host ID bits of the IP address to a network number bit. The “ borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 19 2.168.1.0 with mask 255 .255.255.128 and 192.168[...]

  • Page 478

    Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 478 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of[...]

  • Page 479

    Prestige 662H/HW Series User’s Guide 479 Appendix D IP Subnettin g Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001 , 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Table 12 Subnet 4 NETWORK [...]

  • Page 480

    Prestige 662H/HW Series User’s Guide Appendix D IP Subnetting 480 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets ava ilable for subnetting and a c[...]

  • Page 481

    Prestige 662H/HW Series User’s Guide 481 Appendix D IP Subnettin g[...]

  • Page 482

    Prestige 662H/HW Series User’s Guide Appendix E PPPoE 482 Appendix E PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) whic h connects to a DSL Access Concentrator where th e PPP session terminates ( see Figure 19 ). One PVC can su[...]

  • Page 483

    Prestige 662H/HW Series User’s Guide 483 Appendix E PPPoE Figure 19 Single-Computer per Router Hardware Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an IS[...]

  • Page 484

    Prestige 662H/HW Series User’s Guide Appendix F Virtual Circuit Topology 484 Appendix F V irtual Circuit T opology A TM is a connection-oriented te chnology , meaning that it sets up virtual circuits over which end systems communi cate. The terminology for virt ual circuits is as follows: • V irtual Channel Logical connections between A T M swi[...]

  • Page 485

    Prestige 662H/HW Series User’s Guide 485 Appendix F Virtual Circuit Topology[...]

  • Page 486

    Prestige 662H/HW Series User’s Guide Appendix G Wireless LAN and IEEE 802.11 486 Appendix G W ireless LAN and IEEE 802.1 1 A wireless LAN (WLAN) provides a fle xible data communications system that you can use to access various services (navigating the Internet, E-mail, printer services , etc.) without the use of a cabled connection. In effect a [...]

  • Page 487

    Prestige 662H/HW Series User’s Guide 487 Appendix G Wireless LAN and IEEE 802.11 Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (ST A), whic h is called a Basic Service Set (BSS). In the most basic form, a wireless LAN connects a [...]

  • Page 488

    Prestige 662H/HW Series User’s Guide Appendix G Wireless LAN and IEEE 802.11 488 Figure 23 ESS Provides C ampus-Wide Coverage[...]

  • Page 489

    Prestige 662H/HW Series User’s Guide 489 Appendix G Wireless LAN and IEEE 802.11[...]

  • Page 490

    Prestige 662H/HW Series User’s Guide Appendix H Wireless LAN With IEEE 802.1x 490 Appendix H Wireless LAN W ith IEEE 802.1x As wireless networks become po pular for both portable comp uting and corporate networks , security is now a priority . Security Flaws with IEEE 802.1 1 W ireless networks based on the original IEEE 802.1 1 have a poor reput[...]

  • Page 491

    Prestige 662H/HW Series User’s Guide 491 Append ix H Wireless LAN With IEEE 802.1x RADIUS Server Authentication Sequence The following figure depicts a typical wireless ne tw ork with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 24 Sequences for EAP MD5–Cha llenge Authentication[...]

  • Page 492

    Prestige 662H/HW Series User’s Guide Appendix I Types of EAP Authentication 492 Appendix I T ypes of EAP Authentication This appendix discusses the five popular EAP authentication types: EAP-MD5 , EAP-TLS , EAP-TTLS , PEAP and LEAP . The type of authentication you use depends on the RADIUS server or the AP . Consult your network administrator for[...]

  • Page 493

    Prestige 662H/HW Series User’s Guide 493 Appendix I Types of EAP Authentication PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods through the secured co nnection to authenticate the clients, thus hiding client identity . However , PE[...]

  • Page 494

    Prestige 662H/HW Series User’s Guide Appendix J Antenna Selection and Position ing Recommendation 494 Appendix J Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air . The antenna also operate[...]

