ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 should contain:
- informations concerning technical data of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1
- name of the manufacturer and a year of construction of the ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 item
- rules of operation, control and maintenance of the ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the ZyXEL Communications service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of ZyXEL Communications ADSL 2+ Gateway P-660HW-T1.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the ZyXEL Communications ADSL 2+ Gateway P-660HW-T1 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    P-660H/HW/W -T Series ADSL 2+ Gateway User ’ s Guide V ersion 3.40 6/2005[...]

  • Page 2

    P-660H/HW/W-T Series User’ Guide Copyright 2 Copyright Copyright © 2005 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a wh ole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mec hanical , magnetic[...]

  • Page 3

    P-660H/HW/W-T Series User’ Guide 3 Federal Communications Commission (FCC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept an[...]

  • Page 4

    P-660H/HW/W-T Series User’ Guide Federal Com munications Commission ( FCC) Interf erence Statem ent 4 This transmitter must not be co-located or op erating in conj unction with any other an tenna or transmitter . ZyXEL Communications Corporation declared th at Prestige 660HW -T1 is limited in CH1~1 1 from 2400 to 2483 .5 MHz by specified firmware[...]

  • Page 5

    P-660H/HW/W-T Series User’ Guide 5 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • T o reduce the risk of fire, use only No. 26 A WG (American Wire Gauge) or lar ger telecommunication line cord. • Do NOT open the device or un it. Opening or removi ng covers can expose you [...]

  • Page 6

    P-660H/HW/W-T Series User’ Guide ZyXEL Limited Warranty 6 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product have [...]

  • Page 7

    P-660H/HW/W-T Series User’ Guide 7 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. METHOD LOCATION S[...]

  • Page 8

    P-660H/HW/W-T Series User’ Guide Customer Support 8 UNITED KINGDOM support@zyxel.co.uk +44 (0) 1344 303044 08707 555779 (UK only) www .zyxel.co.uk ZyXEL Communications UK Ltd.,1 1 The Courtyard, Eastern Road, Bracknell, Berkshire, RG12 2XB, United Kingdom (UK) sales@zyxel.co.uk +44 (0) 1344 303034 ftp.zyxel.co.uk a. “+” is the (prefi x) numbe[...]

  • Page 9

    P-660H/HW/W-T Series User’ Guide 9 Customer Suppo rt[...]

  • Page 10

    P-660H/HW/W-T Series User’ Guide Table of Contents 10 T able of Content s Copyright .................................................. .......................................... ...................... 2 Federal Communications Commissi on (FCC) Interference S t atement ............... 3 Safety W arnings ............................................[...]

  • Page 11

    P-660H/HW/W-T Series User’ Guide 11 Table of Contents Chapter 3 Wizard Setup for Inte rnet Access ................................................................ ......... 54 3.1 Introduction ............................ ............. ................ ............. ............. ................ ..... 54 3.1.1 Internet Acc ess Wizard Set up ....[...]

  • Page 12

    P-660H/HW/W-T Series User’ Guide Table of Contents 12 5.8 Configuring Local User Au thenticat ion .................. ................ ............. ............... 85 5.9 Configuring RADIUS ... ................ ............. ................ ............. ............. ............... 87 Chapter 6 W AN Setup ......................................[...]

  • Page 13

    P-660H/HW/W-T Series User’ Guide 13 Table of Contents 7.4 Selecting the NA T Mode ....... ................ ................ ............. ................ ............. 107 7.5 Configuring SUA Server Set ........................... ................ ............. ................ ...108 7.6 Configuring Address Mapping Rules .. ......... ..........[...]

  • Page 14

    P-660H/HW/W-T Series User’ Guide Table of Contents 14 Chapter 1 1 Firewall Configuration ....................................... ........................................... ....... 132 1 1 .1 Access Methods ......... ............. ................ ................ ............. ................ .......... 132 1 1 .2 Firewall Policies Overview ...[...]

  • Page 15

    P-660H/HW/W-T Series User’ Guide 15 Table of Contents 13.2 T elnet ................ ............. ................ ............. ............. ................ ............. .......... 159 13.3 FTP ............................ ............. ................ ............. ................ ............. ............. 160 13.4 Web ..................[...]

  • Page 16

    P-660H/HW/W-T Series User’ Guide Table of Contents 16 16.9 Configuring Summary ...................... ... ............. ............. ................ ............. ...188 16.10 Configuring Class Setup .................. ................ ............. ................ ............. 190 16.10.1 Media Bandwidth Management Class Configuration ......[...]

  • Page 17

    P-660H/HW/W-T Series User’ Guide 17 Table of Contents Chapter 21 Menu 3 LAN Setup .............. ..................................................... ............................ 222 21.1 LAN Setup ..................... ............. ................ ............. ................ ............. .......... 222 21.1.1 General Ethernet Se tup . ...[...]

  • Page 18

    P-660H/HW/W-T Series User’ Guide Table of Contents 18 25.2 Configuration ................. ................ ............. ................ ............. ................ ....... 246 Chapter 26 Bridging Setup .................... .......................................... ....................................... 250 26.1 Bridging in General . ... .[...]

  • Page 19

    P-660H/HW/W-T Series User’ Guide 19 Table of Contents 29.7 Applying Filters and Factory Defaults ............... ............. ................ ............. ...283 29.7.1 Ethernet T raffic . ............. ................ ................ ............. ................ .......... 284 29.7.2 Remote Node Filter s ...... ................ ..........[...]

  • Page 20

    P-660H/HW/W-T Series User’ Guide Table of Contents 20 33.3 Restore Configuration ... ............. ................ ............. ................ ................ ....... 31 1 33.3.1 Restore Using FTP ........ ................ ............. ................ ............. ............. 31 1 33.3.2 Restore Using FTP Session Exampl e .. ...........[...]

  • Page 21

    P-660H/HW/W-T Series User’ Guide 21 Table of Contents Chapter 38 T roubleshooting ....................................... .......................................... .................. 342 38.1 Problems S tarting Up the Prestige ....... ............. ................ ............. ............. ...342 38.2 Problems with the LAN ............... ...[...]

  • Page 22

    P-660H/HW/W-T Series User’ Guide Table of Contents 22 Command Usage ... ................ ............. ................ ............. ................ ............. ......... 386 Appendix G Firewall Commands ...................................................... ....................................... 388 Appendix H NetBIOS Filter Commands ......[...]

  • Page 23

    P-660H/HW/W-T Series User’ Guide 23 Table of Contents Appendix M Internal SPTGEN ................................................................................ .................. 430 Internal SPTGEN Overview ............. ................ ................ ............. ................ ......... 430 The Configuration T ext File Format .........[...]

  • Page 24

    P-660H/HW/W-T Series User’ Guide List of Figure s 24 List of Figures Figure 1 Protected Internet A ccess Applications ............................ ................. ................ ... 46 Figure 2 LAN-to-LAN Applicat ion Example ........ ................. ................ ............. ................ ... 46 Figure 3 Password Screen ...........[...]

  • Page 25

    P-660H/HW/W-T Series User’ Guide 25 List of Figures Figure 39 Multiple Servers Behind NA T Exampl e ........ ............. ................ ............. ............. 107 Figure 40 NA T Mode ....... ................ ............. ................ ................ ............. ................ .......... 1 08 Figure 41 Edit SUA/NA T Server Set .[...]

  • Page 26

    P-660H/HW/W-T Series User’ Guide List of Figure s 26 Figure 82 Network Connections: My Network Pl aces ............... ............. ............. ................ 174 Figure 83 Network Connections: My Network Pl aces: Properties: Ex ample .......... ............. 174 Figure 84 Log Settings .............. ................ ............. ..........[...]

  • Page 27

    P-660H/HW/W-T Series User’ Guide 27 List of Figures Figure 125 Menu 1 1.1 Remote Node Profile ............ ............. ............. ................ ............. ... 238 Figure 126 Menu 1 1.3 Remote Node Network Layer Options ............................ ................ 240 Figure 127 Sample IP Addresses for a TCP/IP LAN-to-LAN Connection . [...]

  • Page 28

    P-660H/HW/W-T Series User’ Guide List of Figure s 28 Figure 168 NetBIOS_LAN Filter Rules Summary ................. ................ ............. ................ 275 Figure 169 IGMP Filter Rules Summary ..... ... ....... ................ ............. ................ ............. ... 275 Figure 170 Menu 21.1.x.1 TCP/IP Filter Rule . ..........[...]

  • Page 29

    P-660H/HW/W-T Series User’ Guide 29 List of Figures Figure 21 1 Menu 25 IP Routing Policy Setup .............. ................ ................ ................ ....... 329 Figure 212 Menu 25.1 IP Routing Policy Setup ........... ................ ............. ............. ............. 330 Figure 213 Menu 25.1.1 IP Routing Policy ...... ... ..[...]

  • Page 30

    P-660H/HW/W-T Series User’ Guide List of Figure s 30 Figure 254 Red Hat 9.0: Restart Ethernet Card ...... ................ ............. ................ ............. 375 Figure 255 Red Hat 9.0: Checking TCP/IP Prope rties ............... ................ ............. .......... 375 Figure 256 Option to Enter Debug Mode ..... ................ .[...]

  • Page 31

    P-660H/HW/W-T Series User’ Guide 31 List of Figures[...]

  • Page 32

    P-660H/HW/W-T Series User’ Guide List of Tables 32 List of T ables T able 1 AD SL S t andards ............. ................ ................ ............. ................ ............. ............. 42 T able 2 Front Panel LED s .............. ................ ............. ................ ................ ............. .......... 47 T able 3 [...]

  • Page 33

    P-660H/HW/W-T Series User’ Guide 33 List of Tables T able 39 Firewall: Edit R ule .. ................ ............. ................. ................ ................ ............. ... 1 40 T able 40 Customized Services .......................... ................. ................ ............. ................ ... 141 T able 41 Firewall: Config[...]

  • Page 34

    P-660H/HW/W-T Series User’ Guide List of Tables 34 T able 82 Menu 3. 2.1 IP Alias Set up .................. ................. ................ ............. ................ ... 232 T able 83 Menu 4 Internet Access Setup ........ ............. ............. ............. ................ ............. 234 T able 84 Menu 1 1.1 Remote N ode Profile[...]

  • Page 35

    P-660H/HW/W-T Series User’ Guide 35 List of Tables T able 125 A llowed IP Address Range By Class .... ................ ................ ................ ............. 377 T able 126 “Natural” Mas ks ............ ............. ................ ................ ............. ................ .......... 377 T able 127 A lternative Subnet Mas k N[...]

  • Page 36

    P-660H/HW/W-T Series User’ Guide List of Tables 36 T able 168 Menu 15 SUA Server Setup (SMT Menu 15) .......................... ................ .......... 442 T able 169 Menu 21.1 Filter Set #1 (SMT Menu 21.1) ........ ................ ................ ............. ... 444 T able 170 Menu 21.1 Filer Set #2, (SMT Menu 21.1) . ................ ..[...]

  • Page 37

    P-660H/HW/W-T Series User’ Guide 37 List of Tables[...]

  • Page 38

    P-660H/HW/W-T Series User’ Guide Preface 38 Preface Congratulations on y our purchase of t he P-660H/HW/W T series ADSL 2+ gateway . P-660W and P-660HW come with biult-in IEEE 802. 1 1g wireless capability allowing wireless connectivity . P-660H and P-660HW have a 4-port switch that allows you to connect up to 4 computers to the Prestige with out[...]

  • Page 39

    P-660H/HW/W-T Series User’ Guide 39 Preface • W eb Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information. • ZyXEL Glossary and W eb Site Please refer to www .zyxel.com for a n online gl ossary of netw orking terms and additional support documentation. User Guide Feedback Help us help y[...]

  • Page 40

    P-660H/HW/W-T Series User’ Guide Introduction to DSL 40 Introduction to DSL DSL (Digital Subscriber Line) te chnology enhances the data ca pacity of the existing twisted- pair wire that runs betwee n the local telephone co mpany switching of fi ces and most homes and offices. While the wire itself can handle higher frequencies, the telephone swit[...]

  • Page 41

    P-660H/HW/W-T Series User’ Guide 41 Introduction to DSL[...]

  • Page 42

    P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 42 C HAPTER 1 Getting T o Know Y our Prestige This chapter describes the key features and applications of your Prestige . 1.1 Introducing the Prestige The Prestige is an ADSL2+ gateway that allows super-fast, secure Internet access over analog (POTS) or digital (ISDN) telep[...]

  • Page 43

    P-660H/HW/W-T Series User’ Guide 43 Chapter 1 G etting To Know Your Pres tige Note: See the product specifications in t he appendix for deta iled features and standards support. High Speed Internet Access Y our Prestige ADSL/ADSL2/ADSL2+ router can support downstream transmission rates of up to 24Mbps and upst ream tran smission rates of 3 .5Mbps[...]

  • Page 44

    P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 44 Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the Pr estige and other UPnP enable d devices can dynamically join a network, obtain an IP addr ess and convey its capab ilities to other devices on the network. PPPoE (RFC2516) PPPoE (Point-to-Point Pro [...]

  • Page 45

    P-660H/HW/W-T Series User’ Guide 45 Chapter 1 G etting To Know Your Pres tige Packet Filters The Prestige's packet filtering functions a llows added network security and management. Housing Y our Prestige's compact and ven tilated housing minimizes space requirements making it easy to position anywhere in your busy office. 4-Port Switch[...]

  • Page 46

    P-660H/HW/W-T Series User’ Guide Chapter 1 Getting To Kn ow Your Prestige 46 1.3 Applications for the Prestige Here are some example uses for which the Prestig e is well suited. App lication graphics shown are for the P-660W . 1.3.1 Protected Internet Access The Prestige is the ideal high-speed Internet acc ess solution. It is comp atible with al[...]

  • Page 47

    P-660H/HW/W-T Series User’ Guide 47 Chapter 1 G etting To Know Your Pres tige The following table describes the LEDs. 1.5 Hardware Connection Refer to the Quick S tart Guide for in formation on hard ware connection. Table 2 Front Panel LEDs LED COLOR ST ATUS DESCRIPTION PWR/SYS Green On The Prestige is receiv i ng power and functioning properly .[...]

  • Page 48

    P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 48 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator . 2.1 W eb Configurator Overview The web configurator is an HTML-based mana gement interface that allows easy Prestige setup and management via Internet[...]

  • Page 49

    P-660H/HW/W-T Series User’ Guide 49 Chapter 2 Introducing the Web Configurator Figure 3 Password Screen 6 It is highly recommended you change th e default password! Enter a new password between 1 and 30 characters, re type it to confirm and click Apply ; alternatively click Ignore to proceed to the main menu if you do not want to change the passw[...]

  • Page 50

    P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 50 2.1.3 Navigating the We b Configurator The following summarizes how to navigate the web configurator from th e SITE MAP screen. W e use the Prestige 660W -T1 web screens in this guide as an example. Screens vary slightly for different Prestige models. • Click W izar[...]

  • Page 51

    P-660H/HW/W-T Series User’ Guide 51 Chapter 2 Introducing the Web Configurator Wireless LAN (P-660W / P- 660HW only) Wireless Use this screen to conf igure the wireless LAN se ttings. MAC Filter Use this screen to change MA C filter settings on the Prestige. 802.1x/WP A Use this screen to configure WLAN authenti cation and secu rity settings. Loc[...]

  • Page 52

    P-660H/HW/W-T Series User’ Guide Chapter 2 Introducing the Web Configur ator 52 2.2 Change Login Password It is highly recommended that you periodic ally change the password for accessing the Prestige. If you didn’ t chan ge the default one after yo u logged in or yo u want to change to a new password again, then click Password in the Site Map [...]

  • Page 53

    P-660H/HW/W-T Series User’ Guide 53 Chapter 2 Introducing the Web Configurator T able 4 Passwo rd LABEL DESCRIPTION Old Password T ype the default password or the ex isting password you use to acces s the system in this field. New Password T ype the new password in this field. Retype to Confirm T ype the new password again in this field. Apply Cl[...]

  • Page 54

    P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 54 C HAPTER 3 W izard Setup for Internet Access This chapter provides informatio n on the W izard Setup scree ns for Internet access in the web configurator . 3.1 Introduction Use the W izard Setup screens to configure your system for Internet access with the information[...]

  • Page 55

    P-660H/HW/W-T Series User’ Guide 55 Chapter 3 Wiz ard Setup f or Internet Ac cess 2 The next wizard screen varies depending on wh at mode and encapsulatio n type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. Figure 8 Internet Connection with PPPoE The following table describes the fields in thi[...]

  • Page 56

    P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 56 Figure 9 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 6 Internet Connection with PPPoE LABEL DESCRIPTION Service Name T ype the name of your PPPoE service here. User Name Enter the user name exactly as yo ur ISP assi[...]

  • Page 57

    P-660H/HW/W-T Series User’ Guide 57 Chapter 3 Wiz ard Setup f or Internet Ac cess Figure 10 Internet Connection with ENET ENCAP The following table describes the fields in this screen. Back Click Back to go back to the first wizard screen. Next Click Next to continue to the next wizard screen. Table 8 Internet Connection with ENET ENCAP LABEL DES[...]

  • Page 58

    P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 58 Figure 1 1 Internet Connect ion w ith PPPoA The following table describes the fields in this screen. Table 9 Internet Connection with PPPoA LABEL DESCRIPTION User Name Enter the logi n name that your ISP gives you. Password Enter the password associated with the user [...]

  • Page 59

    P-660H/HW/W-T Series User’ Guide 59 Chapter 3 Wiz ard Setup f or Internet Ac cess 3 V erify the settings in the screen shown next. T o change the LAN information on the Prestige, click Change LAN Configurations . Otherwise cli ck Save Settings to save the configuration and skip to the section 3.13. Figure 12 Internet Access Wizard Setup: Third Sc[...]

  • Page 60

    P-660H/HW/W-T Series User’ Guide Chapter 3 Wizard Setup for Internet Acces s 60 The following table describes the fields in this screen. 4 The Prestige automatically tests the connectio n to the computer(s) connected to the LAN ports. T o test the connection from the Prestige to the ISP , click S tart Diagnose . Otherwise click Return to Main Men[...]

  • Page 61

    P-660H/HW/W-T Series User’ Guide 61 Chapter 3 Wiz ard Setup f or Internet Ac cess[...]

  • Page 62

    P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 62 C HAPTER 4 LAN Setup This chapter describes how to configure LAN settings. 4.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached. A LAN is a computer network lim ited to the immediate area, usually the same building or floor of a b[...]

  • Page 63

    P-660H/HW/W-T Series User’ Guide 63 Chapter 4 LAN Setup 4.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows in dividual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige provides the TC[...]

  • Page 64

    P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 64 There are two ways that an ISP disseminates the DNS serve r addresses. • The ISP tells you the DNS server addresses, us ually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, enter them in the DNS Server fields in the LAN Setup screen. • [...]

  • Page 65

    P-660H/HW/W-T Series User’ Guide 65 Chapter 4 LAN Setup 4.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your ne tworks are isolate d from the Internet, for example, only between your two branch of fices, you can assign any IP addresses to the hosts without problems. However , the Internet Assigned Number[...]

  • Page 66

    P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 66 4.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the networ k - not everybody and not just 1. IGMP (Internet Group[...]

  • Page 67

    P-660H/HW/W-T Series User’ Guide 67 Chapter 4 LAN Setup Figure 16 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dy namic IP address or a static IP address that is in the same subnet as the Prestige’ s IP addres s. Note: Y ou must enable NA T/SUA to use the Any IP feature on the Prestige. 4.2.4.1 How Any IP Work[...]

  • Page 68

    P-660H/HW/W-T Series User’ Guide Chapter 4 LAN Setup 68 4.3 Configuring LAN Click LAN to open the LAN Setup screen. See Section 4.1 on page 62 for background information. Figure 17 LAN Setup The following table describes th e fields in this screen. Table 11 LAN Setup LABEL DESCRIPTION DHCP DHCP If set to Server , your Prestige ca n assign IP addr[...]

  • Page 69

    P-660H/HW/W-T Series User’ Guide 69 Chapter 4 LAN Setup Size of Client IP Pool This field specifies the size or count of the IP address pool. Primary DNS Server Enter the IP addresses of the DNS se rvers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Secondary DNS Server As above. Remote DHCP Server[...]

  • Page 70

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 70 C HAPTER 5 W ireless LAN This chapter discusses how to configure the W i reless LAN screens for P-660HW or P-660W . 5.1 Wireless LAN Introduction A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-p eer network or as complex as a number [...]

  • Page 71

    P-660H/HW/W-T Series User’ Guide 71 Chapter 5 Wireless LAN • Use RADIUS authentication if you have a RADIUS server . See the appendices for information on pro tocols used when a client authenticates with a RADIUS server via the Prestige. • Use the Local User Database if you have less than 32 wireless client s in your network. The Prestige use[...]

  • Page 72

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 72 Figure 18 Wirele ss LAN The following table describes the links in this screen. The following figure shows th e relative effectiveness of th ese wireless security methods available on your Prestige. Table 12 Wireless LAN LINK DESCRIPTION Wireless Click this link to go to a screen where yo[...]

  • Page 73

    P-660H/HW/W-T Series User’ Guide 73 Chapter 5 Wireless LAN Figure 19 Wireless Secu rity Method s Note: Y ou must enable the same wireless securi ty settings on the Prestige and on all wireless clients that you w ant to associate with it. If you do not enable any wireless security on your Prestige, your network is accessible to any wireless networ[...]

  • Page 74

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 74 Figure 20 Wireless Sc reen The following table describes the labels in this screen. Table 13 Wirel ess LAN LABEL DESCRIPTION Enable Wireless LAN Y ou shoul d configure some wireless security (see Fig ure 19 on page 73 ) when you enable the wireless LAN. Sele ct the check box to enable the[...]

  • Page 75

    P-660H/HW/W-T Series User’ Guide 75 Chapter 5 Wireless LAN Note: If you are configuring the Prestige from a computer connecte d to the wireless LAN and you change the Prestige’s ESSID or security settings (see F igure 19 on page 73 ), you will lose your wirele ss connection when you p ress Apply to confirm. Y ou must then change the wireless se[...]

  • Page 76

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 76 Note: Be careful not to list your computer’s MAC address and set the Action field to Deny Association when managing the Prestige vi a a wireless conne ction. This would lock you out. Figure 21 MAC Filter The following table describes the fields in this menu. Table 14 MAC Filter LABEL DE[...]

  • Page 77

    P-660H/HW/W-T Series User’ Guide 77 Chapter 5 Wireless LAN 5.6 Introduction to WP A W i-Fi Protec ted Access (WP A) is a subset of th e IEEE 802.1 1i standard. WP A is preferred to WEP as WP A has user authe ntication and improv ed data encryption. See the appendix f or more information on WP A user authentication and WP A encryption. If you don?[...]

  • Page 78

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 78 Figure 22 WP A - PSK Authentication 5.6.2 WP A with RADIUS Application Example Y ou need the IP address, port number (default is 1812) and s hared secret of a RADIUS server . A WP A application example with an external RADIUS server looks as follows. "A" is the RADIUS server . &[...]

  • Page 79

    P-660H/HW/W-T Series User’ Guide 79 Chapter 5 Wireless LAN Figure 23 WP A with RADIUS Application Example2 5.6.3 Wireless Client WP A Supplicant s A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the mo st widely availa ble supplicants are the WP[...]

  • Page 80

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 80 5.7.1 No Access Allowe d or Authentication Select No Access Allowed or No Authentication Required in the Wire less Port Control field. Figure 24 Wireless LAN: 802.1x/WP A: No Access Allowed Figure 25 Wireless LAN: 802.1x/WP A: No Authentication The following table describes the label in t[...]

  • Page 81

    P-660H/HW/W-T Series User’ Guide 81 Chapter 5 Wireless LAN • A computer with an IEEE 802.1 1 a/b/g wi rel ess LAN adapter and equipped with a web browser (with JavaScript enabled) and/or T e lnet. • A wireless station computer must be runn ing IEEE 802.1x-compliant software. Not all W indows operating systems support IEEE 802.1x (see the Micr[...]

  • Page 82

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 82 Note: Once you enable user auth entication, y ou need to specify an external RADIUS server or create local user account s on the Prestige for authentication. 5.7.3 Authentication Required: WP A Select Authentication Required in the Wir eless Port Control field and WP A in the Key Manageme[...]

  • Page 83

    P-660H/HW/W-T Series User’ Guide 83 Chapter 5 Wireless LAN See Section 5.6 on page 7 7 for more information. Figure 27 Wireless LAN: 802.1x/WP A: WP A The following table describes the labe ls not previously discussed. Table 17 Wireless LAN: 802.1x/WP A: WP A LABEL DESCRIPTION Key Management Protocol Choose WP A in this field. WP A Mixed Mode The[...]

  • Page 84

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 84 5.7.4 Authentication Required: WP A-PSK Select Authentication Required in the Wireless Port Contr ol field and WP A-PSK in the Key Management Protocol field to display the next screen. See Section 5.6 on page 7 7 for more information. Figure 28 Wireless LAN: 802.1x/WP A:WP A-PSK The follo[...]

  • Page 85

    P-660H/HW/W-T Series User’ Guide 85 Chapter 5 Wireless LAN 5.8 Configuring Local User Authentication By storing user profiles locally , your Prestige is able to authenticate wireless users without interacting with a network RADIUS server . However , there is a limit on the number of users you may authentica te in this way . T o change your Presti[...]

  • Page 86

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 86 Figure 29 Local User Database The following table describes th e fields in this screen. Table 19 Local User Database LABEL DESCRIPTION # This is the index number of a local user account. Active Se lect this check box to enable the user profile. User Name Enter a user name of up to 31 alph[...]

  • Page 87

    P-660H/HW/W-T Series User’ Guide 87 Chapter 5 Wireless LAN 5.9 Configuring RADIUS T o set up your Prestige’ s RADIUS server settings, click WIRELESS LAN , RADIUS . The screen appears as shown. Figure 30 RADIUS The following table describes th e fields in this screen. Table 20 RADIUS LABEL DESCRIPTION Authentication Server Active Select Ye s fro[...]

  • Page 88

    P-660H/HW/W-T Series User’ Guide Chapter 5 Wireless LAN 88 Port Number The default port of the RADIUS server for accounting is 1813 . Y ou need not chan ge this value unless your network administrator instructs you to do so with additional information. Shared Secret Enter a password (up to 31 alp hanumeric characters) as the key to be shared betw[...]

  • Page 89

    P-660H/HW/W-T Series User’ Guide 89 Chapter 5 Wireless LAN[...]

  • Page 90

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 90 C HAPTER 6 W AN Setup This chapter describes how to configure W AN settings. 6.1 W AN Overview A W AN (W ide Area Network) is an outside conn ection to another network or the Intern et. 6.1.1 Encap sulation Be sure to use the encapsulat ion method required by your IS P . The Prestige support[...]

  • Page 91

    P-660H/HW/W-T Series User’ Guide 91 Chapter 6 WAN Setup 6.1.1.4 RFC 1483 RFC 1483 describes two methods for Multipro tocol Encapsulation over A TM Adaptation Layer 5 (AAL5). The first method allows mult iplexing of multiple protocols over a single A TM virtual circuit (LLC-based multiplexing ) and the second method assumes that each protocol is c[...]

  • Page 92

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 92 6.1.4.2 IP Assignment wi th RFC 1483 Encap sulation In this case the IP Address Assignment must be static with the same requirements for the IP Address an d ENET ENCAP Gateway fields a s stated above. 6.1.4.3 IP Assignment with ENET ENCAP Encap sulation In this case you can have either a sta[...]

  • Page 93

    P-660H/HW/W-T Series User’ Guide 93 Chapter 6 WAN Setup For example, if the normal route has a metric of "1" and the traffic-redirect route has a metric of "2" and dial-backup route has a metric of "3", then the normal route acts as the primary default route. If the normal rout e fails to connect to the Intern et, th[...]

  • Page 94

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 94 Peak Cell Rate (PCR) is the maximum rate at wh ich the sender can send cells. This parameter may be lower (but not hig her) than the maximum line speed. 1 A TM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximu m PCR of 1962 cells/sec. This rate is not guaranteed becau[...]

  • Page 95

    P-660H/HW/W-T Series User’ Guide 95 Chapter 6 WAN Setup 6.6 The Main W AN Screen Click WA N in the navigation pane l to display the man WA N screen. See Section 6.1 on page 9 0 for more information. Figure 32 WA N The following table describes the links in this screen. 6.7 Configuring W AN Setup T o change your Prestige’ s W A N remote node set[...]

  • Page 96

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 96 Figure 33 W AN Setup (PPPoE) The following table describes th e fields in this screen. Table 22 WAN S e t u p LABEL DESCRIPTION Name Enter the name of your Internet Service Provider , e.g., MyISP . This information is for identification purpose s only . Mode Select Routing (default) from the[...]

  • Page 97

    P-660H/HW/W-T Series User’ Guide 97 Chapter 6 WAN Setup Encapsulation Selec t the method of encapsulatio n used by your ISP from the drop-down list box. Choices vary depending on the mode you select in th e Mode field. If you select Bridge in the Mode field, select either PPPoA or RFC 1483 . If you select Routing in the Mode field, select PPPoA ,[...]

  • Page 98

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 98 6.8 T raffic Redirect T raf fic redirect forwards traffic to a backup gateway when the Prestige cannot connect to the Internet. An exampl e is shown in th e figure below . Connect on Demand Select Connect on Demand when you don't want the co nnection up all the ti me and specify an idle[...]

  • Page 99

    P-660H/HW/W-T Series User’ Guide 99 Chapter 6 WAN Setup Figure 34 T raf fic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is co nnected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the Prestige itself as the gateway for each LAN n[...]

  • Page 100

    P-660H/HW/W-T Series User’ Guide Chapter 6 WAN Setup 100 Figure 36 W AN Backup The following table describes th e fields in this screen. Table 23 WAN B a c k u p LABEL DESCRIPTION Backup T yp e Select the method that the Pr esti ge uses to check the DSL connection. Select DSL Link to have the Prestige check if the connection to the DSLAM is up. S[...]

  • Page 101

    P-660H/HW/W-T Series User’ Guide 101 Chapter 6 WAN Setup T imeout T ype the numbe r of seconds (3 recommended) for your Prestige to wait for a ping response from one of the IP addresses in the Check W AN IP Address field before timing out the request. The WAN connection is considered "down" after the Prestige times out the number of tim[...]

  • Page 102

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 102 C HAPTER 7 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the Prestige. 7.1 NA T Overview NA T (Network Address Translation - NA T , RFC 1631) is the translation of the IP address of a host in a packet, for exampl[...]

  • Page 103

    P-660H/HW/W-T Series User’ Guide 103 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side. When the resp onse come[...]

  • Page 104

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 104 Figure 37 How NA T Works 7.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the Prestige can communicate with three distinct W AN networks. More examples follow a[...]

  • Page 105

    P-660H/HW/W-T Series User’ Guide 105 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.1.5 NA T Mapping T ypes NA T supports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the Prestige maps one local IP address to one global IP address. • Many to One : In Many-to-One mode, the Prestige maps multiple local [...]

  • Page 106

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 106 7.2 SUA (Single User Account) V ersus NA T SUA (Single User Account) is a ZyNOS implemen tation of a subset of NA T that supports two types of mapping, Many-to-One and Server . The Prestige also supports Full Feature NA T to map multiple global IP addresse s[...]

  • Page 107

    P-660H/HW/W-T Series User’ Guide 107 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.3.3 Configuring Ser vers Behind SUA (Example) Let's say you want to assign po rts 21-25 to one FTP , T elnet and SMTP server (A in the example), port 80 to another (B in the exam ple) and assign a default server IP address of 192.168.1.35 to a thir[...]

  • Page 108

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 108 Figure 40 NA T Mode The following table describes the labels in this screen. 7.5 Configuring SUA Server Set If you do not assign an IP address in Server Set 1 (default server) the Prestige discards all packets received for ports that are not specif ied here [...]

  • Page 109

    P-660H/HW/W-T Series User’ Guide 109 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Figure 41 Edit SUA/NA T Server Set The following table describes th e fields in this screen. T able 28 Edit S UA/NA T Server Set LABEL DESCRIPTION S t art Port No. Enter a port number in this field. T o forward only one port, enter the po rt number again [...]

  • Page 110

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 110 7.6 Configuring Address Mapping Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the current pack e t, the Prestige takes the corresponding action and the remaining rules are i[...]

  • Page 111

    P-660H/HW/W-T Series User’ Guide 111 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens 7.7 Editing an Address Mapping Rule T o edit an address mapping rule, c lick the rule’ s link in the NA T Address Mapping Rules screen to display the screen sh own next. Ty p e 1-1 : One-to-one mode maps one local IP address to one glo bal IP address. N[...]