  • Page 495

    Prestige 662H/HW Series User’s Guide 495 Appendix J Antenna Sele ction and Positioning Recommendation • Omni-directional antennas send the RF signal out in all directions on a horizontal p lane. The covera ge area is torus -shaped (lik e a donut) which makes these antennas ideal for a room environment. W ith a wide coverage area, it is possible[...]

  • Page 496

    Prestige 662H/HW Series User’s Guide Appendix K 496 Appendix K myZyXEL.com Introduction myZyXEL.com is ZyXEL ’ s online services center where you can register your ZyXEL device. Y ou can also generate an activation key and serv ice set key that may be needed to use device- specific feature(s). A Note on myZyXEL.com Numbers Y ou need the followi[...]

  • Page 497

    Prestige 662H/HW Series User’s Guide 497 Appendix K Figure 25 myZyXEL.com Logi n Screen Registering Y our ZyXEL Device 1 After you have created a myZyXEL.com account, log in and register your ZyXEL device by clicking the hyp erlink as shown in the ne xt screen. Note: Y ou are automatically logged out of your myZyXEL.com account after five minutes[...]

  • Page 498

    Prestige 662H/HW Series User’s Guide Appendix K 498 Figure 26 Logged Into myZyXEL.com 2 Click Add in the next screen. Figure 27 Product Registration 3 The Add New Pr oduct screen displays. Enter the produce serial number in the Serial Number field. 4 Y our device category and model nu mber automatically display in the Category and Model fields re[...]

  • Page 499

    Prestige 662H/HW Series User’s Guide 499 Appendix K Figure 28 Add New Product 8 Specify the purchase information and click Continue . Figure 29 Product Survey 9 Click Continue again. 10 After you have registered your ZyXEL device, you can view its registration details in the screen shown next. Y our ZyXEL device MAC address may already be entered[...]

  • Page 500

    Prestige 662H/HW Series User’s Guide Appendix K 500 Figure 30 Service Management Activating a Service The product is now reg istered but the related service(s) is not activated. Y ou need to activate the service(s) before you can use it on your ZyXEL device . 1 Display the Service Manage ment screen (see Figure 30 ) for your registered ZyXEL devi[...]

  • Page 501

    Prestige 662H/HW Series User’s Guide 501 Appendix K Congratulations! Y ou have successfully registered your ZyXEL device and activated a service at myZyXEL.com. Note: Y ou must then activat e the servic e(s) on your ZyXEL device via it s web configurator to start using the service(s).[...]

  • Page 502

    Prestige 662H/HW Series User’s Guide Appendix L 502 Appendix L Windows 98/Me Requirement s for Anti- V irus Packet Scan Message Display W ith the anti-virus packet scan, when a virus is detected, an alert message is displa yed on Miscrosoft W indows-based operation systems only . For W indows 98/Me, you must open the W inPopup window in order to [...]

  • Page 503

    Prestige 662H/HW Series User’s Guide 503 Appendix L Figure 34 Windows 98: T ask Bar Properties 3 Double-click Programs and click St a r t U p . Figure 35 Windows 98: S tartUp 4 Right-click in the St a r t U p pane and click New , Shortcut . 5 A Create Shortcut window disp lays. Enter “winpo pup” in the Command line field and click Next .[...]

  • Page 504

    Prestige 662H/HW Series User’s Guide Appendix L 504 Figure 36 Windows 98: S tartup: Create Shortcut 6 Accept the default or specify a name for the shortcut and click Finish . Figure 37 Windows 9 8: S tartup: Sele ct a T itle for t he Program 7 A shortcut is created in the St a r t U p pane. Restart the computer when prompted.[...]

  • Page 505

    Prestige 662H/HW Series User’s Guide 505 Appendix L Figure 38 Windows 98: S tartu p: Shortcut Note: The WinPopup window displays after the computer finishes the st artup process[...]

  • Page 506

    Prestige 662H/HW Series User’s Guide Appendix M 506 Appendix M Example Internal SPTGEN Screens This appendix covers Prestig e Internal SP TGEN screens. The following ar e Internal SP TGEN scree ns asso ciated with the SMT screens of your Prestige. Example Internal SP TGEN Screens T able Table 18 Abbreviations Used in the Example Inter nal SPTGEN [...]

  • Page 507

    Prestige 662H/HW Series User’s Guide 507 Appendix M 30100008 = Input device filters Set 4 = 256 30100009 = Output protocol filters Set 1 = 256 30100010 = Output protocol filters Set 2 = 256 30100011 = Output protocol filters Set 3 = 256 30100012 = Output protocol filters Set 4 = 256 30100013 = Output device filters Set 1 = 256 30100014 = Output d[...]

  • Page 508

    Prestige 662H/HW Series User’s Guide Appendix M 508 30201004 = RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 0 30201005 = Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 30201006 = IP Alias #1 Incoming protocol filter s Set 1 = 256 30201007 = IP Alias #1 Incoming protocol filter s Set 2 = 256 30201008 = IP Alias #1 Inco[...]

  • Page 509

    Prestige 662H/HW Series User’s Guide 509 Appendix M 30201026 = IP Alias #2 Outgoing protocol filter s Set 4 = 256 */ Menu 3.5 Wireless LAN Setup (SMT Menu 3.5) 30500001 = ESSID Wireless 30500002 = Hide ESSID <0(No) | 1(Yes)> = 0 30500003 = Channel ID <1|2|3|4|5|6|7 |8|9|10|11|12| 13> = 1 30500004 = RTS Threshold <0 ~ 2432> = 243[...]

  • Page 510

    Prestige 662H/HW Series User’s Guide Appendix M 510 Table 21 Menu 4 Internet Access Setup (SMT Menu 4) / Menu 4 Internet Access Setup (SMT Menu 4) FIN FN PVA INPUT 40000000 = Configured <0(No) | 1(Yes)> = 1 40000001 = ISP <0(No) | 1(Yes)> = 1 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 =[...]

  • Page 511

    Prestige 662H/HW Series User’s Guide 511 Appendix M 40000027 = ATM QoS Type <0(CBR) | (1 (UBR)> = 1 40000028 = Peak Cell Rate (PCR) = 0 40000029 = Sustain Cell Rate (SCR) = 0 40000030 = Maximum Burst Size(MBS) = 0 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 0 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) [...]

  • Page 512

    Prestige 662H/HW Series User’s Guide Appendix M 512 120103002 = IP S tatic Route set #3, Active <0(No) |1(Yes)> = 0 120103003 = IP S tatic Route set #3, Destination IP address = 0.0.0.0 120103004 = IP S tatic Route set #3, Destination IP subnetmask = 0 120103005 = IP S tatic Route set #3, Gateway = 0.0.0.0 120103006 = IP S tatic Route set #[...]

  • Page 513

    Prestige 662H/HW Series User’s Guide 513 Appendix M FIN FN P VA INPUT 120107001 = IP S tatic Route set #7, Name <Str> = 120107002 = IP S tatic Route set #7, Active <0(No) |1(Yes)> = 0 120107003 = IP S tatic Route set #7, Destination IP address = 0.0.0.0 120107004 = IP S tatic Route set #7, Destination IP subnetmask = 0 120107005 = IP [...]

  • Page 514

    Prestige 662H/HW Series User’s Guide Appendix M 514 120110007 = IP S tatic Route set #10, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.11 IP Static Route Setu p (SMT Menu 12.1.11) FIN FN P VA INPUT 120111001 = IP S tatic Route set #11, Name <Str> = 120111002 = IP S tatic Route set #11, Active <0(No) |1(Yes)> = 0 120111003 = IP Stati[...]