  • Page 112

    P-660H/HW/W-T Series User’ Guide Chapter 7 Network Address Translatio n (NAT) Screens 112 Figure 43 Edit Address Mapping Rule The following table describes th e fields in this screen. Table 30 Edit Address Ma pping Rule LABEL DESCRIPTION Ty p e Ch oose the port mapping type from one of the fo llowing. • One-to-One : One-to-One mode maps one loc[...]

  • Page 113

    P-660H/HW/W-T Series User’ Guide 113 Chapt er 7 Network Ad dress Transla tion (NAT) Scr eens Cancel Click Cancel to return to the pr eviously saved settings. Delete Click Delete to exi t this screen without savin g. Table 30 Edit Address Mappin g Rule (continued) LABEL DESCRIPTION[...]

  • Page 114

    P-660H/HW/W-T Series User’ Guide Chapter 8 Dynamic DNS Setup 114 C HAPTER 8 Dynamic DNS Setup This chapter discusses how to configure your Prestige to use Dynamic DNS. 8.1 Dynamic DNS Overview Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU[...]

  • Page 115

    P-660H/HW/W-T Series User’ Guide 115 Chapter 8 Dynamic DNS Setup Figure 44 Dynamic DNS The following table describes th e fields in this screen. Table 31 Dynamic DNS LABEL DESCRIPTION Active Select this check box to use dynamic DNS. Service Provider This is the name of your Dyn amic DNS service pr ovider . Host Names T ype the domain name assigne[...]

  • Page 116

    P-660H/HW/W-T Series User’ Guide Chapter 9 Time and Date 116 C HAPTER 9 T ime and Date This screen is not available on all models. Us e this screen to configur e the Prestige’ s time and date settings. 9.1 Configuring T ime and Date T o change your Prestige’ s time and date, click Time And Date . The screen appears as shown. Use this screen t[...]

  • Page 117

    P-660H/HW/W-T Series User’ Guide 117 Chapter 9 Time and Date Table 32 T ime a nd Date LABEL DESCRIPTION T ime Server Use Protocol when Bootup Select the time service protocol that your time server sends w hen you turn on the Prestige. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use t[...]

  • Page 118

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 118 C HAPTER 10 Firewalls This chapter gives some backgr ound information on firewalls and introduces the Prestige firewall. 10.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . The ne two[...]

  • Page 119

    P-660H/HW/W-T Series User’ Guide 119 Chapter 10 Firewalls 10.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers. Since they use programs written for specific Internet servic es, such as HTTP, FTP and tel net, they can evaluate network packets for valid applicatio n-sp ecific da[...]

  • Page 120

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 120 • The LAN (Local Area Network) port attache s to a network of compute rs, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b. However , “inbound access” will not be allowed unless you co[...]

  • Page 121

    P-660H/HW/W-T Series User’ Guide 121 Chapter 10 Firewalls 10.4.2 T ypes of DoS Atta cks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 " Ping of Death " a[...]

  • Page 122

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 122 Figure 47 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgme[...]

  • Page 123

    P-660H/HW/W-T Series User’ Guide 123 Chapter 10 Firewalls (ICMP) echo request packets (pin gs). Since the destination IP address of each packet is the broadcast address of the network, the router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo reque[...]

  • Page 124

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 124 All SMTP commands are illegal except for tho se displayed in the following tables. 10.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at tacker can traceroute [...]

  • Page 125

    P-660H/HW/W-T Series User’ Guide 125 Chapter 10 Firewalls Figure 50 S tateful Inspection The previous figure shows the Prestige’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d. However other T e lnet tr[...]

  • Page 126

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 126 temporary entries might be modified, in order to permit only packets that are valid for the current state o f the conn ection. 8 Any additional inbound or outb ound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound acces[...]

  • Page 127

    P-660H/HW/W-T Series User’ Guide 127 Chapter 10 Firewalls When the Prestige receives any subsequent packet (from the In ternet or from the LAN), its connection information is extracted and checked against the cache. A packet is only allowed to pass through if it corresponds to a valid connection (that is, if i t is a response to a connection whic[...]

  • Page 128

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 128 • Limit who can telnet into your router . • Don't enable any local service (such as SN MP or NTP) that you don't use. An y enabled service could present a potential sec urity risk. A determined hacker might be able to find creative ways to misuse the enabled services to acces[...]

  • Page 129

    P-660H/HW/W-T Series User’ Guide 129 Chapter 10 Firewalls • Always shred confidential in formation, particularly about your computer , before throwing it away . Some hackers dig through the trash of companies or individuals for information that might he lp them in an attack. 10.7 Packet Filtering Vs Firewall Below are some comparisons between t[...]

  • Page 130

    P-660H/HW/W-T Series User’ Guide Chapter 10 Firewalls 130 • A range of source an d destination IP address es as well as port numbers can be specified within one firewall rule making the fire wall a better choice when complex rules are required. • T o selectively block/allow inbound or outbou nd traf fic between inside host/networks and outsid[...]

  • Page 131

    P-660H/HW/W-T Series User’ Guide 131 Chapter 10 Firewalls[...]

  • Page 132

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 132 C HAPTER 11 Firewall Configuration This chapter shows you how to enable and configure the Prestige firewall. 1 1.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your Prestige has to offer . For this reason, it is reco mme[...]

  • Page 133

    P-660H/HW/W-T Series User’ Guide 133 Chapter 11 Firewall Configuration Note: If you configure firewall rules wit hout a good underst anding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network. Make sure you test your rules af ter you configure t hem. For example, you may create rules t[...]

  • Page 134

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 134 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to t he LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does thi[...]

  • Page 135

    P-660H/HW/W-T Series User’ Guide 135 Chapter 11 Firewall Configuration The default rule for W AN to LAN traffic bloc ks all incoming connections (W AN to LAN). If you wish to allow certain W AN users to have access to your LAN, you will need to create custom rules to allow it. 1 1.4.2 Alerts Alerts are reports on events, such as attacks, that you[...]

  • Page 136

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 136 1 1.6 Rule Summary Note: The ordering of your rule s is very import ant as rules are app lied in turn. Refer to Section 10.1 on page 1 18 for more information. Click on Fire wall , then Rule Summary to bring up the following screen. This screen is a summary of the existing ru[...]

  • Page 137

    P-660H/HW/W-T Series User’ Guide 137 Chapter 11 Firewall Configuration Figure 52 Firewall: Rule Summary The following table describes the labels in this screen. Table 38 Rule Summary LABEL DESCRIPTION Firewall Rules S torage S pace in Use This read-only bar shows how much of the Prestige' s memory for recording fire wall rules it is currentl[...]

  • Page 138

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 138 1 1.6.1 Configuring Firewall Rules Refer to Section 10.1 on page 1 18 for more information. Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule be[...]

  • Page 139

    P-660H/HW/W-T Series User’ Guide 139 Chapter 11 Firewall Configuration Figure 53 Firewall: Edit Rule The following table describes the labels in this screen.[...]

  • Page 140

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 140 Table 39 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule. Action for Matched Packet Use the radio button to select whether to disca rd ( Block ) o r allow the passage of ( Forward ) packets that match this rule. Source/Destination[...]

  • Page 141

    P-660H/HW/W-T Series User’ Guide 141 Chapter 11 Firewall Configuration 1 1.7 Customized Services Configure customized services and port numbers not predefined by the Prestige. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. For further inform ation on these services, please read [...]

  • Page 142

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 142 Refer to Section 10.1 on page 1 18 for more information. Figure 55 Firewall: Configure Customized Services The following table describes the labels in this screen. 1 1.9 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical “My Service?[...]

  • Page 143

    P-660H/HW/W-T Series User’ Guide 143 Chapter 11 Firewall Configuration Figure 56 Firewall Example: Rule Summary 3 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type “6”, your new rule becomes number 6 and the previous rule 6 (i f there is one) becomes rule 7. 4 Click Inser t to displ[...]

  • Page 144

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 144 Figure 57 Firewall Example: Edit Ru le: Des tination Addres s 7 In the Edit Rule screen, click the Customized Servic es link to open the Customized Service screen. 8 Click an index numb er to display the Customized Services -Config screen and configure the screen as follows a[...]

  • Page 145

    P-660H/HW/W-T Series User’ Guide 145 Chapter 11 Firewall Configuration Figure 59 Firewall Example: Edit Rule: Select Customized Services Note: Custom ports show up with an “*” before their names in the Services list b ox and the Rule Summary list box. Click Apply af ter you’ve created your custom port. On completing the configuration proced[...]

  • Page 146

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 146 Rule 2 allows a “My Service” connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. Figure 60 Firewall Example: Rule Summary: My Service 1 1.10 Predefined Services The A vailable Services list box in the Edit Rule screen (see Section 1 1.6.1 on [...]

  • Page 147

    P-660H/HW/W-T Series User’ Guide 147 Chapter 11 Firewall Configuration CU-SEEME(TCP/UDP:7648, 24032) A popular videocon ferencing solution from White Pines So ftware. DNS(UDP/TCP:53) Domain Name Server , a service that matches web names (e.g. www .zyxel.com ) to IP numbers. FINGER(TCP:79) Finger is a UNIX or Internet rela ted command that can be [...]

  • Page 148

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 148 1 1.1 1 Anti-Probing If an outside user attempts to probe an unsupp orted port on your Prestige, an ICMP respon se packet is automatically returned. This allows the outside user to know the Prestige exists. The Prestige supports anti-probing, which prevents the ICMP response [...]

  • Page 149

    P-660H/HW/W-T Series User’ Guide 149 Chapter 11 Firewall Configuration Figure 61 Firewall: Anti Probing The following table describes the labels in this screen. 1 1.12 DoS Thresholds For DoS attacks, the Prestige uses thresholds to dete rmine when to drop sessions that do not become fully established. These threshol ds apply globally to all sessi[...]

  • Page 150

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 150 1 1.12.1 Threshold V alues T une these parameters when some thing is not working and after y ou have checked the firewall counters. These default values sh ould work fine for most small offices. Factors influencing choices for threshold values are: • The maximum number of o[...]

  • Page 151

    P-660H/HW/W-T Series User’ Guide 151 Chapter 11 Firewall Configuration Whenever the number of half-o pen sessions with the same destin ation host address rises a bove a threshold ( TCP Maximum Incomplete ), the Prestige starts deleting half-open sessions according to one of the following methods: • If the Blocking Time timeout is 0 (the default[...]

  • Page 152

    P-660H/HW/W-T Series User’ Guide Chapter 11 Firewall Configurat ion 152 Table 44 Firewall: Thre shold LABEL DESCRIPTION DEF AUL T V ALUES Denial of Service Thresholds One Minute Low This is the rate of new half-open sessions that causes the firewall to stop deleting hal f-open sessions. The Prestige continues to delete half-open sessions as neces[...]

  • Page 153

    P-660H/HW/W-T Series User’ Guide 153 Chapter 11 Firewall Configuration Deny new connection request for Select this radio button and specify for how long the Prestige should block new connection requests when TCP Maximum Incomplete is reached. Enter the length of blocking time in minutes (between 1 and 256). Back Click Back to return to the previo[...]

  • Page 154

    P-660H/HW/W-T Series User’ Guide Chapter 12 Content Filtering 154 C HAPTER 12 Content Filtering This chapter covers how to configure content filtering. 12.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ab ility to block web s[...]

  • Page 155

    P-660H/HW/W-T Series User’ Guide 155 Chapter 12 Content Filtering 12.3 Configuring Keyword Blocking Use this screen to block sites containing certai n keywords in the URL. For example, if you enable the keyword "bad", the Prestige blocks all sites contai ning this keyword including the URL http://www .website.com/bad.html, even if it is[...]

  • Page 156

    P-660H/HW/W-T Series User’ Guide Chapter 12 Content Filtering 156 12.4 Configuring the Schedule T o set the days and times for the Prestige to perform content filtering, click Conten t Filter and Schedule . The screen appears as shown. Figure 65 Content Filter: Schedule The following table describes the labels in this screen. 12.5 Configuring T r[...]

  • Page 157

    P-660H/HW/W-T Series User’ Guide 157 Chapter 12 Content Filtering Figure 66 Content Filter: T rusted The following table describes the labels in this screen. Table 48 Content Filter: T rusted LABEL DESCRIPTION T rusted User IP Range From T y pe the IP address of a compute r (or the beginning IP addre ss of a specific range of computers) on the LA[...]

  • Page 158

    P-660H/HW/W-T Series User’ Guide Chapter 13 Remote M anagement Configura tion 158 C HAPTER 13 Remote Management Configuration This chapter provides information on config uring remote management. 13.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from whi[...]

  • Page 159

    P-660H/HW/W-T Series User’ Guide 159 Chapter 13 Remote Manag ement Configuration • A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP[...]

  • Page 160

    P-660H/HW/W-T Series User’ Guide Chapter 13 Remote M anagement Configura tion 160 13.3 FTP Y ou can upload and download Prestige firmware and configuration files using FTP . T o use this feature, your computer must have an FTP client. 13.4 W eb Y ou can use the Prestige’ s embedded web configur ator for configuration and file management. See th[...]

  • Page 161

    P-660H/HW/W-T Series User’ Guide 161 Chapter 13 Remote Manag ement Configuration[...]

  • Page 162

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 162 C HAPTER 14 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor . 14.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer n[...]

  • Page 163

    P-660H/HW/W-T Series User’ Guide 163 Chapter 14 Universa l Plug-and-Play (UPnP) 14.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues. Network information and configuration may also be obtained and mo difi ed by users in some[...]

  • Page 164

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 164 14.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP . Inst alling UPnP in Windows Me Follow the steps below to inst all the UPnP in W indows Me. 1 Click St a r t and Control Panel . Double-click Add/Remove Pr[...]

  • Page 165

    P-660H/HW/W-T Series User’ Guide 165 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 70 Add/Remove Programs: Windows Setup : Communication 3 In the Communications window , select the Universal Plug and Play check box in th e Components selection box. Figure 71 Add/Remove Programs: Windows Setup : Communication: Component s 4 Click OK to go back[...]

  • Page 166

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 166 Inst alling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP . 1 Click St a r t and Control Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Com[...]

  • Page 167

    P-660H/HW/W-T Series User’ Guide 167 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 73 Windows Op tional Networ king Compon ents Wizard 5 In the Networking Services window , se lect the Universal Plug and Play check box.[...]

  • Page 168

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 168 Figure 74 Networking Servic es 6 Click OK to go back to the W indows Optional Networking Component Wizard window and click Next . 14.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPn P feature in W indows XP . Y ou must already have UPnP in[...]

  • Page 169

    P-660H/HW/W-T Series User’ Guide 169 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 75 Network Connections 3 In the Internet Connection Properties window , click Settings to see the port mappings there were automatically created.[...]

  • Page 170

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 170 Figure 76 Internet Co nnection Prop erties 4 Y ou may edit or delete the port mappings or click Add to manually add port mappings.[...]

  • Page 171

    P-660H/HW/W-T Series User’ Guide 171 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 77 Internet Connection Properties: Advanced Settin gs Figure 78 Internet Connection Pr operties: Advanced Settings: Add 5 When the UP nP-enabled device is disco nnected from your computer , all port mappings will be deleted automatically . 6 Select Show icon in[...]

  • Page 172

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 172 Figure 79 System T ray Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection sta tus. Figure 80 Internet Conne ction S tatus Web Configurator Eas y Access W ith UPnP , you can access the web-based configur a tor on the Prestige w ithout findin[...]

  • Page 173

    P-660H/HW/W-T Series User’ Guide 173 Chapter 14 Universa l Plug-and-Play (UPnP) Figure 81 Network Connections 4 An icon with the description for e ach UPnP-enabled device disp lays under Local Network . 5 Right-click on the icon for your Prestige and select Invoke . The web configurator login screen displays.[...]

  • Page 174

    P-660H/HW/W-T Series User’ Guide Chapter 14 Universa l Plug-and-Play (UPnP) 174 Figure 82 Network Con nections: M y Network Places 6 Right-click on the icon for your Prestige and select Pr operties . A properties window displays with basic information about the Prestige. Figure 83 Network Conn ections: My N etwork Plac es: Properties: Example[...]

  • Page 175

    P-660H/HW/W-T Series User’ Guide 175 Chapter 14 Universa l Plug-and-Play (UPnP)[...]

  • Page 176

    P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 176 C HAPTER 15 Logs Screens This chapter contains inform ation about configuring genera l log settings and viewing the Prestige’ s logs. Refer to the appendix for example log message explanations. 15.1 Logs Overview The web confi gurator allows you to choose which categories of events a[...]