  • Page 515

    Prestige 662H/HW Series User’s Guide 515 Appendix M 120114004 = IP Static Route set # 14, Destination IP subnetmask = 0 120114005 = IP S tatic Route set #14, Gateway = 0.0.0.0 120114006 = IP S tatic Route set #14, Metric = 0 120114007 = IP S tatic Route set #14, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.15 IP Static Route Setu p (SMT Menu 12[...]

  • Page 516

    Prestige 662H/HW Series User’s Guide Appendix M 516 150000007 = SUA Server #3 Active <0(No) | 1(Yes)> = 0 150000008 = SUA Server #3 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000009 = SUA Server #3 Port Start = 0 150000010 = SUA Server #3 Port End = 0 150000011 = SUA Server #3 Local IP addre ss = 0.0.0.0 150000012 = SUA Server #4 Active[...]

  • Page 517

    Prestige 662H/HW Series User’s Guide 517 Appendix M 150000041 = SUA Server #9 Local IP addre ss = 0.0.0.0 150000042 = SUA Server #10 Active <0(No) | 1(Yes)> = 0 150000043 = SUA Server #10 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000044 = SUA Server #10 Port Star t = 0 150000045 = SUA Server #10 Port End = 0 150000046 = SUA Server #10 [...]

  • Page 518

    Prestige 662H/HW Series User’s Guide Appendix M 518 210101011 = IP Filter Set 1 ,Rule 1 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210101013 = IP Filter Set 1 ,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210101014 = IP Filter Set 1 ,Rule 1 Act Not Match <1(check next)|2(forward)| 3(drop)>[...]

  • Page 519

    Prestige 662H/HW Series User’s Guide 519 Appendix M 210103007 = IP Filter Set 1 ,Rule 3 Dest Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 1 210103008 = IP Filter Set 1 ,Rule 3 Src IP address = 0.0.0.0 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask = 0 210103010 = IP Filter Set 1 ,Rule 3 Src Port = 0 210103011 = IP Fi[...]

  • Page 520

    Prestige 662H/HW Series User’s Guide Appendix M 520 210105002 = IP Filter Set 1 ,Rule 5 Active <0(No)|1 (Yes)> = 1 210105003 = IP Filter Set 1 ,Rule 5 Protocol = 17 210105004 = IP Filter Set 1,Rule 5 Dest IP address = 0.0.0.0 210105005 = IP Filter Set 1,Rule 5 Dest Subnet Mask = 0 210105006 = IP Filter Set 1 ,Rule 5 Dest Port = 138 21010500[...]

  • Page 521

    Prestige 662H/HW Series User’s Guide 521 Appendix M 210106013 = IP Filter Set 1 ,Rule 6 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210106014 = IP Filter Set 1 ,Rule 6 Act Not Match <1(check next)|2(forward)| 3(drop)> = 2 Table 24 Menu 21.1 Filter Set #1 (SMT Menu 21 .1) (continue d) Table 25 Menu 21.1 Filer Set #2, (SMT Menu 21[...]

  • Page 522

    Prestige 662H/HW Series User’s Guide Appendix M 522 210202001 = IP Filter Set 2, Rule 2 Type <0(none)|2(TCP/IP)> = 2 210202002 = IP Filter Set 2, Rule 2 Active <0(No)|1(Yes)> = 1 210202003 = IP Filter Set 2, Rule 2 Protocol = 6 210202004 = IP Filter Set 2, Rule 2 Dest IP address = 0.0.0.0 210202005 = IP Filter Set 2, Rule 2 Dest Subne[...]

  • Page 523

    Prestige 662H/HW Series User’s Guide 523 Appendix M 210203011 = IP Filter Set 2, Rule 3 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210203013 = IP Filter Set 2, Rule 3 Act Match <1(check next)|2(forward)|3( drop)> = 3 210203014 = IP Filter Set 2,Rule 3 Act Not Match <1(check next)|2(forward)|3( drop)> [...]