  • Page 177

    P-660H/HW/W-T Series User’ Guide 177 Chapter 15 Log s Screens Figure 84 Log Settings The following table describes the fields in this screen. Table 51 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below . If this field is left blan k, logs and [...]

  • Page 178

    P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 178 15.3 Displaying the Logs Click Logs and then Vi e w L o g to open the Vi e w L o g s screen. Use the Vi e w L o g s screen to see the logs for the categorie s that you selected in the Log Settings screen (s ee Section 15.2 on page 176 ). Log entries in red indicate alerts . The log wra[...]

  • Page 179

    P-660H/HW/W-T Series User’ Guide 179 Chapter 15 Log s Screens Figure 85 Vi ew Logs The following table describes the fields in this screen. 15.4 SMTP Error Messages If there are d iffic ulties in se nding e-mail th e following erro r messages ap pear . E-mail error messages appear in SMT menu 24.3.1 as "SMTP action request failed. ret= ??&qu[...]

  • Page 180

    P-660H/HW/W-T Series User’ Guide Chapter 15 Logs Scree ns 180 15.4.1 Example E-mail Log An "End of Log" message displays for each ma il in which a complete log has been sent. The following is an example of a log sent by e-mail. • Y ou may edit the subject title. • The date format here is Day-Month-Y ear . • The date format here is[...]

  • Page 181

    P-660H/HW/W-T Series User’ Guide 181 Chapter 15 Log s Screens[...]

  • Page 182

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 182 C HAPTER 16 Media Bandwid th Management Advanced Setup This chapter describes bandwidth manage ment with one level of child class. 16.1 Media Bandwid th Management Overview Bandwidth management allo ws you to allocate an interface’ s outgoing capacity to[...]

  • Page 183

    P-660H/HW/W-T Series User’ Guide 183 Chapter 16 Med ia Bandwidth Management Adva nced Setup bandwidth filter. Y ou can co nfigure up to one ba ndwidth filter per bandwid th class. Y o u can also configure bandwidth classes without bandwidth filters. However , it is recommended that you configure child-classes with filters for any classes that you[...]

  • Page 184

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 184 Figure 88 Subnet-based Bandwid th Managemen t Example 16.4.3 Application and Subn et-based Bandwid th Management Example The following example uses bandwidth classes based on LAN subnets and applications (specific applications in each subnet ar e allotted [...]

  • Page 185

    P-660H/HW/W-T Series User’ Guide 185 Chapter 16 Med ia Bandwidth Management Adva nced Setup 16.5 Scheduler The scheduler divides up an interface’ s bandwi dth among the bandwidth classes. The Prestige has two types of schedule r: fair ness-based and priority-based. 16.5.1 Priority-based Scheduler W ith the priority-base d scheduler , the Presti[...]

  • Page 186

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 186 16.6.2 Maximize Ba ndwid th Usage Example Here is an example of a Prestige that has ma xi mized bandwidth usage ena bled on an interface. The first figure shows each bandwidth class’ s ba ndwidth budget an d pr iority . The classes are set up based on su[...]

  • Page 187

    P-660H/HW/W-T Series User’ Guide 187 Chapter 16 Med ia Bandwidth Management Adva nced Setup Figure 91 Maximize Bandwidth Usage Example 16.7 Bandwid th Borrowing Bandwidth borrowing allows a child -class to borrow unused bandwidth from its p arent class, whereas maximize bandwidth usage allows bandwidth classes to bo rrow any unused or unbudgeted [...]

  • Page 188

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 188 4 The Prestige assigns any remainin g unbudgeted bandwid th to traf fic that does not match any of the bandwidth classes. 16.8 The Main Media Bandwid th Management Screen Click Media Bandwidth Mgnt. to display the main Media Bandwidth Management screen as [...]

  • Page 189

    P-660H/HW/W-T Series User’ Guide 189 Chapter 16 Med ia Bandwidth Management Adva nced Setup Figure 93 Media Bandwid th Manageme nt: Summary The following table describes the labels in this screen. Table 56 Media Bandwid th Manag ement: Summary LABEL DESCRIPTION LAN WLAN WA N These read-only labels represent the physical inte rfaces. Select an int[...]

  • Page 190

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 190 16.10 Configuring Class Setup The class se tup screen displays the configured band width classes by individual interface. Select an interface and click the buttons to pe rform the actions describe d next. Click “+” to expand the class tree or click “[...]

  • Page 191

    P-660H/HW/W-T Series User’ Guide 191 Chapter 16 Med ia Bandwidth Management Adva nced Setup T o add a child class, click Media Bandwidth Management , then Class Setup . Click the Add Child-Class button to open th e following screen. Figure 95 Media Bandwid th Management: Class Configuration The following table describes the labels in this screen.[...]

  • Page 192

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 192 Active Select the check box to have the Presti ge use th is bandwidth filter when it performs bandwidth management. Service Y ou can select a pred efined serv ice instead of co nfiguring the Destination Port , Source Port and Protocol ID fields. SIP (Sessi[...]

  • Page 193

    P-660H/HW/W-T Series User’ Guide 193 Chapter 16 Med ia Bandwidth Management Adva nced Setup 16.10.2 Media Bandwid th Management St atistics Use the Media Bandwidth Management S tatistics screen to view network performance information. Click the S tatistics button in the Class Setup sc reen to open the St a t i s t i c s screen. Figure 96 Media Ba[...]

  • Page 194

    P-660H/HW/W-T Series User’ Guide Chapter 16 M edia Bandwidth Managemen t Advanced Setup 194 16.1 1 Bandwid th Monitor T o view the Prestige’ s bandwidt h usage and allotments, click Media Bandwidth Management , then Monitor . The screen appears as shown. Figure 97 Media Bandwid th Manageme nt: Monitor The following table describes the labels in[...]

  • Page 195

    P-660H/HW/W-T Series User’ Guide 195 Chapter 16 Med ia Bandwidth Management Adva nced Setup[...]

  • Page 196

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 196 C HAPTER 17 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 17.1 Maintenance Overview The maintenanc e screens can help you view system inform a tion, upload new firmware, manage configuratio n and restart your P[...]

  • Page 197

    P-660H/HW/W-T Series User’ Guide 197 Chapter 17 Maintenance Figure 98 System S tatus The following table describes th e fields in this screen. Table 62 System S tatus LABEL DESCRIPTION System S t atus System Name This is the name of your Prestige. It is for identification purposes.[...]

  • Page 198

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 198 17.2.1 System St atistics Click Show S tatistics in the System S tatus screen to open the following screen. Rea d-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s)[...]

  • Page 199

    P-660H/HW/W-T Series User’ Guide 199 Chapter 17 Maintenance Figure 99 System S tatus: Show S tatistics The following table describes th e fields in this screen. Table 63 System S tatus: Show S tatistics LABEL DESCRIPTION System up T ime This is the elapsed time the system has been up. CPU Load Th is field specifies the pe rcentage of CPU utilizat[...]

  • Page 200

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 200 17.3 DHCP T able Screen DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows in dividual clients to obtain TCP/IP configuration at star t-up from a server . Y ou can configure the Prestige as a DHCP server or disable it. When configured as a server, the Prestige prov[...]

  • Page 201

    P-660H/HW/W-T Series User’ Guide 201 Chapter 17 Maintenance 17.4 Any IP T able Screen Click Maintenance , Any IP . The Any IP table sho ws cu rrent read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicat e with the Prestige. Figure 101 Any IP T able The following table [...]

  • Page 202

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 202 Figure 102 Associa tion List The following table describes th e fields in this screen. 17.6 Diagnostic Screens These read-only screens display information to help you identify proble ms with the Prestige. 17.6.1 General Diagnostic Click Diagnostic and then General to open the screen sho [...]

  • Page 203

    P-660H/HW/W-T Series User’ Guide 203 Chapter 17 Maintenance Figure 103 Diagnostic: General The following table describes th e fields in this screen. 17.6.2 DSL Line Diagnostic Click Diagnostic and then DSL Line to o pen the screen shown next. T able 67 Diagnostic: General LABEL DESCRIPTION TCP/IP Address T y pe the IP address of a computer that y[...]

  • Page 204

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 204 Figure 104 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 68 Diagnostic: DSL Line LABEL DESCRIPTION Reset ADSL Line Click this button to reinitialize the ADSL line. The large text box above then displays the progress and results of this operation, fo[...]

  • Page 205

    P-660H/HW/W-T Series User’ Guide 205 Chapter 17 Maintenance 17.7 Firmware Upgrade Find firmware at www .zyxel.com in a file that (usually) uses the system model name with a.bin extension, for example, "Prestige.bi n". The upload proce ss uses HTTP (Hypertext T ransfer Protocol) and may take up to two minu tes. After a successful upload,[...]

  • Page 206

    P-660H/HW/W-T Series User’ Guide Chapter 17 Maintenance 206 The Prestige automatically restarts in this time causing a temporary networ k disconnect. In some operating systems, you may see the following icon on your desktop. Figure 106 Network T emporarily Disconnected After two minutes, log in again an d check your new firmware version in the Sy[...]

  • Page 207

    P-660H/HW/W-T Series User’ Guide 207 Chapter 17 Maintenance[...]

  • Page 208

    P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 208 C HAPTER 18 Introducing the SMT This chapter explains how to access and na viga te the System Management T erminal and gives an overview of its menus. 18.1 SMT Introduction T he Prestige’ s SMT (System Management T ermin al) is a menu-driven inte rface that you can access from[...]

  • Page 209

    P-660H/HW/W-T Series User’ Guide 209 Chapter 18 In troducing the SMT Figure 108 Login Screen 18.1.3 Prestige SMT Menus Overview The following table gi ves you an overview o f your Prestige’ s various SMT menus. Enter Password: **** Table 70 SMT Menus Overview MENUS SUB MENUS 1 General Setup 1 .1 Configure Dynamic DNS 2 W AN Backup Setup 3 LAN S[...]

  • Page 210

    P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 210 18.2 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the interface that you use to configure y our Prestige. Several operations that you should be fam iliar with before you a ttempt to modify the configuration are listed in the table below . 24 System Main[...]

  • Page 211

    P-660H/HW/W-T Series User’ Guide 211 Chapter 18 In troducing the SMT After you enter the password, the SMT di splays the main menu, as shown next. 18.2.1 System Manage ment T erminal Interface Summary Entering information T ype in or press [SP ACE BAR], then press [ENTER]. Y ou nee d to fill in two types of fields. The first requires you to type [...]

  • Page 212

    P-660H/HW/W-T Series User’ Guide Chapter 18 Intro ducing the SMT 212 18.3 Changing the System Password Change the P restige defa u lt password by following the steps show n next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty . 2 Enter 1 to display Menu 23.1 - System Security - Change Password as shown next. 3 T ype your existi[...]

  • Page 213

    P-660H/HW/W-T Series User’ Guide 213 Chapter 18 In troducing the SMT Note: Note that as yo u type a password, th e screen displays an “ * ” for each character you type.[...]

  • Page 214

    P-660H/HW/W-T Series User’ Guide Chapter 19 Menu 1 General Setup 214 C HAPTER 19 Menu 1 General Setup Menu 1 - General Setup contains administra tive an d system-related information. 19.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purpo se[...]

  • Page 215

    P-660H/HW/W-T Series User’ Guide 215 Chapter 19 Menu 1 General Setup Figure 1 10 Menu 1 General Setu p Fill in the required fields. Refer to the tabl e shown next for more information about these fields. 19.2.1 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you cannot use dynamic DNS. T o c onfigure dynamic D[...]

  • Page 216

    P-660H/HW/W-T Series User’ Guide Chapter 19 Menu 1 General Setup 216 Figure 1 1 1 Menu 1.1 Configure Dynamic DNS Follow the instructions in the next tabl e to configure dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No Host= EMAIL= USER= Password= ******** Enable Wildcard= No Press ENTER to Confi[...]

  • Page 217

    P-660H/HW/W-T Series User’ Guide 217 Chapter 19 Menu 1 General Setup[...]

  • Page 218

    P-660H/HW/W-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 218 C HAPTER 20 Menu 2 W AN Backup Setup This chapter describes how to co nfigure traffic redirect and dial-backup using me nu 2 and 2.1. 20.1 Introduction to W AN Backup Setup This chapter explains how to configure the Pr estige for traf fic redirect and dial backup connections.[...]

  • Page 219

    P-660H/HW/W-T Series User’ Guide 219 Chapter 20 Menu 2 WAN Backup Setup 20.2.1 T raffic Redirect Setup Configure parameters that determine when th e Prestige will forward W AN traffic to the backup gateway using Menu 2.1 — T raffic Redir ect Setup . Figure 1 13 Menu 2.1 Traf fic Redirect Setup The following table describes the fields in this me[...]

  • Page 220

    P-660H/HW/W-T Series User’ Guide Chapter 20 Menu 2 WAN Backup Setup 220 Metric Th is field sets this route's prio rity among the routes the Prestige uses. The metric represents the "cost of transm ission". A router determine s the best route for transmission by choosing a path with th e lowest "cost". RIP routing uses hop[...]

  • Page 221

    P-660H/HW/W-T Series User’ Guide 221 Chapter 20 Menu 2 WAN Backup Setup[...]

  • Page 222

    P-660H/HW/W-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 222 C HAPTER 21 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 21.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup . From the main menu, enter 3 to display menu 3. Figure 1 14 Menu 3 LAN Setu[...]

  • Page 223

    P-660H/HW/W-T Series User’ Guide 223 C hapter 21 Men u 3 LAN Setup 21.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, you need to configure the respectiv e Ethernet Setup, as outlined below . • TCP/IP Ethernet setup • Bridging Ethernet setup 21.3 TCP/IP Ethernet Setup and DHCP Use menu 3.2 to con figure [...]

  • Page 224

    P-660H/HW/W-T Series User’ Guide Chapter 21 Menu 3 LAN Setup 224 Follow the instructions in the following table on how to configure th e DHCP fields. Follow the instructions in the following tabl e to configure TCP/IP parameters for the Ethernet port. Table 78 DHCP Ethernet Setu p FIELD DESCRIPTION DHCP Setup DHCP If set to Server , your Prestige[...]

  • Page 225

    P-660H/HW/W-T Series User’ Guide 225 C hapter 21 Men u 3 LAN Setup[...]

  • Page 226

    P-660H/HW/W-T Series User’ Guide Chapter 22 Wireless LAN Setup 226 C HAPTER 22 W ireless LAN Setup This chapter covers how to configure wireless LAN settings in SMT menu 3.5 for P-660HW and P-660W . 22.1 Wireless LAN Overview Refer to the chapter on the wireless LAN scr eens for wireless LAN background information. 22.2 Wireless LAN Setup Use men[...]

  • Page 227

    P-660H/HW/W-T Series User’ Guide 227 Chapter 22 Wirele ss LAN Setup 22.2.1 Wireless LAN MAC Address Filter The next layer of security is MAC address filter . T o allow a wireless st ation to associate with the Prestige, enter the MAC address of the wireless LAN ada pter on that wireless station in the MAC address table. Channel ID Press [SP ACE B[...]

  • Page 228

    P-660H/HW/W-T Series User’ Guide Chapter 22 Wireless LAN Setup 228 Figure 1 18 Menu 3.5.1 WLAN MAC Addr ess Filtering The following table describes the fields in this menu. Menu 3.5.1 - W LAN MAC Address Filter Active= No Filter Action= A llowed Association ----------------------------------- --------------------------------- ------ 1= 00:00:00:0[...]

  • Page 229

    P-660H/HW/W-T Series User’ Guide 229 Chapter 22 Wirele ss LAN Setup[...]

  • Page 230

    P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 230 C HAPTER 23 Internet Access This chapter shows you how to configure the LAN and W AN of your Prestige for Intern et access . 23.1 Internet Access Overview Refer to the chapters on the web configurat or’ s wizard, LAN and W AN screens for more background information on fields in th [...]

  • Page 231

    P-660H/HW/W-T Series User’ Guide 231 Chapter 23 Internet Access Figure 1 19 IP Alias Network Example Use menu 3.2.1 to co nfigure IP Alias on your Prestige. 23.4 IP Alias Setup Use menu 3.2 to configure the first netw ork. Move the cursor to Edit IP Alias field and press [ SP ACEBAR] to choose Ye s and press [ENTER] to configure the sec ond and t[...]

  • Page 232

    P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 232 Figure 121 Menu 3.2.1 IP Alias Setup Follow the instructions in the following table to configure IP Alias parameters. 23.5 Route IP Setup The first step is to en able the IP routing in Menu 1 — General Setup . T o edit menu 1, type 1 in the main menu and press [ ENTER ]. Set the Ro[...]

  • Page 233

    P-660H/HW/W-T Series User’ Guide 233 Chapter 23 Internet Access Figure 122 Menu 1 General Setu p 23.6 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen. Menu 4 is actually a simplified setup for one of t he remote nodes that you can access in menu 1 1. Before you configure your Prestige for Int[...]

  • Page 234

    P-660H/HW/W-T Series User’ Guide Chapter 23 Internet Access 234 . If all your settings are correct your Prestige shou ld connect automatically to the Internet. If the connection fails, note the error message that you receive on the screen and take the appropriate troubleshooting steps. Table 83 Menu 4 Internet Access Setup FIELD DESCRIPTION ISP?[...]

  • Page 235

    P-660H/HW/W-T Series User’ Guide 235 Chapter 23 Internet Access[...]

  • Page 236

    P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 236 C HAPTER 24 Remote Node Configuration This chapter covers remo te node configuration. 24.1 Remote Node Setup Overview This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remote gateway . A remote n[...]

  • Page 237

    P-660H/HW/W-T Series User’ Guide 237 Chap ter 24 Remote Node Configuratio n Figure 124 Menu 1 1 Remote Node Setup 24.2.2 Encap sulation and Multiplexing Scenarios For Internet access you should use the encapsulation and multiple xing methods used by your ISP . Consult your telephone company for informat ion on en capsulation and multiplexing meth[...]

  • Page 238

    P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 238 Figure 125 Menu 1 1.1 Remote Node Profile In Menu 1 1.1 – Remote Node Profile , fill in the fields as describ ed in the following table. Menu 11.1 - Remote Nod e Profile Rem Node Name= MyISP Route= IP Active= Yes Bridge= No Encapsulation= RFC 1483 Edit IP/Bridge= No Mul[...]

  • Page 239

    P-660H/HW/W-T Series User’ Guide 239 Chap ter 24 Remote Node Configuratio n 24.2.3 Outgoing Au thentication Protocol For obvious reasons, you sho uld employ the strongest authentication protocol possible. However , some v endors’ implementation includ es specific authentication protocol in the user profile. It will disconnect if the negotiated [...]

  • Page 240

    P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 240 24.3 Remote Node Network Layer Options For the TCP/IP parameters, perf orm the following steps to edit Menu 1 1.3 – Remote Node Network Layer Options as shown next. 1 In menu 1 1.1, make sure IP is among the protocols in the Route fi eld. 2 Move the cu rs or to the Edit[...]

  • Page 241

    P-660H/HW/W-T Series User’ Guide 241 Chap ter 24 Remote Node Configuratio n 24.3.1 My W AN Addr Sample IP Addresses The following figure uses sample IP addresses to help yo u understand the field of My W AN Addr in menu 1 1.3. My W AN Addr indicates the local Prestige W AN IP (172.16.0.1 in the following figure) while Rem IP Addr indicates the pe[...]

  • Page 242

    P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 242 Figure 127 Sample IP Addresses for a TC P/IP LAN-to-LAN Connection 24.4 Remote Node Filter Move the cu rs or to the Edit Filter Sets field in menu 1 1.1, then press [SP ACE BAR] to select Ye s . Press [ENTER] to di splay Menu 1 1.5 – Remote Node Filter . Use Menu 1 1.5 [...]

  • Page 243

    P-660H/HW/W-T Series User’ Guide 243 Chap ter 24 Remote Node Configuratio n Figure 129 Menu 1 1.5 Remote Node Filter (PPPoA or PPPoE Encapsulation) 24.5 Editing A TM Layer Options Follow the steps shown next to edit Menu 1 1.6 – Remote Node A TM Layer Options . In menu 1 1.1, move the cursor to the Edit A TM Options field and then press [SP ACE[...]

  • Page 244

    P-660H/HW/W-T Series User’ Guide Chapter 24 Remot e Node Configur ation 244 Figure 131 Menu 1 1.6 for LLC-based Multip lexing or PPP Encapsulation In this case, only one set of VPI and VCI numb ers need be specified for all protocols. The valid range for the VPI is 0 to 25 5 and for the VCI is 32 to 65535 (1 to 31 is reserved for local management[...]

  • Page 245

    P-660H/HW/W-T Series User’ Guide 245 Chap ter 24 Remote Node Configuratio n Figure 133 Menu 1 1.8 Advance Setup Optio ns The following table describes the fields in this menu. Menu 11.8 - Advance Se tup Options PPPoE pass-through= No Press ENTER to Confirm or ESC to Cancel: T able 86 Menu 1 1.8 Advance Setup Optio ns FIELD DESCRIPTION PPPoE pass-[...]

  • Page 246

    P-660H/HW/W-T Series User’ Guide Chapter 25 Static Route Setup 246 C HAPTER 25 S t atic Route Setup This chapter shows how to setup IP static routes. 25.1 IP S t atic Route Overview Stat ic routes tell the Prestige ro uting information that i t cann ot learn automatically through other means. This can arise in cases where RIP is disabled on the L[...]

  • Page 247

    P-660H/HW/W-T Series User’ Guide 247 Chapter 25 Static Route Setup Figure 135 Menu 12 S tatic Route Setup From menu 12, select 1 to open Menu 12.1 — IP S tatic Route Setup (shown next). Figure 136 Menu 12.1 IP S tatic Route Setu p Now , type the route number of a st atic route you want to configure. Figure 137 Menu12.1.1 Edit IP S tatic Route M[...]

  • Page 248

    P-660H/HW/W-T Series User’ Guide Chapter 25 Static Route Setup 248 The following table describes the fields for Menu 12.1.1 – Edit IP S tatic Route Setup . T able 87 Menu12.1.1 Edit IP S t atic Route FIELD DESCRIPTION Route # This is the index number of the stat ic route that you chose in menu 12.1. Route Name T ype a descriptive name for this [...]

  • Page 249

    P-660H/HW/W-T Series User’ Guide 249 Chapter 25 Static Route Setup[...]

  • Page 250

    P-660H/HW/W-T Series User’ Guide Chapter 26 Bridgin g Setup 250 C HAPTER 26 Bridging Setup This chapter shows you how to configure the bridgin g parameters of your Prestig e. 26.1 Bridging in General Bridging bases the forwarding decision on th e MAC (Media Access Control), or ha rdware address, while routing does it on the network layer (IP) add[...]

  • Page 251

    P-660H/HW/W-T Series User’ Guide 251 Chapter 26 Bridging Setup Figure 138 Menu 1 1.1 Remote Node Profile 3 Move the cursor to the Edit IP/Bridge field, then press [ SP ACE BAR ] to set the value to Ye s and pres s [ENTER] to edit Menu 1 1.3 – Remote Node Network Layer Options . Figure 139 Menu 1 1.3 Remote Node Network Layer Optio ns The follow[...]

  • Page 252

    P-660H/HW/W-T Series User’ Guide Chapter 26 Bridgin g Setup 252 26.2.2 Bridge St atic Route Setup Similar to network layer static routes, a bridging static route tells the Prestige the route to a node before a conn ection is established. Y ou c onfigure b ridge static routes in menu 12. 3.1 (go to menu 12, choose option 3, then choose a static ro[...]

  • Page 253

    P-660H/HW/W-T Series User’ Guide 253 Chapter 26 Bridging Setup[...]

  • Page 254

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 254 C HAPTER 27 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the Prestige. 27.1 Using NA T Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the Prestige. 2[...]

  • Page 255

    P-660H/HW/W-T Series User’ Guide 255 Chapter 27 Network Address Transla tion (NAT) Figure 141 Menu 4 Applying NA T for Internet Access The following figure shows how you ap ply NA T to the remote node in menu 1 1.1. 1 Enter 1 1 from the main menu. 2 When menu 1 1 appears, as s hown in the follo wing figure, type the number of the remote node that[...]

  • Page 256

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 256 27.3 NA T Setup Use the address mapping sets me nus and submenus to create the mapping table used to assign global addresses to computers on the LAN. Set 255 is used for SUA. When you select Full Feature in menu 4 or 1 1.3, the SMT will use Set 1 . When you select S[...]

  • Page 257

    P-660H/HW/W-T Series User’ Guide 257 Chapter 27 Network Address Transla tion (NAT) Figure 144 Menu 15.1 Addr ess Mapping Sets 27.3.1.1 SUA Address Mapping Set Enter 255 to display th e next screen (see also Sect ion 27.1.1 on page 254 ). The fields in this menu cannot be changed. Figure 145 Menu 15.1.255 SUA Address Mapping Rule s The following t[...]

  • Page 258

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 258 27.3.1.2 User-Defined Address Mapping Set s Now let’ s look at option 1 in menu 15.1. Enter 1 to bring up this menu. W e’ll just look at the differences from the previous menu. Note the extra Action and Select Rule fields mean you can configure rules in this scr[...]

  • Page 259

    P-660H/HW/W-T Series User’ Guide 259 Chapter 27 Network Address Transla tion (NAT) 27.3.1.3 Ordering Y our Rules Ordering your rules is important because the Pr estige applies the rules in the order that you specify . When a rule matches the current pack e t, the Prestige takes the corresponding action and the remaining rules are ignored. If ther[...]

  • Page 260

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 260 The following table explains the fields in t his menu. 27.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup . 2 Enter 2 to display Menu 15.2 - NA T Server Sets as show[...]

  • Page 261

    P-660H/HW/W-T Series User’ Guide 261 Chapter 27 Network Address Transla tion (NAT) Figure 149 Menu 15.2.1 NA T Server Setup 4 Enter a port number in an unused St a r t P o r t N o field. T o forward only one port, enter it again in the End Port No field. T o specify a range of po rts, enter the last port to be forwarded in the End Port No field. [...]

  • Page 262

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 262 27.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where your ILAs (Inside Local addresses) all map to one dynamic IGA (In side Global Address) assigned by your ISP . Figure 151 NA T Example 1 Figure 152 Menu 4 In[...]

  • Page 263

    P-660H/HW/W-T Series User’ Guide 263 Chapter 27 Network Address Transla tion (NAT) Figure 153 NA T Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure. Figure 154 Menu 15.2.1 S pecifying an Inside Server 2[...]

  • Page 264

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 264 Map the other outgoing LAN traffic to IGA3 ( Many : 1 mapping). Y ou also map your third IGA to the web serv er and mail server on the LAN. T ype Server allows you to specify multiple se rvers, of dif ferent types, to other computers behind NA T on the LAN. The exam[...]

  • Page 265

    P-660H/HW/W-T Series User’ Guide 265 Chapter 27 Network Address Transla tion (NAT) Figure 156 Example 3: Menu 1 1.3 The following figures show how to configure the first rule Figure 157 Example 3: Menu 15.1.1.1 Menu 11.3 - Remote Node Network Laye r Options IP Options: Bridge Options: IP Address Assignment= Static Ethernet Addr Timeout (min)= 0 R[...]

  • Page 266

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 266 Figure 158 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 1 Enter 15 from the main menu. 2 Enter 2 in Menu 15 - NA T Setup . 3 Enter 1 in Menu 15.2 - NA T Server Sets to see the following menu. Configure it a[...]

  • Page 267

    P-660H/HW/W-T Series User’ Guide 267 Chapter 27 Network Address Transla tion (NAT) 27.5.4 Example 4: NA T Unfr iendly Application Programs Some applications do not support NA T Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapp ing as port numb ers do not change for Many-to-Many No Ov[...]

  • Page 268

    P-660H/HW/W-T Series User’ Guide Chapter 27 Network Address Translation (NAT) 268 Figure 162 Example 4: Menu 15.1.1 Address Map ping Rules Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx Local Start IP Local End IP Global Start IP G lobal End IP Type --- --------------- ------------ --------------- --------------- ---- 1. 192.168.1.10 [...]

  • Page 269

    P-660H/HW/W-T Series User’ Guide 269 Chapter 27 Network Address Transla tion (NAT)[...]

  • Page 270

    P-660H/HW/W-T Series User’ Guide Chapter 28 Enabling the Firewall 270 C HAPTER 28 Enabling the Firewall This chapter shows you how to get started with the Prestige firewall. 28.1 Remote Management and the Firewall When SMT menu 24.1 1 is configured to allo w management and the firewall is enabled: • The firewall blocks remote management from th[...]

  • Page 271

    P-660H/HW/W-T Series User’ Guide 271 Chapte r 28 Enabling the Firew all Figure 163 Menu 21.2 Firewa ll Setup Use the we b configura tor or the co mmand in terpreter to confi gure the firewall rules Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DOS) attacks w hen it is active. The default Poli cy sets 1. allow all ses[...]

  • Page 272

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 272 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 About Filtering Y our Prestige uses filters to deci de whether or not to allow passage of a data packet and/or to make a call. There are two types of filter appli cations: data filterin[...]

  • Page 273

    P-660H/HW/W-T Series User’ Guide 273 Chapter 29 Filter Configuration Figure 165 Filter Rule Process Y ou can apply up to four filter sets to a partic ular port to block various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rules active for a single port. For incoming packets, yo ur Prestige appli[...]

  • Page 274

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 274 29.2 Configuring a Filter Set for the Prestige T o configure a filte r set, follow the steps shown next. 1 Enter 21 in the main menu to display Menu 21 – Filter and Fir ewall Setup . 2 Enter 1 to display Menu 21.1 – Filter Set Configu ration as shown next. Figure 166 Menu 21[...]

  • Page 275

    P-660H/HW/W-T Series User’ Guide 275 Chapter 29 Filter Configuration Figure 168 NetBIOS_LAN Filter Rules Summary Figure 169 IGMP Filter Rules Summary 29.3 Filter Rules Summary Menus The following tables briefly descri be the abbreviations used in menus 21. 1.1 and 21.1.2. Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ---[...]

  • Page 276

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 276 The protocol dependent filter rules abbreviation are listed as follows: 29.4 Configuring a Filter Rule T o configure a filter rule , type its number in Menu 21.1.x – Filter Rules Summary and press [ENTER] to open menu 21.1 .x.1 for the rule. There are two types of filter rules[...]

  • Page 277

    P-660H/HW/W-T Series User’ Guide 277 Chapter 29 Filter Configuration 29.4.1 TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the up per layer protocol, for example, UDP and TCP headers. T o configure TCP/IP rules, select TCP/IP Filter Rule from th[...]

  • Page 278

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 278 The following figure illustrates th e logic flow of an IP filter. Port # T ype the destination po rt of the packets you want to filter . The field range is 0 to 65535. A 0 field i s ignored. Port # Comp Select the comparison to apply to the dest inatio n port in the packet again[...]

  • Page 279

    P-660H/HW/W-T Series User’ Guide 279 Chapter 29 Filter Configuration Figure 171 Executing an IP Filter 29.4.2 Generic Filter Rule This section shows you how to co nfigure a generic filter rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP , it is generally easier to us e the IP rules directly .[...]

  • Page 280

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 280 For generic rules, the Prestige treats a packe t as a byte stream as opposed to an IP packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The Prestig e applies the Mask (bit-wise ANDing) to the data portion befor[...]

  • Page 281

    P-660H/HW/W-T Series User’ Guide 281 Chapter 29 Filter Configuration 29.5 Filter T ypes and NA T There are two classes of filter rules, Generic Filter Device rules and Protocol Filter ( TCP/IP ) rules. Generic Filter rules act on the raw data from/ to LAN and W AN. Protocol Filter rules act on IP packets. When NA T (Network Address T ranslation) [...]

  • Page 282

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 282 Figure 174 Sample T elnet Filter 1 Enter 1 in the menu 21 to display Menu 21. 1 — Filter Set Configuration . 2 Enter the index number of th e filter set you want to configure (in this case 6) . 3 T ype a descriptive name or comment in the Edit Comments field (for example, TELN[...]

  • Page 283

    P-660H/HW/W-T Series User’ Guide 283 Chapter 29 Filter Configuration 2 Go to the Edit Filter Sets field, press [SP ACE BAR] to choose Ye s and press [ENTER]. This brings you to menu 1 1.5. Apply the example filter set (for example, filter set 3) in this menu as shown in the next section. This shows you that you have configured and activated ( A =[...]