  • Page 524

    Prestige 662H/HW Series User’s Guide Appendix M 524 210205004 = IP Filter Set 2, Rule 5 Dest IP address = 0.0.0.0 210205005 = IP Filter Set 2, Rule 5 Dest Subnet Mask = 0 210205006 = IP Filter Set 2, Rule 5 Dest Port = 138 210205007 = IP Filter Set 2, Rule 5 Dest Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 1 210205008 =[...]

  • Page 525

    Prestige 662H/HW Series User’s Guide 525 Appendix M 210206013 = IP Filter Set 2,Rule 6 Act Match <1(check next)|2(forward)|3( drop)> = 3 210206014 = IP Filter Set 2,Rule 6 Act Not Match <1(check next)|2(forward)|3( drop)> = 2 */ Menu 23.1 System Password Setup ( SMT Menu 23.1) FIN FN PVA INPUT 230000000 = System Password = 1234 */ Men[...]

  • Page 526

    Prestige 662H/HW Series User’s Guide Appendix M 526 Command Examples The following are example Internal SP TGEN scr eens associated wi th the Prestige’ s command interpreter commands. 241100005 = FTP Server Access <0(all)|1(none)|2(L an)|3(Wan)> = 0 241100006 = FTP Server Secured IP address = 0.0.0.0 241100007 = WEB Server Port = 80 24110[...]

  • Page 527

    Prestige 662H/HW Series User’s Guide 527 Appendix M[...]

  • Page 528

    Prestige 662H/HW Series User’s Guide Appendix N 528 Appendix N Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr e ter Mode . See the included disk or zyxel.com for more detailed information on these com[...]

  • Page 529

    Prestige 662H/HW Series User’s Guide 529 Appendix N[...]

  • Page 530

    Prestige 662H/HW Series User’s Guide Appendix O 530 Appendix O Firewall Commands Sys Firewall Commands The following describes th e firewall commands. See Appendix N for information on the command structure. Each of these commands must be preceded by sys firewall when you use them. For example, type sys firewall active yes to turn on the firewall[...]

  • Page 531

    Prestige 662H/HW Series User’s Guide 531 Appendix O[...]

  • Page 532

    Prestige 662H/HW Series User’s Guide Appendix P 532 Appendix P NetBIOS Filter Commands The following describes the NetB IOS packet filter commands. See Appendix N for information on the command structure. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate[...]

  • Page 533

    Prestige 662H/HW Series User’s Guide 533 Appendix P The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off> where Table 28 NetBIOS Filter Default Setting s NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blo[...]

  • Page 534

    Prestige 662H/HW Series User’s Guide Appendix P 534 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.[...]

  • Page 535

    Prestige 662H/HW Series User’s Guide 535 Appendix P[...]

  • Page 536

    Prestige 662H/HW Series User’s Guide Appendix Q 536 Appendix Q Brute-Force Password Guessing Protection The following describes the c ommands for enablin g, disabling and configuring the brute-force password guessing protect ion m echanism for the password. See Appendix N for information on the command structure. Example sys pwderrtm 5 This comma[...]

  • Page 537

    Prestige 662H/HW Series User’s Guide 537 Appendix Q[...]

  • Page 538

    Prestige 662H/HW Series User’s Guide Appendix R 538 Appendix R Boot Commands The BootModule A T commands execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start e d. When you start up your Prestige, you are given a choice to go into deb ug mode by pressing a key at the prompt sho[...]

  • Page 539

    Prestige 662H/HW Series User’s Guide 539 Appendix R Figure 40 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debu g Flag (y=password) ATSE show the seed of passw ord generator ATTI(h,m,s) change system time to hour:min:sec or show current time AT[...]

  • Page 540

    Prestige 662H/HW Series User’s Guide Appendix S 540 Appendix S Log Descriptions This appendix provides descrip tions of example log messages. Table 30 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server . Time calibration failed The router faile[...]

  • Page 541

    Prestige 662H/HW Series User’s Guide 541 Appendix S Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someo ne has logged on to the router ’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server . Successful HTTPS login Someone has logged on to th[...]

  • Page 542

    Prestige 662H/HW Series User’s Guide Appendix S 542 Table 33 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when t[...]

  • Page 543

    Prestige 662H/HW Series User’s Guide 543 Appendix S Triangle route packet forwarded: ICMP The firewall allow ed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry . Unsupported/out-of-order ICMP: ICMP The firewall does not support[...]

  • Page 544

    Prestige 662H/HW Series User’s Guide Appendix S 544 Table 38 UPnP Log s LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 39 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: Keyword blocking The content of a requested web p age ma tched a user defi ned keyword. %s: Not in trusted web list The w[...]

  • Page 545

    Prestige 662H/HW Series User’s Guide 545 Appendix S Table 40 Attack Logs LOG MESSAGE DESCRIPTION attack [ TCP | UDP | IGM P | ESP | GRE | OSPF ] The firewall detected a TC P/UDP/IGMP/ESP/GRE/OSPF attack. attack ICMP (type:%d, code:%d) The firewall detecte d an ICMP attack. For type and code details, see T able 45 . land [ TCP | UDP | IGMP | ESP |[...]

  • Page 546

    Prestige 662H/HW Series User’s Guide Appendix S 546 Table 41 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router received and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered. A third party may have altered or tampered with the packet. Re[...]

  • Page 547

    Prestige 662H/HW Series User’s Guide 547 Appendix S Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address. Peer ID: <peer id> <My remote type> -<My local type> The displayed ID information did not match between the tw[...]

  • Page 548

    Prestige 662H/HW Series User’s Guide Appendix S 548 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer . Rule [%d] Phase 1 encryp[...]

  • Page 549

    Prestige 662H/HW Series User’s Guide 549 Appendix S Rule [%d] phase 2 mismatch The listed rule’s IKE phase 2 di d not match betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer . Table 43 802.1X Logs[...]

  • Page 550

    Prestige 662H/HW Series User’s Guide Appendix S 550 Table 44 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packet s traveling from the LAN to the W AN. (W to L) W AN to LAN ACL set for p ackets traveling from the W AN to the LAN. (D to L) DMZ to LAN ACL set for packet s traveling from the DMZ to the LA[...]

  • Page 551

    Prestige 662H/HW Series User’s Guide 551 Appendix S The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 T imestamp[...]

  • Page 552

    Prestige 662H/HW Series User’s Guide Appendix S 552 Log Commands Go to the command in terpreter interface ( Appendix N explains how to access and use the commands). Configuring What Y ou W ant the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use[...]

  • Page 553

    Prestige 662H/HW Series User’s Guide 553 Appendix S Use 0 to not record logs for that cate g ory , 1 to record only logs for that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category . No t every parameter is available with every category . 5 Use the sys logs save command to store the setti[...]

  • Page 554

    Prestige 662H/HW Series User’s Guide 554 Index A Access methods 360 Address Assignment 79 Address mapping 136 Address Resolution Protocol (ARP) 82 ADSL standards 44 ADSL, what is it? 42 AH 214 AH (Authentication Header) 43 6 AH Protoc ol 218 alert message 502 Alternative Subnet Mask Notation 476 Antenna Directional 495 Omni-directional 495 antenn[...]

  • Page 555

    Prestige 662H/HW Series User’s Guide 555 BW Budget 280 C CA 492 CAC 184 call back delay 31 1 Call filtering 362 Call filters Built-in 362 User-defined 362 Call Scheduling 43 0 Maximum Number of Schedule Sets 430 PPPoE 432 Precedence 430 Precedence Example 430 CBR (Continuous Bit Rate) 11 6 CDR 392 CDR (Call Detail Record) 391 CE regulations 47 Ce[...]