  • Page 284

    P-660H/HW/W-T Series User’ Guide Chapter 29 Filter Configuration 284 29.7.1 Ethernet T raffic Y ou seldom need to filter Ethernet traffic; however , the filter sets may be useful to block certain packets, reduce traffic and prevent secur ity breaches. Go to me nu 3.1 (shown next ) and type the number(s) of the filter set (s) that you want to appl[...]

  • Page 285

    P-660H/HW/W-T Series User’ Guide 285 Chapter 29 Filter Configuration[...]

  • Page 286

    P-660H/HW/W-T Series User’ Guide Chapter 30 SNMP Configuration 286 C HAPTER 30 SNMP Configuration This chapter explains SNMP Configuration menu 22. 30.1 About SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for ex changing management information b etween network devices. SNMP is a member of the TCP/IP protocol suite. Y o ur P[...]

  • Page 287

    P-660H/HW/W-T Series User’ Guide 287 Chapter 30 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of manag[...]

  • Page 288

    P-660H/HW/W-T Series User’ Guide Chapter 30 SNMP Configuration 288 Figure 180 Menu 22 SNMP Configurat ion The following table describes the SNMP configuration parameters. 30.4 SNMP T rap s The Prestige will send traps to the SNMP mana ger when any one of t he following events occurs: Menu 22 - SNMP Configuration SNMP: Get Community= public Set Co[...]

  • Page 289

    P-660H/HW/W-T Series User’ Guide 289 Chapter 30 SNMP Configuration The port number is its interface index under the interface group. 5 authenticationFailure ( defined in RFC-1215 ) A trap is sent to the manager when receiving any SNMP gets or set s requirements with wrong community (password). 6 whyReboot (defin ed in ZYXEL-MIB) A trap is sent wi[...]

  • Page 290

    P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 290 C HAPTER 31 System Security This chapter describes how to configur e the system security on the Prestige. 31.1 System Security Y ou can configure the system password. 31.1.1 System Password Enter 23 in the main menu to display Menu 23 – System Security . Y ou should change the defa[...]

  • Page 291

    P-660H/HW/W-T Series User’ Guide 291 Chapter 31 Syst em Security Figure 182 Menu 23.2 System Security: RADIUS Server The following table describes the fields in this menu. Menu 23.2 - System Security - RADIUS Server Authentication Server: Active= No Server Address= 10.1 1.12.13 Port #= 1812 Shared Secret= ***** *** Accounting Server: Active= No S[...]

  • Page 292

    P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 292 31.1.3 IEEE 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your Prestige. 1 From the main menu, enter 23 to display Menu23 –[...]

  • Page 293

    P-660H/HW/W-T Series User’ Guide 293 Chapter 31 Syst em Security T able 103 Menu 23.4 System Security: IEEE 802.1x FIELD DESCRIPTION Wireless Port Control Press [SP ACE BAR] and select a securi ty mode for the wireless LAN access. Select No Authentication Required to allow any wi reless st ations access to your wired network without entering user[...]

  • Page 294

    P-660H/HW/W-T Series User’ Guide Chapter 31 System Security 294 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on the Prestige for authentication. 31.2 Creating User Account s on the Prestige By storing user profiles locally , your Prestige is able to authenticate wireless users [...]

  • Page 295

    P-660H/HW/W-T Series User’ Guide 295 Chapter 31 Syst em Security Figure 185 Menu 14 Dial-in User Setup 2 T ype a number and press [ENTER] to edit the user profile. Figure 186 Menu 14.1 Edit Dial-in User The following table describes the fields in this menu. Menu 14 - Dial-in U ser Setup 1. ________ 9. ________ 17. ________ 25. _____ ___ 2. ______[...]

  • Page 296

    P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 296 C HAPTER 32 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. 32.1 Overview These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system softwa[...]

  • Page 297

    P-660H/HW/W-T Series User’ Guide 297 Chapter 32 System Information and Diagnosis The following table describes the fields present in Menu 24.1 — System Maintenance — St a t u s which are read-only and meant for diagnostic purp oses. Figure 188 Menu 24.1 System Maintenance : S tatus The following table describes the fields present in Menu 24.1[...]

  • Page 298

    P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 298 32.3 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 — System Maintenance . 2 Enter 2 to display Menu 24.2 — System In form ation and Console Port Speed . From this menu you have two choices as shown in th e next figure: Figur[...]

  • Page 299

    P-660H/HW/W-T Series User’ Guide 299 Chapter 32 System Information and Diagnosis Figure 190 Menu 24.2.1 System Maintenance: In formation The following table describes the fields in this menu. 32.3.2 Console Port Speed Note: The console port is intern al and reserved for technician use only . Y ou can set up different port speeds for the console p[...]

  • Page 300

    P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 300 Figure 191 Menu 24.2.2 System Maintenance : Chang e Console Port S peed Once you change the Prestige console po rt speed , you must also set the speed parameter for the communication software you are using to connect to the Prestige. 32.4 Log and T race There are tw[...]

  • Page 301

    P-660H/HW/W-T Series User’ Guide 301 Chapter 32 System Information and Diagnosis Figure 193 Sample Error an d Informat ion Messages 32.4.2 Syslog and Accounting The Prestige uses the syslog fa cility to log the CDR (Call Deta il Record) and system messages to a syslog server. Syslog and accounting can be configured in Menu 24.3.2 — System Maint[...]

  • Page 302

    P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 302 Figure 195 Syslog Example 1 - CDR SdcmdSyslogSend ( SYSLOG_CDR, SYSLOG _INFO, String); String = board xx line xx channel xx , call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN call = the call reference nu mbe[...]

  • Page 303

    P-660H/HW/W-T Series User’ Guide 303 Chapter 32 System Information and Diagnosis 32.5 Diagnostic The diagnostic facility allows you to test the di f ferent aspects of your Prestige to determine if it is working properly . Menu 24.4 allows you to choo se among various types of diagn ostic tests to evaluate your system, as shown in the following fi[...]

  • Page 304

    P-660H/HW/W-T Series User’ Guide Chapter 32 System Inform ation and Diagnosis 304 The following table describes the diagnostic tests available in menu 24.4 for and the connections. T able 108 Menu 24.4 System Maintenance Menu: Diagnostic FIELD DESCRIPTION Reset xDSL R e-initialize the xDSL link to the tel ephone company . Ping Host Ping the host [...]

  • Page 305

    P-660H/HW/W-T Series User’ Guide 305 Chapter 32 System Information and Diagnosis[...]

  • Page 306

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 306 C HAPTER 33 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuration files. 33.1 Filename Conventions The configuration file (often ca lled the [...]

  • Page 307

    P-660H/HW/W-T Series User’ Guide 307 Chapter 33 Firmware and Con figuration File Maintenance The following table is a summary . Please note that the internal filename refe rs to the filename on the Prestige and the external f ilename refers to the filename not on the Prestige, that is, on your computer , local network or FTP site and so the name [...]

  • Page 308

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 308 Figure 197 T elnet in Menu 24.5 33.2.2 Using the FTP Command from the Comman d Line 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username. 4 E[...]

  • Page 309

    P-660H/HW/W-T Series User’ Guide 309 Chapter 33 Firmware and Con figuration File Maintenance Figure 198 FTP Session Example 33.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. 33.2.5 TFTP and FTP over W AN Management Limita tions TFTP , FTP and T elnet over W AN will not work [...]

  • Page 310

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 310 33.2.6 Backup Configuration Using TFTP The Prestige support s the up/downloading of the firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N. Although TFTP should work over W AN as well, it is not recommended. T o us[...]

  • Page 311

    P-660H/HW/W-T Series User’ Guide 311 Chapter 33 Firmware and Con figuration File Maintenance Refer to Section 33.2.5 on page 309 to read about configurations that disallow TFTP and FTP over W AN. 33.3 Restore Configuration This section shows you how to restore a previ ously saved configuration. Note that this function erases the current configura[...]

  • Page 312

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 312 Figure 199 T elnet into Menu 24.6 1 Launch the FTP client on your computer . 2 Enter “ open ”, followed by a space and the IP address of your Prestige. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is ?[...]

  • Page 313

    P-660H/HW/W-T Series User’ Guide 313 Chapter 33 Firmware and Con figuration File Maintenance 33.4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuratio n files. Y ou can upload configuration files by following the procedure in Section 33.2 on page 307 or by following the instructions in Menu 24.[...]

  • Page 314

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 314 Figure 202 T elnet Into Menu 24.7.2 System Maintenance T o upload the firmware and the configuration file, follow these examples 33.4.3 FTP File Upload Comman d from the DOS Prompt Example 1 Launch the FTP client on your computer . 2 Enter “ open ”, f[...]

  • Page 315

    P-660H/HW/W-T Series User’ Guide 315 Chapter 33 Firmware and Con figuration File Maintenance 33.4.4 FTP Session Exampl e of Firmware File Upload Figure 203 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to Section 33.2.5 o n page 309 to read about configuratio[...]

  • Page 316

    P-660H/HW/W-T Series User’ Guide Chapter 33 Firmware and Confi guration File Maintenance 316 33.4.6 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras where “ i ” specifies binary image transfer mode (use this mode when transferring binary files), “ host ” is the Prestige’ s IP addr[...]

  • Page 317

    P-660H/HW/W-T Series User’ Guide 317 Chapter 33 Firmware and Con figuration File Maintenance[...]

  • Page 318

    P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 318 C HAPTER 34 System Maintenance This chapter leads you through SM T menus 24.8 to 24. 10. 34.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware. The CI provides much of the same functionality as the SMT , while a dding some low-level se t[...]

  • Page 319

    P-660H/HW/W-T Series User’ Guide 319 Chapter 34 Syst em Maint enance 34.2 Call Control Support Call Control Support is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 1 1.1. The budget management func tion allows you to set a limit on the total outgoing call time of the Prestige within certain times. When the to tal outgoing [...]

  • Page 320

    P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 320 Figure 207 Menu 24.9.1 System Maintenance: Budg et Management The total budget is the time li mit on the accumulated time for ou tgoing calls to a remo te node. When this limit is reached, th e call will be dropped and further outgoing calls to that remote node will be blocked. Af[...]

  • Page 321

    P-660H/HW/W-T Series User’ Guide 321 Chapter 34 Syst em Maint enance Figure 208 Menu 24 System Maintenance Then enter 10 to go to Menu 24.10 System Maintenance Time and Date S etting to update the time and date settings of your Pres tige as shown in th e following screen. Figure 209 Menu 24.10 System Maintenance : T ime and Da te Setting Menu 24 [...]

  • Page 322

    P-660H/HW/W-T Series User’ Guide Chapter 34 System Maintenance 322 34.3.1 Resetting the T ime • The Prestige resets the time in three instances: • On leaving menu 24.10 after making changes. • When the Prestige starts up, if there is a timeserver co nfigured in menu 24.10 . • 24-hour intervals after starting. Current T ime This field disp[...]

  • Page 323

    P-660H/HW/W-T Series User’ Guide 323 Chapter 34 Syst em Maint enance[...]

  • Page 324

    P-660H/HW/W-T Series User’ Guide Chapter 35 Remo te Management 324 C HAPTER 35 Remote Management This chapte r covers re mote mana gement (SM T menu 24. 11). 35.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which Prestige interface (if any) from which computers. When you configure remo[...]

  • Page 325

    P-660H/HW/W-T Series User’ Guide 325 Chapter 35 Remote Manageme nt Figure 210 Menu 24.1 1 Re mote Mana gement Co ntrol The following table describes the fields in this menu. 35.2.2 Remote Management Limit ations Remote management over LAN or W AN will not work when: • A filter in menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T el[...]

  • Page 326

    P-660H/HW/W-T Series User’ Guide Chapter 35 Remo te Management 326 35.3 Remote Management and NA T When NA T is en abled: • Use the Prestige’ s W AN IP address when configuring from the W AN. • Use the Prestige’ s LAN IP address when configuring from the LAN. 35.4 System T imeout There is a default system management idle tim eout of five [...]

  • Page 327

    P-660H/HW/W-T Series User’ Guide 327 Chapter 35 Remote Manageme nt[...]

  • Page 328

    P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 328 C HAPTER 36 IP Policy Routing This chapter covers setting and appl ying policies used for IP routing. 36.1 IP Policy Routing Overview T raditionally , routing is based on the destinatio n address only and the IAD takes the shortest path to forward a packet. IP Routing Polic y (IPPR[...]

  • Page 329

    P-660H/HW/W-T Series User’ Guide 329 Chapter 36 IP Policy Routing • routing the packet to a different gate way (and hence the outgoing interface). • setting the TO S and precedence fields in the IP header . IPPR follows the existing packet filtering facility of RAS in st yle and in impl ementation. The policies are divided into sets, where re[...]

  • Page 330

    P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 330 Figure 212 Menu 25.1 IP Routing Po licy Setup T ype a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule. Menu 25.1 - IP Routing Policy Setup # A Criteri a/Action - - -------------------------------[...]

  • Page 331

    P-660H/HW/W-T Series User’ Guide 331 Chapter 36 IP Policy Routing Figure 213 Menu 25.1.1 IP Routing Policy The following table describes the fields in this menu. Menu 25.1.1 - IP Routing Policy Policy Set Name= test Active= No Criteria: IP Protocol = 0 Type of Service= Don't Care Packet length= 0 Precedence = Don't Care Len Comp= N/A So[...]

  • Page 332

    P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 332 36.5 Applying an IP Policy This section shows yo u where to apply the IP policies after you design them. 36.5.1 Ethernet IP Policies From Menu 3 — Ethernet Setup , type 2 to go to Menu 3 .2 — TCP/IP and DHCP Ethernet Setup . Y ou can choose up to four IP policy sets (from 12) b[...]

  • Page 333

    P-660H/HW/W-T Series User’ Guide 333 Chapter 36 IP Policy Routing Figure 214 Menu 3.2 TCP/IP and DHCP Ethernet Se tup Go to menu 1 1.3 (shown next) and type the number(s) of the IP Rout ing Policy set( s) as appropriate. Y ou ca n cascade up to four polic y sets by typing their numbers separated by commas. Figure 215 Menu 1 1.3 Remote Node Networ[...]

  • Page 334

    P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 334 Route 1 represents the default IP route and route 2 represents the configured IP route. Figure 216 Example of IP Policy Routing T o force packets coming from clients with IP addresses of 192.168.1.3 3 to 192.168.1.64 to be routed to the Internet via the W AN port of the Prestige, f[...]

  • Page 335

    P-660H/HW/W-T Series User’ Guide 335 Chapter 36 IP Policy Routing Figure 217 IP Routing Policy Example 1 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 2 Create another policy set in menu 25. 3 Create a rule in menu 25.1 for this set to route packets from any host ( IP=0.0.0.0 means any host) with protocol TC[...]

  • Page 336

    P-660H/HW/W-T Series User’ Guide Chapter 36 IP Policy Routing 336 Figure 218 IP Routing Policy Example 4 Check Menu 25.1 — IP Routing Policy S etup to see if the rule is added correctly . 5 Apply both policy sets in menu 3.2 as sh own next. Figure 219 Applying IP Policies Example Menu 25.1.1 - IP Routing Policy Policy Set Name= set2 Active= Yes[...]

  • Page 337

    P-660H/HW/W-T Series User’ Guide 337 Chapter 36 IP Policy Routing[...]

  • Page 338

    P-660H/HW/W-T Series User’ Guide Chapter 37 Call Scheduling 338 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node sho uld be called and for how long. 37.1 Introduction The call scheduling feature allows the Prestige to manage a remote node and dictate when a re[...]

  • Page 339

    P-660H/HW/W-T Series User’ Guide 339 Chapter 37 Call Scheduling T o setup a schedule set, select the sc hedule set you want to setu p from menu 26 (1 -12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 221 Menu 26.1 Schedule Set Setup If a connection has been already established, your Prestige will not drop it. On[...]

  • Page 340

    P-660H/HW/W-T Series User’ Guide Chapter 37 Call Scheduling 340 Once your schedule sets are conf igured , you must then apply them to the desired remote node(s). Enter 1 1 from the Main Menu and then enter the tar get remote node in dex. Using [SP ACE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the sched[...]

  • Page 341

    P-660H/HW/W-T Series User’ Guide 341 Chapter 37 Call Scheduling[...]

  • Page 342

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 342 C HAPTER 38 T roubleshooting This chapter covers potential proble ms and the corresponding remed ies. 38.1 Problems St arting Up the Prestige 38.2 Problems with the LAN Table 118 Troubleshooting Starting Up Your Prestige PROBLEM CORRECTIVE ACTION None of the LEDs turn on when I turn [...]