  • Page 556

    Prestige 662H/HW Series User’s Guide 556 DeMilitarized Zone (DMZ) 48 Denial of Service 145 , 146 , 177 , 360 Destination Address 161 Device Filter rules 371 device model number 293 Device rule 371 DH 233 DHCP 49 , 69 , 80 , 140 , 288 , 314 , 389 DHCP client 49 DHCP relay 49 DHCP server 49 , 288 , 314 DHCP table 288 diagnostic 290 Diagnostic T ool[...]

  • Page 557

    Prestige 662H/HW Series User’s Guide 557 Remote Node Filter 332 Remote Node Filters 374 Sample 372 SUA 371 TCP/IP Filter Rule 367 Filter Log 392 Filter Rule Process 363 Filter Rule Setup 366 Filter Set Class 366 Filtering 362 , 366 Filtering Process Outgoing Packe ts 362 Finger 132 Firewall Access Methods 158 , 360 Address T ype 167 Alerts 162 An[...]

  • Page 558

    Prestige 662H/HW Series User’s Guide 558 Internal SPTGEN 450 FTP Upload Ex ample 452 Points to Remember 451 T ext File 450 Internal SPTGEN Screens 506 Internal SPTGEN screens 506 Internet Access 45 , 51 , 320 , 323 , 324 Internet ac cess 60 , 32 0 Internet Access Setup 344 , 45 5 Internet ac cess wizard setup 61 Internet Assigned Nu mb ers Au tho[...]

  • Page 559

    Prestige 662H/HW Series User’s Guide 559 MAC filter 95 Macro virus 204 Main Menu 298 maintenance 284 management idle timeout period 55 , 497 Management Information Ba se (MIB) 377 Manually Update Virus Information 209 Maximize Bandwidth Usage 273 Maximum Burst Size (MBS) 11 3 , 11 6 Max-incomplete High 177 Max-incomplete Low 177 MBSSee Maximum Bu[...]

  • Page 560

    Prestige 662H/HW Series User’s Guide 560 POP3 132 , 146 , 14 7 Port Numbers 132 power 454 PPP (Point-to-Point Protocol) 97 PPP Encapsulation 334 PPP Log 393 PPP session over Ethernet (PPP over Ethernet, RFC 2516) 60 PPPoA 327 PPPoE 11 3 , 482 Benefits 11 3 PPPoE (Point-to-Point Prot ocol over Ethernet) 48 , 11 3 PPPoE pass-through 335 PPTP 133 Pr[...]

  • Page 561

    Prestige 662H/HW Series User’s Guide 561 LAN to W AN 161 Logic 159 Predefined Services 173 Summary 164 S SA 212 , 44 0 SA life time 442 SA lifetime 446 SA Monitor 446 SA monitor 446 Sample IP Addresses 331 Saving the S tate 150 Scanning engine 204 Schedule Sets Duration 431 Scheduler 272 SCRSee Sustain Cell Rate 324 Secure Gateway Address 220 , 4[...]

  • Page 562

    Prestige 662H/HW Series User’s Guide 562 System S tatus 387 System T imeout 24 7 , 420 T task bar properties 503 TCP Maximum Incomplete 177 , 178 TCP Security 152 TCP/IP 146 , 147 , 247 , 371 , 394 T eardrop 147 Te l n e t 247 , 296 T elnet Configuration 247 T emporal Key Integrity Protocol (TKIP) 99 T ext File Format 450 TFTP Restrictions 419 TF[...]

  • Page 563

    Prestige 662H/HW Series User’s Guide 563 WEP encryption 93 Wi-Fi Protected Access 99 Wi-Fi Protected Access (WP A) 47 WinPopup windo w 502 Wireless Client WP A Supp licants 102 Wireless LAN 316 , 486 Configuring 93 Wireless LAN MAC Address Filtering 47 Wireless LAN Setup 316 Wireless port control 103 , 383 Wireless security 92 Wizard Setup 73 WLA[...]