  • Page 343

    P-660H/HW/W-T Series User’ Guide 343 Chapter 38 Troublesh ooting 38.3 Problems with the W AN Table 120 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL LED is off. Check the telephone wire and connections betwee n the Prestige DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for D[...]

  • Page 344

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 344 38.4 Problems Accessing the Prestige 38.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from you r device. • JavaScripts (enabled by default). • Java permissions (enabled by default). N[...]

  • Page 345

    P-660H/HW/W-T Series User’ Guide 345 Chapter 38 Troublesh ooting Figure 223 Pop-up Blocker Y ou can also chec k if pop-up blocking is disable d in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer , select To o l s , Internet Options , Privacy . 2 Clear the Block pop-ups check box in the Pop-up Block er section of the screen. [...]

  • Page 346

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 346 Figure 225 Internet Options 3 T ype the IP address of your device (the we b page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .[...]

  • Page 347

    P-660H/HW/W-T Series User’ Guide 347 Chapter 38 Troublesh ooting Figure 226 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 38.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer , cl[...]

  • Page 348

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 348 Figure 227 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default). 6 Click OK to clos e the window .[...]

  • Page 349

    P-660H/HW/W-T Series User’ Guide 349 Chapter 38 Troublesh ooting Figure 228 Security Settings - Java Scripting 38.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM . 4 Under Java permissions make sure that a safety level [...]

  • Page 350

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 350 Figure 229 Security Settings - Java 38.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , Internet Options and then the Ad vanced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected. 3 Click OK to clos e the window .[...]

  • Page 351

    P-660H/HW/W-T Series User’ Guide 351 Chapter 38 Troublesh ooting Figure 230 Java (Sun) 38.4.2 ActiveX Controls in Internet Explorer If ActiveX is disabled, you will not be able to download ActiveX cont rols or to use T rend Micro Security Services. Make sure that ActiveX controls are allowed in Internet Explorer . Screen shots for Internet Explor[...]

  • Page 352

    P-660H/HW/W-T Series User’ Guide Chapter 38 Troubleshooting 352 Figure 231 Internet Options Security 3 Scroll down to ActiveX controls and plug-ins . 4 Under Download signed ActiveX controls select the Prompt radio button. 5 Under Run ActiveX controls and plug-ins make sure the Enable radio button is selected. 6 Then click the OK button.[...]

  • Page 353

    P-660H/HW/W-T Series User’ Guide 353 Chapter 38 Troublesh ooting Figure 232 Security Setting ActiveX Controls[...]

  • Page 354

    P-660H/HW/W-T Series User’ Guide Appendix A 354 Appendix A Product S pecifications See also the Introduction ch apter for a general overv iew of the key featur es. S pecification T ables Table 122 Device Default IP Address 192.168.1 .1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Pool 1 92.168.1.32 to 192.168.1.64 Dimens[...]

  • Page 355

    P-660H/HW/W-T Series User’ Guide 355 Appendix A Table 123 Firmware ADSL S t andards Multi-Mode standard (ANSI T1.413,Issu e 2; G .dmt(G .992.1); G .lite(G992.2)). ADSL2 G .dmt.bis (G .992.3) ADSL2 G .lite.bis (G .992.4) ADSL2+ (G .992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical co[...]

  • Page 356

    P-660H/HW/W-T Series User’ Guide Appendix A 356 Firewall S tateful Packet Inspection. Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc . Real time E-mail alerts. Reports and logs. NA T/SUA Port Forwarding 1024 NA T sessi ons Multimedia application PPTP under NA T /SUA IPSec passthrough SIP ALG passthrough VPN pa[...]

  • Page 357

    P-660H/HW/W-T Series User’ Guide 357 Appendix A[...]

  • Page 358

    P-660H/HW/W-T Series User’ Guide Appendix B 358 A PPENDIX B W all-mounting Instructions Do the following to hang your Prestige on a wall. Note: See the product specifications appe ndix for the size of screws to use and how far apart to place them. 1 Locate a high posit ion on wall that is free of ob structions. Use a sturdy wall. 2 Drill two hole[...]

  • Page 359

    P-660H/HW/W-T Series User’ Guide 359 Appendix B[...]

  • Page 360

    P-660H/HW/W-T Series User’ Guide Appendix C 360 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and us[...]

  • Page 361

    P-660H/HW/W-T Series User’ Guide 361 Appendix C Figure 233 WIndows 95/98 /Me: Networ k: Configura tion Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the adapter: 1 In the Network window , click [...]

  • Page 362

    P-660H/HW/W-T Series User’ Guide Appendix C 362 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab, select your network adapter's T CP/[...]

  • Page 363

    P-660H/HW/W-T Series User’ Guide 363 Appendix C Figure 235 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add . 5 Click OK to save and close [...]

  • Page 364

    P-660H/HW/W-T Series User’ Guide Appendix C 364 Figure 236 Windows XP: S tart Menu 2 In the Control Panel , double-click Network Connections ( Network and Dial-up Connections in W indows 2000/NT). Figure 237 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

  • Page 365

    P-660H/HW/W-T Series User’ Guide 365 Appendix C Figure 238 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and then click Properties . Figure 239 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Properties window opens (the General tab[...]

  • Page 366

    P-660H/HW/W-T Series User’ Guide Appendix C 366 • Click Advanced . Figure 240 Windows XP: Internet Protocol (TCP/IP) Propert ies 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK . Do one or more of the fo llowing if you want to con figure additional I P addresses: [...]

  • Page 367

    P-660H/HW/W-T Series User’ Guide 367 Appendix C Figure 241 Windows XP: Advanced TCP/IP Properties 7 In the Internet Protocol TCP/IP Pr operties window (the General tab in W indows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). • If you know your DNS server IP addre ss(es), click Use the[...]

  • Page 368

    P-660H/HW/W-T Series User’ Guide Appendix C 368 Figure 242 Windows XP: Internet Protocol (TCP/IP) Propert ies 8 Click OK to close the Internet Protocol (TCP/IP) Pr operties window . 9 Click Close ( OK in W indows 2000/NT) to close the Local Area Connection Pr operties window . 10 Close the Network Connections window ( Network and Dial-up Connecti[...]

  • Page 369

    P-660H/HW/W-T Series User’ Guide 369 Appendix C Figure 243 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 244 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.[...]

  • Page 370

    P-660H/HW/W-T Series User’ Guide Appendix C 370 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your Prestige in the Router address bo x. 5 Close the TCP/IP Contr [...]

  • Page 371

    P-660H/HW/W-T Series User’ Guide 371 Appendix C Figure 246 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your Prestige in the Router ad[...]

  • Page 372

    P-660H/HW/W-T Series User’ Guide Appendix C 372 Note: Make sure you are logged in as the ro ot administrator . Using the K Desktop Environment (KDE) Follow the steps below to configure your computer IP address using the KDE. 1 Click the Red Hat button (located on the bottom left corner), select System Setting and click Network . Figure 247 Red Ha[...]

  • Page 373

    P-660H/HW/W-T Series User’ Guide 373 Appendix C • If you have a dynamic IP addres s click Automatically obtain IP address settings with and select dhcp from the drop down list. • If you have a static IP address click S tatically set IP Addresses and fill in the Address , Sub net mask , and Default Gateway Addr ess fields. 3 Click OK to save t[...]

  • Page 374

    P-660H/HW/W-T Series User’ Guide Appendix C 374 1 Assuming that you have only one network card on the computer , locate the ifconfig - eth0 configuration file (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor . • If you have a dynamic IP address, enter dhcp in the BOOTPROTO= field. The followi[...]

  • Page 375

    P-660H/HW/W-T Series User’ Guide 375 Appendix C Figure 254 Red Hat 9.0: Restart Eth ernet Card V erifying Settings Enter ifconfig in a terminal screen to ch eck your TCP/IP properties. Figure 255 Red Hat 9.0: Checking TCP/IP Properties [root@localhost init.d]# network res tart Shutting down interface eth0: [OK] Shutting down loopback interface: [[...]

  • Page 376

    P-660H/HW/W-T Series User’ Guide Appendix D 376 Appendix D IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data pa cket to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192[...]

  • Page 377

    P-660H/HW/W-T Series User’ Guide 377 Appendix D Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a valu e of 0 to 127. Similarly the first octet of a class “B” must begi n with “10”, therefore the first octet of a class “B” address has a valid range of 128 [...]

  • Page 378

    P-660H/HW/W-T Series User’ Guide Appendix D 378 Since the mask is always a continuous number of ones begin ning from the left, fo llowed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed[...]

  • Page 379

    P-660H/HW/W-T Series User’ Guide 379 Appendix D Note: In the following chart s, shaded/bolded last o ctet bit values indicate host ID bit s “borrowed” to form network ID bits. The number of “borrowed” host ID bits determines the number of subnets you can have. The remaining number of h ost ID bit s (after “borrowing”) determines the n[...]

  • Page 380

    P-660H/HW/W-T Series User’ Guide Appendix D 380 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00 , 01, 10 and 1[...]

  • Page 381

    P-660H/HW/W-T Series User’ Guide 381 Appendix D Example Eight Subnet s Similarly use a 27-bit mask to create 8 subnets (001, 010, 01 1, 100, 101, 1 10). The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Table 134 Subnet 4 IP/SUBNET MASK NETWORK NUMB[...]

  • Page 382

    P-660H/HW/W-T Series User’ Guide Appendix D 382 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the h ost ID. A class “B” address has two host ID octets ava ilable for subnetting and a class “A” addr[...]

  • Page 383

    P-660H/HW/W-T Series User’ Guide 383 Appendix D[...]

  • Page 384

    P-660H/HW/W-T Series User’ Guide Appendix E 384 Appendix E Boot Commands The BootModule A T commands execute from wi thin the router ’ s bootup software, when debug mode is selected before the main router firmware is start ed. When you start up your Prestige, you are given a choice to go into deb ug mode by pressing a key at the prompt shown in[...]

  • Page 385

    P-660H/HW/W-T Series User’ Guide 385 Appendix E Figure 257 Boot Module Commands AT just answer OK ATHE print help ATBAx change baud rate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATENx,(y) set BootExtension Debu g Flag (y=password) ATSE show the seed of passw ord generator ATTI(h,m,s) change system time to hour:min:sec or show current time ATDA([...]

  • Page 386

    P-660H/HW/W-T Series User’ Guide Appendix F 386 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr eter Mode . See the included disk or zyxel.com for more detailed information on these commands[...]

  • Page 387

    P-660H/HW/W-T Series User’ Guide 387 Appendix F[...]

  • Page 388

    P-660H/HW/W-T Series User’ Guide Appendix G 388 Appendix G Firewall Commands The following describes the firewall commands. Table 138 Firewall Commands FUNCTION COMMAND DESCRIPTION Firewall Se tUp config edit firewall active <yes | no> This command turns the firewall on or off. config retrieve firewall T his command returns the previous ly [...]

  • Page 389

    P-660H/HW/W-T Series User’ Guide 389 Appendix G config edit firewall e-mail return-addr <e-mail address> This command sets the source e-mail add ress of the firewall e-mails. config edit firewall e-mail email-to <e-mail address> This command sets the e-mail address to which the fire wall e-mails ar e sent. config edit firewall e-mail [...]

  • Page 390

    P-660H/HW/W-T Series User’ Guide Appendix G 390 config edit firewall attack minute-low <0-255> This command sets the threshold of half-open sessions where the Prestige stops deleting half-opened sessions. config edit firewall attack max-incomplete-high <0-255> This command sets the threshold of half-open sessions where the Prestige st[...]

  • Page 391

    P-660H/HW/W-T Series User’ Guide 391 Appendix G Config edit firewall set <set #> log <yes | no> This command sets whether or not the Prestige creates logs for packet s that match the firewall’s default rule set. Rules Config edit firewall set <set #> rule <rule #> permit <forward | block> This command sets whether [...]

  • Page 392

    P-660H/HW/W-T Series User’ Guide Appendix G 392 config edit firewall set <set #> rule <rule #> destaddr- range <start ip address> <end ip address> This command sets a rule to have the Prestige check for traffic going to this range of addresses. config edit firewall set <set #> rule <rule #> TCP destport- single[...]

  • Page 393

    P-660H/HW/W-T Series User’ Guide 393 Appendix G[...]

  • Page 394

    P-660H/HW/W-T Series User’ Guide Appendix H 394 Appendix H NetBIOS Filter Commands The following describes the Ne tBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System ) are TCP or UDP broadcast packets that enable a computer to connect to and communicate with a LAN. For some dial-up services such as PPPoE or PP TP[...]

  • Page 395

    P-660H/HW/W-T Series User’ Guide 395 Appendix H The filter types and their defa ult settings are as follows. NetBIOS Filter Configuration Syntax:sys filter netbios config <ty pe> <on|off> where Table 139 NetBIOS Filter Default Settings NAME DESCRIPTION EXAMPLE Between LAN and WAN This field displays whether NetBIOS packets are blocked[...]

  • Page 396

    P-660H/HW/W-T Series User’ Guide Appendix H 396 sys filter netbios config 3 on This command blocks IPSec NetBIOS packets. sys filter netbios config 4 off This command stops NetBIOS commands from initiating calls.[...]

  • Page 397

    P-660H/HW/W-T Series User’ Guide 397 Appendix H[...]

  • Page 398

    P-660H/HW/W-T Series User’ Guide Appendix I 398 Appendix I S plitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter . Connecting a POTS S plitter When you use the Full Rate (G .dmt) ADSL standard, you can use a POTS (Plain Old T elephone Service) splitter to separate th e telephone and ADSL si [...]

  • Page 399

    P-660H/HW/W-T Series User’ Guide 399 Appendix I 1 Connect a phone cable from the wall jack to the single jack end of the Y - Connector . 2 Connect a cable from the double jack end of the Y -Connector to th e “wall side” of the microfilter . 3 Connect another cable from the double jack end of the Y -Connec tor to the P restige. 4 Connect the ?[...]

  • Page 400

    P-660H/HW/W-T Series User’ Guide Appendix I 400[...]

  • Page 401

    P-660H/HW/W-T Series User’ Guide 401 Appendix I[...]

  • Page 402

    P-660H/HW/W-T Series User’ Guide Appendix J 402 Appendix J PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP ov er Ethernet, RFC 2516) from your computer to an A TM PVC (Permanent V irt ual Circuit) which connects to a DSL Acce ss Concentrator where the PPP session terminates (see F igure 261 on p age 403 ). One PVC can[...]

  • Page 403

    P-660H/HW/W-T Series User’ Guide 403 Appendix J Figure 261 Single-Compute r per Router Hard ware Configuration How PPPoE W orks The PPPoE driver makes the Ethernet appea r as a serial link to the computer and the computer runs PPP over it, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the AC and an ISP , the[...]

  • Page 404

    P-660H/HW/W-T Series User’ Guide Appendix K 404 Appendix K Log Descriptions This appendix provides descrip tions of example log messages. Table 140 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on informati on from the time server . Time calibration failed The router fa iled [...]

  • Page 405

    P-660H/HW/W-T Series User’ Guide 405 Appendix K Configuration Change: PC = 0x%x, Task ID = 0x%x The router is saving configuration changes. Successful SSH login Someone has logged on to the router ’s SSH server . SSH login failed Someone has failed to log on to the router ’s SSH server . Successful HTTPS login Someone has logged on to the rou[...]

  • Page 406

    P-660H/HW/W-T Series User’ Guide Appendix K 406 Table 143 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the[...]

  • Page 407

    P-660H/HW/W-T Series User’ Guide 407 Appendix K Table 145 ICMP Logs LOG MESSAGE DESCRIPTION Firewall default policy: ICMP <Packet Direction>, <type:%d>, <code:%d> ICMP access matched the default policy and was blocked or forwarded according to the user's setting. For type and code details, see T able 157 on page 416 . Firew[...]

  • Page 408

    P-660H/HW/W-T Series User’ Guide Appendix K 408 ppp:LCP Closing The PPP connection’s Link Control Protocol stage is closing. ppp:IPCP Closing The PPP connection’s Internet Protocol Control Protoc ol stage is closing. Table 148 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 149 Co[...]

  • Page 409

    P-660H/HW/W-T Series User’ Guide 409 Appendix K Connecting to content filter server fail The connection to the external content fi ltering server failed. License key is invalid The external content filter in g license key is invalid. Table 150 Attack Logs LOG MESSAGE DESCRIPTION attack [TCP | UDP | IGMP | ESP | GRE | OSPF] The firewall detected a[...]

  • Page 410

    P-660H/HW/W-T Series User’ Guide Appendix K 410 Table 151 IPSec Logs LOG MESSAGE DESCRIPTION Discard REPLAY packet The router re ceived and discarded a packet with an incorrect sequence number . Inbound packet authentication failed The router received a packet that has been altered. A third party may have altered or tampered with the packet. Rece[...]

  • Page 411

    P-660H/HW/W-T Series User’ Guide 411 Appendix K Cannot resolve Secure Gateway Addr for rule <%d> The router couldn’t resolve t he IP address from the domain name that was used for the secure gateway address. Peer ID: <peer id> <My remote type> -<My local type> The displayed ID information did not match between the two en[...]

  • Page 412

    P-660H/HW/W-T Series User’ Guide Appendix K 412 XAUTH fail! Username: <Username> The router was not able to use extended authentication to authenticate the listed username. Rule[%d] Phase 1 negotiation mode mismatch The listed rule’s IKE phase 1 negotiation mode did not ma tch between the router and the peer . Rule [%d] Phase 1 encryptio [...]

  • Page 413

    P-660H/HW/W-T Series User’ Guide 413 Appendix K Rule [%d] phase 2 mismatch The l isted rule’s IKE phase 2 di d not ma tch betwe en the router and the peer . Rule [%d] Phase 2 key length mismatch The listed rule’s IKE phase 2 key lengths (with the AES encryption algorithm) di d not match between the router and the peer . Table 153 PKI Logs LOG[...]

  • Page 414

    P-660H/HW/W-T Series User’ Guide Appendix K 414 Rcvd data <size> too large! Max size allowed: <max size> The router received dire ctory data that was too large (the size is listed) from the LDAP server whose address and port are recorded in the Source field. The maximu m size of di rectory data that the router allows is also recorded.[...]

  • Page 415

    P-660H/HW/W-T Series User’ Guide 415 Appendix K 26 Database method failed. 27 Path was not verified. 28 Maximum path length reached. Table 155 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user. A user was authenticated by the local user database. Local User Database reports us er credential error. A user was not authenticated b[...]

  • Page 416

    P-660H/HW/W-T Series User’ Guide Appendix K 416 Table 156 ACL Setting Notes P ACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to W AN ACL set for packet s traveling from the LAN to the W AN. (W to L) W AN to LAN ACL set for pa ckets traveling from the W AN to the LAN. (D to L) DMZ to LAN ACL set for packets traveling from the DM Z to the LAN. [...]

  • Page 417

    P-660H/HW/W-T Series User’ Guide 417 Appendix K The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to the RFC for detailed information on each type. 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 T imestamp 0 T[...]

  • Page 418

    P-660H/HW/W-T Series User’ Guide Appendix K 418 Log Commands Go to the command in terpreter interface. Configuring What Y ou W ant the Prestige to Log 1 Use the sys logs load command to load the log setting buffer that allows you to configure which logs the Prestige is to record. 2 Use sys logs category to view a list of the log categories. Figur[...]

  • Page 419

    P-660H/HW/W-T Series User’ Guide 419 Appendix K Use 0 to not record logs for that cate g ory , 1 to record only logs for that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that category . No t every parameter is available with every category . 5 Step 5.Use the sys logs save command to store the se[...]

  • Page 420

    P-660H/HW/W-T Series User’ Guide Appendix L 420 Appendix L Wireless LANs Wireless LAN T opologies This section discusses ad-hoc and in frastructure w ireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pendent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time[...]

  • Page 421

    P-660H/HW/W-T Series User’ Guide 421 Appendix L Figure 266 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlappi ng BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN t[...]

  • Page 422

    P-660H/HW/W-T Series User’ Guide Appendix L 422 Figure 267 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.1 1a/b/g wireless devices. Channels available depend on your ge ographical area. Y ou may have a choice of chann els (for your region) so you should use a dif ferent chan nel th an an adjacent AP (access po[...]

  • Page 423

    P-660H/HW/W-T Series User’ Guide 423 Appendix L Figure 268 RTS/ CT S When station A sends data to the AP , it migh t no t know that the station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting in a loss of me ssages for bot[...]

  • Page 424

    P-660H/HW/W-T Series User’ Guide Appendix L 424 A large Fragmentation Thr eshold is reco mmended for networks not prone to interference while you should set a smaller thresh old for busy networks or ne tworks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS / C T S value (see previously) you set then th[...]

  • Page 425

    P-660H/HW/W-T Series User’ Guide 425 Appendix L IEEE 802.1x In June 2001, the IEEE 802.1x st andard was designed to extend th e features of IEEE 802.1 1 to support extended authentication as well as providing additional accounting and control features. It is supported by W indows XP and a number of network devices. Some advantages of IEEE 802.1x [...]

  • Page 426

    P-660H/HW/W-T Series User’ Guide Appendix L 426 • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the acces s point and the RADIUS serv[...]

  • Page 427

    P-660H/HW/W-T Series User’ Guide 427 Appendix L EAP-TLS (T ransport Layer Security) W ith EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server , the client sends a differ ent certificate to the[...]

  • Page 428

    P-660H/HW/W-T Series User’ Guide Appendix L 428 For added security , certificate-based authen tications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are ofte n deployed in corp orate environments, but for public deployment, a simp le user name and p assword pair is more practical. The following table is a comparison of [...]

  • Page 429

    P-660H/HW/W-T Series User’ Guide 429 Appendix L The Message Integrity Check (MIC ) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed th[...]

  • Page 430

    P-660H/HW/W-T Series User’ Guide Appendix M 430 A PPENDIX M Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple Prestiges. Internal SP TGEN lets you configure, save and upload multiple menus at the same time using just one config[...]

  • Page 431

    P-660H/HW/W-T Series User’ Guide 431 Appendix M Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 269 on page 430 ), then you disable every field in this menu. If you enter a parameter that is invalid in the In put column, the Prestige will not save the configuration and the command [...]

  • Page 432

    P-660H/HW/W-T Series User’ Guide Appendix M 432 Figure 272 Internal SP TGEN FTP Downl oad Exampl e Note: Y ou can rename your “ rom-t ” file when you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your Prestige. Internal SPTGEN FTP Upload Example 1 Launch your FTP application. 2 Enter " bin ". The[...]

  • Page 433

    P-660H/HW/W-T Series User’ Guide 433 Appendix M The following ar e Internal SP TGEN screens asso ciated with the SMT scree ns of your Prestige. PV A Parameter V al ues Allowed INPUT An example of what you may enter * Applies to the Prestige. Table 163 Abbreviations Used in the Example Inter nal SPTGEN Screens Tab le (continued) ABBREVIA TION MEAN[...]

  • Page 434

    P-660H/HW/W-T Series User’ Guide Appendix M 434 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200[...]

  • Page 435

    P-660H/HW/W-T Series User’ Guide 435 Appendix M 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 =[...]

  • Page 436

    P-660H/HW/W-T Series User’ Guide Appendix M 436 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key <1|2|3|4> = 0 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key[...]

  • Page 437

    P-660H/HW/W-T Series User’ Guide 437 Appendix M 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name <S[...]

  • Page 438

    P-660H/HW/W-T Series User’ Guide Appendix M 438 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nail ed-up Connection <0(No) |1(Yes)> = 0 Table 166 Menu 4 Internet Access Setup ( SMT Menu 4) (continued) Table 167 Menu 12 (SMT Menu 1 2) / Menu 12.1.1 IP Static Route Setup (SMT Menu 12.1.1) FIN FN P VA INPUT 120101[...]

  • Page 439

    P-660H/HW/W-T Series User’ Guide 439 Appendix M / Menu 12.1.4 IP Static Route Setup (SMT Menu 12.1.4) FIN FN PVA INPUT 120104001 = IP Static Route set #4, Nam e <Str> = 120104002 = IP Static Route set #4, Act ive <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Des tination IP address = 0.0.0.0 120104004 = IP Static Route set #[...]

  • Page 440

    P-660H/HW/W-T Series User’ Guide Appendix M 440 120107006 = IP Static Route set #7, Metr ic = 0 120107007 = IP Static Route set #7, Priv ate <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup (SMT Menu 12.1.8) FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name <Str> = 120108002 = IP Static Route set #8, Acti ve <0(No) |[...]

  • Page 441

    P-660H/HW/W-T Series User’ Guide 441 Appendix M 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Ga teway = 0.0.0.0 120111006 = IP Static Route set #11, Me tric = 0 120111007 = IP Static Route set #11, Pr ivate <0(No) |1(Yes)> = 0 */ Menu 12.1.12 IP Static Route Set up (SMT Menu 12.1.12[...]

  • Page 442

    P-660H/HW/W-T Series User’ Guide Appendix M 442 120115002 = IP Static Route set #15, Act ive <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gat eway = 0.0.0.0 120115006 = IP Static Route set #15,[...]

  • Page 443

    P-660H/HW/W-T Series User’ Guide 443 Appendix M 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0 150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000019 = SUA Server #5 Port Start [...]

  • Page 444

    P-660H/HW/W-T Series User’ Guide Appendix M 444 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.0.0.0 150000052 = SUA Server #12 Active <0(No) | 1(Yes)> = 0 150000053 = SUA Server #12 Proto[...]

  • Page 445

    P-660H/HW/W-T Series User’ Guide 445 Appendix M / Menu 21.1.1.2 set #1, rule #2 (SMT Menu 21.1.1.2) FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0[...]

  • Page 446

    P-660H/HW/W-T Series User’ Guide Appendix M 446 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.4 set #1, rule #4 (SMT Menu 21.1.1.4) FIN FN PVA INPUT 210104001 = IP Filter Set 1,Rule 4 Type <2(TCP/IP)[...]

  • Page 447

    P-660H/HW/W-T Series User’ Guide 447 Appendix M 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)>[...]

  • Page 448

    P-660H/HW/W-T Series User’ Guide Appendix M 448 / Menu 21.1.2.1 Filter set #2, rule #1 (SMT Menu 21.1.2.1) FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> = 1 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 [...]

  • Page 449

    P-660H/HW/W-T Series User’ Guide 449 Appendix M 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Sr c Port = 0 210202011 = IP Filter Set 2, Rule 2 S rc Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210202013 = IP Filter Set 2, Rule 2 A ct Match <1(ch eck next)|2(forward)|3( d[...]

  • Page 450

    P-660H/HW/W-T Series User’ Guide Appendix M 450 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Port = 137 210204007 [...]

  • Page 451

    P-660H/HW/W-T Series User’ Guide 451 Appendix M 210205011 = IP Filter Set 2, Rule 5 S rc Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filter Set 2, Rule 5 A ct Match <1(ch eck next)|2(forward)|3( drop)> = 3 210205014 = IP Filter Set 2, Rule 5 A ct Not Match <1(check next)|2(forward)|3( drop)>[...]

  • Page 452

    P-660H/HW/W-T Series User’ Guide Appendix M 452 Table 171 Menu 23 System Menus (SMT Me nu 23) */ Menu 23.1 System Password Setup ( SMT Menu 23.1) FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.2 System security: radius server (SMT Menu 23.2) FIN FN PVA INPUT 230200001 = Authentication Server Co nfigured <0(N o) | 1(Yes)> = 1[...]

  • Page 453

    P-660H/HW/W-T Series User’ Guide 453 Appendix M Command Examples The following are example Internal SP TGEN scr eens a ssociated with the Prestige’ s command interpreter commands. 230400008 = WPA Mixed Mode <0(Disable) |1(Enable)> = 0 230400009 = Data Privacy for Broadca st/ Multicast packets <0(TKIP) |1(WEP)> = 0 230400010 = WPA Br[...]

  • Page 454

    P-660H/HW/W-T Series User’ Guide Appendix M 454 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 173 Command Examples (continued) FIN FN PV A INPUT[...]

  • Page 455

    P-660H/HW/W-T Series User’ Guide 455 Appendix M[...]

  • Page 456

    P-660H/HW/W-T Series User’ Guide Index 456 Index Numerics 11 0 V A C 5 230V AC 5 A Abnormal Working Conditions 6 AC 5 Access methods 270 Accessories 5 Acts of God 6 Address Assignment 63 Address mapping 11 0 Address Resolution Protocol (ARP) 67 ADSL, what is it? 40 ADSLstandards 42 Airflow 5 Alternative Subnet Mask Notation 378 American Wire Gaug[...]

  • Page 457

    P-660H/HW/W-T Series User’ Guide 457 Index Precedence 338 Precedence Example 338 CBR (Continuous Bit Rate) 97 CDR 302 CDR (Call Detail Record) 301 Certificate Authority 427 Certifications 4 change password at login 49 Channel 422 Interference 422 Channel ID 227 CHAP 238 Charge 6 Circuit 3 Class B 3 Class Name 191 Collision 298 Command Interpreter[...]

  • Page 458

    P-660H/HW/W-T Series User’ Guide Index 458 Dynamic WEP key exchange 82 dynamic WEP key exchange 293 DYNDNS Wildcard 11 4 E EAP 70 EAP Authentication 426 EAP authentication 292 ECHO 106 Electric Shock 5 Electrical Pipes 5 Electrocution 5 E-mail Log Example 180 embedded help 50 Encapsulated Routing Link Protocol (ENET ENCAP) 90 Encapsulation 90 , 2[...]

  • Page 459

    P-660H/HW/W-T Series User’ Guide 459 Index G Gas Pipes 5 Gateway 248 Gateway Node 252 General Setup 214 Generic filter 281 Germany , Cont act Infor mation 7 God, act of 6 H Half-Open Sessions 150 Harmful Interfere nce 3 Hidden Menus 210 Hidden node 422 High V oltage Points 5 Hop Count 241 , 248 Host 53 Host IDs 376 HTTP 107 , 11 9 , 120 , 121 HTT[...]

  • Page 460

    P-660H/HW/W-T Series User’ Guide Index 460 Key management protocol 293 L Labor 6 LAN 297 LAN Setup 62 , 90 LAN TCP/IP 64 LAN to W AN Rules 134 LAND 121 , 122 Legal Rights 6 Liability 2 License 2 Lightning 5 Link type 297 Liquids, Corrosive 5 LLC-based Multiplexing 243 Local Network Rule Summary 136 Local User Database 294 Local user database 85 L[...]

  • Page 461

    P-660H/HW/W-T Series User’ Guide 461 Index O One-Minute High 150 Opening 5 Operating Condition 6 Operating frequency 227 Out-dated Warranty 6 Outlet 3 P Packet Error 297 Received 297 T ransmitted 297 Packet Filtering 129 Packet filtering When to use 129 Packet Filtering Firewalls 11 8 Packet T riggered 30 2 Packets 297 Pairwise Master Key (PMK) 4[...]

  • Page 462

    P-660H/HW/W-T Series User’ Guide Index 462 RADIUS 425 Configuring 87 Shared Secret Key 426 RADIUS Message T ypes 425 RADIUS Messages 425 RADIUS server 290 RAS 299 , 329 Rate Receiving 297 T ransmission 297 real-time application 182 Receiving Antenna 3 Register ed 2 Registered Trademark 2 Regular Mail 7 reinitialize the ADSL line 204 Related Docum[...]

  • Page 463

    P-660H/HW/W-T Series User’ Guide 463 Index Shock, Electric 5 SMT Menu Overvi ew 209 SMTP 107 SMTP Error Messages 17 9 Smurf 122 , 123 SNMP 107 Community 288 Configuration 287 Get 287 GetNext 287 Manager 286 MIBs 287 Set 287 Tr a p 287 T rusted Host 288 Source Address 134 , 140 Source-Based Routing 328 S pain, Cont act Inf ormation 7 S plitters 39[...]

  • Page 464

    P-660H/HW/W-T Series User’ Guide Index 464 T raffic shaping 93 T ranslation 2 T ransmission Rates 43 TV T echnician 3 T ype of Service 328 , 330 , 331 , 332 U UBR (Unspecified Bit Rate) 97 UDP/ICMP Security 127 Undesired Operations 3 Universal Plug and Pl ay 162 Application 162 Security issues 163 Universal Plug and Pl ay (UPnP) 44 Universal Plug[...]

  • Page 465

    P-660H/HW/W-T Series User’ Guide 465 Index X XMODEM protocol 307 Z Zero Configurati on Internet Access 43 Zero configuratio n Internet a ccess 94 ZyNOS 2 , 307 ZyNOS (ZyXEL Network Operating System) 306 ZyNOS F/W V ersion 307 ZyXEL Communications Corporation 2 ZyXEL Home Page 4 ZyXEL Limi ted Warranty Note 6 ZyXEL Network Operating System 2 ZyXEL[...]